mal-ware.com Open in urlscan Pro
181.215.49.64 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://mal-ware.com/
Submission: On February 16 via api (February 16th 2024, 4:22:00 pm UTC) from US — Scanned from US

Summary HTTP 251 Redirects Behaviour Indicators

Summary

This website contacted 17 IPs in 6 countries across 30 domains to perform 251 HTTP transactions. The main IP is 181.215.49.64, located in Dallas, United States and belongs to TIER-NET, US. The main domain is mal-ware.com.
TLS certificate: Issued by R3 on February 13th 2024. Valid for: 3 months.

This is the only time mal-ware.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
50	181.215.49.64 181.215.49.64	397423 (TIER-NET) (TIER-NET)
1	2607:f8b0:400... 2607:f8b0:4004:c06::61	15169 (GOOGLE) (GOOGLE)
8	2607:f8b0:400... 2607:f8b0:4004:c1b::5f	15169 (GOOGLE) (GOOGLE)
29	2607:f8b0:400... 2607:f8b0:4004:c09::9b	15169 (GOOGLE) (GOOGLE)
4 18	2607:f8b0:400... 2607:f8b0:4004:c09::68	15169 (GOOGLE) (GOOGLE)
18	2607:f8b0:400... 2607:f8b0:4004:c09::5e	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:38::178	15169 (GOOGLE) (GOOGLE)
18	2607:f8b0:400... 2607:f8b0:4004:c08::5e	15169 (GOOGLE) (GOOGLE)
6 23	2607:f8b0:400... 2607:f8b0:4004:c07::9b	15169 (GOOGLE) (GOOGLE)
41	2607:f8b0:400... 2607:f8b0:4004:c06::84	15169 (GOOGLE) (GOOGLE)
1 1	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
7 36	142.251.167.157 142.251.167.157	15169 (GOOGLE) (GOOGLE)
2 2	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
2 2	207.198.113.88 207.198.113.88	13768 (COGECO-PEER1) (COGECO-PEER1)
1 1	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
3 3	51.222.239.230 51.222.239.230	16276 (OVH) (OVH)
4 6	2a02:6b8::90 2a02:6b8::90	208398 (TELETECH) (TELETECH)
2 2	23.45.233.16 23.45.233.16	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	20.253.86.149 20.253.86.149	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 2	172.105.221.240 172.105.221.240	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
14 14	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
2	74.119.119.150 74.119.119.150	19750 (AS-CRITEO) (AS-CRITEO)
1 1	31.220.27.155 31.220.27.155	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
5	185.184.10.30 185.184.10.30	203690 (RTB-HOUSE...) (RTB-HOUSE-ASH)
2 2	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2	69.90.254.78 69.90.254.78	13768 (COGECO-PEER1) (COGECO-PEER1)
1 1	35.173.142.156 35.173.142.156	14618 (AMAZON-AES) (AMAZON-AES)
1 1	82.145.213.8 82.145.213.8	39832 (NO-OPERA) (NO-OPERA)
12	172.253.122.156 172.253.122.156	15169 (GOOGLE) (GOOGLE)
2 2	54.227.152.214 54.227.152.214	14618 (AMAZON-AES) (AMAZON-AES)
2 2	35.207.24.140 35.207.24.140	15169 (GOOGLE) (GOOGLE)
1 1	199.38.167.131 199.38.167.131	54312 (ROCKETFUEL) (ROCKETFUEL)
2 2	2606:ae80:147... 2606:ae80:1471:13::730	25751 (VALUECLICK) (VALUECLICK)
1 1	54.172.26.66 54.172.26.66	14618 (AMAZON-AES) (AMAZON-AES)
251	17

50 181.215.49.64 (Dallas, United States)

ASN397423 (TIER-NET, US)
PTR: server.frostbytedns.com

mal-ware.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c06::61 (Washington, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2607:f8b0:4004:c1b::5f (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2607:f8b0:4004:c09::9b (Washington, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2607:f8b0:4004:c09::68 (Washington, United States) 4 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2607:f8b0:4004:c09::5e (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:38::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2607:f8b0:4004:c08::5e (Washington, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2607:f8b0:4004:c07::9b (Washington, United States) 6 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

41 2607:f8b0:4004:c06::84 (Washington, United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 142.251.167.157 (Farmingdale, United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: ww-in-f157.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.33.220.150 (Seattle, United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 207.198.113.88 (Herndon, United States) 2 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.137.133.49 (United States) 1 redirects

ASN27257 (WEBAIR-INTERNET, US)

dsp.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.222.239.230 (Canada) 3 redirects

ASN16276 (OVH, FR)
PTR: ip230.ip-51-222-239.net

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:6b8::90 (Russian Federation) 4 redirects

ASN208398 (TELETECH, RS)

an.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.45.233.16 (Ashburn, United States) 2 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-45-233-16.deploy.static.akamaitechnologies.com

analytics.pangle-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.253.86.149 (Washington, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

mweb.ck.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.105.221.240 (Tokyo, Japan) 2 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li1875-240.members.linode.com

a.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 185.184.8.90 (Amsterdam, Netherlands) 14 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.119.119.150 (United States)

ASN19750 (AS-CRITEO, US)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.220.27.155 (Amsterdam, Netherlands) 1 redirects

ASN39572 (ADVANCEDHOSTERS-AS, NL)

s.uuidksinc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.184.10.30 (Poland)

ASN203690 (RTB-HOUSE-ASH, PL)
PTR: ip-185-184-10-30.rtbhouse.net

cm.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.0.66 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.90.254.78 (Herndon, United States)

ASN13768 (COGECO-PEER1, CA)

ums.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.173.142.156 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-142-156.compute-1.amazonaws.com

beacon.lynx.cognitivlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.145.213.8 (United States) 1 redirects

ASN39832 (NO-OPERA, NO)
PTR: n-sysadmin-jumpbox-03.feednews.opera.technology

t.adx.opera.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 172.253.122.156 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f156.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.227.152.214 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-227-152-214.compute-1.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.207.24.140 (North Charleston, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 140.24.207.35.bc.googleusercontent.com

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.38.167.131 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:ae80:1471:13::730 (United States) 2 redirects

ASN25751 (VALUECLICK, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.172.26.66 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-172-26-66.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
70	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 120 tpc.googlesyndication.com — Cisco Umbrella Rank: 158	1 MB
59	doubleclick.net 13 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 cm.g.doubleclick.net — Cisco Umbrella Rank: 278	318 KB
50	mal-ware.com mal-ware.com	540 KB
36	gstatic.com fonts.gstatic.com www.gstatic.com	976 KB
19	creativecdn.com 14 redirects creativecdn.com — Cisco Umbrella Rank: 513 cm.creativecdn.com — Cisco Umbrella Rank: 2115	11 KB
18	google.com 4 redirects www.google.com — Cisco Umbrella Rank: 2	95 KB
12	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 141	22 B
8	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 48	9 KB
6	yandex.ru 4 redirects an.yandex.ru — Cisco Umbrella Rank: 6185	2 KB
3	onetag-sys.com 3 redirects onetag-sys.com — Cisco Umbrella Rank: 711	1 KB
2	dotomi.com 2 redirects dclk-match.dotomi.com — Cisco Umbrella Rank: 3850	974 B
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com — Cisco Umbrella Rank: 1198	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 1046	2 KB
2	acuityplatform.com ums.acuityplatform.com — Cisco Umbrella Rank: 1440	54 B
2	travelaudience.com 2 redirects ads.travelaudience.com — Cisco Umbrella Rank: 7144	957 B
2	criteo.com dis.criteo.com — Cisco Umbrella Rank: 632	725 B
2	appier.net 2 redirects a.c.appier.net — Cisco Umbrella Rank: 10628	1 KB
2	pangle-ads.com 2 redirects analytics.pangle-ads.com — Cisco Umbrella Rank: 2791	2 KB
2	sitescout.com 2 redirects pixel-sync.sitescout.com — Cisco Umbrella Rank: 744	1 KB
2	adsrvr.org 2 redirects match.adsrvr.org — Cisco Umbrella Rank: 389	919 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 45	297 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 772	1 KB
1	rfihub.com 1 redirects a.rfihub.com — Cisco Umbrella Rank: 3218	1 KB
1	opera.com 1 redirects t.adx.opera.com — Cisco Umbrella Rank: 1264	673 B
1	cognitivlabs.com 1 redirects beacon.lynx.cognitivlabs.com — Cisco Umbrella Rank: 1794	640 B
1	uuidksinc.net 1 redirects s.uuidksinc.net — Cisco Umbrella Rank: 11612	335 B
1	inmobi.com 1 redirects mweb.ck.inmobi.com — Cisco Umbrella Rank: 5341	510 B
1	adkernel.com 1 redirects dsp.adkernel.com — Cisco Umbrella Rank: 7175	598 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 810	581 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 52	80 KB
251	30

	Domain	Requested by
50	mal-ware.com	mal-ware.com
41	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
36	cm.g.doubleclick.net	7 redirects googleads.g.doubleclick.net mal-ware.com
29	pagead2.googlesyndication.com	mal-ware.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
23	googleads.g.doubleclick.net	6 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
18	www.gstatic.com	www.google.com www.gstatic.com googleads.g.doubleclick.net
18	fonts.gstatic.com	fonts.googleapis.com www.google.com mal-ware.com
18	www.google.com	4 redirects mal-ware.com www.gstatic.com www.google.com googleads.g.doubleclick.net tpc.googlesyndication.com
14	creativecdn.com	14 redirects
12	www.googleadservices.com	googleads.g.doubleclick.net mal-ware.com
8	fonts.googleapis.com	mal-ware.com googleads.g.doubleclick.net
6	an.yandex.ru	4 redirects
5	cm.creativecdn.com
3	onetag-sys.com	3 redirects
2	dclk-match.dotomi.com	2 redirects
2	rtb.mfadsrvr.com	2 redirects
2	pm.w55c.net	2 redirects
2	ums.acuityplatform.com	googleads.g.doubleclick.net
2	ads.travelaudience.com	2 redirects
2	dis.criteo.com	googleads.g.doubleclick.net
2	a.c.appier.net	2 redirects
2	analytics.pangle-ads.com	2 redirects
2	pixel-sync.sitescout.com	2 redirects
2	match.adsrvr.org	2 redirects
2	www.google-analytics.com	www.googletagmanager.com
1	sync.srv.stackadapt.com	1 redirects
1	a.rfihub.com	1 redirects
1	t.adx.opera.com	1 redirects
1	beacon.lynx.cognitivlabs.com	1 redirects
1	s.uuidksinc.net	1 redirects
1	mweb.ck.inmobi.com	1 redirects
1	dsp.adkernel.com	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	www.googletagmanager.com	mal-ware.com
251	34

This site contains no links.

Subject Issuer	Validity	Valid
mal-ware.com R3	`2024-02-13` - `2024-05-13`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-08` - `2024-05-07`	3 months	crt.sh
*.acuityplatform.com Go Daddy Secure Certificate Authority - G2	`2023-04-13` - `2024-05-14`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh

This page contains 31 frames:

Primary Page: https://mal-ware.com/
Frame ID: AA4E8AE083D9EDE774DA31F4730A64AA
Requests: 73 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240214/r20190131/zrt_lookup_fy2021.html
Frame ID: 69039253198AF2F5AD598855BD8B11D8
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeDQM8hAAAAAN6ODurUINCRmSQPUtiGQZ5Qtkhi&co=aHR0cHM6Ly9tYWwtd2FyZS5jb206NDQz&hl=en&v=yiNW3R9jkyLVP5-EEZLDzUtA&size=invisible&cb=5rkww4qphual
Frame ID: 2C15224A3E8CBA2F31C0A630138241B9
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&adk=1812271804&adf=3025194257&lmt=1708100514&plat=1%3A16777216%2C2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&pra=5&wgl=1&easpi=1&asro=0&aslmt=0.4&asamt=-1&aseiel=1~2~4~6~8~16~9~10~11~12~13~14~15~17&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100513612&bpp=16&bdt=518&idt=426&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2453990592256&frm=20&pv=2&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=446
Frame ID: 59C5F792EC20237C8C560814087EBB96
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=280&adk=3809598800&adf=1839787983&pi=t.aa~a.108489206~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=1200x280&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100513628&bpp=2&bdt=533&idt=438&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=100&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=442
Frame ID: FC53A3457E0730D999E401993529CD8B
Requests: 15 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=yiNW3R9jkyLVP5-EEZLDzUtA&k=6LeDQM8hAAAAAN6ODurUINCRmSQPUtiGQZ5Qtkhi
Frame ID: E0661988B78D6932058CD414C0834309
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=280&adk=2375308329&adf=254827259&pi=t.aa~a.2359317494~rp.1&w=586&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=586x280&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=-M&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=3&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=214&ady=1250&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=1&fsb=1&dtd=7
Frame ID: 014148242C4B37DC1B138961362711A9
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=280&adk=2206265524&adf=1864091918&pi=t.aa~a.1579878287~rp.4&w=572&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=572x280&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=-M&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C586x280&nras=4&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=813&ady=1630&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=12
Frame ID: B5AF6361442B8B9AF1370C09354E4DA1
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=90&adk=2820297975&adf=1528403788&pi=t.aa~a.716941871~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=1200x90&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=-M&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C586x280%2C572x280&nras=5&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=17
Frame ID: 7968532A80A0BD1EF2521CC9958D0501
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=90&adk=629407597&adf=1055940801&pi=t.aa~a.2870338501~rp.1&w=1140&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=1140x90&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=-M&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C586x280%2C572x280%2C1200x90&nras=6&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=3208&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=21
Frame ID: C03BE656058B48B18BC0777D785A0DA0
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=100&adk=353725690&adf=2487863802&pi=t.aa~a.2277667889~rp.1&w=600&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=600x100&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=1&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C586x280%2C572x280%2C1200x90%2C1140x90&nras=7&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3752&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=25
Frame ID: 16A77D218658BD94592D27D54844CBAC
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240214/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 33304EE54562E8C6B4C8206B689B9F73
Requests: 6 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 10A92D709540F82F7F85FF9C0675748F
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: A0F921A489424ABB597483FFEFB5DD1B
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 65CFB6F5439A3E95B6B1E273D4E9FE9F
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 98D3F098D744542D3A058BA246060AD9
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 13832B52DD4FCAF5765637C469D39FFF
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 4F78C61BE37193D25F49FF034C6B8EDD
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 67E78DAC968E061FEACE9B2502C26721
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 6C92AA20784A76518A98B39BD8B7BF68
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Mxl_QHRpF3ASJ-0UJYy-xnBnh_t8qFAxMnyvqBA6J-g.js
Frame ID: 2AA976C6678C88EB22E55D0C5FEC8D23
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: F773A4AEBFD8C6EF568B34E10C875203
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 8AF01EA79F23A7BFB671FCD943F05794
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Mxl_QHRpF3ASJ-0UJYy-xnBnh_t8qFAxMnyvqBA6J-g.js
Frame ID: 6C82ACB09937396BDED013B885A16497
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Mxl_QHRpF3ASJ-0UJYy-xnBnh_t8qFAxMnyvqBA6J-g.js
Frame ID: FEB8D51D0D7033615D5C36F88C34DB5D
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Mxl_QHRpF3ASJ-0UJYy-xnBnh_t8qFAxMnyvqBA6J-g.js
Frame ID: 71846E0D158FA4AFE71651753674B71C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Mxl_QHRpF3ASJ-0UJYy-xnBnh_t8qFAxMnyvqBA6J-g.js
Frame ID: BFC66D85B5D1EBF65F5EE026C81D03C0
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Mxl_QHRpF3ASJ-0UJYy-xnBnh_t8qFAxMnyvqBA6J-g.js
Frame ID: D66DBD29E8C65693DFB88CDFB35A0123
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Mxl_QHRpF3ASJ-0UJYy-xnBnh_t8qFAxMnyvqBA6J-g.js
Frame ID: E616BB5FC9A8DF948F5E5ADE3E85530B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 4DAD9FDFEA2CABADC1EF363FB4731F3C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 111B97788F6D5DF5F5B52BD577D7EEAE
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Mal-Ware - Best Ransomware and Malware Removal Service

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Underscore.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

underscore.*\.js(?:\?ver=([\d.]+))?

Yandex.Direct (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://an\.yandex\.ru/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

251
Requests

85 %
HTTPS

32 %
IPv6

30
Domains

34
Subdomains

17
IPs

6
Countries

3391 kB
Transfer

8184 kB
Size

47
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 110

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 175

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEJyVE2un06CdNRj3nJMXT10&google_cver=1&google_push=AXcoOmQgZTGwGmNtKhsGP0vax0OmUdi2To5fQrMpfBEewa1SHW4TE6l4xspEckxwld_3I2Y3fadAc9oEdGLoMbI5G1SxEKXbfsCBTAM12eeAZa_9mbkAMT6SjAjLQN7d7IPetXnFTbHB6AQ3fesJndsOz4sTuQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEJyVE2un06CdNRj3nJMXT10&google_push=AXcoOmQgZTGwGmNtKhsGP0vax0OmUdi2To5fQrMpfBEewa1SHW4TE6l4xspEckxwld_3I2Y3fadAc9oEdGLoMbI5G1SxEKXbfsCBTAM12eeAZa_9mbkAMT6SjAjLQN7d7IPetXnFTbHB6AQ3fesJndsOz4sTuQ

Request Chain 176

https://match.adsrvr.org/track/cmf/google?google_gid=CAESEAUGRsK-TPhH0qUQyZ759nY&google_cver=1&google_push=AXcoOmQSXtE_bgS-zeitbnV58PeiViXV_RAaGRpPQb0c_U1x9UYgKM07cDOUexkjE8lo8wHDqYsRn5QW70mIuVDR-h4A-enYGmaHaDHRAXpv4DuQC_GKbpmT0_Zb66ub4WCFf0VcpD25mdu-v3pxpu90J_q7sg HTTP 302
https://match.adsrvr.org/track/cmb/google?google_gid=CAESEAUGRsK-TPhH0qUQyZ759nY&google_cver=1&google_push=AXcoOmQSXtE_bgS-zeitbnV58PeiViXV_RAaGRpPQb0c_U1x9UYgKM07cDOUexkjE8lo8wHDqYsRn5QW70mIuVDR-h4A-enYGmaHaDHRAXpv4DuQC_GKbpmT0_Zb66ub4WCFf0VcpD25mdu-v3pxpu90J_q7sg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=MGEyNzZkMjktZjU0Mi00OGQ0LWExMjYtMTRiZDE3NmVhNjY1&google_push&gdpr=0&gdpr_consent=&ttd_tdid=0a276d29-f542-48d4-a126-14bd176ea665

Request Chain 177

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEOZwgOOPUHsy62EhL4PwhUs&google_cver=1&google_push=AXcoOmQEd0ANEyqcIz04GAtpNFmf6ZbV25MDGpNbE7RqkWecW-ruOdeeNypr2EA_8K7IgY984TWQHpdidqoEHAw3fMHxTe4hqAKyvjnVL3NeZJNM4PIMcJupPHtKWwrGDjUeeh3HuKnQu5B412gngOoXgKgJAw HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=8&google_gid=CAESEOZwgOOPUHsy62EhL4PwhUs&google_cver=1&google_push=AXcoOmQEd0ANEyqcIz04GAtpNFmf6ZbV25MDGpNbE7RqkWecW-ruOdeeNypr2EA_8K7IgY984TWQHpdidqoEHAw3fMHxTe4hqAKyvjnVL3NeZJNM4PIMcJupPHtKWwrGDjUeeh3HuKnQu5B412gngOoXgKgJAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=B7odjQdIR0O7WeNR87rLBmXPi6M

Request Chain 178

https://dsp.adkernel.com/sync?exchange=11&google_gid=CAESEKlcxj13x0CRH2C8xEBeeho&google_cver=1&google_push=AXcoOmQki6eg-IYLIoQAkz7-skH_8b05S6B8xViMyV6Qq3_MqNaSYtHawncMAhNgOLvxFYvfcdLtgXCpuRNj5ZhCqQUGjzdJZ7E0PNhfx3h3FBHTUzTStzwF1cDUGWUp5AFtphIixrrmtHnduH4GpoGkzx8pdA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adkernel&google_hm=QTkyMDUzNjU2NzEwNTgzNTg3NzI&google_push=AXcoOmQki6eg-IYLIoQAkz7-skH_8b05S6B8xViMyV6Qq3_MqNaSYtHawncMAhNgOLvxFYvfcdLtgXCpuRNj5ZhCqQUGjzdJZ7E0PNhfx3h3FBHTUzTStzwF1cDUGWUp5AFtphIixrrmtHnduH4GpoGkzx8pdA

Request Chain 179

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEJiEUz4T7X9mZZI6Cb1Xa38&google_cver=1&google_push=AXcoOmR50UUuVrXHEu9TyP-xdm95L2Z7ailt4MoUnEuI0P8vmTs8ytC4knDYy4qFcZ_LHLWGyknZUpyaWBqFnNxQWLO5nsKhrvJutc5MrN8VLCuBwrewyXmPLib_b_KKNqbnJqxSPx4aBJg9073MXVrrKhx2gg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmR50UUuVrXHEu9TyP-xdm95L2Z7ailt4MoUnEuI0P8vmTs8ytC4knDYy4qFcZ_LHLWGyknZUpyaWBqFnNxQWLO5nsKhrvJutc5MrN8VLCuBwrewyXmPLib_b_KKNqbnJqxSPx4aBJg9073MXVrrKhx2gg

Request Chain 180

https://an.yandex.ru/mapuid/google/CAESEJzSAKP0tjJi0jccbxvkIQw?ext-param=AXcoOmRt0EJ1B_nRq_fGrXY6FMyNqbkFrhitJ2USSXMmrmtRDv3rg8lCPKFCdn2Vr4Wxbb3TVqYaLeg-OkMfO88wfxYKY68RusCv25EIFvflFHMikKzKXHZJq9uSZC0i2tp2UMWWMTTvIOnnZZl7mCpJfyWr8VM&partner-tag=yandex_ag&google_cver=1 HTTP 302
https://an.yandex.ru/mapuid/google/CAESEJzSAKP0tjJi0jccbxvkIQw?redir-setuniq=1&ext-param=AXcoOmRt0EJ1B_nRq_fGrXY6FMyNqbkFrhitJ2USSXMmrmtRDv3rg8lCPKFCdn2Vr4Wxbb3TVqYaLeg-OkMfO88wfxYKY68RusCv25EIFvflFHMikKzKXHZJq9uSZC0i2tp2UMWWMTTvIOnnZZl7mCpJfyWr8VM&partner-tag=yandex_ag&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEJzSAKP0tjJi0jccbxvkIQw&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif HTTP 302
https://an.yandex.ru/resource/spacer.gif

Request Chain 181

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEEtlVECeQ03okCCIEttemQE&google_cver=1&google_push=AXcoOmQVahj-QSP8BpJgBQAY4fbwsGOQte_OeINCKG7fpdlIP9HX2B0mCB514xgThYu3yPNfHObQeKyveFQfbbnuHdrdcibRVA4fs-1r1vnmgZahTCE0YrzYRlld6eRwKoQXq7qx-mQO87gxIj-_fmrfhewYug HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmQVahj-QSP8BpJgBQAY4fbwsGOQte_OeINCKG7fpdlIP9HX2B0mCB514xgThYu3yPNfHObQeKyveFQfbbnuHdrdcibRVA4fs-1r1vnmgZahTCE0YrzYRlld6eRwKoQXq7qx-mQO87gxIj-_fmrfhewYug

Request Chain 189

https://mweb.ck.inmobi.com/sync/3?redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dinmobi_pte_limited%26google_hm%3D%24DSP_CKID&google_gid=CAESEED7k3iD2m81w7FN1LhUKy4&google_cver=1&google_push=AXcoOmShTNlNuucViOFJ0SFYuusDxEb41LTh6EenIHmZn2Ke68MjD0cGjfVyFHiMk5KbAIKE_ux8W8MrkrnGgKSKaW5wVN4sfIFhkIPTh7CKpaIR-rjkVk7ebxTtwrfX-BMVO6__sDuMxdZZ8je7CHmvc2mRNw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=ZDQzZmQxYTQtYWNlZC00Zjg4LThjNmQtZWYyZjkxNTIwNmRm&google_gid=CAESEED7k3iD2m81w7FN1LhUKy4&google_cver=1&google_push=AXcoOmShTNlNuucViOFJ0SFYuusDxEb41LTh6EenIHmZn2Ke68MjD0cGjfVyFHiMk5KbAIKE_ux8W8MrkrnGgKSKaW5wVN4sfIFhkIPTh7CKpaIR-rjkVk7ebxTtwrfX-BMVO6__sDuMxdZZ8je7CHmvc2mRNw

Request Chain 190

https://a.c.appier.net/gcm?google_gid=CAESEJ36dKlc3-jBz6L8xMfljfQ&google_cver=1&google_push=AXcoOmR6gAbwhQHU4mXItHEjc4CEIqVXL_UlPBIrj2LbTmvZGKXeI9aVg9d3iTtKpkS1H722t_2Ay3MzU2RE8CSd1AXiJHRvlKvIhOCN1nJiFoZ_vejPqbfdvM8RLdpy0-uIJ7Vd2tBFNN43CW0uIYUsfDzRjA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=MWg0MVNiTUpDMGk2UE0zWXBJdlBaUQ%3D%3D&google_push=AXcoOmR6gAbwhQHU4mXItHEjc4CEIqVXL_UlPBIrj2LbTmvZGKXeI9aVg9d3iTtKpkS1H722t_2Ay3MzU2RE8CSd1AXiJHRvlKvIhOCN1nJiFoZ_vejPqbfdvM8RLdpy0-uIJ7Vd2tBFNN43CW0uIYUsfDzRjA

Request Chain 191

https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENZOJATjvY2janIUZCl9bdU&google_cver=1&google_push=AXcoOmSi-CpSz4JHZNRKsi05lfZ9XMf42atXcoVV6N5UbEemjY0upHEQUuYmMB_sH__thIQ2L0mIcNL57V6JiTeFCzGQ7KzKxpLejB4l7jaCzeTWp6mqebNZGbqtTjaid7uVkt2Yxr4h9OsS9OmCByisbbOM HTTP 302
https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENZOJATjvY2janIUZCl9bdU&google_cver=1&google_push=AXcoOmSi-CpSz4JHZNRKsi05lfZ9XMf42atXcoVV6N5UbEemjY0upHEQUuYmMB_sH__thIQ2L0mIcNL57V6JiTeFCzGQ7KzKxpLejB4l7jaCzeTWp6mqebNZGbqtTjaid7uVkt2Yxr4h9OsS9OmCByisbbOM&tc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=PL8iRCy8HnYUohLZ_R5qhJxVB7pCK4W2FrtLCLa4bcE&pi=adx&pi=adxab&google_gid=CAESENZOJATjvY2janIUZCl9bdU&google_cver=1&google_push=AXcoOmSi-CpSz4JHZNRKsi05lfZ9XMf42atXcoVV6N5UbEemjY0upHEQUuYmMB_sH__thIQ2L0mIcNL57V6JiTeFCzGQ7KzKxpLejB4l7jaCzeTWp6mqebNZGbqtTjaid7uVkt2Yxr4h9OsS9OmCByisbbOM&tc=1

Request Chain 193

https://s.uuidksinc.net/match/47/?remote_uid=CAESEJtcdj4S6tIr0XRuANO99fc&c_param1=AXcoOmSX6qOqktm5BGx6CujDPK3uCQcMb2hADPkYtrLfoLMJ8M3f9xivyKAY3kdLxb7eqwiWixwZ9v-FtmVRwTdBXpC225uHp7xZkeR551N7cwbaqzEf7w3fzqw3mreTrIj5I_UP2fEMZkFa2tSq06FQdAiZNA&gdpr=%%GDPR%%&addtl_consent=%%ADDTL_CONSENT%%&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AXcoOmSX6qOqktm5BGx6CujDPK3uCQcMb2hADPkYtrLfoLMJ8M3f9xivyKAY3kdLxb7eqwiWixwZ9v-FtmVRwTdBXpC225uHp7xZkeR551N7cwbaqzEf7w3fzqw3mreTrIj5I_UP2fEMZkFa2tSq06FQdAiZNA

Request Chain 194

https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENZOJATjvY2janIUZCl9bdU&google_cver=1&google_push=AXcoOmRWYEA0YnptZ92yiZBHKUI-j6Lfit6J98MPSTo4qWKxkiVkCiYHtzg2vTLYGEI3h_zTcFrD0i1faCyiAo_mSKchdxS20ZZ6U_nkufyDx5oBfuT-z51VKtvG-vKyxAvJVjv2NJq2NWW-EoKx9qGlNisgJQ HTTP 302
https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENZOJATjvY2janIUZCl9bdU&google_cver=1&google_push=AXcoOmRWYEA0YnptZ92yiZBHKUI-j6Lfit6J98MPSTo4qWKxkiVkCiYHtzg2vTLYGEI3h_zTcFrD0i1faCyiAo_mSKchdxS20ZZ6U_nkufyDx5oBfuT-z51VKtvG-vKyxAvJVjv2NJq2NWW-EoKx9qGlNisgJQ&tc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=PL8iRCy8HnYUohLZ_R5qhJxVB7pCK4W2FrtLCLa4bcE&pi=adx&pi=adxab&google_gid=CAESENZOJATjvY2janIUZCl9bdU&google_cver=1&google_push=AXcoOmRWYEA0YnptZ92yiZBHKUI-j6Lfit6J98MPSTo4qWKxkiVkCiYHtzg2vTLYGEI3h_zTcFrD0i1faCyiAo_mSKchdxS20ZZ6U_nkufyDx5oBfuT-z51VKtvG-vKyxAvJVjv2NJq2NWW-EoKx9qGlNisgJQ&tc=1 HTTP 302
https://cm.creativecdn.com/adx/cm?v=2&pi=adx&pi=adxab&tc=1&google_error=5

Request Chain 195

https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENZOJATjvY2janIUZCl9bdU&google_cver=1&google_push=AXcoOmSbn0YFqRGkhiXhq0zRH2JMPPIho_Qkr1ek90yWTG_SBkYrMOpDhmof8t9fOURUVyuR1lX-JgcQbC6HvN-YYutiZ79j4Hg8KJ_CdPgg8yuwDRomST7woFad-ss8FVWfmNUAGDdCeTCavQx5D9qkxIcGdEk HTTP 302
https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENZOJATjvY2janIUZCl9bdU&google_cver=1&google_push=AXcoOmSbn0YFqRGkhiXhq0zRH2JMPPIho_Qkr1ek90yWTG_SBkYrMOpDhmof8t9fOURUVyuR1lX-JgcQbC6HvN-YYutiZ79j4Hg8KJ_CdPgg8yuwDRomST7woFad-ss8FVWfmNUAGDdCeTCavQx5D9qkxIcGdEk&tc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=PL8iRCy8HnYUohLZ_R5qhJxVB7pCK4W2FrtLCLa4bcE&pi=adx&pi=adxab&google_gid=CAESENZOJATjvY2janIUZCl9bdU&google_cver=1&google_push=AXcoOmSbn0YFqRGkhiXhq0zRH2JMPPIho_Qkr1ek90yWTG_SBkYrMOpDhmof8t9fOURUVyuR1lX-JgcQbC6HvN-YYutiZ79j4Hg8KJ_CdPgg8yuwDRomST7woFad-ss8FVWfmNUAGDdCeTCavQx5D9qkxIcGdEk&tc=1 HTTP 302
https://cm.creativecdn.com/adx/cm?v=2&pi=adx&pi=adxab&tc=1&google_error=5

Request Chain 197

https://ads.travelaudience.com/google_pixel?google_gid=CAESELgdut8vcg0m3I76mDafyFM&google_cver=1&google_push=AXcoOmTn9LOt5Nz6Mtr7lKuANCMNbSC2gZrAm9gmXyO8i-ErlsjdSYGuEfmeTmjP_Vl2G8a9J8u8si9vmFEDTge65U238hJ1mshS_A HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=RJCf02oKSNIJAEC8Hgn87A&google_push=AXcoOmTn9LOt5Nz6Mtr7lKuANCMNbSC2gZrAm9gmXyO8i-ErlsjdSYGuEfmeTmjP_Vl2G8a9J8u8si9vmFEDTge65U238hJ1mshS_A

Request Chain 199

https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESEKsyt5fGeodw-jDZbWRsf6A&google_cver=1&google_push=AXcoOmT7i_GbBREksXGljyt0xl68ZOe82FO-j3gbOlpYTSUOxxu6Z6sO1XWrIWPHGjofVPjif896FYkRHdUWVhAKHFbPHpxLj58LPfE HTTP 302
https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESEKsyt5fGeodw-jDZbWRsf6A&google_cver=1&google_push=AXcoOmT7i_GbBREksXGljyt0xl68ZOe82FO-j3gbOlpYTSUOxxu6Z6sO1XWrIWPHGjofVPjif896FYkRHdUWVhAKHFbPHpxLj58LPfE&tc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=PL8iRCy8HnYUohLZ_R5qhJxVB7pCK4W2FrtLCLa4bcE&pi=adx&pi=adxab&google_gid=CAESEKsyt5fGeodw-jDZbWRsf6A&google_cver=1&google_push=AXcoOmT7i_GbBREksXGljyt0xl68ZOe82FO-j3gbOlpYTSUOxxu6Z6sO1XWrIWPHGjofVPjif896FYkRHdUWVhAKHFbPHpxLj58LPfE&tc=1 HTTP 302
https://cm.creativecdn.com/adx/cm?v=2&pi=adx&pi=adxab&tc=1&google_error=5

Request Chain 200

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEBSWWiEb_w44YuFuEgyEsN8&google_cver=1&google_push=AXcoOmQebi3QQuQMrEB9DQhIy89tQmqzHS-Og2hM2_tUSgTBnHvlWwbuVA-7hISzGQFT8jstULvTNZWZAa1hW3r4VDtwlN_AkMlrCoo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQebi3QQuQMrEB9DQhIy89tQmqzHS-Og2hM2_tUSgTBnHvlWwbuVA-7hISzGQFT8jstULvTNZWZAa1hW3r4VDtwlN_AkMlrCoo

Request Chain 201

https://beacon.lynx.cognitivlabs.com/adx.gif?google_gid=CAESEL2v_CjrXJiCVonVmG3raOQ&google_cver=1&google_push=AXcoOmQN6LiqOxz3CJlYBkX9Ml-bnEoRLsyaERzgCNdwREh8opQseG_cR_U8LbL955MZVWsqoWPa_X31b1LXhUQs2TMdkFLuC06csksq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=cognitiv&google_hm=ekr002MlREmd-B4f3E_rOA&google_push=AXcoOmQN6LiqOxz3CJlYBkX9Ml-bnEoRLsyaERzgCNdwREh8opQseG_cR_U8LbL955MZVWsqoWPa_X31b1LXhUQs2TMdkFLuC06csksq

Request Chain 202

https://t.adx.opera.com/pub/sync?pubid=pub6871767557696&google_push=AXcoOmSmizyPH_kuOAT6G4qihzq3QqyewrX4bGGTCSWuk1cL6lPW4qtUxQerswxLTorJ1o6POlKEMtQ3A-3yo2jN3gvgCQNPQ7fOKTXi&google_gid=CAESENuGoNLlQbIJZLHvQbpcjKM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESENuGoNLlQbIJZLHvQbpcjKM&google_hm=T1BVNTA3MGMwNzNmMjJlNGEyYmJhYWNlM2FhOTJiMWUzNjE&google_nid=opera_norway_as&google_push=AXcoOmSmizyPH_kuOAT6G4qihzq3QqyewrX4bGGTCSWuk1cL6lPW4qtUxQerswxLTorJ1o6POlKEMtQ3A-3yo2jN3gvgCQNPQ7fOKTXi

Request Chain 203

https://an.yandex.ru/mapuid/google/CAESEFwGWqDLSvii3SZonPIhvmY?ext-param=AXcoOmSsJjDC3fNZCZEC5XD4Xyy73mlvWLTowNdF7_kF2pJRgTRTreRkUAIa3epVn2ULM8Na6iTZ6EcImjZYDSv61JfYMu26U0LOPb_m&partner-tag=yandex_ag&google_cver=1 HTTP 302
https://an.yandex.ru/mapuid/google/CAESEFwGWqDLSvii3SZonPIhvmY?redir-setuniq=1&ext-param=AXcoOmSsJjDC3fNZCZEC5XD4Xyy73mlvWLTowNdF7_kF2pJRgTRTreRkUAIa3epVn2ULM8Na6iTZ6EcImjZYDSv61JfYMu26U0LOPb_m&partner-tag=yandex_ag&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEFwGWqDLSvii3SZonPIhvmY&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif HTTP 302
https://an.yandex.ru/resource/spacer.gif

Request Chain 205

https://googleads.g.doubleclick.net/pagead/adview?ai=C22SaoovPZcypKcCvjvQP3qCxcOKv3sV1wZv51qwSZBABINK86BNgye6Oi8CkjBCgAd2kzcIDyAECqAMByAPJBKoE0wFP0EOrCfbV1m_I82_WWHB-eF6CFZVAYg7esO9j62LFxN2iePXrHQF1VyfToV-ckCvPRfDu9tMmR96lBSAuOy4pazIRJc6UDJ0v2j8vN8uGHMjOODARrJg83OMdHGk67LG2_uZolAIfnQm842MNbXbXH5vbUh5UGQnCi7C-d0lyVCTwyOUOn8tJQHImXXucU6cVI3fOv2F1IXjWtjXRjyCzhAUl4QpaqLVhIyJqSYQphOBvOz5e2vNWGrUq8QUgkLJI2VmqLYZjG-yYy3fjUy-EpPD7wASPicm6-wOIBYyfidw3kgUECAQYAZIFBAgFGASgBgKAB4vbsj2oB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAfVyRuoB6a-G9gHAfIHBBD6owjSCCQIgGEQARgfMgKKAjoJgECAwICAgIAISL39wTpY1sWro6KwhAOaCeIBaHR0cHM6Ly9vbmV3aGVlbC5jb20vP25idD1uYiUzQWFkd29yZHMlM0FkJTNBMTQ5NTcwMzk1MDAlM0ExMzYyMTk2MDgyMDclM0E2ODU1ODIwMTMwMTMmbmJfYWR0eXBlPSZuYl9rd2Q9Jm5iX3RpPSZuYl9taT0mbmJfcGM9Jm5iX3BpPSZuYl9wcGk9Jm5iX3BsYWNlbWVudD1tYWwtd2FyZS5jb20mbmJfc2k9e3NvdXJjZWlkfSZuYl9saV9tcz0mbmJfbHBfbXM9Jm5iX2ZpaT0mbmJfYXA9Jm5iX210PYAKAcgLAdoMEAoKEIC05Nuo-vHsGRICAQPYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItNjc0NTU4NjI5MjcxNTE4MxgA&sigh=noVn8Vrk3ZM&uach_m=%5BUACH%5D&ase=2&cid=CAQSPgAvHhf_sdjNKzbvp8JlU9u1gVbPZ3XNQg7osc7VajJ2lVNAgrd_mWonUdCSWi1W_IebKw2lYJzvjEfX9rluGAE&cbvp=2&vis=1&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x957a72b40f2157ff0000000000000000%22,%222%22:%220xbabe757ecc59c1b80000000000000000%22,%223%22:%220x7bc49a28644427560000000000000000%22,%224%22:%220x46074750e681fef20000000000000000%22,%225%22:%220xa43279f5521057dc0000000000000000%22},%22debug_key%22:%2215674842137992419244%22,%22debug_reporting%22:true,%22destination%22:%22https://onewheel.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22944984669%22],%2222%22:[%22true%22],%224%22:[%2202-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%228479891768768758545%22}&andc=true

Request Chain 206

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 207

https://googleads.g.doubleclick.net/pagead/adview?ai=CdzOcoovPZYnPCNDC998P3YK9qAiUzqbUdfyTzpCaErqJ4bbGARABINK86BNgye6Oi8CkjBCgAfyO0p8DyAEJqAMByAPLBKoE0wFP0ISH9YZyAhhlOjBNM1MUVjLwwEgU_k7j-hg66eqtTP5v6BDmooI5LS5uWyoIaLPE3ickeQaxkA9ErfNrL-REUbAtbCX_pDcSiINv3FsdH4AFEYY2Hf5dRY8J947oPCwEsrxettYTVKoREyi3KmUDvgGhZxDaxAs9o48q7sNe8cUT62daGFA6hCGluFIF_krVK5v6YD9HZRsBF7BK4T1z9v9kEfBGw8OEvQAgIWD9VqPd0vqU7ZrtbWFUZnwkVOoenMG8T0VsvCNIuNPyi1mk5DqswASE3_6JzQSIBf6Z7uxNkgUECAQYAZIFBAgFGASgBi6AB-zwrWCoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAfVyRuoB6a-G9gHAPIHBBDKuTXSCCQIgGEQARgfMgKKAjoJgECAwICAgIAISL39wTpY47KJo6KwhAOaCXRodHRwczovL3d3dy5vcnZpbGxlcy5jb20vP3V0bV9zb3VyY2U9R29vZ2xlJnV0bV9tZWRpdW09UGFpZCUyMERpc3BsYXkmdXRtX2NhbXBhaWduPUFwcGxpYW5jZXMmdXRtX2NvbnRlbnQ9QXBwbGlhbmNlc4AKAcgLAdoMEAoKEIDuj_btnpGaexICAQO4E-QD2BMN0BUBgBcBshccChoIABIUcHViLTY3NDU1ODYyOTI3MTUxODMYAA&sigh=Mx5SNlHXcf4&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwAvHhf_T8_7usLYRp2nlNRh0NQTX8lf4XTxhWxK9r2Zr54uUYdlXwC75aNIKSLvE0rnCFoi9NOLpIQCQ1Rmf6eieNuJHAKRQOhnP5PMAHwYAQ&template_id=484&cbvp=2&vis=1&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xf7598be7675f67120000000000000000%22,%222%22:%220x582353c15dc489670000000000000000%22,%223%22:%220xf8e011aa387c92f60000000000000000%22,%224%22:%220x22036e46116ba6bc0000000000000000%22,%225%22:%220xf4807e524cf5df220000000000000000%22},%22debug_key%22:%227323847283144163458%22,%22debug_reporting%22:true,%22destination%22:%22https://orvilles.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22871663484%22],%2222%22:[%22true%22],%224%22:[%2202-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2212010241441287528705%22}&andc=true

Request Chain 208

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 214

https://googleads.g.doubleclick.net/pagead/adview?ai=C1CEToovPZeXYKuW9998P4qOfmAzy-dvodaLI-oS4EtH879DZKRABINK86BNgye6Oi8CkjBCgAczxksYDyAECqAMByAPJBKoE0QFP0Bu_JuSp-p2ofv478IiEDhuQ6buN2oMOwlhxdbJDgxxWgxBvH07zTMGFaYYS8u0_DF7tC8QatJQaQD7knZht2OXFDUu4SR0ricJu8pE4lE32PFxYhHDKw-u6YQcnWdTYYnj7Lf-CGS4-cNP01SPm3iOWpDkQURpE5dTYIKv1yqvVrQnlVgdGxiHqzMffooJ4nDQWfow9ba3dhXAolnJzzjlr7Wwatj9I5jJ-otwKMXqUhm68tz7JuebZMJcVZk2XcBS8TxkqUBSeWvtTUhBDCcAE7cjO4b8EiAXk-tXlTZIFBAgEGAGSBQQIBRgEoAYCgAecju05qAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH1ckbqAemvhvYBwHyBwQQ7P8K0ggkCIBhEAEYHzICigI6CYBAgMCAgICACEi9_cE6WKbDq6OisIQDmgn1AWh0dHBzOi8vZ28uY3Jvd2RzdHJpa2UuY29tLzIwMjMtZ2FydG5lci1tYWdpYy1xdWFkcmFudC1mb3ItZW5kcG9pbnQtcHJvdGVjdGlvbi1wbGF0Zm9ybXMuaHRtbD91dG1fc291cmNlPWdvb2cmdXRtX21lZGl1bT1kaXMmdXRtX2NhbXBhaWduPWNvcmUmdXRtX3Rlcm09cHNwX3RvZnVfYnJvYWQmdXRtX2NvbnRlbnQ9Y3J3ZC1jb3JlLWFtZXItdXMtZW4tcHNwLWl0ZG0tcnB0LWdtcS1zX2ltZ192M194XzcyOHg5MC1jeWJlci0yMDIzgAoByAsB2gwQCgoQkOG-oZuCoPZyEgIBA9gTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi02NzQ1NTg2MjkyNzE1MTgzGAA&sigh=B4ROeoRRvPA&uach_m=%5BUACH%5D&ase=2&cid=CAQSPAAvHhf_RndG2qjUH7ug6lqjINbWEhsHsDWKaedwZ-ucoYtnLK1MEygCd1ynbsBQrxQPgCx1jO4fhtCz9BgB&cbvp=2&vis=1&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xf033b04d8992ef6f0000000000000000%22,%222%22:%220xa1d9220a85906f6e0000000000000000%22,%223%22:%220xc83041c47c57b8f50000000000000000%22,%224%22:%220xf88d8bfeba1dcbf10000000000000000%22,%225%22:%220xa17dd7a83f74d2a60000000000000000%22},%22debug_key%22:%227037284171291871075%22,%22debug_reporting%22:true,%22destination%22:%22https://crowdstrike.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22952416460%22],%2222%22:[%22true%22],%224%22:[%2202-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216885142837504874545%22}&andc=true

Request Chain 215

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEPsK8Jytz3QUFiOMGOGolXU&google_cver=1&google_push=AXcoOmSH4KuR5hHQTIWgXLkLPQ0xL8QhKQcwveTAotajr1pCnNl0O5-SGY1-yeWeHjYSY8fT7GvPPUR62BGyqeM2AVJYTUMtQpd54MsfcV8j6gmp_vrTaZHO71HsK-nQleKsIbEkoffMTm3VsNFD75azr9zp2g HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEPsK8Jytz3QUFiOMGOGolXU&google_cver=1&google_push=AXcoOmSH4KuR5hHQTIWgXLkLPQ0xL8QhKQcwveTAotajr1pCnNl0O5-SGY1-yeWeHjYSY8fT7GvPPUR62BGyqeM2AVJYTUMtQpd54MsfcV8j6gmp_vrTaZHO71HsK-nQleKsIbEkoffMTm3VsNFD75azr9zp2g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=b0Nsd1pMUzIxUkIwWWs1&google_gid=CAESEPsK8Jytz3QUFiOMGOGolXU&google_cver=1&google_push=AXcoOmSH4KuR5hHQTIWgXLkLPQ0xL8QhKQcwveTAotajr1pCnNl0O5-SGY1-yeWeHjYSY8fT7GvPPUR62BGyqeM2AVJYTUMtQpd54MsfcV8j6gmp_vrTaZHO71HsK-nQleKsIbEkoffMTm3VsNFD75azr9zp2g

Request Chain 216

https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENOCZ97uR3wLhNt7DMqkvNU&google_cver=1&google_push=AXcoOmQIIQxp-lODeh9zqP-1iDO2tYLAZPux7LoHC41nDLPzqjjAhZ57xZuVF38fJw9LNLm9W3MmtDk6Uu5TXLwh44sGMkaIIR1awPqsHNYNet3qKdQqsWeBsjZYL7S_G5MM7Nkfy1vsB2Uzcn4vApTipOFzgQ HTTP 302
https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENOCZ97uR3wLhNt7DMqkvNU&google_cver=1&google_push=AXcoOmQIIQxp-lODeh9zqP-1iDO2tYLAZPux7LoHC41nDLPzqjjAhZ57xZuVF38fJw9LNLm9W3MmtDk6Uu5TXLwh44sGMkaIIR1awPqsHNYNet3qKdQqsWeBsjZYL7S_G5MM7Nkfy1vsB2Uzcn4vApTipOFzgQ&tc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=PL8iRCy8HnYUohLZ_R5qhJxVB7pCK4W2FrtLCLa4bcE&pi=adx&pi=adxab&google_gid=CAESENOCZ97uR3wLhNt7DMqkvNU&google_cver=1&google_push=AXcoOmQIIQxp-lODeh9zqP-1iDO2tYLAZPux7LoHC41nDLPzqjjAhZ57xZuVF38fJw9LNLm9W3MmtDk6Uu5TXLwh44sGMkaIIR1awPqsHNYNet3qKdQqsWeBsjZYL7S_G5MM7Nkfy1vsB2Uzcn4vApTipOFzgQ&tc=1

Request Chain 218

https://rtb.mfadsrvr.com/sync?ssp=google&ssp_init=step1&google_gid=CAESECLYl8dH2nPoPyxOe38fSYw&google_cver=1&google_push=AXcoOmTJcg5K9XCaHDhYZeB0pB4ZROHXkrs5o24-hbiicTphrjbpkD5KRxL2xmPp4KPfwSE8CgjZkWQA5S3kZe1bEArpZ7L2org-PYBDwzJZn-BM31MLf3kVSxUQ5MDX7wJAVdMAxl80WhMPGDKKDChZndd6JUY HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=google&ssp_init=step1&google_gid=CAESECLYl8dH2nPoPyxOe38fSYw&google_cver=1&google_push=AXcoOmTJcg5K9XCaHDhYZeB0pB4ZROHXkrs5o24-hbiicTphrjbpkD5KRxL2xmPp4KPfwSE8CgjZkWQA5S3kZe1bEArpZ7L2org-PYBDwzJZn-BM31MLf3kVSxUQ5MDX7wJAVdMAxl80WhMPGDKKDChZndd6JUY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=2XMX0EvWRe-yeTlnWuXfXg==&no_redirect=1&google_push=AXcoOmTJcg5K9XCaHDhYZeB0pB4ZROHXkrs5o24-hbiicTphrjbpkD5KRxL2xmPp4KPfwSE8CgjZkWQA5S3kZe1bEArpZ7L2org-PYBDwzJZn-BM31MLf3kVSxUQ5MDX7wJAVdMAxl80WhMPGDKKDChZndd6JUY

Request Chain 219

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEJL2tFu4jQt7J3w47lN5ogU&google_cver=1&google_push=AXcoOmT1xORTCCj6gWP0ULqXm62KYZn6nFNVc7F1_1R_DntiLkV4anlRGw2n8Iie7I5EUUkuG1AIb2enHC0ObOT4qjZ8TXN-roShya420DxEpnedyMMxclZnsGtZsK_rtUud8k9CzqVuQu6VnBccdgFQDpAzzEM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmT1xORTCCj6gWP0ULqXm62KYZn6nFNVc7F1_1R_DntiLkV4anlRGw2n8Iie7I5EUUkuG1AIb2enHC0ObOT4qjZ8TXN-roShya420DxEpnedyMMxclZnsGtZsK_rtUud8k9CzqVuQu6VnBccdgFQDpAzzEM&google_hm=MzY5NzE4MDg3NzI5MDU0MzI3

Request Chain 220

https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENOCZ97uR3wLhNt7DMqkvNU&google_cver=1&google_push=AXcoOmRc6dhWwCzh_dpdTG7D8vHL7FjRE0e-F2KWURp54_kBTGX508ltzxe5oHN4Y1ZU1JYdERVPB0Hg7wlCcbk9_csxg6_PqMBjv2FGuxBHsVWdGf6nbTyFnf-Ven6Iuqz90iAy4mkXHA_aFe3AGRc9x4GvPKg HTTP 302
https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENOCZ97uR3wLhNt7DMqkvNU&google_cver=1&google_push=AXcoOmRc6dhWwCzh_dpdTG7D8vHL7FjRE0e-F2KWURp54_kBTGX508ltzxe5oHN4Y1ZU1JYdERVPB0Hg7wlCcbk9_csxg6_PqMBjv2FGuxBHsVWdGf6nbTyFnf-Ven6Iuqz90iAy4mkXHA_aFe3AGRc9x4GvPKg&tc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=PL8iRCy8HnYUohLZ_R5qhJxVB7pCK4W2FrtLCLa4bcE&pi=adx&pi=adxab&google_gid=CAESENOCZ97uR3wLhNt7DMqkvNU&google_cver=1&google_push=AXcoOmRc6dhWwCzh_dpdTG7D8vHL7FjRE0e-F2KWURp54_kBTGX508ltzxe5oHN4Y1ZU1JYdERVPB0Hg7wlCcbk9_csxg6_PqMBjv2FGuxBHsVWdGf6nbTyFnf-Ven6Iuqz90iAy4mkXHA_aFe3AGRc9x4GvPKg&tc=1 HTTP 302
https://cm.creativecdn.com/adx/cm?v=2&pi=adx&pi=adxab&tc=1&google_error=5

Request Chain 221

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEBdDUKNOHnqYWO2VXRM7bOA&google_cver=1&google_push=AXcoOmRNwDW3WbwZfV1znJg_RKL6c-6fbFiwltjlZoQ2IMRlC4Hwn2fxQIlCs-NtJWG4gXmnlQoXpaGgrs61wgs9Z-fivI2V8njTruqIZE0AkGWjjTx4miViv_cc25TrkPt0CNRbLHvq7w_wib4PHU0bXRJeRY4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmRNwDW3WbwZfV1znJg_RKL6c-6fbFiwltjlZoQ2IMRlC4Hwn2fxQIlCs-NtJWG4gXmnlQoXpaGgrs61wgs9Z-fivI2V8njTruqIZE0AkGWjjTx4miViv_cc25TrkPt0CNRbLHvq7w_wib4PHU0bXRJeRY4

Request Chain 225

https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEGn35wRaekA5nJoLc07edl0&google_cver=1&google_push=AXcoOmROGfDWX4BcYj-oJZClnhTlAkEacX8QwPvM9mV0rcZYIalF924UB2hDxrzt0fUavRPShMa08KkUeKhCsv7P9ckqUEMPuSU3oDHT1U8FX5M8QpPIMQZkn9es9fsC26gE6vUk2RBmfMo7uK0sFEUE2cvY HTTP 302
https://dclk-match.dotomi.com/match/bounce/current?DotomiTest=624d1a01d0f705e4&is_secure=true&networkId=14000&version=1&google_gid=CAESEGn35wRaekA5nJoLc07edl0&google_cver=1&google_push=AXcoOmROGfDWX4BcYj-oJZClnhTlAkEacX8QwPvM9mV0rcZYIalF924UB2hDxrzt0fUavRPShMa08KkUeKhCsv7P9ckqUEMPuSU3oDHT1U8FX5M8QpPIMQZkn9es9fsC26gE6vUk2RBmfMo7uK0sFEUE2cvY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=dotomi&google_ula=17128,0&google_hm=AAACF8aSO-Q8sAMLcVKFAAAAAAA&expiration=1708186916&google_cver=1&is_secure=true&google_gid=CAESEGn35wRaekA5nJoLc07edl0&google_push=AXcoOmROGfDWX4BcYj-oJZClnhTlAkEacX8QwPvM9mV0rcZYIalF924UB2hDxrzt0fUavRPShMa08KkUeKhCsv7P9ckqUEMPuSU3oDHT1U8FX5M8QpPIMQZkn9es9fsC26gE6vUk2RBmfMo7uK0sFEUE2cvY

Request Chain 226

https://ads.travelaudience.com/google_pixel?google_gid=CAESEJDdnxAdr_30-YEc7xhbn-Y&google_cver=1&google_push=AXcoOmTEJnjey1Vfyk6x70Cm0MoVzLafdxwvT2Qk42r2-gnHFnWMcxH3AE_OUfSyXrFHk8nTSwuk8qjIl7SNx6uQlSSQNSlrkaRmFzN4GM2ZgVrtNLCsFtT5JLBbmlHzdwwg-eQTFYZ0pG7s5fOzL6e8hgUbVw HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=RJCf02oKSNIJAEC8Hgn87A&google_push=AXcoOmTEJnjey1Vfyk6x70Cm0MoVzLafdxwvT2Qk42r2-gnHFnWMcxH3AE_OUfSyXrFHk8nTSwuk8qjIl7SNx6uQlSSQNSlrkaRmFzN4GM2ZgVrtNLCsFtT5JLBbmlHzdwwg-eQTFYZ0pG7s5fOzL6e8hgUbVw

Request Chain 227

https://a.c.appier.net/gcm?google_gid=CAESEMQYijq88sqTcEKUDJZeDi8&google_cver=1&google_push=AXcoOmQSH7vCHKxCi_3sIFY0FhfKskJQoR-II0XjsCXS1ZgxAATVZF51mCCq3PWJKoloLnYqqj5Qyp0q6ED7aSZLAks-pnDYCvsLJac6ScA61Ar99Z9H5d8w28CMG0pjOqKJv1rGQOYGUCPkwVUY0RR-37AwsQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=ZURZX3JIa0JBbXVpNG1vYXBJdlBaUQ%3D%3D&google_push=AXcoOmQSH7vCHKxCi_3sIFY0FhfKskJQoR-II0XjsCXS1ZgxAATVZF51mCCq3PWJKoloLnYqqj5Qyp0q6ED7aSZLAks-pnDYCvsLJac6ScA61Ar99Z9H5d8w28CMG0pjOqKJv1rGQOYGUCPkwVUY0RR-37AwsQ

Request Chain 229

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESELA26-QZQFoNE7UwDIcKCIM&google_cver=1&google_push=AXcoOmT-EB5kMjDo8br63ZJ6WTNR-2x_FplY7PLB5RMN-iphsuufawC0wRT07NV2JwdXhvibh105ghr3sj-2m93FxL9T2xQginnlF78wrLUO5vMPSQ91lTI7Ddb3ddAuj0E8hmC4wMXVqjEpzwrr5lI1xfTMoA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=J0LWDLAEX71cizBkPdshsGAJ9sM&google_push=AXcoOmT-EB5kMjDo8br63ZJ6WTNR-2x_FplY7PLB5RMN-iphsuufawC0wRT07NV2JwdXhvibh105ghr3sj-2m93FxL9T2xQginnlF78wrLUO5vMPSQ91lTI7Ddb3ddAuj0E8hmC4wMXVqjEpzwrr5lI1xfTMoA

Request Chain 230

https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESEIrms-GKFHLwkgCTWR1I4Mw&google_cver=1&google_push=AXcoOmSdF7P1E6PcbUSLXqn-w1UUyaY7gQ5b80AzZXO8UO60YHKYDrrl9s-g1yj-jA5U4qpTMgeRW4hgEo_Qk9Y59xKwR563og32l5PAY9ZhRIUFUw8N7TYU0GafoEVKPdZUp-ZICJ1ioQOJ1o3KM2F4lxfH HTTP 302
https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESEIrms-GKFHLwkgCTWR1I4Mw&google_cver=1&google_push=AXcoOmSdF7P1E6PcbUSLXqn-w1UUyaY7gQ5b80AzZXO8UO60YHKYDrrl9s-g1yj-jA5U4qpTMgeRW4hgEo_Qk9Y59xKwR563og32l5PAY9ZhRIUFUw8N7TYU0GafoEVKPdZUp-ZICJ1ioQOJ1o3KM2F4lxfH&tc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=PL8iRCy8HnYUohLZ_R5qhJxVB7pCK4W2FrtLCLa4bcE&pi=adx&pi=adxab&google_gid=CAESEIrms-GKFHLwkgCTWR1I4Mw&google_cver=1&google_push=AXcoOmSdF7P1E6PcbUSLXqn-w1UUyaY7gQ5b80AzZXO8UO60YHKYDrrl9s-g1yj-jA5U4qpTMgeRW4hgEo_Qk9Y59xKwR563og32l5PAY9ZhRIUFUw8N7TYU0GafoEVKPdZUp-ZICJ1ioQOJ1o3KM2F4lxfH&tc=1 HTTP 302
https://cm.creativecdn.com/adx/cm?v=2&pi=adx&pi=adxab&tc=1&google_error=5

Request Chain 231

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESELICgU_167fY4hcfov8YUKs&google_cver=1&google_push=AXcoOmTVRKlJbJ8k7gE5K8n08yD0oXlZzBVjh1aoI5zapl9w6LQvhplQjhAQfLrb1O3UBBFwTV2c6mA5JpdUK4r6tg_rInXCL0MvaijoHHw65S3YcArWAOOwNLgVVG1Da1L9jqEthivZP-W1ShdBmZL-6jGEPA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTVRKlJbJ8k7gE5K8n08yD0oXlZzBVjh1aoI5zapl9w6LQvhplQjhAQfLrb1O3UBBFwTV2c6mA5JpdUK4r6tg_rInXCL0MvaijoHHw65S3YcArWAOOwNLgVVG1Da1L9jqEthivZP-W1ShdBmZL-6jGEPA

Request Chain 233

https://googleads.g.doubleclick.net/pagead/adview?ai=CZR5EoovPZarHKsHR998Pj5mFgAPGlpDldZPOk56zEs_nquqdQhABINK86BNgye6Oi8CkjBCgAcndvd4DyAEJqAMByAPLBKoE0QFP0CRyAKy1tGsjrFSCBiifMVaB_TkO3CHyIQgYsfx9knlbszf8T_nY4DxP_aWlbnPcxxxTP8n0DPpJyyGQpFsboVkZxp4pcF8qEorHRUCC1_hL7HRX74gkOJamIZRIda83sIniC6rzKGoo-Ua43dUlE0pmRMLtKhkCecWrzc-3-MIefkFgppWGiBTi7pAF0OvHllWm9npcc_ohsKhXWtkBOEWl2No2lMGwAa_GOlkywwJkMQqeW25Xh3Ae1_bv4_OO7YEv2FjqWOGkTyNDsRXPNcAE47ur4dEEiAXv3b3uSZIFBAgEGAGSBQQIBRgEoAYugAefosIhqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH1ckbqAemvhvYBwDyBwQQrKcM0ggkCIBhEAEYHzICigI6CYBAgMCAgICgCEi9_cE6WOOjq6OisIQDmglqaHR0cHM6Ly93d3cuZ29mb3Jtei5jb20vaW5kdXN0cmllcy9jb25zdHJ1Y3Rpb24_dXRtX3NvdXJjZT1nb29nbGUmdXRtX21lZGl1bT1wYWlkJnV0bV9jYW1wYWlnbj1yZW1hcmtldGluZ4AKAcgLAdoMEAoKEICs_-3_i9iCXhICAQO4E-QD2BMN0BUBmBYBgBcBshccChoIABIUcHViLTY3NDU1ODYyOTI3MTUxODMYAA&sigh=_CUg2lBjiPU&uach_m=%5BUACH%5D&ase=2&cid=CAQSOwAvHhf_sRvUWLayI-T_F48Vmg2QbED6o5etVzsMwyAzBdYqvZPLPJcyxb5sIiYycwEGc8h_C0x2vW03GAE&template_id=484&cbvp=2&vis=1&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xbe2c8c95efaacfaa0000000000000000%22,%222%22:%220x67d1cab5206a24e40000000000000000%22,%223%22:%220x4181ba515c601b570000000000000000%22,%224%22:%220xff1204b4bc58bd5b0000000000000000%22,%225%22:%220xdac1a26724d2ee8d0000000000000000%22},%22debug_key%22:%227921777572237950996%22,%22debug_reporting%22:true,%22destination%22:%22https://goformz.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221003450057%22],%2222%22:[%22true%22],%224%22:[%2202-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%226002980149453150705%22}&andc=true

Request Chain 234

https://googleads.g.doubleclick.net/pagead/adview?ai=CQJ4boovPZbXpKsPz998PstSb0ArP3MridYTTo_TDEdzZHhABINK86BNgye6Oi8CkjBCgAaHMpdwDyAEJqAMByAPLBKoE1AFP0J5QNytoCtYxxD8RMHpkOZ2__ogkGHgsOAOnpBxVZoOPENovWZ96lqQKrJ0dL9ZQkYfjuF6NzIJU4sifCiEF4mJ7NgyP_naeYAdlqDZGPb5lYq6hOdLQd_Rr5UXRkeRsRYCKX9M66meSFxCzlj4Cg7wneKbJA0Mi3hGOgCV8Qky3GMQU7mApu701ym7sOhPzwCPxvU9npdDARoso1iHwYopriipjn698JNWibvhTzKEdv11ywcRmbO04uOv4NijkfbubwTbOfW21N7RlJh4b7RDrRcAE2O62xaAEiAWCxpXgKpIFBAgEGAGSBQQIBRgEoAYugAfHs9ojqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH1ckbqAemvhvYBwDyBwQQ3NwN0ggkCIBhEAEYHzICigI6CYBAgMCAgICACEi9_cE6WLfMq6OisIQDmgldaHR0cHM6Ly9qb2huZ2FsdC5jb20vbGVhcm4vd2hpdGUtcGFwZXJzL2xldmVsaW5nLXVwLXMtb3AtZm9yLWEtd2VsbC1vcmNoZXN0cmF0ZWQtc3VwcGx5LWNoYWlugAoByAsB2gwRCgsQ0NPwuMaj9K3OARICAQO4E-QD2BMNiBQC0BUBgBcBshccChoIABIUcHViLTY3NDU1ODYyOTI3MTUxODMYAA&sigh=AJfyvCi7VwU&uach_m=%5BUACH%5D&ase=2&cid=CAQSOwAvHhf_iz4vYfHbHy8MKUPrjpUKR-zZTvTgvRqK1gb9j-WNiqaZ9WImu4apxEMEWDVEjmnGYGiAVQwNGAE&template_id=484&cbvp=2&vis=1&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xd9cfcd45300b85590000000000000000%22,%222%22:%220xed5ea7134189de250000000000000000%22,%223%22:%220xda2483e1803dc2a60000000000000000%22,%224%22:%220x919447ee326d5d040000000000000000%22,%225%22:%220xf8906b3711bc09d00000000000000000%22},%22debug_key%22:%2215483435346521084190%22,%22debug_reporting%22:true,%22destination%22:%22https://johngalt.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22998860321%22],%2222%22:[%22true%22],%224%22:[%2202-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2215575665090017463137%22}&andc=true

Request Chain 237

https://googleads.g.doubleclick.net/pagead/adview?ai=C0vGooovPZcyOK_PK998PgIKw8AHZ7cShdIWwrJfPD-iqtpWLAxABINK86BNgye6Oi8CkjBCgAa6_8-8DyAEBqAMByAPDBKoEywFP0Gl8gGVzCkYdXacI4KlYx--kgI13tdr20FfPFmcmze8foyDiA0Dv7RoeEFewhvPAL91wZQlLn5palCsZ485rq3LY_zg8NWRaYxiwlXSgK06p6EaFMl6xqeDVh9MPLp4qTkNVIew6AsrcKeyqLpuNB3AF8-_L9EWNMj1wQQ8kbpoivfpuO3vIwMDpOJyAX-zEXjaCLd8mBFfIMyPz2-esLDATDJJIc9EEYQQ71SqBcaicGk_iWsaS7XcAEkTBgc2RdQ5APzq9OwMzQcAEocOMwv0DiAXxmKHWPpIFBAgEGAGSBQQIBRgEoAZmgAe6wIwQqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH1ckbqAemvhvYBwHyBwQQlbML0ggkCIBhEAEYHzICigI6CYBAgMCAgICACEi9_cE6WPzaq6OisIQDmgkaaHR0cHM6Ly9uZG0ubmV0L2NoZWNrbWFyeC-ACgHICwHaDBEKCxDg8_-Mwb2dk8EBEgIBA9gTCogUB9AVAYAXAbIXHAoaCAASFHB1Yi02NzQ1NTg2MjkyNzE1MTgzGAA&sigh=GpQTmwPqi80&uach_m=%5BUACH%5D&ase=2&cid=CAQSPAAvHhf_a6UQ_wrjneXTyv9-sBXTA3Jp9FB8QnL3otdXDFgm3buWQzwFVMD1guB4G8PgeEH7hHr9Fx-DzhgB&cbvp=2&vis=1&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x98ee1eec284d0ed70000000000000000%22,%222%22:%220xa4170a6839ed7950000000000000000%22,%223%22:%220x4d3a92ed20a70cba0000000000000000%22,%224%22:%220x5421740fedf7b7200000000000000000%22,%225%22:%220x702c57c8248574060000000000000000%22},%22debug_key%22:%228847072546116455266%22,%22debug_reporting%22:true,%22destination%22:%22https://ndm.net%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221039982510%22],%2222%22:[%22true%22],%224%22:[%2202-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2214850866019686185985%22}&andc=true

Request Chain 238

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

251 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
mal-ware.com/ 102 KB
18 KB 804ms
661ms Document
text/html 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 3ad79aa9658771a808a02f917b05f6c0b99d69e96bcf308d8c282f5bf668e766

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 17953
content-type: text/html; charset=UTF-8
date: Fri, 16 Feb 2024 16:21:52 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
link: <https://mal-ware.com/wp-json/>; rel="https://api.w.org/", <https://mal-ware.com/wp-json/wp/v2/pages/450>; rel="alternate"; type="application/json", <https://mal-ware.com/>; rel=shortlink
pragma: no-cache
server: Apache/2
vary: Accept-Encoding,User-Agent

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 222 KB
80 KB 135ms
60ms Script
application/javascript 2607:f8b0:4004:c06::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-WFC5JE8V08

Requested by

Host: mal-ware.com
URL: https://mal-ware.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e9a4f1e060e4847119dd0bb5b65a8fac4d308f493786ad328b2dde058e14a9ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 81030
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 16 Feb 2024 16:21:53 GMT

GET
H2 200 styles.css
mal-ware.com/wp-content/plugins/contact-form-7/includes/css/ 3 KB
1 KB 59ms
51ms Stylesheet
text/css 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.8.7
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: ccd31ffa708d025833f954b3e0560cedd58df9a0d2706b2ccee5f501c5b2467b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Mon, 05 Feb 2024 16:01:18 GMT
server: Apache/2
etag: "b4e-610a4927fd96a-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 1015

GET
H2 200 st-style.min.css
mal-ware.com/wp-content/themes/uptech/assets/css/ 72 KB
13 KB 111ms
103ms Stylesheet
text/css 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/themes/uptech/assets/css/st-style.min.css?ver=6.4.3
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: fe775d0072ac2808084f11277db464678510460a15372ece3cd2ed9223342fa8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Sun, 03 Apr 2022 20:36:45 GMT
server: Apache/2
etag: "120ab-5dbc5f8565140-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 13077

GET
H2 200 st-responsive.css
mal-ware.com/wp-content/themes/uptech/assets/css/ 16 KB
3 KB 60ms
52ms Stylesheet
text/css 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/themes/uptech/assets/css/st-responsive.css?ver=6.4.3
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 8f377b969d4c52b8d76f761bda009f6595d3482ef7031527ea133ff1359021c2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Sun, 03 Apr 2022 20:36:45 GMT
server: Apache/2
etag: "3ede-5dbc5f8565140-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 3128

GET
H2 200 st-template-options.css
mal-ware.com/wp-content/themes/uptech/assets/css/ 29 B
143 B 56ms
48ms Stylesheet
text/css 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/themes/uptech/assets/css/st-template-options.css?ver=6.4.3
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 719e619b2a16ba235f175ac7163617120e7229817c9a7f319d3c4a82e158f750

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
last-modified: Sun, 03 Apr 2022 20:36:45 GMT
server: Apache/2
etag: "1d-5dbc5f8565140"
vary: User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 29

GET
H2 200 chernpix-elementor.css
mal-ware.com/wp-content/themes/uptech/assets/css/ 27 KB
5 KB 61ms
54ms Stylesheet
text/css 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/themes/uptech/assets/css/chernpix-elementor.css?ver=6.4.3
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: f29f89af383aad18b40b7d8eb2453b8acba07f75f7f0284b58d7462c5113a053

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Sun, 03 Apr 2022 20:36:45 GMT
server: Apache/2
etag: "6c6d-5dbc5f8565140-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 5073

GET
H2 200 font-awesome-4.css
mal-ware.com/wp-content/themes/uptech/assets/css/ 30 KB
7 KB 64ms
57ms Stylesheet
text/css 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/themes/uptech/assets/css/font-awesome-4.css?ver=6.4.3
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: fec956ca86c2b59c957b083d715697b25891ea484813a1a6b8958c4d4b1c9a94

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Sun, 03 Apr 2022 20:36:45 GMT
server: Apache/2
etag: "77bf-5dbc5f8565140-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 6987

GET
H2 200 themify-icons.css
mal-ware.com/wp-content/themes/uptech/assets/css/ 16 KB
3 KB 62ms
55ms Stylesheet
text/css 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/themes/uptech/assets/css/themify-icons.css?ver=6.4.3
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: ce50b6ff12b9cf28c801a3a5b87d607c07dbea403f885fa6ae7312ffbd60c012

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Sun, 03 Apr 2022 20:36:45 GMT
server: Apache/2
etag: "3f5e-5dbc5f8565140-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 2923

GET
H2 200 css
fonts.googleapis.com/ 5 KB
967 B 120ms
44ms Stylesheet
text/css 2607:f8b0:4004:c1b::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins%3A400%2C500%2C600%2C700%26subset%3Dlatin%2Clatin-ext&ver=1.0.0

Requested by

Host: mal-ware.com
URL: https://mal-ware.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fea066fc2a7db2370c60bc0fb2c9e12b516d71215045a1a2bf8b272acbbb4f65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 16 Feb 2024 16:21:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 16 Feb 2024 16:21:53 GMT

GET
H2 200 elementor-icons.min.css
mal-ware.com/wp-content/plugins/elementor/assets/lib/eicons/css/ 19 KB
4 KB 63ms
56ms Stylesheet
text/css 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.27.0
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 811c9e254f52ee41c67c23e2a744ee74b11a0bc9a5d262cafd103e5b975eee68

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 07 Feb 2024 16:35:12 GMT
server: Apache/2
etag: "4cc5-610cd47693eb9-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 4040

GET
H2 200 frontend-lite.min.css
mal-ware.com/wp-content/plugins/elementor/assets/css/ 116 KB
14 KB 114ms
108ms Stylesheet
text/css 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.19.2
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: f7ff24972ad705ba178766d5b58d72a1f06ac10220b1136bddf8caa0c92045e9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 07 Feb 2024 16:35:12 GMT
server: Apache/2
etag: "1cf66-610cd476769fb-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 13865

GET
H2 200 swiper.min.css
mal-ware.com/wp-content/plugins/elementor/assets/lib/swiper/css/ 13 KB
2 KB 62ms
56ms Stylesheet
text/css 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/elementor/assets/lib/swiper/css/swiper.min.css?ver=5.3.6
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: d622534d53d3ac1095af275f0b30274fcd835785577df2dde6d9398e6f7a2c8f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 07 Feb 2024 16:35:12 GMT
server: Apache/2
etag: "324c-610cd4769f650-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 2409

GET
H2 200 post-7.css
mal-ware.com/wp-content/uploads/elementor/css/ 1 KB
433 B 115ms
109ms Stylesheet
text/css 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/uploads/elementor/css/post-7.css?ver=1676854006
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 7af902b859fb38065e0072a80cf0db3331ac639b815b33980658648b9cd439bf

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Mon, 20 Feb 2023 00:46:46 GMT
server: Apache/2
etag: "44b-5f516ff5e2980-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 356

GET
H2 200 global.css
mal-ware.com/wp-content/uploads/elementor/css/ 9 KB
925 B 116ms
110ms Stylesheet
text/css 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/uploads/elementor/css/global.css?ver=1676854007
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: c3f2f7535880ab76f7da7310295b4db7cf22a8dfab82ad48243f4f512d146640

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Mon, 20 Feb 2023 00:46:47 GMT
server: Apache/2
etag: "25ac-5f516ff6d6bc0-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 848

GET
H2 200 post-450.css
mal-ware.com/wp-content/uploads/elementor/css/ 65 KB
5 KB 117ms
112ms Stylesheet
text/css 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/uploads/elementor/css/post-450.css?ver=1676854007
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: b2ead0297249cee541338e500e0b547c3840aa194a378dd9f2bf82913ea1f1c3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Mon, 20 Feb 2023 00:46:47 GMT
server: Apache/2
etag: "104d6-5f516ff6d6bc0-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 5032

GET
H2 200 css
fonts.googleapis.com/ 72 KB
2 KB 121ms
46ms Stylesheet
text/css 2607:f8b0:4004:c1b::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CPoppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CLato%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.4.3

Requested by

Host: mal-ware.com
URL: https://mal-ware.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

de7bbaf6aff3104af650b1b6ece30b6720503de11121e206d9ee9eb5f4445483

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 16 Feb 2024 16:21:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 16 Feb 2024 16:21:53 GMT

GET
H2 200 fontawesome.min.css
mal-ware.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 57 KB
12 KB 165ms
160ms Stylesheet
text/css 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: d01a2ba2805c78957e15a2958135de0f3cb88e95159dd0f6c0a032bd76b1b0e9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 07 Feb 2024 16:35:12 GMT
server: Apache/2
etag: "e238-610cd47696d99-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 12582

GET
H2 200 solid.min.css
mal-ware.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 669 B
363 B 116ms
111ms Stylesheet
text/css 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 37bab6cd583982e8eff58501a99d7c5c4d63664c1ca34f9e3b7cf526c5b73ae2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 07 Feb 2024 16:35:12 GMT
server: Apache/2
etag: "29d-610cd47696d99-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 309

GET
H2 200 regular.min.css
mal-ware.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 677 B
362 B 115ms
110ms Stylesheet
text/css 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: eea3d6ccda7f6503078cce9dc41176c1357af1c93a5b3625131ef7cf21c9d7c4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 07 Feb 2024 16:35:12 GMT
server: Apache/2
etag: "2a5-610cd47696d99-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 308

GET
H2 200 frontend-gtag.min.js Show response
mal-ware.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/ 11 KB
3 KB 115ms
111ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.23.1
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: d7bdba02afa8c04c13f280c71a50f8c8186c883711c5dabbd13566dd738bff0a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Mon, 18 Dec 2023 16:21:22 GMT
server: Apache/2
etag: "2da9-60ccb23fde480-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 3245

GET
H2 200 jquery.min.js Show response
mal-ware.com/wp-includes/js/jquery/ 86 KB
30 KB 166ms
162ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 08 Nov 2023 04:36:36 GMT
server: Apache/2
etag: "15601-6099ca1e5bd00-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 30368

GET
H2 200 jquery-migrate.min.js Show response
mal-ware.com/wp-includes/js/jquery/ 13 KB
5 KB 115ms
111ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 09 Aug 2023 05:27:42 GMT
server: Apache/2
etag: "3509-60276bd160f80-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 4872

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 149 KB
51 KB 178ms
105ms Script
text/javascript 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6745586292715183&host=ca-host-pub-2644536267352236

Requested by

Host: mal-ware.com
URL: https://mal-ware.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d6cf62995c10f8805b4cdeea31b5a3bb9fb5db69c912f66022755a003644896

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mal-ware.com/
Origin: https://mal-ware.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51526
x-xss-protection: 0
server: cafe
etag: 1588408201499216193
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Fri, 16 Feb 2024 16:21:53 GMT

GET
H2 200 6.png
mal-ware.com/wp-content/uploads/2022/02/ 66 KB
66 KB 113ms
110ms Image
image/png 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mal-ware.com/wp-content/uploads/2022/02/6.png
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: a6f22f4f54a62cfb12c9e9dccc9d42ccf2aabe5d7fafbeacb2cc627403136234

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
last-modified: Sun, 20 Feb 2022 21:16:53 GMT
server: Apache/2
accept-ranges: bytes
etag: "107c7-5d879a287bb40"
content-length: 67527
content-type: image/png

GET
H2 200 security.png
mal-ware.com/wp-content/uploads/2022/03/ 14 KB
15 KB 112ms
109ms Image
image/png 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mal-ware.com/wp-content/uploads/2022/03/security.png
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 12206a0a470277e4afe5cc053f3185694630b1ee83f8a33277b159f83f9cd8bd

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
last-modified: Sat, 05 Mar 2022 11:36:55 GMT
server: Apache/2
accept-ranges: bytes
etag: "39b5-5d9770c5843c0"
content-length: 14773
content-type: image/png

GET
H2 200 widget-icon-list.min.css
mal-ware.com/wp-content/plugins/elementor/assets/css/ 10 KB
1 KB 114ms
111ms Stylesheet
text/css 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 3f32df7c79c88bf6abe559bbd0b2752046a67e29a70e29296eb4871961c1d416

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 07 Feb 2024 16:35:12 GMT
server: Apache/2
etag: "26c1-610cd476798db-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 972

GET
H2 200 animations.min.css
mal-ware.com/wp-content/plugins/elementor/assets/lib/animations/ 18 KB
3 KB 53ms
50ms Stylesheet
text/css 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.19.2
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 07 Feb 2024 16:35:12 GMT
server: Apache/2
etag: "4824-610cd47693301-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
accept-ranges: bytes
content-length: 2592

GET
H2 200 index.js Show response
mal-ware.com/wp-content/plugins/contact-form-7/includes/swv/js/ 11 KB
3 KB 53ms
51ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.8.7
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 9c1989ecd392a0c54fb799409154242706940a8e6d800542ba579dfda576bb9d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Mon, 05 Feb 2024 16:01:18 GMT
server: Apache/2
etag: "2b6d-610a4927fe90a-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 3212

GET
H2 200 index.js Show response
mal-ware.com/wp-content/plugins/contact-form-7/includes/js/ 13 KB
4 KB 58ms
50ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.8.7
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 7ee08c60d39f5712a56938fda3e2ab10fe3ef23ec98aeb3c9a29e54f6f31ffe1

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Mon, 05 Feb 2024 16:01:18 GMT
server: Apache/2
etag: "337e-610a4927fdd52-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 4191

GET
H2 200 tilt.js Show response
mal-ware.com/wp-content/themes/uptech/assets/js/ 12 KB
3 KB 57ms
50ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/themes/uptech/assets/js/tilt.js?ver=6.4.3
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: e49e4f22cc5186f3a68e94b9c5d7ef6c31aa05b683bea3799517676425f10fc8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Sun, 03 Apr 2022 20:36:45 GMT
server: Apache/2
etag: "2f61-5dbc5f8565140-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 2918

GET
H2 200 st-main.min.js Show response
mal-ware.com/wp-content/themes/uptech/assets/js/ 4 KB
1 KB 56ms
49ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/themes/uptech/assets/js/st-main.min.js?ver=6.4.3
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 72edb950578570cee07206e0ebd58749b7cb247af27eb918ffab01692724742b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Sun, 03 Apr 2022 20:36:45 GMT
server: Apache/2
etag: "1139-5dbc5f8565140-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 1105

GET
H2 200 jquery.preloader.js Show response
mal-ware.com/wp-content/themes/uptech/assets/js/ 202 B
219 B 56ms
49ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/themes/uptech/assets/js/jquery.preloader.js?ver=6.4.3
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: e3031f7e4ffd92af228a4482af3012b055c763b4c52d5df01055c47f406d0f6b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Sun, 03 Apr 2022 20:36:45 GMT
server: Apache/2
etag: "ca-5dbc5f8565140-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 166

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 129ms
52ms Script
text/javascript 2607:f8b0:4004:c09::68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LeDQM8hAAAAAN6ODurUINCRmSQPUtiGQZ5Qtkhi&ver=3.0

Requested by

Host: mal-ware.com
URL: https://mal-ware.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::68 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

2c6c8389d7ac0ab60f49dec611417cfae5583addbdcb678f879bc2b8ed0f063d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Fri, 16 Feb 2024 16:21:53 GMT

GET
H2 200 wp-polyfill-inert.min.js Show response
mal-ware.com/wp-includes/js/dist/vendor/ 8 KB
3 KB 58ms
52ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Thu, 30 Mar 2023 07:30:11 GMT
server: Apache/2
etag: "1feb-5f819101166c0-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 2484

GET
H2 200 regenerator-runtime.min.js Show response
mal-ware.com/wp-includes/js/dist/vendor/ 6 KB
2 KB 58ms
51ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.14.0
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 1d52e1ac7d3bc25a8b0ffc257153f9dd50249f96fe9a4df5e0d771241a69062c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 08 Nov 2023 04:36:36 GMT
server: Apache/2
etag: "19e1-6099ca1e5bd00-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 2502

GET
H2 200 wp-polyfill.min.js Show response
mal-ware.com/wp-includes/js/dist/vendor/ 112 KB
35 KB 65ms
60ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: da9ed5720b674f0d297fe621ac2d8d518c4e622bef1e9b0d4ae489dee9aa43f8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 08 Nov 2023 04:36:36 GMT
server: Apache/2
etag: "1c1b7-6099ca1e5bd00-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 35888

GET
H2 200 index.js Show response
mal-ware.com/wp-content/plugins/contact-form-7/modules/recaptcha/ 934 B
537 B 58ms
53ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.8.7
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: df0ec8330290d184b1084527076cb87d41b33ba706ff5ab579d761f0cb6a744b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Mon, 05 Feb 2024 16:01:18 GMT
server: Apache/2
etag: "3a6-610a4927ffc92-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 483

GET
H2 200 webpack.runtime.min.js Show response
mal-ware.com/wp-content/plugins/elementor/assets/js/ 5 KB
2 KB 59ms
53ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.19.2
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: dc032c361978c8fa496519488b6cee1b77554a1844ed6cb5d212d2fb87bc55e8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 07 Feb 2024 16:35:12 GMT
server: Apache/2
etag: "1385-610cd47692f19-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 2215

GET
H2 200 frontend-modules.min.js Show response
mal-ware.com/wp-content/plugins/elementor/assets/js/ 59 KB
17 KB 64ms
59ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.19.2
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: bfbd80809e8f863fa4c57fee859cfb30ed989cb6d521928a73586ed1055e6ffe

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 07 Feb 2024 16:35:12 GMT
server: Apache/2
etag: "eb0d-610cd4768bdd2-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 16923

GET
H2 200 waypoints.min.js Show response
mal-ware.com/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
3 KB 60ms
55ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 07 Feb 2024 16:35:12 GMT
server: Apache/2
etag: "2fa6-610cd476a09d8-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 2993

GET
H2 200 core.min.js Show response
mal-ware.com/wp-includes/js/jquery/ui/ 21 KB
7 KB 60ms
56ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Thu, 30 Mar 2023 07:30:26 GMT
server: Apache/2
etag: "53be-5f81910f64880-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 7099

GET
H2 200 frontend.min.js Show response
mal-ware.com/wp-content/plugins/elementor/assets/js/ 39 KB
12 KB 61ms
57ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.19.2
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 3fe543befe804b3847051f8d79d0f0bd7c0995248b9b87b1ab3a49f6862cb903

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 07 Feb 2024 16:35:12 GMT
server: Apache/2
etag: "9d72-610cd4768b602-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 12214

GET
H2 200 underscore.min.js Show response
mal-ware.com/wp-includes/js/ 18 KB
7 KB 61ms
57ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-includes/js/underscore.min.js?ver=1.13.4
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 726b820e44f6ab90ad991d30a4bf26d3a5d71493cbcd1fb1efd0d14e89b9df2a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 02 Nov 2022 08:09:40 GMT
server: Apache/2
etag: "4991-5ec785cc1f900-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 7311

GET
H2 200 wp-util.min.js Show response
mal-ware.com/wp-includes/js/ 1 KB
832 B 58ms
54ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-includes/js/wp-util.min.js?ver=6.4.3
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 3bc6467a95cec8fa516c6f5f69e1301e37e16f9bb1046fe7756729249f901b95

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 02 Nov 2022 08:09:40 GMT
server: Apache/2
etag: "592-5ec785cc1f900-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 756

GET
H2 200 frontend.min.js Show response
mal-ware.com/wp-content/plugins/wpforms-lite/assets/js/integrations/elementor/ 771 B
463 B 58ms
55ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/wpforms-lite/assets/js/integrations/elementor/frontend.min.js?ver=1.8.6.4
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 2dea57483641f8762937dfd9b09126a9b21c88bd3d7486186003e0bbb9043145

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 31 Jan 2024 13:13:36 GMT
server: Apache/2
etag: "303-6103da589f785-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 386

GET
BLOB 200
OK 71b53e85-57cf-42c0-9e58-533f15387adb
https://mal-ware.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://mal-ware.com/71b53e85-57cf-42c0-9e58-533f15387adb
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 112ms
37ms Font
font/woff2 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A400%2C500%2C600%2C700%26subset%3Dlatin%2Clatin-ext&ver=1.0.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mal-ware.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 02:48:00 GMT
x-content-type-options: nosniff
age: 135233
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 02:48:00 GMT

GET
H2 404 bg-footer.png
mal-ware.com/wp-content/themes/uptech/assets/css/assets/images/ 31 KB
31 KB 255ms
254ms Image
text/html 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mal-ware.com/wp-content/themes/uptech/assets/css/assets/images/bg-footer.png
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/wp-content/themes/uptech/assets/css/st-style.min.css?ver=6.4.3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: f7124819a4df2ed6820fd02a266a75c1ea3e0337b84b7f7e73ed2877423960f2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/wp-content/themes/uptech/assets/css/st-style.min.css?ver=6.4.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
server: Apache/2
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
link: <https://mal-ware.com/wp-json/>; rel="https://api.w.org/"
content-length: 7803
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 105ms
42ms Font
font/woff2 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A400%2C500%2C600%2C700%26subset%3Dlatin%2Clatin-ext&ver=1.0.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mal-ware.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:03:38 GMT
x-content-type-options: nosniff
age: 134295
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7748
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 03:03:38 GMT

GET
H2 200 themify.ttf
mal-ware.com/wp-content/themes/uptech/assets/fonts/ 77 KB
40 KB 60ms
51ms Font
application/x-font-ttf 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/themes/uptech/assets/fonts/themify.ttf?-fvbane
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/wp-content/themes/uptech/assets/css/themify-icons.css?ver=6.4.3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 350663a4665e00072c68a87ad3fa0be47b8a91424127f5f3e09f664197295f01

Request headers

Referer: https://mal-ware.com/wp-content/themes/uptech/assets/css/themify-icons.css?ver=6.4.3
Origin: https://mal-ware.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Sun, 03 Apr 2022 20:36:45 GMT
server: Apache/2
etag: "132f8-5dbc5f8565140-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/x-font-ttf
accept-ranges: bytes
content-length: 41006

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 131ms
70ms Font
font/woff2 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A400%2C500%2C600%2C700%26subset%3Dlatin%2Clatin-ext&ver=1.0.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mal-ware.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:06:15 GMT
x-content-type-options: nosniff
age: 134138
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8000
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 03:06:15 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 126ms
65ms Font
font/woff2 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A400%2C500%2C600%2C700%26subset%3Dlatin%2Clatin-ext&ver=1.0.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mal-ware.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 02:48:37 GMT
x-content-type-options: nosniff
age: 135196
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7816
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 02:48:37 GMT

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 151ms
91ms Font
font/woff2 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A400%2C500%2C600%2C700%26subset%3Dlatin%2Clatin-ext&ver=1.0.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mal-ware.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:18:02 GMT
x-content-type-options: nosniff
age: 133431
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7840
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:51:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 03:18:02 GMT

GET
H2 200 fa-solid-900.woff2
mal-ware.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 76 KB
76 KB 54ms
47ms Font
application/octet-stream 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef

Request headers

Referer: https://mal-ware.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
Origin: https://mal-ware.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 07 Feb 2024 16:35:12 GMT
server: Apache/2
accept-ranges: bytes
etag: "13174-610cd4769e6b0-gzip"
vary: Accept-Encoding,User-Agent

GET
H2 200 fa-regular-400.woff2
mal-ware.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 13 KB
13 KB 53ms
46ms Font
application/octet-stream 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.woff2
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 8afc6e5e842baab16010c2ce6fcf48ec4ded8e1579a37c1f1bc027e120d04951

Request headers

Referer: https://mal-ware.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3
Origin: https://mal-ware.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 07 Feb 2024 16:35:12 GMT
server: Apache/2
etag: "33dc-610cd4769c771-gzip"
vary: Accept-Encoding,User-Agent
accept-ranges: bytes
content-length: 13299

GET
H2 200 pxiDyp8kv8JHgFVrJJLmr19VF9eO.woff2
fonts.gstatic.com/s/poppins/v20/ 9 KB
9 KB 91ms
32ms Font
font/woff2 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiDyp8kv8JHgFVrJJLmr19VF9eO.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CPoppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CLato%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.4.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ad6c8bd3624555dd79177efe91f0aca20e7f28597fa6b49762c27f337500d8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mal-ware.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:03:42 GMT
x-content-type-options: nosniff
age: 134291
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8724
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:12:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 03:03:42 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 134ms
76ms Font
font/woff2 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mal-ware.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:15:28 GMT
x-content-type-options: nosniff
age: 133585
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:07:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 03:15:28 GMT

GET
H2 404 code-2vhhhh4.png
mal-ware.com/wp-content/uploads/2022/08/ 31 KB
31 KB 256ms
252ms Image
text/html 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mal-ware.com/wp-content/uploads/2022/08/code-2vhhhh4.png
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: f7124819a4df2ed6820fd02a266a75c1ea3e0337b84b7f7e73ed2877423960f2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
server: Apache/2
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
link: <https://mal-ware.com/wp-json/>; rel="https://api.w.org/"
content-length: 7803
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 404 cchhch4sport-team.png
mal-ware.com/wp-content/uploads/2022/08/ 31 KB
31 KB 308ms
305ms Image
text/html 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mal-ware.com/wp-content/uploads/2022/08/cchhch4sport-team.png
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: f7124819a4df2ed6820fd02a266a75c1ea3e0337b84b7f7e73ed2877423960f2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
server: Apache/2
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
link: <https://mal-ware.com/wp-json/>; rel="https://api.w.org/"
content-length: 7803
expires: Thu, 19 Nov 1981 08:52:00 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
243 B 103ms
41ms Ping
text/plain 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-WFC5JE8V08&gtm=45je42e0v886240969za200&_p=1708100513136&gcd=13l3l3l3l1&npa=0&dma=0&gdid=dZGIzZG&cid=1584802085.1708100513&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1708100513&sct=1&seg=0&dl=https%3A%2F%2Fmal-ware.com%2F&dt=Mal-Ware%20-%20Best%20Ransomware%20and%20Malware%20Removal%20Service&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.forceSSL=true&ep.link_attribution=true&tfd=1217
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WFC5JE8V08
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://mal-ware.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/ 488 KB
195 KB 100ms
33ms Script
text/javascript 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LeDQM8hAAAAAN6ODurUINCRmSQPUtiGQZ5Qtkhi&ver=3.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fd66999fb60ad3289dfaee132ff52c0b1ecba71661e4cbfe47d09ac4f1cd5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mal-ware.com/
Origin: https://mal-ware.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 15:40:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2456
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 198909
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 03:00:37 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Feb 2025 15:40:57 GMT

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/ 406 KB
138 KB 179ms
114ms Script
text/javascript 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6745586292715183&host=ca-host-pub-2644536267352236

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1546cdc84ba3bf3f2eacf0a300c64213ded7b0c8b031557793ee0a3540b0dcb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141049
x-xss-protection: 0
server: cafe
etag: 2097933073660562289
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Feb 2024 16:21:53 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240214/r20190131/ Frame 6903 9 KB
5 KB 100ms
32ms Document
text/html 2607:f8b0:4004:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240214/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6745586292715183&host=ca-host-pub-2644536267352236

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mal-ware.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 54099
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 01:20:14 GMT
etag: 3890843268177463596
expires: Fri, 01 Mar 2024 01:20:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 wp-emoji-release.min.js Show response
mal-ware.com/wp-includes/js/ 18 KB
5 KB 51ms
51ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-includes/js/wp-emoji-release.min.js?ver=6.4.3
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Thu, 30 Mar 2023 07:30:31 GMT
server: Apache/2
etag: "4904-5f819114293c0-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 5039

GET
H2 200 text-editor.2c35aafbe5bf0e127950.bundle.min.js Show response
mal-ware.com/wp-content/plugins/elementor/assets/js/ 1 KB
720 B 50ms
50ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.19.2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 497207545e4aaa14add0c59adb6fc64a61a3375a525c9eb96527dd326a6d62aa

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 07 Feb 2024 16:35:12 GMT
server: Apache/2
etag: "550-610cd47692361-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 666

GET
H2 200 progress.ca55d33bb06cee4e6f02.bundle.min.js Show response
mal-ware.com/wp-content/plugins/elementor/assets/js/ 655 B
447 B 50ms
50ms Script
application/javascript 181.215.49.64
TIER-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mal-ware.com/wp-content/plugins/elementor/assets/js/progress.ca55d33bb06cee4e6f02.bundle.min.js
Requested by: Host: mal-ware.com
URL: https://mal-ware.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.19.2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 181.215.49.64 Dallas, United States, ASN397423 (TIER-NET, US),
Reverse DNS: server.frostbytedns.com
Software: Apache/2 /
Resource Hash: 7f56f5a085074581b6a80c806c6402d0638d7329dd370aa06036a967ae2c8ce2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:53 GMT
content-encoding: gzip
last-modified: Wed, 07 Feb 2024 16:35:12 GMT
server: Apache/2
etag: "28f-610cd47691b91-gzip"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
accept-ranges: bytes
content-length: 393

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 2C15 46 KB
29 KB 72ms
71ms Document
text/html 2607:f8b0:4004:c09::68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeDQM8hAAAAAN6ODurUINCRmSQPUtiGQZ5Qtkhi&co=aHR0cHM6Ly9tYWwtd2FyZS5jb206NDQz&hl=en&v=yiNW3R9jkyLVP5-EEZLDzUtA&size=invisible&cb=5rkww4qphual

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::68 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a3e9ee0a9fe603e0b29bb71d928e475fa389952f02ee8864f3a76c56cd86e224

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-d0nN3GL17OpEiT42qGdRog' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mal-ware.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-d0nN3GL17OpEiT42qGdRog' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:21:53 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/ Frame 2C15 55 KB
24 KB 97ms
34ms Stylesheet
text/css 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeDQM8hAAAAAN6ODurUINCRmSQPUtiGQZ5Qtkhi&co=aHR0cHM6Ly9tYWwtd2FyZS5jb206NDQz&hl=en&v=yiNW3R9jkyLVP5-EEZLDzUtA&size=invisible&cb=5rkww4qphual

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 15:23:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3505
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 03:00:37 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Feb 2025 15:23:28 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/ Frame 2C15 488 KB
194 KB 94ms
32ms Script
text/javascript 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fd66999fb60ad3289dfaee132ff52c0b1ecba71661e4cbfe47d09ac4f1cd5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 15:40:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2456
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 198909
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 03:00:37 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Feb 2025 15:40:57 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 59C5 212 KB
55 KB 415ms
412ms Document
text/html 2607:f8b0:4004:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&adk=1812271804&adf=3025194257&lmt=1708100514&plat=1%3A16777216%2C2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&pra=5&wgl=1&easpi=1&asro=0&aslmt=0.4&asamt=-1&aseiel=1~2~4~6~8~16~9~10~11~12~13~14~15~17&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100513612&bpp=16&bdt=518&idt=426&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2453990592256&frm=20&pv=2&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=446

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

80b5ef4f0243e6b9df1d3b922821553d459bf1dab40f852cf43223eeba437698

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mal-ware.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 55822
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:21:54 GMT
expires: Fri, 16 Feb 2024 16:21:54 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 94ms
91ms Image
image/gif 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=st-preloader&ign=false&pw=1600&ph=1200&x=0&y=1060.8

Requested by

Host: mal-ware.com
URL: https://mal-ware.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 94ms
91ms Image
image/gif 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=st-preloader&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: mal-ware.com
URL: https://mal-ware.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FC53 117 KB
40 KB 890ms
889ms Document
text/html 2607:f8b0:4004:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=280&adk=3809598800&adf=1839787983&pi=t.aa~a.108489206~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=1200x280&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100513628&bpp=2&bdt=533&idt=438&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=100&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=442

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51e6ec54a70e62a059ca14e5a79a603e7326e8ec32677babe745ec975b71220b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mal-ware.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 40935
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:21:54 GMT
expires: Fri, 16 Feb 2024 16:21:54 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zyvIRxypJp9XsXP7bFrUBd8JY_zCSu2ya-bkldlMTk8.js Show response
www.google.com/js/bg/ Frame 2C15 17 KB
7 KB 33ms
32ms Script
text/javascript 2607:f8b0:4004:c09::68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/zyvIRxypJp9XsXP7bFrUBd8JY_zCSu2ya-bkldlMTk8.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::68 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf2bc8471ca9269f57b173fb6c5ad405df0963fcc24aedb26be6e495d94c4e4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeDQM8hAAAAAN6ODurUINCRmSQPUtiGQZ5Qtkhi&co=aHR0cHM6Ly9tYWwtd2FyZS5jb206NDQz&hl=en&v=yiNW3R9jkyLVP5-EEZLDzUtA&size=invisible&cb=5rkww4qphual
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 17:51:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81018
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6974
x-xss-protection: 0
last-modified: Mon, 05 Feb 2024 17:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 14 Feb 2025 17:51:36 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 2C15 2 KB
2 KB 32ms
32ms Image
image/png 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 23:03:56 GMT
x-content-type-options: nosniff
age: 62278
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Thu, 22 Feb 2024 23:03:56 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 2C15 15 KB
15 KB 34ms
33ms Font
font/woff2 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 02:53:48 GMT
x-content-type-options: nosniff
age: 134886
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 02:53:48 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 2C15 15 KB
15 KB 37ms
37ms Font
font/woff2 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 02:58:36 GMT
x-content-type-options: nosniff
age: 134598
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 02:58:36 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 2C15 102 B
135 B 48ms
47ms Other
text/javascript 2607:f8b0:4004:c09::68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=yiNW3R9jkyLVP5-EEZLDzUtA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::68 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7d4765f9e5ef9c44c30128cf2055ea61529f0c9fdf121b4ddca394da954d82df

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeDQM8hAAAAAN6ODurUINCRmSQPUtiGQZ5Qtkhi&co=aHR0cHM6Ly9tYWwtd2FyZS5jb206NDQz&hl=en&v=yiNW3R9jkyLVP5-EEZLDzUtA&size=invisible&cb=5rkww4qphual
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Fri, 16 Feb 2024 16:21:54 GMT

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame E066 7 KB
1 KB 54ms
54ms Document
text/html 2607:f8b0:4004:c09::68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=yiNW3R9jkyLVP5-EEZLDzUtA&k=6LeDQM8hAAAAAN6ODurUINCRmSQPUtiGQZ5Qtkhi

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::68 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

940c1d55e89106dbfa17392cb271c52046a2ed1fd842887feb0385a016ec49ba

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-bntGubDNezhLWqueV2tWgQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mal-ware.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-bntGubDNezhLWqueV2tWgQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:21:54 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/ Frame E066 55 KB
24 KB 33ms
32ms Stylesheet
text/css 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=yiNW3R9jkyLVP5-EEZLDzUtA&k=6LeDQM8hAAAAAN6ODurUINCRmSQPUtiGQZ5Qtkhi

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 15:23:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3506
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 03:00:37 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Feb 2025 15:23:28 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/ Frame E066 488 KB
194 KB 31ms
31ms Script
text/javascript 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=yiNW3R9jkyLVP5-EEZLDzUtA&k=6LeDQM8hAAAAAN6ODurUINCRmSQPUtiGQZ5Qtkhi

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fd66999fb60ad3289dfaee132ff52c0b1ecba71661e4cbfe47d09ac4f1cd5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 15:40:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2457
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 198909
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 03:00:37 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Feb 2025 15:40:57 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/ 165 KB
56 KB 107ms
107ms Script
text/javascript 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/reactive_library_fy2021.js?bust=31081135

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8bef383a20a6a528375e2fd0b9945f1c5de16614458812e66b7f1c18f1db6fcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57028
x-xss-protection: 0
server: cafe
etag: 11047113644083585636
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 16 Feb 2024 16:21:54 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0141 121 KB
42 KB 554ms
552ms Document
text/html 2607:f8b0:4004:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=280&adk=2375308329&adf=254827259&pi=t.aa~a.2359317494~rp.1&w=586&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=586x280&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=-M&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=3&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=214&ady=1250&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=1&fsb=1&dtd=7

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4fd864a1f926872dfd44a815bc545da4ba35464a5230d8c1c9a0c582f06d9426

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mal-ware.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 43468
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:21:55 GMT
expires: Fri, 16 Feb 2024 16:21:55 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B5AF 104 KB
40 KB 562ms
560ms Document
text/html 2607:f8b0:4004:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=280&adk=2206265524&adf=1864091918&pi=t.aa~a.1579878287~rp.4&w=572&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=572x280&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=-M&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C586x280&nras=4&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=813&ady=1630&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=12

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8227e5c6bdd8345ec6bca5a230032a7f65ccfc52248a7fd9c4a089e2d8ffd4a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mal-ware.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 40955
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:21:55 GMT
expires: Fri, 16 Feb 2024 16:21:55 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7968 104 KB
40 KB 506ms
503ms Document
text/html 2607:f8b0:4004:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=90&adk=2820297975&adf=1528403788&pi=t.aa~a.716941871~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=1200x90&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=-M&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C586x280%2C572x280&nras=5&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=17

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f901dd9baecb42078ba25aa9e4fea357dc5fb1183d650e30b07e72a9cb6c4cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mal-ware.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 41315
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:21:55 GMT
expires: Fri, 16 Feb 2024 16:21:55 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C03B 120 KB
42 KB 490ms
489ms Document
text/html 2607:f8b0:4004:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=90&adk=629407597&adf=1055940801&pi=t.aa~a.2870338501~rp.1&w=1140&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=1140x90&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=-M&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C586x280%2C572x280%2C1200x90&nras=6&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=3208&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=21

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54e63be15dfa27d7585436473d0be1451622ceac37637539fdf746ca63bbc8f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mal-ware.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 42916
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:21:55 GMT
expires: Fri, 16 Feb 2024 16:21:55 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 16A7 123 KB
43 KB 516ms
514ms Document
text/html 2607:f8b0:4004:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=100&adk=353725690&adf=2487863802&pi=t.aa~a.2277667889~rp.1&w=600&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=600x100&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=1&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C586x280%2C572x280%2C1200x90%2C1140x90&nras=7&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3752&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=25

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9f037d96ca11763ea316e940649d6b94633db6e5d69fa8a167b73465ef24a367

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mal-ware.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 44290
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:21:55 GMT
expires: Fri, 16 Feb 2024 16:21:55 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 200 reload Show response
www.google.com/recaptcha/api2/ Frame E066 21 KB
15 KB 130ms
129ms XHR
application/json 2607:f8b0:4004:c09::68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6LeDQM8hAAAAAN6ODurUINCRmSQPUtiGQZ5Qtkhi

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::68 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

6283022d3d15fa5472d8351b2c1a29bcd0e66184adc783747822d1c2700304a5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=yiNW3R9jkyLVP5-EEZLDzUtA&k=6LeDQM8hAAAAAN6ODurUINCRmSQPUtiGQZ5Qtkhi
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Fri, 16 Feb 2024 16:21:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Fri, 16 Feb 2024 16:21:54 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240214/r20110914/ Frame 3330 9 KB
4 KB 33ms
33ms Document
text/html 2607:f8b0:4004:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240214/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mal-ware.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 14407
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 12:21:47 GMT
etag: 3890843268177463596
expires: Fri, 01 Mar 2024 12:21:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame 3330 5 KB
790 B 44ms
41ms Stylesheet
text/css 2607:f8b0:4004:c1b::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240214/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

47ce859f7f0f545825c8ab983547bbf88d0de3f52afebc7a1ccc0611661df70d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 16 Feb 2024 16:21:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 16 Feb 2024 15:01:39 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 16 Feb 2024 16:21:54 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 3330 205 B
229 B 33ms
31ms Image
image/png 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240214/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 15:58:33 GMT
x-content-type-options: nosniff
age: 1401
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 15 Feb 2025 15:58:33 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 3330 604 B
628 B 33ms
32ms Image
image/png 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240214/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 15:43:20 GMT
x-content-type-options: nosniff
age: 2314
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 15 Feb 2025 15:43:20 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/elements/html/ Frame 3330 15 KB
6 KB 99ms
35ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240214/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e33434b042c688fa1972d51e9c103fe592fca7a4dd50358c08449c7b0f5cb4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 23:39:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60130
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6487
x-xss-protection: 0
server: cafe
etag: 9214289930287671984
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Feb 2024 23:39:44 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/elements/html/ Frame 3330 22 KB
9 KB 95ms
31ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240214/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

716b2a35acfc8e6a247c9e4d9e3c32dc2354b3a8a6e6481835a64b783a5ba4a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 03:01:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48012
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9141
x-xss-protection: 0
server: cafe
etag: 6041988417631582345
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 03:01:42 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 10A9 14 KB
1 KB 42ms
42ms Stylesheet
text/css 2607:f8b0:4004:c1b::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240214/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a6ee58f60c407b083623fdc4586ae66d10f4586920a825a74e26762bc262eefd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 16 Feb 2024 16:21:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 16 Feb 2024 15:02:43 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 16 Feb 2024 16:21:54 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/ Frame 10A9 2 KB
903 B 40ms
39ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240214/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 03:07:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47668
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 03:07:26 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/ Frame 10A9 23 KB
9 KB 38ms
38ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240214/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 02:51:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48636
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8991
x-xss-protection: 0
server: cafe
etag: 11525033739721728465
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 02:51:18 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A0F9 143 B
166 B 38ms
37ms Document
text/html 2607:f8b0:4004:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240214/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240214/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 67
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:20:47 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/ Frame 10A9 3 KB
1 KB 61ms
59ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240214/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 02:59:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48170
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 02:59:04 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/ Frame 10A9 20 KB
8 KB 61ms
59ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240214/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 23:39:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60128
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Feb 2024 23:39:46 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 10A9 204 KB
61 KB 37ms
36ms Script
text/javascript 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240214/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 15:25:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3412
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62824
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 16 Feb 2024 16:25:02 GMT

GET
H3 200 c0f9635aabdd33ab086e3930fa461563.js Show response
www.gstatic.com/mysidia/ Frame 10A9 36 KB
15 KB 32ms
31ms Script
text/javascript 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/c0f9635aabdd33ab086e3930fa461563.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240214/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bd3e64a75f43409aa3141f35c5d1bd599773aec49d61aaa02522dbe6101c247

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 23:22:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61187
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15250
x-xss-protection: 0
last-modified: Tue, 13 Feb 2024 01:25:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 15 May 2024 23:22:07 GMT

GET
H3 200 refresh_2x.png
www.gstatic.com/recaptcha/api2/ Frame E066 600 B
624 B 37ms
33ms Image
image/png 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/refresh_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 23:01:27 GMT
x-content-type-options: nosniff
age: 62427
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 600
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Thu, 22 Feb 2024 23:01:27 GMT

GET
H3 200 audio_2x.png
www.gstatic.com/recaptcha/api2/ Frame E066 530 B
554 B 37ms
34ms Image
image/png 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/audio_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 22:58:43 GMT
x-content-type-options: nosniff
age: 62591
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 530
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Thu, 22 Feb 2024 22:58:43 GMT

GET
H3 200 info_2x.png
www.gstatic.com/recaptcha/api2/ Frame E066 665 B
689 B 37ms
34ms Image
image/png 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/info_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 23:01:27 GMT
x-content-type-options: nosniff
age: 62427
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 665
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Thu, 22 Feb 2024 23:01:27 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E066 15 KB
15 KB 37ms
35ms Font
font/woff2 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: mal-ware.com
URL: https://mal-ware.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 02:53:48 GMT
x-content-type-options: nosniff
age: 134886
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 02:53:48 GMT

GET
H3 200 KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E066 15 KB
15 KB 38ms
34ms Font
font/woff2 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Requested by

Host: mal-ware.com
URL: https://mal-ware.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:06:15 GMT
x-content-type-options: nosniff
age: 134139
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15340
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 03:06:15 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E066 15 KB
15 KB 49ms
45ms Font
font/woff2 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: mal-ware.com
URL: https://mal-ware.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 02:58:36 GMT
x-content-type-options: nosniff
age: 134598
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 02:58:36 GMT

GET
H3 200 zyvIRxypJp9XsXP7bFrUBd8JY_zCSu2ya-bkldlMTk8.js Show response
www.google.com/js/bg/ Frame E066 17 KB
7 KB 35ms
34ms Script
text/javascript 2607:f8b0:4004:c09::68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/zyvIRxypJp9XsXP7bFrUBd8JY_zCSu2ya-bkldlMTk8.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::68 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf2bc8471ca9269f57b173fb6c5ad405df0963fcc24aedb26be6e495d94c4e4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=yiNW3R9jkyLVP5-EEZLDzUtA&k=6LeDQM8hAAAAAN6ODurUINCRmSQPUtiGQZ5Qtkhi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 17:51:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81018
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6974
x-xss-protection: 0
last-modified: Mon, 05 Feb 2024 17:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 14 Feb 2025 17:51:36 GMT

GET
H3 200 payload
www.google.com/recaptcha/api2/ Frame E066 34 KB
34 KB 50ms
50ms Image
image/jpeg 2607:f8b0:4004:c09::68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/recaptcha/api2/payload?p=06AFcWeA5InsZAz4BKCiFhwsPM1jWcOL9qgLsQrm13OV-g4JDleXh5POVnqrMHybV520uflyWgqaP3kZ4m_06geYb6ypGeu3nLpHFKodr8S-pK-mCvuS7X5rA2MVoXK2XJJyF79-WSdIBQ-Zpk0I4hvgocNc2qWqYAJXWS7fSjGBq3xcPwreY1OaJ6TZTpjSlTKVtqSwx7rCyBFt1mf-gdw1Ft7CaxMTTsGg&k=6LeDQM8hAAAAAN6ODurUINCRmSQPUtiGQZ5Qtkhi

Requested by

Host: mal-ware.com
URL: https://mal-ware.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::68 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3a7268011f29cc56beab656b173cb4d4df7126d09acfb53984d3a8e2020127bd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=yiNW3R9jkyLVP5-EEZLDzUtA&k=6LeDQM8hAAAAAN6ODurUINCRmSQPUtiGQZ5Qtkhi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:54 GMT
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: private, max-age=30
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Fri, 16 Feb 2024 16:21:54 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A0F9
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

56ms
55ms

Document
text/html

2607:f8b0:4004:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240214/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:21:55 GMT
expires: Fri, 16 Feb 2024 16:21:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:21:55 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame FC53 4 KB
679 B 43ms
42ms Stylesheet
text/css 2607:f8b0:4004:c1b::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=280&adk=3809598800&adf=1839787983&pi=t.aa~a.108489206~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=1200x280&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100513628&bpp=2&bdt=533&idt=438&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=100&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=442

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8753541a3a44842cd815d81c4f8c589e0a0d763112d622f3088cd6f064e825fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 16 Feb 2024 16:21:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 16 Feb 2024 14:56:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 16 Feb 2024 16:21:55 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/ Frame FC53 2 KB
861 B 38ms
35ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 03:07:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47669
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 03:07:26 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/ Frame FC53 23 KB
9 KB 32ms
31ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 02:51:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48637
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8991
x-xss-protection: 0
server: cafe
etag: 11525033739721728465
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 02:51:18 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/ Frame FC53 3 KB
1 KB 35ms
35ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 02:59:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48171
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 02:59:04 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/ Frame FC53 20 KB
8 KB 33ms
32ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 23:39:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60129
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Feb 2024 23:39:46 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame FC53 204 KB
61 KB 33ms
33ms Script
text/javascript 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 15:25:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3413
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62824
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 16 Feb 2024 16:25:02 GMT

GET
H3 200 c0f9635aabdd33ab086e3930fa461563.js Show response
www.gstatic.com/mysidia/ Frame FC53 36 KB
15 KB 33ms
32ms Script
text/javascript 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/c0f9635aabdd33ab086e3930fa461563.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bd3e64a75f43409aa3141f35c5d1bd599773aec49d61aaa02522dbe6101c247

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 23:22:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61188
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15250
x-xss-protection: 0
last-modified: Tue, 13 Feb 2024 01:25:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 15 May 2024 23:22:07 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame C03B 4 KB
679 B 43ms
42ms Stylesheet
text/css 2607:f8b0:4004:c1b::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=90&adk=629407597&adf=1055940801&pi=t.aa~a.2870338501~rp.1&w=1140&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=1140x90&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=-M&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C586x280%2C572x280%2C1200x90&nras=6&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=3208&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=21

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

396bd1ab182a204c8c227c5d6aef6cbe3a3481500e816635b408da715695dfa1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 16 Feb 2024 16:21:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 16 Feb 2024 15:00:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 16 Feb 2024 16:21:55 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/ Frame C03B 2 KB
856 B 32ms
31ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 03:07:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47669
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 03:07:26 GMT

GET
H3 200 5d115d22c534f80a76417856e32eef9c.js Show response
www.gstatic.com/mysidia/ Frame 16A7 8 KB
4 KB 32ms
31ms Script
text/javascript 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5d115d22c534f80a76417856e32eef9c.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=100&adk=353725690&adf=2487863802&pi=t.aa~a.2277667889~rp.1&w=600&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=600x100&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=1&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C586x280%2C572x280%2C1200x90%2C1140x90&nras=7&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3752&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=25

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04fa628bda6f9b1ab5f71827ce6c71e8c6ad495a3a5a0ed8858c6f5b2f0513ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 23:16:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61501
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3749
x-xss-protection: 0
last-modified: Tue, 13 Feb 2024 01:25:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 15 May 2024 23:16:54 GMT

GET
H3 200 39b1936085524998ebfc7677a2ba517e.js Show response
www.gstatic.com/mysidia/ Frame 16A7 10 KB
4 KB 34ms
33ms Script
text/javascript 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/39b1936085524998ebfc7677a2ba517e.js?tag=text/vanilla_highlight

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b1a9b4d4a874d9284ffcbc5f13a10e05dbfc8697abedafdaa52f0b86d6e345b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 23:22:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61160
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4466
x-xss-protection: 0
last-modified: Thu, 15 Feb 2024 19:27:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 15 May 2024 23:22:35 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 16A7 14 KB
1 KB 43ms
42ms Stylesheet
text/css 2607:f8b0:4004:c1b::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a6ee58f60c407b083623fdc4586ae66d10f4586920a825a74e26762bc262eefd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 16 Feb 2024 16:21:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 16 Feb 2024 15:00:08 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 16 Feb 2024 16:21:55 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/12576115930624560989/ Frame FC53 37 KB
37 KB 64ms
62ms Image
image/jpeg 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12576115930624560989/14763004658117789537?w=600&h=314&tw=1&q=75

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74aecdd5e4adef711039cfcf5b45315dae346888735b845773b9cadba3ea10eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
date: Fri, 16 Feb 2024 16:21:55 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37781
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 20:22:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 15 Feb 2025 16:21:55 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/6632647894055600159/ Frame FC53 4 KB
4 KB 84ms
82ms Image
image/png 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6632647894055600159/14763004658117789537?w=100&h=100&tw=1&q=75

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc4a0a2b4025db3daab7e6166e06c42566418e59494f976df177d4837c950941

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
date: Fri, 16 Feb 2024 16:21:55 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4243
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 16:49:17 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 15 Feb 2025 16:21:55 GMT

GET
H2 200 6592766407814317453
tpc.googlesyndication.com/simgad/5512517485782544316/ Frame C03B 42 KB
42 KB 37ms
37ms Image
image/jpeg 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5512517485782544316/6592766407814317453

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

538c1141e711cfd44365390193c06e5d699f6b29b33b8a8ac9d3a03832745df9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
date: Fri, 16 Feb 2024 16:21:55 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43101
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 15:56:11 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 15 Feb 2025 16:21:55 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/430147587538412716/ Frame C03B 7 KB
8 KB 33ms
32ms Image
image/png 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/430147587538412716/14763004658117789537?w=100&h=100&tw=1&q=75

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebc28637e9a6cb3635a83c40baf95b4f41031b2153f5f8c03c9af07c05b9e8c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

expires: Sat, 15 Feb 2025 14:25:34 GMT
date: Fri, 16 Feb 2024 14:25:34 GMT
x-content-type-options: nosniff
age: 6981
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7409
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 08:44:43 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/ Frame 16A7 2 KB
822 B 32ms
31ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 03:07:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47669
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 03:07:26 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/ Frame 16A7 23 KB
9 KB 33ms
32ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 02:51:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48637
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8991
x-xss-protection: 0
server: cafe
etag: 11525033739721728465
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 02:51:18 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/ Frame 16A7 3 KB
1 KB 35ms
34ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 02:59:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48171
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 02:59:04 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/ Frame 16A7 20 KB
8 KB 35ms
34ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 23:39:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60129
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Feb 2024 23:39:46 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 16A7 0
0 47ms
46ms Image
text/html 2607:f8b0:4004:c09::68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSZyEk6KBlSHCwH1gUdDM-GNVK_j8-EOoQ59nE2Bu-JNDu2-ST1Cf2uSm4aZT3NW-ewELKoVyF_Sqm_cGgJCc7vDavDVg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=100&adk=353725690&adf=2487863802&pi=t.aa~a.2277667889~rp.1&w=600&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=600x100&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=1&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C586x280%2C572x280%2C1200x90%2C1140x90&nras=7&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3752&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=25
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c09::68 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 16A7 204 KB
61 KB 39ms
39ms Script
text/javascript 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 15:25:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3413
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62824
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 16 Feb 2024 16:25:02 GMT

GET
H3 200 c0f9635aabdd33ab086e3930fa461563.js Show response
www.gstatic.com/mysidia/ Frame 16A7 36 KB
15 KB 33ms
33ms Script
text/javascript 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/c0f9635aabdd33ab086e3930fa461563.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bd3e64a75f43409aa3141f35c5d1bd599773aec49d61aaa02522dbe6101c247

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 23:22:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61188
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15250
x-xss-protection: 0
last-modified: Tue, 13 Feb 2024 01:25:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 15 May 2024 23:22:07 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 0141 4 KB
679 B 47ms
47ms Stylesheet
text/css 2607:f8b0:4004:c1b::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=280&adk=2375308329&adf=254827259&pi=t.aa~a.2359317494~rp.1&w=586&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=586x280&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=-M&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=3&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=214&ady=1250&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=1&fsb=1&dtd=7

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

396bd1ab182a204c8c227c5d6aef6cbe3a3481500e816635b408da715695dfa1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 16 Feb 2024 16:21:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 16 Feb 2024 14:58:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 16 Feb 2024 16:21:55 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/ Frame 0141 2 KB
822 B 35ms
34ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 03:07:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47669
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 03:07:26 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/ Frame 0141 23 KB
9 KB 52ms
50ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 02:51:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48637
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8991
x-xss-protection: 0
server: cafe
etag: 11525033739721728465
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 02:51:18 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/ Frame 0141 3 KB
1 KB 56ms
53ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 02:59:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48171
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 02:59:04 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/ Frame 0141 20 KB
8 KB 35ms
34ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 23:39:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60129
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Feb 2024 23:39:46 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0141 0
0 48ms
48ms Image
text/html 2607:f8b0:4004:c09::68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRsPMavJzHKoyqrD2ZkRhy2Ki2BzxPag0nbTltNgp_XVz0iURRi1iXSjhBzL50liebs0PfM1nyKvitUcqPs6p-vbfDVcg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=280&adk=2375308329&adf=254827259&pi=t.aa~a.2359317494~rp.1&w=586&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=586x280&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=-M&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=3&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=214&ady=1250&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=1&fsb=1&dtd=7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c09::68 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 0141 204 KB
61 KB 38ms
37ms Script
text/javascript 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 15:25:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3413
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62824
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 16 Feb 2024 16:25:02 GMT

GET
H3 200 c0f9635aabdd33ab086e3930fa461563.js Show response
www.gstatic.com/mysidia/ Frame 0141 36 KB
15 KB 34ms
31ms Script
text/javascript 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/c0f9635aabdd33ab086e3930fa461563.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bd3e64a75f43409aa3141f35c5d1bd599773aec49d61aaa02522dbe6101c247

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 23:22:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61188
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15250
x-xss-protection: 0
last-modified: Tue, 13 Feb 2024 01:25:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 15 May 2024 23:22:07 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/ Frame C03B 23 KB
9 KB 42ms
42ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 02:51:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48637
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8991
x-xss-protection: 0
server: cafe
etag: 11525033739721728465
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 02:51:18 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/ Frame C03B 3 KB
1 KB 42ms
41ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 02:59:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48171
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 02:59:04 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 65CF 1 KB
643 B 36ms
35ms Document
text/html 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 47345
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 03:12:50 GMT
etag: 48472445140208031
expires: Sat, 17 Feb 2024 03:12:50 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/ Frame C03B 20 KB
8 KB 33ms
33ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 23:39:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60129
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Feb 2024 23:39:46 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame C03B 0
0 48ms
47ms Image
text/html 2607:f8b0:4004:c09::68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQZWFbZVq52V-7ZDL6cXsmxTC3HpZoyNMcRDBUur8kED_FhYmZl0hNAeqb2xwKv4tRmqIJzwMZVUI3QpyiXDAtUjkjPFA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=90&adk=629407597&adf=1055940801&pi=t.aa~a.2870338501~rp.1&w=1140&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=1140x90&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=-M&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C586x280%2C572x280%2C1200x90&nras=6&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=3208&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=21
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c09::68 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame C03B 204 KB
61 KB 41ms
40ms Script
text/javascript 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 15:25:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3413
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62824
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 16 Feb 2024 16:25:02 GMT

GET
H3 200 c0f9635aabdd33ab086e3930fa461563.js Show response
www.gstatic.com/mysidia/ Frame C03B 36 KB
15 KB 35ms
33ms Script
text/javascript 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/c0f9635aabdd33ab086e3930fa461563.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bd3e64a75f43409aa3141f35c5d1bd599773aec49d61aaa02522dbe6101c247

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 23:22:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61188
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15250
x-xss-protection: 0
last-modified: Tue, 13 Feb 2024 01:25:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 15 May 2024 23:22:07 GMT

GET
H3 200 9086728177915734339
tpc.googlesyndication.com/simgad/ Frame B5AF 42 KB
43 KB 35ms
34ms Image
image/png 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9086728177915734339?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnvbisJuZblSD5ju270LDjfck1P7g

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=280&adk=2206265524&adf=1864091918&pi=t.aa~a.1579878287~rp.4&w=572&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=572x280&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=-M&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C586x280&nras=4&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=813&ady=1630&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=12

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

480352a16d07df92821362b18a9b7d831fbc162de85ee0078b6f4da7cb61620b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 08:08:37 GMT
x-content-type-options: nosniff
age: 29598
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43496
x-xss-protection: 0
last-modified: Fri, 22 Dec 2023 21:49:45 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 15 Feb 2025 08:08:37 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/ Frame B5AF 23 KB
9 KB 71ms
69ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 02:51:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48637
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8991
x-xss-protection: 0
server: cafe
etag: 11525033739721728465
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 02:51:18 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/ Frame B5AF 3 KB
1 KB 50ms
49ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 02:59:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48171
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 02:59:04 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/ Frame B5AF 20 KB
8 KB 44ms
43ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 23:39:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60129
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Feb 2024 23:39:46 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame B5AF 0
0 52ms
51ms Image
text/html 2607:f8b0:4004:c09::68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTndPD8ckOqzdg5MsjYdUhPvCG4zWdpOis44N326eyqFdJ7pFT2f9L46UkQ9STZTyYJLu4lBSPssuJt5B3Q-8Y9xeCvmA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=280&adk=2206265524&adf=1864091918&pi=t.aa~a.1579878287~rp.4&w=572&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=572x280&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=-M&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C586x280&nras=4&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=813&ady=1630&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=12
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c09::68 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame B5AF 204 KB
61 KB 43ms
43ms Script
text/javascript 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 15:25:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3413
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62824
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 16 Feb 2024 16:25:02 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/ Frame B5AF 36 KB
14 KB 46ms
46ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

473f98fc0967c2c122456fc402d7db00d57d3fe3b46a12d075d10eb26a55dd5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 03:02:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47976
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14610
x-xss-protection: 0
server: cafe
etag: 17234995959194474601
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 03:02:19 GMT

GET
H3 200 1945928739428167835
tpc.googlesyndication.com/simgad/ Frame 7968 29 KB
29 KB 121ms
120ms Image
image/png 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1945928739428167835?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnggDS9oNWzeQio35_KuJ4-swMFDg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=90&adk=2820297975&adf=1528403788&pi=t.aa~a.716941871~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=1200x90&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=-M&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C586x280%2C572x280&nras=5&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=17

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e07015cd418cf7fa5470bff958e993954920ab6566e4cec7a9baf6753b35f86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:55 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29648
x-xss-protection: 0
last-modified: Fri, 12 Jan 2024 18:42:18 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 15 Feb 2025 16:21:55 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/ Frame 7968 23 KB
9 KB 63ms
63ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 02:51:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48637
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8991
x-xss-protection: 0
server: cafe
etag: 11525033739721728465
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 02:51:18 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 98D3 143 B
166 B 42ms
33ms Document
text/html 2607:f8b0:4004:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=90&adk=2820297975&adf=1528403788&pi=t.aa~a.716941871~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=1200x90&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=-M&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C586x280%2C572x280&nras=5&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=17
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 68
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:20:47 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/ Frame 7968 3 KB
1 KB 67ms
67ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 02:59:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48171
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 02:59:04 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1383 1 KB
643 B 39ms
32ms Document
text/html 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 47345
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 03:12:50 GMT
etag: 48472445140208031
expires: Sat, 17 Feb 2024 03:12:50 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/ Frame 7968 20 KB
8 KB 41ms
32ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 23:39:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60129
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Feb 2024 23:39:46 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 7968 0
0 52ms
44ms Image
text/html 2607:f8b0:4004:c09::68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTf2Bzk5I7LqkUi5Kw1B5NRSu4Lw57CgyR_9CSa-ftYdJRI6OOKsIw6mM6PKl2YYwcie53hinJfDXiLQz8nP9ut1oTmvg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=90&adk=2820297975&adf=1528403788&pi=t.aa~a.716941871~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=1200x90&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=-M&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C586x280%2C572x280&nras=5&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=3&fsb=1&dtd=17
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c09::68 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 7968 204 KB
61 KB 49ms
40ms Script
text/javascript 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 15:25:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3413
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62824
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 16 Feb 2024 16:25:02 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/ Frame 7968 36 KB
14 KB 66ms
58ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240214/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

473f98fc0967c2c122456fc402d7db00d57d3fe3b46a12d075d10eb26a55dd5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 03:02:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47976
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14610
x-xss-protection: 0
server: cafe
etag: 17234995959194474601
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Mar 2024 03:02:19 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4F78 143 B
166 B 40ms
36ms Document
text/html 2607:f8b0:4004:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=280&adk=2206265524&adf=1864091918&pi=t.aa~a.1579878287~rp.4&w=572&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=572x280&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=-M&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C586x280&nras=4&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=813&ady=1630&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=12
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 68
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:20:47 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 67E7 1 KB
643 B 35ms
34ms Document
text/html 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 47345
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 03:12:50 GMT
etag: 48472445140208031
expires: Sat, 17 Feb 2024 03:12:50 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/10981687386776426783/ Frame 0141 5 KB
5 KB 51ms
50ms Image
image/jpeg 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10981687386776426783/14763004658117789537?w=200&h=200&tw=1&q=75

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa90ea59627221180185809f04d0866c74f1932370c099ebfe5fe402fbee233e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons: true
date: Fri, 16 Feb 2024 16:21:55 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4615
x-xss-protection: 0
last-modified: Tue, 21 Mar 2023 17:35:33 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 15 Feb 2025 16:21:55 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/1732735186137129769/ Frame 0141 177 KB
177 KB 43ms
42ms Image
image/jpeg 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1732735186137129769/14763004658117789537

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

701d640f152aadf261921a262acbfd15c479fd9717d480979a31279ade050bbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

expires: Sat, 15 Feb 2025 15:16:47 GMT
date: Fri, 16 Feb 2024 15:16:47 GMT
x-content-type-options: nosniff
age: 3908
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 181685
x-xss-protection: 0
last-modified: Tue, 06 Feb 2024 17:07:17 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
DATA 200
OK truncated
/ Frame 0141 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 6C92 1 KB
643 B 35ms
32ms Document
text/html 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 47345
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 03:12:50 GMT
etag: 48472445140208031
expires: Sat, 17 Feb 2024 03:12:50 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame FC53 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f9a662c265daf6edb2cada03ec8d4e71c4733fc58a59814ae738cfa373f57ebe

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Mxl_QHRpF3ASJ-0UJYy-xnBnh_t8qFAxMnyvqBA6J-g.js Show response
pagead2.googlesyndication.com/bg/ Frame 2AA9 51 KB
19 KB 32ms
32ms Script
text/javascript 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Mxl_QHRpF3ASJ-0UJYy-xnBnh_t8qFAxMnyvqBA6J-g.js

Requested by

Host: mal-ware.com
URL: https://mal-ware.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33197f40746917701227ed14258cbec6706787fb7ca85031327cafa8103a27e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 11:26:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17755
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19812
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Feb 2025 11:26:00 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F773 143 B
166 B 35ms
33ms Document
text/html 2607:f8b0:4004:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=100&adk=353725690&adf=2487863802&pi=t.aa~a.2277667889~rp.1&w=600&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=600x100&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=1&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C586x280%2C572x280%2C1200x90%2C1140x90&nras=7&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3752&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=25
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 68
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:20:47 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8AF0 1 KB
643 B 32ms
31ms Document
text/html 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 47345
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 03:12:50 GMT
etag: 48472445140208031
expires: Sat, 17 Feb 2024 03:12:50 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 65CF
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEJyVE2un06CdNRj3nJMXT10&google_push=AXcoOmQgZTGwGmNtKhsGP0vax0OmUdi2To5fQrMpfBEewa1SHW4TE6l4xs...

170 B
329 B

49ms
48ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEJyVE2un06CdNRj3nJMXT10&google_push=AXcoOmQgZTGwGmNtKhsGP0vax0OmUdi2To5fQrMpfBEewa1SHW4TE6l4xspEckxwld_3I2Y3fadAc9oEdGLoMbI5G1SxEKXbfsCBTAM12eeAZa_9mbkAMT6SjAjLQN7d7IPetXnFTbHB6AQ3fesJndsOz4sTuQ

Requested by

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-yyz4524-YYZ
pragma: no-cache
date: Fri, 16 Feb 2024 16:21:55 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1708100516.538354,VS0,VE21
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEJyVE2un06CdNRj3nJMXT10&google_push=AXcoOmQgZTGwGmNtKhsGP0vax0OmUdi2To5fQrMpfBEewa1SHW4TE6l4xspEckxwld_3I2Y3fadAc9oEdGLoMbI5G1SxEKXbfsCBTAM12eeAZa_9mbkAMT6SjAjLQN7d7IPetXnFTbHB6AQ3fesJndsOz4sTuQ
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 65CF
Redirect Chain

https://match.adsrvr.org/track/cmf/google?google_gid=CAESEAUGRsK-TPhH0qUQyZ759nY&google_cver=1&google_push=AXcoOmQSXtE_bgS-zeitbnV58PeiViXV_RAaGRpPQb0c_U1x9UYgKM07cDOUexkjE8lo8wHDqYsRn5QW70mIuVDR-h...
https://match.adsrvr.org/track/cmb/google?google_gid=CAESEAUGRsK-TPhH0qUQyZ759nY&google_cver=1&google_push=AXcoOmQSXtE_bgS-zeitbnV58PeiViXV_RAaGRpPQb0c_U1x9UYgKM07cDOUexkjE8lo8wHDqYsRn5QW70mIuVDR-h...
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=MGEyNzZkMjktZjU0Mi00OGQ0LWExMjYtMTRiZDE3NmVhNjY1&google_push&gdpr=0&gdpr_consent=&ttd_tdid=0a276d29-f542-48d4-a126-14bd176ea665

170 B
232 B

48ms
48ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=MGEyNzZkMjktZjU0Mi00OGQ0LWExMjYtMTRiZDE3NmVhNjY1&google_push&gdpr=0&gdpr_consent=&ttd_tdid=0a276d29-f542-48d4-a126-14bd176ea665

Requested by

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=MGEyNzZkMjktZjU0Mi00OGQ0LWExMjYtMTRiZDE3NmVhNjY1&google_push&gdpr=0&gdpr_consent=&ttd_tdid=0a276d29-f542-48d4-a126-14bd176ea665
date: Fri, 16 Feb 2024 16:21:55 GMT
server: Kestrel
content-length: 423

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 65CF
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEOZwgOOPUHsy62EhL4PwhUs&google_cver=1&google_push=AXcoOmQEd0ANEyqcIz04GAtpNFmf6ZbV25MDGpNbE7RqkWecW-ruOdeeNypr2EA_8K7IgY984TWQHpd...
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=8&google_gid=CAESEOZwgOOPUHsy62EhL4PwhUs&google_cver=1&google_push=AXcoOmQEd0ANEyqcIz04GAtpNFmf6ZbV25MDGpNbE7RqkWecW-ruOdeeNypr2EA_8K7Ig...
https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=B7odjQdIR0O7WeNR87rLBmXPi6M

170 B
232 B

51ms
50ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=B7odjQdIR0O7WeNR87rLBmXPi6M

Requested by

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:55 GMT
server: A
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=B7odjQdIR0O7WeNR87rLBmXPi6M
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 65CF
Redirect Chain

https://dsp.adkernel.com/sync?exchange=11&google_gid=CAESEKlcxj13x0CRH2C8xEBeeho&google_cver=1&google_push=AXcoOmQki6eg-IYLIoQAkz7-skH_8b05S6B8xViMyV6Qq3_MqNaSYtHawncMAhNgOLvxFYvfcdLtgXCpuRNj5ZhCqQ...
https://cm.g.doubleclick.net/pixel?google_nid=adkernel&google_hm=QTkyMDUzNjU2NzEwNTgzNTg3NzI&google_push=AXcoOmQki6eg-IYLIoQAkz7-skH_8b05S6B8xViMyV6Qq3_MqNaSYtHawncMAhNgOLvxFYvfcdLtgXCpuRNj5ZhCqQUG...

170 B
232 B

49ms
48ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adkernel&google_hm=QTkyMDUzNjU2NzEwNTgzNTg3NzI&google_push=AXcoOmQki6eg-IYLIoQAkz7-skH_8b05S6B8xViMyV6Qq3_MqNaSYtHawncMAhNgOLvxFYvfcdLtgXCpuRNj5ZhCqQUGjzdJZ7E0PNhfx3h3FBHTUzTStzwF1cDUGWUp5AFtphIixrrmtHnduH4GpoGkzx8pdA

Requested by

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=adkernel&google_hm=QTkyMDUzNjU2NzEwNTgzNTg3NzI&google_push=AXcoOmQki6eg-IYLIoQAkz7-skH_8b05S6B8xViMyV6Qq3_MqNaSYtHawncMAhNgOLvxFYvfcdLtgXCpuRNj5ZhCqQUGjzdJZ7E0PNhfx3h3FBHTUzTStzwF1cDUGWUp5AFtphIixrrmtHnduH4GpoGkzx8pdA
Date: Fri, 16 Feb 2024 16:21:55 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 65CF
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEJiEUz4T7X9mZZI6Cb1Xa38&google_cver=1&google_push=AXcoOmR50UUuVrXHEu9TyP-xdm95L2Z7ailt4MoUnEuI0P8vmTs8ytC4knDYy4qFcZ_LHLWGyknZUpyaWBqF...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmR50UUuVrXHEu9TyP-xdm95L2Z7ailt4MoUnEuI0P8vmTs8ytC4knDYy4qFcZ_LHLWGyknZUpyaWBqFnNxQWLO5nsKhrvJutc5MrN8VLCuBwrewyXmP...

170 B
232 B

50ms
50ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmR50UUuVrXHEu9TyP-xdm95L2Z7ailt4MoUnEuI0P8vmTs8ytC4knDYy4qFcZ_LHLWGyknZUpyaWBqFnNxQWLO5nsKhrvJutc5MrN8VLCuBwrewyXmPLib_b_KKNqbnJqxSPx4aBJg9073MXVrrKhx2gg

Requested by

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmR50UUuVrXHEu9TyP-xdm95L2Z7ailt4MoUnEuI0P8vmTs8ytC4knDYy4qFcZ_LHLWGyknZUpyaWBqFnNxQWLO5nsKhrvJutc5MrN8VLCuBwrewyXmPLib_b_KKNqbnJqxSPx4aBJg9073MXVrrKhx2gg
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2

200

spacer.gif
an.yandex.ru/resource/ Frame 65CF
Redirect Chain

https://an.yandex.ru/mapuid/google/CAESEJzSAKP0tjJi0jccbxvkIQw?ext-param=AXcoOmRt0EJ1B_nRq_fGrXY6FMyNqbkFrhitJ2USSXMmrmtRDv3rg8lCPKFCdn2Vr4Wxbb3TVqYaLeg-OkMfO88wfxYKY68RusCv25EIFvflFHMikKzKXHZJq9uS...
https://an.yandex.ru/mapuid/google/CAESEJzSAKP0tjJi0jccbxvkIQw?redir-setuniq=1&ext-param=AXcoOmRt0EJ1B_nRq_fGrXY6FMyNqbkFrhitJ2USSXMmrmtRDv3rg8lCPKFCdn2Vr4Wxbb3TVqYaLeg-OkMfO88wfxYKY68RusCv25EIFvfl...
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEJzSAKP0tjJi0jccbxvkIQw&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif
https://an.yandex.ru/resource/spacer.gif

43 B
79 B

156ms
155ms

Image
image/gif

2a02:6b8::90
TELETECH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/resource/spacer.gif

Protocol

Server

2a02:6b8::90 , Russian Federation, ASN208398 (TELETECH, RS),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:56 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 18 Apr 2001 10:28:03 GMT
content-security-policy-report-only: default-src 'none'; base-uri 'none'; script-src 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech http://an.yandex.ru; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs-partner-ro&project=yabs&yandex_login=&platform=
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Fri, 31 Jan 2025 16:21:56 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://an.yandex.ru/resource/spacer.gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 237
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 65CF
Redirect Chain

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEEtlVECeQ03okCCIEttemQE&google_cver=1&google_push=AXcoOmQVahj-QSP8BpJgBQAY4fbwsGOQte_OeINCKG7fpdlIP9HX2B0mCB514xgThYu...
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmQVahj-QSP8BpJgBQAY4fbwsGOQte_OeINCKG7fpdlIP9HX2B0mCB514xgThYu3yPNfHObQeKyveFQfbbnuHdrdcibRVA4fs-1r1vnmgZahTCE0YrzYRlld6eR...

170 B
188 B

49ms
49ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmQVahj-QSP8BpJgBQAY4fbwsGOQte_OeINCKG7fpdlIP9HX2B0mCB514xgThYu3yPNfHObQeKyveFQfbbnuHdrdcibRVA4fs-1r1vnmgZahTCE0YrzYRlld6eRwKoQXq7qx-mQO87gxIj-_fmrfhewYug

Requested by

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-akamai-request-id: 5b992ab2.1145a9e
date: Fri, 16 Feb 2024 16:21:55 GMT
x-bytefaas-request-id: 2024021616215532C1704DFC46F81D5829
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24021616215532C1704DFC46F81D5829-3BFBB2288F7FF8B0-00
x-cache: TCP_MISS from a23-45-233-12.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.1-54232288) (-)
x-parent-response-time: 12,23.45.233.12
server-timing: cdn-cache; desc=MISS, edge; dur=5, origin; dur=8, inner; dur=6
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024021616215532C1704DFC46F81D5829
x-cache-remote: TCP_MISS from a23-213-246-140.deploy.akamaitechnologies.com (AkamaiGHost/11.4.1-53915762) (-)
access-control-max-age: 86400
access-control-allow-methods: *
location: https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmQVahj-QSP8BpJgBQAY4fbwsGOQte_OeINCKG7fpdlIP9HX2B0mCB514xgThYu3yPNfHObQeKyveFQfbbnuHdrdcibRVA4fs-1r1vnmgZahTCE0YrzYRlld6eRwKoQXq7qx-mQO87gxIj-_fmrfhewYug
x-bytefaas-execution-duration: 4.80
access-control-allow-origin: *
access-control-allow-credentials: true
x-gw-dst-psm: ad.union.pangle_web_traffic
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f787aac5e8d183372a1c675e5f2eb8625ff9a58ccd93766bc931c17261c9ae57cc143e877441969e08d6a6b60573ed7da1ce90650988afdec8428cd64f1d633fc36527809b337330f63f59bf3c3c74410e2a07bf2ac83ab99ee836cdc5d9da21d61
x-origin-response-time: 9,23.213.246.140
cache-control: max-age=0, no-cache, no-store
access-control-allow-headers: *
expires: Fri, 16 Feb 2024 16:21:55 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 65CF 0
139 B 117ms
46ms Image
text/html 142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LsKy8xOctaHQ0sbtqlexff5alIYLcEkKVUfZCCnrX_0xvgkwj7L8tE1-gPXL2NmSsOOdTxCRw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:55 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame FC53 16 KB
16 KB 37ms
36ms Font
font/woff2 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 02:48:00 GMT
x-content-type-options: nosniff
age: 135235
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 02:48:00 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame FC53 15 KB
15 KB 33ms
33ms Font
font/woff2 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 02:53:49 GMT
x-content-type-options: nosniff
age: 134886
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 02:53:49 GMT

GET
DATA 200
OK truncated
/ Frame B5AF 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 78622276fd9bd8110b9a92b726565f37e2d9f024160cc28b61cbd9ce1941c433

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame C03B 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3c350b68116b9527f43417b1b6f66dc0436798d3fb6472129de53e3ebd277d2

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 16A7 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 110247c7157ad59af41c38ce979a06a11af5a8e0e44e87b9234721f6c7e24750

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 7968 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 327a11ef5fa6dbc3069174b88a5ed34f00624c53b47a3dcb4cb4a162aa4445b7

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1383
Redirect Chain

https://mweb.ck.inmobi.com/sync/3?redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dinmobi_pte_limited%26google_hm%3D%24DSP_CKID&google_gid=CAESEED7k3iD2m81w7FN1LhUKy4&google_cver=...
https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=ZDQzZmQxYTQtYWNlZC00Zjg4LThjNmQtZWYyZjkxNTIwNmRm&google_gid=CAESEED7k3iD2m81w7FN1LhUKy4&google_cver=1&google_push=AXcoOmSh...

170 B
188 B

48ms
47ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=ZDQzZmQxYTQtYWNlZC00Zjg4LThjNmQtZWYyZjkxNTIwNmRm&google_gid=CAESEED7k3iD2m81w7FN1LhUKy4&google_cver=1&google_push=AXcoOmShTNlNuucViOFJ0SFYuusDxEb41LTh6EenIHmZn2Ke68MjD0cGjfVyFHiMk5KbAIKE_ux8W8MrkrnGgKSKaW5wVN4sfIFhkIPTh7CKpaIR-rjkVk7ebxTtwrfX-BMVO6__sDuMxdZZ8je7CHmvc2mRNw

Requested by

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=ZDQzZmQxYTQtYWNlZC00Zjg4LThjNmQtZWYyZjkxNTIwNmRm&google_gid=CAESEED7k3iD2m81w7FN1LhUKy4&google_cver=1&google_push=AXcoOmShTNlNuucViOFJ0SFYuusDxEb41LTh6EenIHmZn2Ke68MjD0cGjfVyFHiMk5KbAIKE_ux8W8MrkrnGgKSKaW5wVN4sfIFhkIPTh7CKpaIR-rjkVk7ebxTtwrfX-BMVO6__sDuMxdZZ8je7CHmvc2mRNw
date: Fri, 16 Feb 2024 16:21:55 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1383
Redirect Chain

https://a.c.appier.net/gcm?google_gid=CAESEJ36dKlc3-jBz6L8xMfljfQ&google_cver=1&google_push=AXcoOmR6gAbwhQHU4mXItHEjc4CEIqVXL_UlPBIrj2LbTmvZGKXeI9aVg9d3iTtKpkS1H722t_2Ay3MzU2RE8CSd1AXiJHRvlKvIhOCN1...
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=MWg0MVNiTUpDMGk2UE0zWXBJdlBaUQ%3D%3D&google_push=AXcoOmR6gAbwhQHU4mXItHEjc4CEIqVXL_UlPBIrj2LbTmvZGKXeI9aVg9d3iTtKpkS1H722t_2Ay3MzU2RE8...

170 B
188 B

48ms
47ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=MWg0MVNiTUpDMGk2UE0zWXBJdlBaUQ%3D%3D&google_push=AXcoOmR6gAbwhQHU4mXItHEjc4CEIqVXL_UlPBIrj2LbTmvZGKXeI9aVg9d3iTtKpkS1H722t_2Ay3MzU2RE8CSd1AXiJHRvlKvIhOCN1nJiFoZ_vejPqbfdvM8RLdpy0-uIJ7Vd2tBFNN43CW0uIYUsfDzRjA

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 16 Feb 2024 16:21:56 GMT
server: nginx
accept-ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=MWg0MVNiTUpDMGk2UE0zWXBJdlBaUQ%3D%3D&google_push=AXcoOmR6gAbwhQHU4mXItHEjc4CEIqVXL_UlPBIrj2LbTmvZGKXeI9aVg9d3iTtKpkS1H722t_2Ay3MzU2RE8CSd1AXiJHRvlKvIhOCN1nJiFoZ_vejPqbfdvM8RLdpy0-uIJ7Vd2tBFNN43CW0uIYUsfDzRjA
content-type: text/html; charset=utf-8
cache-control: no-store
content-length: 301

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1383
Redirect Chain

https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENZOJATjvY2janIUZCl9bdU&google_cver=1&google_push=AXcoOmSi-CpSz4JHZNRKsi05lfZ9XMf42atXcoVV6N5UbEemjY0upHEQUuYmMB_sH__thIQ2L0mIcNL57V6JiTeFC...
https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENZOJATjvY2janIUZCl9bdU&google_cver=1&google_push=AXcoOmSi-CpSz4JHZNRKsi05lfZ9XMf42atXcoVV6N5UbEemjY0upHEQUuYmMB_sH__thIQ2L0mIcNL57V6JiTeFC...
https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=PL8iRCy8HnYUohLZ_R5qhJxVB7pCK4W2FrtLCLa4bcE&pi=adx&pi=adxab&google_gid=CAESENZOJATjvY2janIUZCl9bdU&google_cver=1...

170 B
188 B

53ms
48ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=PL8iRCy8HnYUohLZ_R5qhJxVB7pCK4W2FrtLCLa4bcE&pi=adx&pi=adxab&google_gid=CAESENZOJATjvY2janIUZCl9bdU&google_cver=1&google_push=AXcoOmSi-CpSz4JHZNRKsi05lfZ9XMf42atXcoVV6N5UbEemjY0upHEQUuYmMB_sH__thIQ2L0mIcNL57V6JiTeFCzGQ7KzKxpLejB4l7jaCzeTWp6mqebNZGbqtTjaid7uVkt2Yxr4h9OsS9OmCByisbbOM&tc=1

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=PL8iRCy8HnYUohLZ_R5qhJxVB7pCK4W2FrtLCLa4bcE&pi=adx&pi=adxab&google_gid=CAESENZOJATjvY2janIUZCl9bdU&google_cver=1&google_push=AXcoOmSi-CpSz4JHZNRKsi05lfZ9XMf42atXcoVV6N5UbEemjY0upHEQUuYmMB_sH__thIQ2L0mIcNL57V6JiTeFCzGQ7KzKxpLejB4l7jaCzeTWp6mqebNZGbqtTjaid7uVkt2Yxr4h9OsS9OmCByisbbOM&tc=1
pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT, Fri, 16 Feb 2024 16:21:56 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
vary: Accept-Encoding
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 1383 43 B
363 B 110ms
31ms Image
image/gif 74.119.119.150
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQuOr23cDTdCa-YWmETDX7gXTk7nHuqUPm18w_5KMBjy482z7vyQhNdlOTBvrLyT_w5hVwTLpzWNpwzxJPQGtYOrigSXdy4-pl_ZN-w4XJj0gd_1SWeplr3CA33LVCnjN8Y9HFZb61OwKSL4mms3Kt7iw&google_gid=CAESEKotoMtqayCrJUJDSvPHt_A&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:55 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 323669
expires: Fri, 16 Feb 2024 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1383
Redirect Chain

https://s.uuidksinc.net/match/47/?remote_uid=CAESEJtcdj4S6tIr0XRuANO99fc&c_param1=AXcoOmSX6qOqktm5BGx6CujDPK3uCQcMb2hADPkYtrLfoLMJ8M3f9xivyKAY3kdLxb7eqwiWixwZ9v-FtmVRwTdBXpC225uHp7xZkeR551N7cwbaqzE...
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AXcoOmSX6qOqktm5BGx6CujDPK3uCQcMb2hADPkYtrLfoLMJ8M3f9xivyKAY3kdLxb7eqwiWixwZ9v-FtmVRwTdBXpC225uHp7xZkeR551N7cwbaqzEf7w3fzqw3mreTrIj5I...

170 B
188 B

56ms
48ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AXcoOmSX6qOqktm5BGx6CujDPK3uCQcMb2hADPkYtrLfoLMJ8M3f9xivyKAY3kdLxb7eqwiWixwZ9v-FtmVRwTdBXpC225uHp7xZkeR551N7cwbaqzEf7w3fzqw3mreTrIj5I_UP2fEMZkFa2tSq06FQdAiZNA

Requested by

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AXcoOmSX6qOqktm5BGx6CujDPK3uCQcMb2hADPkYtrLfoLMJ8M3f9xivyKAY3kdLxb7eqwiWixwZ9v-FtmVRwTdBXpC225uHp7xZkeR551N7cwbaqzEf7w3fzqw3mreTrIj5I_UP2fEMZkFa2tSq06FQdAiZNA
date: Fri, 16 Feb 2024 16:21:56 GMT
server: nginx/1.23.2
content-length: 0

GET
H2

200

cm
cm.creativecdn.com/adx/ Frame 1383
Redirect Chain

https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENZOJATjvY2janIUZCl9bdU&google_cver=1&google_push=AXcoOmRWYEA0YnptZ92yiZBHKUI-j6Lfit6J98MPSTo4qWKxkiVkCiYHtzg2vTLYGEI3h_zTcFrD0i1faCyiAo_mS...
https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENZOJATjvY2janIUZCl9bdU&google_cver=1&google_push=AXcoOmRWYEA0YnptZ92yiZBHKUI-j6Lfit6J98MPSTo4qWKxkiVkCiYHtzg2vTLYGEI3h_zTcFrD0i1faCyiAo_mS...
https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=PL8iRCy8HnYUohLZ_R5qhJxVB7pCK4W2FrtLCLa4bcE&pi=adx&pi=adxab&google_gid=CAESENZOJATjvY2janIUZCl9bdU&google_cver=1...
https://cm.creativecdn.com/adx/cm?v=2&pi=adx&pi=adxab&tc=1&google_error=5

42 B
261 B

152ms
35ms

Image
image/gif

185.184.10.30
RTB-HOUSE-ASH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.creativecdn.com/adx/cm?v=2&pi=adx&pi=adxab&tc=1&google_error=5
Protocol: H2
Server: 185.184.10.30 , Poland, ASN203690 (RTB-HOUSE-ASH, PL),
Reverse DNS: ip-185-184-10-30.rtbhouse.net
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT, Fri, 16 Feb 2024 16:21:56 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 42
vary: Accept-Encoding
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.creativecdn.com/adx/cm?v=2&pi=adx&pi=adxab&tc=1&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 286
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cm
cm.creativecdn.com/adx/ Frame 1383
Redirect Chain

https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENZOJATjvY2janIUZCl9bdU&google_cver=1&google_push=AXcoOmSbn0YFqRGkhiXhq0zRH2JMPPIho_Qkr1ek90yWTG_SBkYrMOpDhmof8t9fOURUVyuR1lX-JgcQbC6HvN-YY...
https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENZOJATjvY2janIUZCl9bdU&google_cver=1&google_push=AXcoOmSbn0YFqRGkhiXhq0zRH2JMPPIho_Qkr1ek90yWTG_SBkYrMOpDhmof8t9fOURUVyuR1lX-JgcQbC6HvN-YY...
https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=PL8iRCy8HnYUohLZ_R5qhJxVB7pCK4W2FrtLCLa4bcE&pi=adx&pi=adxab&google_gid=CAESENZOJATjvY2janIUZCl9bdU&google_cver=1...
https://cm.creativecdn.com/adx/cm?v=2&pi=adx&pi=adxab&tc=1&google_error=5

42 B
260 B

154ms
37ms

Image
image/gif

185.184.10.30
RTB-HOUSE-ASH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.creativecdn.com/adx/cm?v=2&pi=adx&pi=adxab&tc=1&google_error=5
Protocol: H2
Server: 185.184.10.30 , Poland, ASN203690 (RTB-HOUSE-ASH, PL),
Reverse DNS: ip-185-184-10-30.rtbhouse.net
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT, Fri, 16 Feb 2024 16:21:56 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 42
vary: Accept-Encoding
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.creativecdn.com/adx/cm?v=2&pi=adx&pi=adxab&tc=1&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 286
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 1383 0
40 B 49ms
48ms Image
text/html 142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KiAaAOFg4fHc0lUeG5HyBbWxmBv-AdC4veCu-V84zfEZyVU-7xwc-gDkZSMg-mzv1a2KUgfQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:55 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 67E7
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESELgdut8vcg0m3I76mDafyFM&google_cver=1&google_push=AXcoOmTn9LOt5Nz6Mtr7lKuANCMNbSC2gZrAm9gmXyO8i-ErlsjdSYGuEfmeTmjP_Vl2G8a9J8u8si9vmFEDTge6...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=RJCf02oKSNIJAEC8Hgn87A&google_push=AXcoOmTn9LOt5Nz6Mtr7lKuANCMNbSC2gZrAm9gmXyO8i-ErlsjdSYGuEfmeTmjP_Vl2G8a9J8u8si9vmFEDTge65U238hJ1mshS_A

170 B
188 B

50ms
50ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=RJCf02oKSNIJAEC8Hgn87A&google_push=AXcoOmTn9LOt5Nz6Mtr7lKuANCMNbSC2gZrAm9gmXyO8i-ErlsjdSYGuEfmeTmjP_Vl2G8a9J8u8si9vmFEDTge65U238hJ1mshS_A

Requested by

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 16 Feb 2024 16:21:55 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=RJCf02oKSNIJAEC8Hgn87A&google_push=AXcoOmTn9LOt5Nz6Mtr7lKuANCMNbSC2gZrAm9gmXyO8i-ErlsjdSYGuEfmeTmjP_Vl2G8a9J8u8si9vmFEDTge65U238hJ1mshS_A
x-host: tde-deliveryengine-production-7fbb6d4658-4whkx
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1 204
No Content tum
ums.acuityplatform.com/ Frame 67E7 0
27 B 131ms
38ms Image
text/plain 69.90.254.78
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ums.acuityplatform.com/tum?umid=4&uid=CAESEEYvVGwBm3btt9YtUU4AdyI&google_cver=1&google_push=AXcoOmQTI2T0_SQNIAgcp5mr4k9WEh8JlMATW6dyjQIlcDeH1Z00qfkpgXiMwFsn0iSz-QcK1oUJS43drApFnnuchGQ3unrqdGXOwA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=280&adk=2206265524&adf=1864091918&pi=t.aa~a.1579878287~rp.4&w=572&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=572x280&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=-M&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C586x280&nras=4&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=813&ady=1630&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=12
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.90.254.78 Herndon, United States, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

GET
H2

200

cm
cm.creativecdn.com/adx/ Frame 67E7
Redirect Chain

https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESEKsyt5fGeodw-jDZbWRsf6A&google_cver=1&google_push=AXcoOmT7i_GbBREksXGljyt0xl68ZOe82FO-j3gbOlpYTSUOxxu6Z6sO1XWrIWPHGjofVPjif896FYkRHdUWVhAKH...
https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESEKsyt5fGeodw-jDZbWRsf6A&google_cver=1&google_push=AXcoOmT7i_GbBREksXGljyt0xl68ZOe82FO-j3gbOlpYTSUOxxu6Z6sO1XWrIWPHGjofVPjif896FYkRHdUWVhAKH...
https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=PL8iRCy8HnYUohLZ_R5qhJxVB7pCK4W2FrtLCLa4bcE&pi=adx&pi=adxab&google_gid=CAESEKsyt5fGeodw-jDZbWRsf6A&google_cver=1...
https://cm.creativecdn.com/adx/cm?v=2&pi=adx&pi=adxab&tc=1&google_error=5

42 B
260 B

155ms
37ms

Image
image/gif

185.184.10.30
RTB-HOUSE-ASH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.creativecdn.com/adx/cm?v=2&pi=adx&pi=adxab&tc=1&google_error=5
Protocol: H2
Server: 185.184.10.30 , Poland, ASN203690 (RTB-HOUSE-ASH, PL),
Reverse DNS: ip-185-184-10-30.rtbhouse.net
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT, Fri, 16 Feb 2024 16:21:56 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 42
vary: Accept-Encoding
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.creativecdn.com/adx/cm?v=2&pi=adx&pi=adxab&tc=1&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 286
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 67E7
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEBSWWiEb_w44YuFuEgyEsN8&google_cver=1&google_push=AXcoOmQebi3QQuQMrEB9DQhIy89tQmqzHS-Og2hM2_tUSgTBnHvlWwbuVA-7hISzGQFT8jstULvTNZWZAa1h...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQebi3QQuQMrEB9DQhIy89tQmqzHS-Og2hM2_tUSgTBnHvlWwbuVA-7hISzGQFT8jstULvTNZWZAa1hW3r4VDtwlN_AkMlrCoo

170 B
232 B

50ms
49ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQebi3QQuQMrEB9DQhIy89tQmqzHS-Og2hM2_tUSgTBnHvlWwbuVA-7hISzGQFT8jstULvTNZWZAa1hW3r4VDtwlN_AkMlrCoo

Requested by

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQebi3QQuQMrEB9DQhIy89tQmqzHS-Og2hM2_tUSgTBnHvlWwbuVA-7hISzGQFT8jstULvTNZWZAa1hW3r4VDtwlN_AkMlrCoo
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 67E7
Redirect Chain

https://beacon.lynx.cognitivlabs.com/adx.gif?google_gid=CAESEL2v_CjrXJiCVonVmG3raOQ&google_cver=1&google_push=AXcoOmQN6LiqOxz3CJlYBkX9Ml-bnEoRLsyaERzgCNdwREh8opQseG_cR_U8LbL955MZVWsqoWPa_X31b1LXhUQ...
https://cm.g.doubleclick.net/pixel?google_nid=cognitiv&google_hm=ekr002MlREmd-B4f3E_rOA&google_push=AXcoOmQN6LiqOxz3CJlYBkX9Ml-bnEoRLsyaERzgCNdwREh8opQseG_cR_U8LbL955MZVWsqoWPa_X31b1LXhUQs2TMdkFLuC...

170 B
188 B

50ms
49ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=cognitiv&google_hm=ekr002MlREmd-B4f3E_rOA&google_push=AXcoOmQN6LiqOxz3CJlYBkX9Ml-bnEoRLsyaERzgCNdwREh8opQseG_cR_U8LbL955MZVWsqoWPa_X31b1LXhUQs2TMdkFLuC06csksq

Requested by

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=cognitiv&google_hm=ekr002MlREmd-B4f3E_rOA&google_push=AXcoOmQN6LiqOxz3CJlYBkX9Ml-bnEoRLsyaERzgCNdwREh8opQseG_cR_U8LbL955MZVWsqoWPa_X31b1LXhUQs2TMdkFLuC06csksq
Date: Fri, 16 Feb 2024 16:21:55 GMT
Server: Kestrel
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 67E7
Redirect Chain

https://t.adx.opera.com/pub/sync?pubid=pub6871767557696&google_push=AXcoOmSmizyPH_kuOAT6G4qihzq3QqyewrX4bGGTCSWuk1cL6lPW4qtUxQerswxLTorJ1o6POlKEMtQ3A-3yo2jN3gvgCQNPQ7fOKTXi&google_gid=CAESENuGoNLlQ...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESENuGoNLlQbIJZLHvQbpcjKM&google_hm=T1BVNTA3MGMwNzNmMjJlNGEyYmJhYWNlM2FhOTJiMWUzNjE&google_nid=opera_norway_as&google_push=AXcoOmSmizyP...

170 B
188 B

58ms
50ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESENuGoNLlQbIJZLHvQbpcjKM&google_hm=T1BVNTA3MGMwNzNmMjJlNGEyYmJhYWNlM2FhOTJiMWUzNjE&google_nid=opera_norway_as&google_push=AXcoOmSmizyPH_kuOAT6G4qihzq3QqyewrX4bGGTCSWuk1cL6lPW4qtUxQerswxLTorJ1o6POlKEMtQ3A-3yo2jN3gvgCQNPQ7fOKTXi

Requested by

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
server: nginx
access-control-allow-methods: POST, GET
content-type: text/html; charset=utf-8
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESENuGoNLlQbIJZLHvQbpcjKM&google_hm=T1BVNTA3MGMwNzNmMjJlNGEyYmJhYWNlM2FhOTJiMWUzNjE&google_nid=opera_norway_as&google_push=AXcoOmSmizyPH_kuOAT6G4qihzq3QqyewrX4bGGTCSWuk1cL6lPW4qtUxQerswxLTorJ1o6POlKEMtQ3A-3yo2jN3gvgCQNPQ7fOKTXi
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
content-length: 328
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

spacer.gif
an.yandex.ru/resource/ Frame 67E7
Redirect Chain

https://an.yandex.ru/mapuid/google/CAESEFwGWqDLSvii3SZonPIhvmY?ext-param=AXcoOmSsJjDC3fNZCZEC5XD4Xyy73mlvWLTowNdF7_kF2pJRgTRTreRkUAIa3epVn2ULM8Na6iTZ6EcImjZYDSv61JfYMu26U0LOPb_m&partner-tag=yandex_...
https://an.yandex.ru/mapuid/google/CAESEFwGWqDLSvii3SZonPIhvmY?redir-setuniq=1&ext-param=AXcoOmSsJjDC3fNZCZEC5XD4Xyy73mlvWLTowNdF7_kF2pJRgTRTreRkUAIa3epVn2ULM8Na6iTZ6EcImjZYDSv61JfYMu26U0LOPb_m&par...
https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEFwGWqDLSvii3SZonPIhvmY&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif
https://an.yandex.ru/resource/spacer.gif

43 B
145 B

155ms
154ms

Image
image/gif

2a02:6b8::90
TELETECH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/resource/spacer.gif

Protocol

Server

2a02:6b8::90 , Russian Federation, ASN208398 (TELETECH, RS),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:56 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 18 Apr 2001 10:28:03 GMT
content-security-policy-report-only: default-src 'none'; base-uri 'none'; script-src 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech http://an.yandex.ru; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs-partner-ro&project=yabs&yandex_login=&platform=
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
content-type: image/gif
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Fri, 31 Jan 2025 16:21:56 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://an.yandex.ru/resource/spacer.gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 237
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 67E7 0
40 B 48ms
48ms Image
text/html 142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IA_9f6tt7Cn08uogoCvHIsfvzJzn4Q8jApG8A4Pnh_2wCSMLTULwrQ1f10ZMsjC8EUiFI_tQdi

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:55 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

/ Show response
www.googleadservices.com/pagead/ar-adview/ Frame B5AF
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=C22SaoovPZcypKcCvjvQP3qCxcOKv3sV1wZv51qwSZBABINK86BNgye6Oi8CkjBCgAd2kzcIDyAECqAMByAPJBKoE0wFP0EOrCfbV1m_I82_WWHB-eF6CFZVAYg7esO9j62LFxN2iePXrHQF...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x957a72b40f2157ff0000000000000000%22,%222%22:%220xbabe757ecc59c1b80000000000000000%22,%223%22:%220x7bc49a...

0
22 B

359ms
93ms

Fetch
text/css

172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x957a72b40f2157ff0000000000000000%22,%222%22:%220xbabe757ecc59c1b80000000000000000%22,%223%22:%220x7bc49a28644427560000000000000000%22,%224%22:%220x46074750e681fef20000000000000000%22,%225%22:%220xa43279f5521057dc0000000000000000%22},%22debug_key%22:%2215674842137992419244%22,%22debug_reporting%22:true,%22destination%22:%22https://onewheel.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22944984669%22],%2222%22:[%22true%22],%224%22:[%2202-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%228479891768768758545%22}&andc=true

Requested by

Protocol

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:56 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x957a72b40f2157ff0000000000000000","2":"0xbabe757ecc59c1b80000000000000000","3":"0x7bc49a28644427560000000000000000","4":"0x46074750e681fef20000000000000000","5":"0xa43279f5521057dc0000000000000000"},"debug_key":"15674842137992419244","debug_reporting":true,"destination":"https://onewheel.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["944984669"],"22":["true"],"4":["02-16"],"6":["true"]},"priority":"500","source_event_id":"8479891768768758545"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 16 Feb 2024 16:21:56 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 16 Feb 2024 16:21:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x957a72b40f2157ff0000000000000000","2":"0xbabe757ecc59c1b80000000000000000","3":"0x7bc49a28644427560000000000000000","4":"0x46074750e681fef20000000000000000","5":"0xa43279f5521057dc0000000000000000"},"debug_key":"15674842137992419244","debug_reporting":true,"destination":"https://onewheel.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["944984669"],"22":["true"],"4":["02-16"],"6":["true"]},"priority":"500","source_event_id":"8479891768768758545"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 98D3
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

59ms
59ms

Document
text/html

2607:f8b0:4004:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:21:55 GMT
expires: Fri, 16 Feb 2024 16:21:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:21:55 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame FC53
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CdzOcoovPZYnPCNDC998P3YK9qAiUzqbUdfyTzpCaErqJ4bbGARABINK86BNgye6Oi8CkjBCgAfyO0p8DyAEJqAMByAPLBKoE0wFP0ISH9YZyAhhlOjBNM1MUVjLwwEgU_k7j-hg66eqtTP5...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xf7598be7675f67120000000000000000%22,%222%22:%220x582353c15dc489670000000000000000%22,%223%22:%220xf8e011...

0
0

369ms
112ms

Fetch
text/css

172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xf7598be7675f67120000000000000000%22,%222%22:%220x582353c15dc489670000000000000000%22,%223%22:%220xf8e011aa387c92f60000000000000000%22,%224%22:%220x22036e46116ba6bc0000000000000000%22,%225%22:%220xf4807e524cf5df220000000000000000%22},%22debug_key%22:%227323847283144163458%22,%22debug_reporting%22:true,%22destination%22:%22https://orvilles.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22871663484%22],%2222%22:[%22true%22],%224%22:[%2202-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2212010241441287528705%22}&andc=true

Requested by

Host: mal-ware.com
URL: https://mal-ware.com/

Protocol

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:56 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0xf7598be7675f67120000000000000000","2":"0x582353c15dc489670000000000000000","3":"0xf8e011aa387c92f60000000000000000","4":"0x22036e46116ba6bc0000000000000000","5":"0xf4807e524cf5df220000000000000000"},"debug_key":"7323847283144163458","debug_reporting":true,"destination":"https://orvilles.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["871663484"],"22":["true"],"4":["02-16"],"6":["true"]},"priority":"500","source_event_id":"12010241441287528705"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 16 Feb 2024 16:21:56 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 16 Feb 2024 16:21:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0xf7598be7675f67120000000000000000","2":"0x582353c15dc489670000000000000000","3":"0xf8e011aa387c92f60000000000000000","4":"0x22036e46116ba6bc0000000000000000","5":"0xf4807e524cf5df220000000000000000"},"debug_key":"7323847283144163458","debug_reporting":true,"destination":"https://orvilles.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["871663484"],"22":["true"],"4":["02-16"],"6":["true"]},"priority":"500","source_event_id":"12010241441287528705"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4F78
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

50ms
50ms

Document
text/html

2607:f8b0:4004:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:21:55 GMT
expires: Fri, 16 Feb 2024 16:21:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:21:55 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0141 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 779601543eb68cb69562d51b8d021504028b0237caebb7895920c7a9b5667168

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 0141 15 KB
16 KB 41ms
40ms Font
font/woff2 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:01:05 GMT
x-content-type-options: nosniff
age: 134450
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 03:01:05 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C03B 15 KB
16 KB 41ms
40ms Font
font/woff2 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:01:05 GMT
x-content-type-options: nosniff
age: 134450
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 03:01:05 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C03B 15 KB
15 KB 43ms
42ms Font
font/woff2 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 02:53:49 GMT
x-content-type-options: nosniff
age: 134886
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 02:53:49 GMT

GET
H3 200 Mxl_QHRpF3ASJ-0UJYy-xnBnh_t8qFAxMnyvqBA6J-g.js Show response
pagead2.googlesyndication.com/bg/ Frame 6C82 51 KB
19 KB 33ms
33ms Script
text/javascript 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Mxl_QHRpF3ASJ-0UJYy-xnBnh_t8qFAxMnyvqBA6J-g.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33197f40746917701227ed14258cbec6706787fb7ca85031327cafa8103a27e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 11:26:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17755
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19812
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Feb 2025 11:26:00 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 7968
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=C1CEToovPZeXYKuW9998P4qOfmAzy-dvodaLI-oS4EtH879DZKRABINK86BNgye6Oi8CkjBCgAczxksYDyAECqAMByAPJBKoE0QFP0Bu_JuSp-p2ofv478IiEDhuQ6buN2oMOwlhxdbJDgxx...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xf033b04d8992ef6f0000000000000000%22,%222%22:%220xa1d9220a85906f6e0000000000000000%22,%223%22:%220xc83041...

0
0

370ms
110ms

Fetch
text/css

172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xf033b04d8992ef6f0000000000000000%22,%222%22:%220xa1d9220a85906f6e0000000000000000%22,%223%22:%220xc83041c47c57b8f50000000000000000%22,%224%22:%220xf88d8bfeba1dcbf10000000000000000%22,%225%22:%220xa17dd7a83f74d2a60000000000000000%22},%22debug_key%22:%227037284171291871075%22,%22debug_reporting%22:true,%22destination%22:%22https://crowdstrike.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22952416460%22],%2222%22:[%22true%22],%224%22:[%2202-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216885142837504874545%22}&andc=true

Requested by

Protocol

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:56 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0xf033b04d8992ef6f0000000000000000","2":"0xa1d9220a85906f6e0000000000000000","3":"0xc83041c47c57b8f50000000000000000","4":"0xf88d8bfeba1dcbf10000000000000000","5":"0xa17dd7a83f74d2a60000000000000000"},"debug_key":"7037284171291871075","debug_reporting":true,"destination":"https://crowdstrike.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["952416460"],"22":["true"],"4":["02-16"],"6":["true"]},"priority":"500","source_event_id":"16885142837504874545"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 16 Feb 2024 16:21:56 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 16 Feb 2024 16:21:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0xf033b04d8992ef6f0000000000000000","2":"0xa1d9220a85906f6e0000000000000000","3":"0xc83041c47c57b8f50000000000000000","4":"0xf88d8bfeba1dcbf10000000000000000","5":"0xa17dd7a83f74d2a60000000000000000"},"debug_key":"7037284171291871075","debug_reporting":true,"destination":"https://crowdstrike.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["952416460"],"22":["true"],"4":["02-16"],"6":["true"]},"priority":"500","source_event_id":"16885142837504874545"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6C92
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEPsK8Jytz3QUFiOMGOGolXU&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEPsK8Jytz3QUFiOMGOGolXU&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=b0Nsd1pMUzIxUkIwWWs1&google_gid=CAESEPsK8Jytz3QUFiOMGOGolXU&google_cver=1&google_push=AXcoOmSH4KuR5hHQTIWgXLkLPQ0xL8QhKQcwveTAotajr1p...

170 B
188 B

46ms
46ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=b0Nsd1pMUzIxUkIwWWs1&google_gid=CAESEPsK8Jytz3QUFiOMGOGolXU&google_cver=1&google_push=AXcoOmSH4KuR5hHQTIWgXLkLPQ0xL8QhKQcwveTAotajr1pCnNl0O5-SGY1-yeWeHjYSY8fT7GvPPUR62BGyqeM2AVJYTUMtQpd54MsfcV8j6gmp_vrTaZHO71HsK-nQleKsIbEkoffMTm3VsNFD75azr9zp2g

Requested by

Host: mal-ware.com
URL: https://mal-ware.com/

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 16 Feb 2024 16:21:55 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-801-g0076fb7#rel-ec2-master i-034a1f7681cdeed1c@us-east-1d@dxedge-app-us-east-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=b0Nsd1pMUzIxUkIwWWs1&google_gid=CAESEPsK8Jytz3QUFiOMGOGolXU&google_cver=1&google_push=AXcoOmSH4KuR5hHQTIWgXLkLPQ0xL8QhKQcwveTAotajr1pCnNl0O5-SGY1-yeWeHjYSY8fT7GvPPUR62BGyqeM2AVJYTUMtQpd54MsfcV8j6gmp_vrTaZHO71HsK-nQleKsIbEkoffMTm3VsNFD75azr9zp2g
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6C92
Redirect Chain

https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENOCZ97uR3wLhNt7DMqkvNU&google_cver=1&google_push=AXcoOmQIIQxp-lODeh9zqP-1iDO2tYLAZPux7LoHC41nDLPzqjjAhZ57xZuVF38fJw9LNLm9W3MmtDk6Uu5TXLwh4...
https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENOCZ97uR3wLhNt7DMqkvNU&google_cver=1&google_push=AXcoOmQIIQxp-lODeh9zqP-1iDO2tYLAZPux7LoHC41nDLPzqjjAhZ57xZuVF38fJw9LNLm9W3MmtDk6Uu5TXLwh4...
https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=PL8iRCy8HnYUohLZ_R5qhJxVB7pCK4W2FrtLCLa4bcE&pi=adx&pi=adxab&google_gid=CAESENOCZ97uR3wLhNt7DMqkvNU&google_cver=1...

170 B
188 B

66ms
61ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=PL8iRCy8HnYUohLZ_R5qhJxVB7pCK4W2FrtLCLa4bcE&pi=adx&pi=adxab&google_gid=CAESENOCZ97uR3wLhNt7DMqkvNU&google_cver=1&google_push=AXcoOmQIIQxp-lODeh9zqP-1iDO2tYLAZPux7LoHC41nDLPzqjjAhZ57xZuVF38fJw9LNLm9W3MmtDk6Uu5TXLwh44sGMkaIIR1awPqsHNYNet3qKdQqsWeBsjZYL7S_G5MM7Nkfy1vsB2Uzcn4vApTipOFzgQ&tc=1

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=PL8iRCy8HnYUohLZ_R5qhJxVB7pCK4W2FrtLCLa4bcE&pi=adx&pi=adxab&google_gid=CAESENOCZ97uR3wLhNt7DMqkvNU&google_cver=1&google_push=AXcoOmQIIQxp-lODeh9zqP-1iDO2tYLAZPux7LoHC41nDLPzqjjAhZ57xZuVF38fJw9LNLm9W3MmtDk6Uu5TXLwh44sGMkaIIR1awPqsHNYNet3qKdQqsWeBsjZYL7S_G5MM7Nkfy1vsB2Uzcn4vApTipOFzgQ&tc=1
pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT, Fri, 16 Feb 2024 16:21:56 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
vary: Accept-Encoding
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 6C92 43 B
362 B 47ms
34ms Image
image/gif 74.119.119.150
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmS--7Af1eJR24FAm-dYzXV5-ImLYCzElDctjXxOYlhzlLTnzByatg4Nnm2q_DUtVNOFhas0Ko_3L2ZuAdMmV8ubAX2XjIrswgp8TTo7drNtmXzsGQkDx96jZKMC1yza4qJoFGKdqpi6PSs3VtjPjeRrZg&google_gid=CAESEE80ub6KclyCdw57MEsr_Xo&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:54 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 219293
expires: Fri, 16 Feb 2024 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6C92
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=google&ssp_init=step1&google_gid=CAESECLYl8dH2nPoPyxOe38fSYw&google_cver=1&google_push=AXcoOmTJcg5K9XCaHDhYZeB0pB4ZROHXkrs5o24-hbiicTphrjbpkD5KRxL2xmPp4KPfwSE8CgjZ...
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=google&ssp_init=step1&google_gid=CAESECLYl8dH2nPoPyxOe38fSYw&google_cver=1&google_push=AXcoOmTJcg5K9XCaHDhYZeB0pB4ZROHXkrs5o24-hbiicTphrjbpkD5KRxL2xmPp4KPfwS...
https://cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=2XMX0EvWRe-yeTlnWuXfXg==&no_redirect=1&google_push=AXcoOmTJcg5K9XCaHDhYZeB0pB4ZROHXkrs5o24-hbiicTphrjbpkD...

170 B
188 B

47ms
46ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=2XMX0EvWRe-yeTlnWuXfXg==&no_redirect=1&google_push=AXcoOmTJcg5K9XCaHDhYZeB0pB4ZROHXkrs5o24-hbiicTphrjbpkD5KRxL2xmPp4KPfwSE8CgjZkWQA5S3kZe1bEArpZ7L2org-PYBDwzJZn-BM31MLf3kVSxUQ5MDX7wJAVdMAxl80WhMPGDKKDChZndd6JUY

Requested by

Host: mal-ware.com
URL: https://mal-ware.com/

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=2XMX0EvWRe-yeTlnWuXfXg==&no_redirect=1&google_push=AXcoOmTJcg5K9XCaHDhYZeB0pB4ZROHXkrs5o24-hbiicTphrjbpkD5KRxL2xmPp4KPfwSE8CgjZkWQA5S3kZe1bEArpZ7L2org-PYBDwzJZn-BM31MLf3kVSxUQ5MDX7wJAVdMAxl80WhMPGDKKDChZndd6JUY
date: Fri, 16 Feb 2024 16:21:56 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6C92
Redirect Chain

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEJL2tFu4jQt7J3w47lN5ogU&google_cver=1&google_push=AXcoOmT1xORTCCj6gWP0ULqXm62KYZn6nFNVc7F1_1R_DntiLkV4anlRGw2n8Iie7I5EUUkuG1AIb2enHC0ObOT4qjZ8TXN...
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmT1xORTCCj6gWP0ULqXm62KYZn6nFNVc7F1_1R_DntiLkV4anlRGw2n8Iie7I5EUUkuG1AIb2enHC0ObOT4qjZ8TXN-roShya420DxEpnedyMMxclZnsG...

170 B
188 B

49ms
48ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmT1xORTCCj6gWP0ULqXm62KYZn6nFNVc7F1_1R_DntiLkV4anlRGw2n8Iie7I5EUUkuG1AIb2enHC0ObOT4qjZ8TXN-roShya420DxEpnedyMMxclZnsGtZsK_rtUud8k9CzqVuQu6VnBccdgFQDpAzzEM&google_hm=MzY5NzE4MDg3NzI5MDU0MzI3

Requested by

Host: mal-ware.com
URL: https://mal-ware.com/

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmT1xORTCCj6gWP0ULqXm62KYZn6nFNVc7F1_1R_DntiLkV4anlRGw2n8Iie7I5EUUkuG1AIb2enHC0ObOT4qjZ8TXN-roShya420DxEpnedyMMxclZnsGtZsK_rtUud8k9CzqVuQu6VnBccdgFQDpAzzEM&google_hm=MzY5NzE4MDg3NzI5MDU0MzI3
Date: Fri, 16 Feb 2024 16:21:55 GMT
Server: Jetty(9.4.51.v20230217)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

cm
cm.creativecdn.com/adx/ Frame 6C92
Redirect Chain

https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENOCZ97uR3wLhNt7DMqkvNU&google_cver=1&google_push=AXcoOmRc6dhWwCzh_dpdTG7D8vHL7FjRE0e-F2KWURp54_kBTGX508ltzxe5oHN4Y1ZU1JYdERVPB0Hg7wlCcbk9_...
https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENOCZ97uR3wLhNt7DMqkvNU&google_cver=1&google_push=AXcoOmRc6dhWwCzh_dpdTG7D8vHL7FjRE0e-F2KWURp54_kBTGX508ltzxe5oHN4Y1ZU1JYdERVPB0Hg7wlCcbk9_...
https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=PL8iRCy8HnYUohLZ_R5qhJxVB7pCK4W2FrtLCLa4bcE&pi=adx&pi=adxab&google_gid=CAESENOCZ97uR3wLhNt7DMqkvNU&google_cver=1...
https://cm.creativecdn.com/adx/cm?v=2&pi=adx&pi=adxab&tc=1&google_error=5

42 B
260 B

155ms
38ms

Image
image/gif

185.184.10.30
RTB-HOUSE-ASH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.creativecdn.com/adx/cm?v=2&pi=adx&pi=adxab&tc=1&google_error=5
Protocol: H2
Server: 185.184.10.30 , Poland, ASN203690 (RTB-HOUSE-ASH, PL),
Reverse DNS: ip-185-184-10-30.rtbhouse.net
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT, Fri, 16 Feb 2024 16:21:56 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 42
vary: Accept-Encoding
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.creativecdn.com/adx/cm?v=2&pi=adx&pi=adxab&tc=1&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 286
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6C92
Redirect Chain

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEBdDUKNOHnqYWO2VXRM7bOA&google_cver=1&google_push=AXcoOmRNwDW3WbwZfV1znJg_RKL6c-6fbFiwltjlZoQ2IMRlC4Hwn2fxQIlCs-NtJWG...
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmRNwDW3WbwZfV1znJg_RKL6c-6fbFiwltjlZoQ2IMRlC4Hwn2fxQIlCs-NtJWG4gXmnlQoXpaGgrs61wgs9Z-fivI2V8njTruqIZE0AkGWjjTx4miViv_cc25T...

170 B
188 B

47ms
47ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmRNwDW3WbwZfV1znJg_RKL6c-6fbFiwltjlZoQ2IMRlC4Hwn2fxQIlCs-NtJWG4gXmnlQoXpaGgrs61wgs9Z-fivI2V8njTruqIZE0AkGWjjTx4miViv_cc25TrkPt0CNRbLHvq7w_wib4PHU0bXRJeRY4

Requested by

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-akamai-request-id: 1c7f7658.1145ca2
date: Fri, 16 Feb 2024 16:21:55 GMT
x-bytefaas-request-id: 2024021616215565426A945F100EE7285A
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24021616215565426A945F100EE7285A-4CBC8E4F9A4A575B-00
x-cache: TCP_MISS from a23-45-233-12.deploy.akamaitechnologies.com (AkamaiGHost/11.4.2.1-54232288) (-)
x-parent-response-time: 14,23.45.233.12
server-timing: cdn-cache; desc=MISS, edge; dur=4, origin; dur=11, inner; dur=6
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024021616215565426A945F100EE7285A
x-cache-remote: TCP_MISS from a23-202-158-23.deploy.akamaitechnologies.com (AkamaiGHost/11.4.1.1-53919751) (-)
access-control-max-age: 86400
access-control-allow-methods: *
location: https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmRNwDW3WbwZfV1znJg_RKL6c-6fbFiwltjlZoQ2IMRlC4Hwn2fxQIlCs-NtJWG4gXmnlQoXpaGgrs61wgs9Z-fivI2V8njTruqIZE0AkGWjjTx4miViv_cc25TrkPt0CNRbLHvq7w_wib4PHU0bXRJeRY4
x-bytefaas-execution-duration: 4.41
access-control-allow-origin: *
access-control-allow-credentials: true
x-gw-dst-psm: ad.union.pangle_web_traffic
x-tt-trace-host: 01c6f05bee6622c3b0984d6324b5eb7f787aac5e8d183372a1c675e5f2eb8625ff3b5027f6204804cd040d54cc1d6deb2e7d86976594349c7b554e5cd458be5d7fb78f6006383c178244e9ef896aea5ae16f926568e292aa91d521525115a17f21a64f4700c038b8669930e0d442522245
x-origin-response-time: 11,23.202.158.23
cache-control: max-age=0, no-cache, no-store
access-control-allow-headers: *
expires: Fri, 16 Feb 2024 16:21:55 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 6C92 0
12 B 50ms
45ms Image
text/html 142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Kf63oHpG5PNPobt1-7mzf7Jf6YcFxilT4PAC-yu861a3BzbQPLQhzGajY8UVQ1mqDM-L5LXvPTzA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:55 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 16A7 33 KB
33 KB 35ms
35ms Font
font/woff2 2607:f8b0:4004:c09::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 02:48:37 GMT
x-content-type-options: nosniff
age: 135198
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 02:48:37 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 187ms
90ms Preflight
text/html 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 16 Feb 2024 16:21:56 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8AF0
Redirect Chain

https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEGn35wRaekA5nJoLc07edl0&google_cver=1&google_push=AXcoOmROGfDWX4BcYj-oJZClnhTlAkEacX8QwPvM9mV0rcZYIalF924...
https://dclk-match.dotomi.com/match/bounce/current?DotomiTest=624d1a01d0f705e4&is_secure=true&networkId=14000&version=1&google_gid=CAESEGn35wRaekA5nJoLc07edl0&google_cver=1&google_push=AXcoOmROGfDW...
https://cm.g.doubleclick.net/pixel?google_nid=dotomi&google_ula=17128,0&google_hm=AAACF8aSO-Q8sAMLcVKFAAAAAAA&expiration=1708186916&google_cver=1&is_secure=true&google_gid=CAESEGn35wRaekA5nJoLc07ed...

170 B
188 B

46ms
46ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=dotomi&google_ula=17128,0&google_hm=AAACF8aSO-Q8sAMLcVKFAAAAAAA&expiration=1708186916&google_cver=1&is_secure=true&google_gid=CAESEGn35wRaekA5nJoLc07edl0&google_push=AXcoOmROGfDWX4BcYj-oJZClnhTlAkEacX8QwPvM9mV0rcZYIalF924UB2hDxrzt0fUavRPShMa08KkUeKhCsv7P9ckqUEMPuSU3oDHT1U8FX5M8QpPIMQZkn9es9fsC26gE6vUk2RBmfMo7uK0sFEUE2cvY

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location: https://cm.g.doubleclick.net/pixel?google_nid=dotomi&google_ula=17128,0&google_hm=AAACF8aSO-Q8sAMLcVKFAAAAAAA&expiration=1708186916&google_cver=1&is_secure=true&google_gid=CAESEGn35wRaekA5nJoLc07edl0&google_push=AXcoOmROGfDWX4BcYj-oJZClnhTlAkEacX8QwPvM9mV0rcZYIalF924UB2hDxrzt0fUavRPShMa08KkUeKhCsv7P9ckqUEMPuSU3oDHT1U8FX5M8QpPIMQZkn9es9fsC26gE6vUk2RBmfMo7uK0sFEUE2cvY
cache-control: no-cache, private, max-age=0, no-store
content-length: 0
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8AF0
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEJDdnxAdr_30-YEc7xhbn-Y&google_cver=1&google_push=AXcoOmTEJnjey1Vfyk6x70Cm0MoVzLafdxwvT2Qk42r2-gnHFnWMcxH3AE_OUfSyXrFHk8nTSwuk8qjIl7SNx6uQ...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=RJCf02oKSNIJAEC8Hgn87A&google_push=AXcoOmTEJnjey1Vfyk6x70Cm0MoVzLafdxwvT2Qk42r2-gnHFnWMcxH3AE_OUfSyXrFHk8nTSwuk8qjIl7SNx6uQlSSQNSlrkaRmFzN...

170 B
188 B

46ms
46ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=RJCf02oKSNIJAEC8Hgn87A&google_push=AXcoOmTEJnjey1Vfyk6x70Cm0MoVzLafdxwvT2Qk42r2-gnHFnWMcxH3AE_OUfSyXrFHk8nTSwuk8qjIl7SNx6uQlSSQNSlrkaRmFzN4GM2ZgVrtNLCsFtT5JLBbmlHzdwwg-eQTFYZ0pG7s5fOzL6e8hgUbVw

Requested by

Host: mal-ware.com
URL: https://mal-ware.com/

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 16 Feb 2024 16:21:55 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=RJCf02oKSNIJAEC8Hgn87A&google_push=AXcoOmTEJnjey1Vfyk6x70Cm0MoVzLafdxwvT2Qk42r2-gnHFnWMcxH3AE_OUfSyXrFHk8nTSwuk8qjIl7SNx6uQlSSQNSlrkaRmFzN4GM2ZgVrtNLCsFtT5JLBbmlHzdwwg-eQTFYZ0pG7s5fOzL6e8hgUbVw
x-host: tde-deliveryengine-production-7fbb6d4658-jnrlf
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8AF0
Redirect Chain

https://a.c.appier.net/gcm?google_gid=CAESEMQYijq88sqTcEKUDJZeDi8&google_cver=1&google_push=AXcoOmQSH7vCHKxCi_3sIFY0FhfKskJQoR-II0XjsCXS1ZgxAATVZF51mCCq3PWJKoloLnYqqj5Qyp0q6ED7aSZLAks-pnDYCvsLJac6S...
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=ZURZX3JIa0JBbXVpNG1vYXBJdlBaUQ%3D%3D&google_push=AXcoOmQSH7vCHKxCi_3sIFY0FhfKskJQoR-II0XjsCXS1ZgxAATVZF51mCCq3PWJKoloLnYqqj5Qyp0q6ED7a...

170 B
188 B

48ms
48ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=ZURZX3JIa0JBbXVpNG1vYXBJdlBaUQ%3D%3D&google_push=AXcoOmQSH7vCHKxCi_3sIFY0FhfKskJQoR-II0XjsCXS1ZgxAATVZF51mCCq3PWJKoloLnYqqj5Qyp0q6ED7aSZLAks-pnDYCvsLJac6ScA61Ar99Z9H5d8w28CMG0pjOqKJv1rGQOYGUCPkwVUY0RR-37AwsQ

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 16 Feb 2024 16:21:56 GMT
server: nginx
accept-ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=ZURZX3JIa0JBbXVpNG1vYXBJdlBaUQ%3D%3D&google_push=AXcoOmQSH7vCHKxCi_3sIFY0FhfKskJQoR-II0XjsCXS1ZgxAATVZF51mCCq3PWJKoloLnYqqj5Qyp0q6ED7aSZLAks-pnDYCvsLJac6ScA61Ar99Z9H5d8w28CMG0pjOqKJv1rGQOYGUCPkwVUY0RR-37AwsQ
content-type: text/html; charset=utf-8
cache-control: no-store
content-length: 301

GET
H/1.1 204
No Content tum
ums.acuityplatform.com/ Frame 8AF0 0
27 B 39ms
38ms Image
text/plain 69.90.254.78
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ums.acuityplatform.com/tum?umid=4&uid=CAESEEDircgA70feqkEw0iz5kfo&google_cver=1&google_push=AXcoOmT0ZBsUGLDisgXd1T7-mP9_Bumn77WLC-wbMiGtBQd6j3Z0uvuXMM0-Rfocane8aMhdLdUjjSsuRou3PtNYeTrUkjbcxyuFG1N75uXWtzefmu6BKH-cOzherkimyzLDFvNpnPhGOk6cP09y55RnBNgjbQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6745586292715183&output=html&h=100&adk=353725690&adf=2487863802&pi=t.aa~a.2277667889~rp.1&w=600&fwrn=4&fwrnh=100&lmt=1708100514&rafmt=1&to=qs&pwprc=8924873799&format=600x100&url=https%3A%2F%2Fmal-ware.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708100514589&bpp=1&bdt=1495&idt=1&shv=r20240214&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C586x280%2C572x280%2C1200x90%2C1140x90&nras=7&correlator=2453990592256&frm=20&pv=1&ga_vid=1584802085.1708100513&ga_sid=1708100514&ga_hid=1379197327&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3752&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C44795921%2C95322434%2C95323740%2C95324580%2C95325068%2C31081135%2C95321963%2C95320869%2C95324155%2C95324160%2C95325077&oid=2&pvsid=1199230194513934&tmod=2060731341&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=25
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.90.254.78 Herndon, United States, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8AF0
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESELA26-QZQFoNE7UwDIcKCIM&google_cver=1&google_push=AXcoOmT-EB5kMjDo8br63ZJ6WTNR-2x_FplY7PLB5RMN-iphsuufawC0wRT07NV2JwdXhvibh105ghr3sj-2m93...
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=J0LWDLAEX71cizBkPdshsGAJ9sM&google_push=AXcoOmT-EB5kMjDo8br63ZJ6WTNR-2x_FplY7PLB5RMN-iphsuufawC0wRT07NV2JwdXhvibh105ghr3sj-2m9...

170 B
188 B

52ms
50ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=J0LWDLAEX71cizBkPdshsGAJ9sM&google_push=AXcoOmT-EB5kMjDo8br63ZJ6WTNR-2x_FplY7PLB5RMN-iphsuufawC0wRT07NV2JwdXhvibh105ghr3sj-2m93FxL9T2xQginnlF78wrLUO5vMPSQ91lTI7Ddb3ddAuj0E8hmC4wMXVqjEpzwrr5lI1xfTMoA

Requested by

Host: mal-ware.com
URL: https://mal-ware.com/

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=J0LWDLAEX71cizBkPdshsGAJ9sM&google_push=AXcoOmT-EB5kMjDo8br63ZJ6WTNR-2x_FplY7PLB5RMN-iphsuufawC0wRT07NV2JwdXhvibh105ghr3sj-2m93FxL9T2xQginnlF78wrLUO5vMPSQ91lTI7Ddb3ddAuj0E8hmC4wMXVqjEpzwrr5lI1xfTMoA
Date: Fri, 16 Feb 2024 16:21:56 GMT
Connection: keep-alive
Content-Length: 300
Content-Type: text/html; charset=utf-8

GET
H2

200

cm
cm.creativecdn.com/adx/ Frame 8AF0
Redirect Chain

https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESEIrms-GKFHLwkgCTWR1I4Mw&google_cver=1&google_push=AXcoOmSdF7P1E6PcbUSLXqn-w1UUyaY7gQ5b80AzZXO8UO60YHKYDrrl9s-g1yj-jA5U4qpTMgeRW4hgEo_Qk9Y59...
https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESEIrms-GKFHLwkgCTWR1I4Mw&google_cver=1&google_push=AXcoOmSdF7P1E6PcbUSLXqn-w1UUyaY7gQ5b80AzZXO8UO60YHKYDrrl9s-g1yj-jA5U4qpTMgeRW4hgEo_Qk9Y59...
https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=PL8iRCy8HnYUohLZ_R5qhJxVB7pCK4W2FrtLCLa4bcE&pi=adx&pi=adxab&google_gid=CAESEIrms-GKFHLwkgCTWR1I4Mw&google_cver=1...
https://cm.creativecdn.com/adx/cm?v=2&pi=adx&pi=adxab&tc=1&google_error=5

42 B
260 B

152ms
36ms

Image
image/gif

185.184.10.30
RTB-HOUSE-ASH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.creativecdn.com/adx/cm?v=2&pi=adx&pi=adxab&tc=1&google_error=5
Protocol: H2
Server: 185.184.10.30 , Poland, ASN203690 (RTB-HOUSE-ASH, PL),
Reverse DNS: ip-185-184-10-30.rtbhouse.net
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT, Fri, 16 Feb 2024 16:21:56 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 42
vary: Accept-Encoding
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.creativecdn.com/adx/cm?v=2&pi=adx&pi=adxab&tc=1&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 286
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8AF0
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESELICgU_167fY4hcfov8YUKs&google_cver=1&google_push=AXcoOmTVRKlJbJ8k7gE5K8n08yD0oXlZzBVjh1aoI5zapl9w6LQvhplQjhAQfLrb1O3UBBFwTV2c6mA5JpdU...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTVRKlJbJ8k7gE5K8n08yD0oXlZzBVjh1aoI5zapl9w6LQvhplQjhAQfLrb1O3UBBFwTV2c6mA5JpdUK4r6tg_rInXCL0MvaijoHHw65S3YcArWAOOw...

170 B
188 B

53ms
53ms

Image
image/png

142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTVRKlJbJ8k7gE5K8n08yD0oXlZzBVjh1aoI5zapl9w6LQvhplQjhAQfLrb1O3UBBFwTV2c6mA5JpdUK4r6tg_rInXCL0MvaijoHHw65S3YcArWAOOwNLgVVG1Da1L9jqEthivZP-W1ShdBmZL-6jGEPA

Requested by

Protocol

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTVRKlJbJ8k7gE5K8n08yD0oXlZzBVjh1aoI5zapl9w6LQvhplQjhAQfLrb1O3UBBFwTV2c6mA5JpdUK4r6tg_rInXCL0MvaijoHHw65S3YcArWAOOwNLgVVG1Da1L9jqEthivZP-W1ShdBmZL-6jGEPA
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 8AF0 0
12 B 44ms
44ms Image
text/html 142.251.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IobGC5IrbGGn6oVvKaSRrc_qpn6S6GxXouuSAKDIlr7TlEDs2a4B2V1acQN8kJ3eDzvr5l

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f157.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:55 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 0141
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CZR5EoovPZarHKsHR998Pj5mFgAPGlpDldZPOk56zEs_nquqdQhABINK86BNgye6Oi8CkjBCgAcndvd4DyAEJqAMByAPLBKoE0QFP0CRyAKy1tGsjrFSCBiifMVaB_TkO3CHyIQgYsfx9knl...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xbe2c8c95efaacfaa0000000000000000%22,%222%22:%220x67d1cab5206a24e40000000000000000%22,%223%22:%220x4181ba...

0
0

179ms
108ms

Fetch
text/css

172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xbe2c8c95efaacfaa0000000000000000%22,%222%22:%220x67d1cab5206a24e40000000000000000%22,%223%22:%220x4181ba515c601b570000000000000000%22,%224%22:%220xff1204b4bc58bd5b0000000000000000%22,%225%22:%220xdac1a26724d2ee8d0000000000000000%22},%22debug_key%22:%227921777572237950996%22,%22debug_reporting%22:true,%22destination%22:%22https://goformz.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221003450057%22],%2222%22:[%22true%22],%224%22:[%2202-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%226002980149453150705%22}&andc=true

Requested by

Host: mal-ware.com
URL: https://mal-ware.com/

Protocol

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:56 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0xbe2c8c95efaacfaa0000000000000000","2":"0x67d1cab5206a24e40000000000000000","3":"0x4181ba515c601b570000000000000000","4":"0xff1204b4bc58bd5b0000000000000000","5":"0xdac1a26724d2ee8d0000000000000000"},"debug_key":"7921777572237950996","debug_reporting":true,"destination":"https://goformz.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1003450057"],"22":["true"],"4":["02-16"],"6":["true"]},"priority":"500","source_event_id":"6002980149453150705"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 16 Feb 2024 16:21:56 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 16 Feb 2024 16:21:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0xbe2c8c95efaacfaa0000000000000000","2":"0x67d1cab5206a24e40000000000000000","3":"0x4181ba515c601b570000000000000000","4":"0xff1204b4bc58bd5b0000000000000000","5":"0xdac1a26724d2ee8d0000000000000000"},"debug_key":"7921777572237950996","debug_reporting":true,"destination":"https://goformz.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1003450057"],"22":["true"],"4":["02-16"],"6":["true"]},"priority":"500","source_event_id":"6002980149453150705"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame C03B
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CQJ4boovPZbXpKsPz998PstSb0ArP3MridYTTo_TDEdzZHhABINK86BNgye6Oi8CkjBCgAaHMpdwDyAEJqAMByAPLBKoE1AFP0J5QNytoCtYxxD8RMHpkOZ2__ogkGHgsOAOnpBxVZoOPENo...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xd9cfcd45300b85590000000000000000%22,%222%22:%220xed5ea7134189de250000000000000000%22,%223%22:%220xda2483...

0
0

183ms
107ms

Fetch
text/css

172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xd9cfcd45300b85590000000000000000%22,%222%22:%220xed5ea7134189de250000000000000000%22,%223%22:%220xda2483e1803dc2a60000000000000000%22,%224%22:%220x919447ee326d5d040000000000000000%22,%225%22:%220xf8906b3711bc09d00000000000000000%22},%22debug_key%22:%2215483435346521084190%22,%22debug_reporting%22:true,%22destination%22:%22https://johngalt.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22998860321%22],%2222%22:[%22true%22],%224%22:[%2202-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2215575665090017463137%22}&andc=true

Requested by

Host: mal-ware.com
URL: https://mal-ware.com/

Protocol

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:56 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0xd9cfcd45300b85590000000000000000","2":"0xed5ea7134189de250000000000000000","3":"0xda2483e1803dc2a60000000000000000","4":"0x919447ee326d5d040000000000000000","5":"0xf8906b3711bc09d00000000000000000"},"debug_key":"15483435346521084190","debug_reporting":true,"destination":"https://johngalt.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["998860321"],"22":["true"],"4":["02-16"],"6":["true"]},"priority":"500","source_event_id":"15575665090017463137"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 16 Feb 2024 16:21:56 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 16 Feb 2024 16:21:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0xd9cfcd45300b85590000000000000000","2":"0xed5ea7134189de250000000000000000","3":"0xda2483e1803dc2a60000000000000000","4":"0x919447ee326d5d040000000000000000","5":"0xf8906b3711bc09d00000000000000000"},"debug_key":"15483435346521084190","debug_reporting":true,"destination":"https://johngalt.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["998860321"],"22":["true"],"4":["02-16"],"6":["true"]},"priority":"500","source_event_id":"15575665090017463137"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 134ms
92ms Preflight
text/html 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 16 Feb 2024 16:21:56 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 112ms
92ms Preflight
text/html 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 16 Feb 2024 16:21:56 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 16A7
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=C0vGooovPZcyOK_PK998PgIKw8AHZ7cShdIWwrJfPD-iqtpWLAxABINK86BNgye6Oi8CkjBCgAa6_8-8DyAEBqAMByAPDBKoEywFP0Gl8gGVzCkYdXacI4KlYx--kgI13tdr20FfPFmcmze8...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x98ee1eec284d0ed70000000000000000%22,%222%22:%220xa4170a6839ed7950000000000000000%22,%223%22:%220x4d3a92e...

0
0

183ms
106ms

Fetch
text/css

172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x98ee1eec284d0ed70000000000000000%22,%222%22:%220xa4170a6839ed7950000000000000000%22,%223%22:%220x4d3a92ed20a70cba0000000000000000%22,%224%22:%220x5421740fedf7b7200000000000000000%22,%225%22:%220x702c57c8248574060000000000000000%22},%22debug_key%22:%228847072546116455266%22,%22debug_reporting%22:true,%22destination%22:%22https://ndm.net%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221039982510%22],%2222%22:[%22true%22],%224%22:[%2202-16%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2214850866019686185985%22}&andc=true

Requested by

Host: mal-ware.com
URL: https://mal-ware.com/

Protocol

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:56 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x98ee1eec284d0ed70000000000000000","2":"0xa4170a6839ed7950000000000000000","3":"0x4d3a92ed20a70cba0000000000000000","4":"0x5421740fedf7b7200000000000000000","5":"0x702c57c8248574060000000000000000"},"debug_key":"8847072546116455266","debug_reporting":true,"destination":"https://ndm.net","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1039982510"],"22":["true"],"4":["02-16"],"6":["true"]},"priority":"500","source_event_id":"14850866019686185985"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 16 Feb 2024 16:21:56 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 16 Feb 2024 16:21:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x98ee1eec284d0ed70000000000000000","2":"0xa4170a6839ed7950000000000000000","3":"0x4d3a92ed20a70cba0000000000000000","4":"0x5421740fedf7b7200000000000000000","5":"0x702c57c8248574060000000000000000"},"debug_key":"8847072546116455266","debug_reporting":true,"destination":"https://ndm.net","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1039982510"],"22":["true"],"4":["02-16"],"6":["true"]},"priority":"500","source_event_id":"14850866019686185985"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F773
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

46ms
45ms

Document
text/html

2607:f8b0:4004:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:21:56 GMT
expires: Fri, 16 Feb 2024 16:21:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:21:56 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Mxl_QHRpF3ASJ-0UJYy-xnBnh_t8qFAxMnyvqBA6J-g.js Show response
pagead2.googlesyndication.com/bg/ Frame FEB8 51 KB
19 KB 32ms
32ms Script
text/javascript 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Mxl_QHRpF3ASJ-0UJYy-xnBnh_t8qFAxMnyvqBA6J-g.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33197f40746917701227ed14258cbec6706787fb7ca85031327cafa8103a27e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 11:26:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17755
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19812
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Feb 2025 11:26:00 GMT

GET
H3 200 Mxl_QHRpF3ASJ-0UJYy-xnBnh_t8qFAxMnyvqBA6J-g.js Show response
pagead2.googlesyndication.com/bg/ Frame 7184 51 KB
19 KB 37ms
34ms Script
text/javascript 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Mxl_QHRpF3ASJ-0UJYy-xnBnh_t8qFAxMnyvqBA6J-g.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33197f40746917701227ed14258cbec6706787fb7ca85031327cafa8103a27e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 11:26:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17755
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19812
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Feb 2025 11:26:00 GMT

GET
H3 200 Mxl_QHRpF3ASJ-0UJYy-xnBnh_t8qFAxMnyvqBA6J-g.js Show response
pagead2.googlesyndication.com/bg/ Frame BFC6 51 KB
19 KB 33ms
32ms Script
text/javascript 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Mxl_QHRpF3ASJ-0UJYy-xnBnh_t8qFAxMnyvqBA6J-g.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33197f40746917701227ed14258cbec6706787fb7ca85031327cafa8103a27e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 11:26:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17755
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19812
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Feb 2025 11:26:00 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 99ms
96ms Preflight
text/html 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 16 Feb 2024 16:21:56 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 95ms
95ms Preflight
text/html 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 16 Feb 2024 16:21:56 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 98ms
98ms Preflight
text/html 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 16 Feb 2024 16:21:56 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Mxl_QHRpF3ASJ-0UJYy-xnBnh_t8qFAxMnyvqBA6J-g.js Show response
pagead2.googlesyndication.com/bg/ Frame D66D 51 KB
19 KB 35ms
34ms Script
text/javascript 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Mxl_QHRpF3ASJ-0UJYy-xnBnh_t8qFAxMnyvqBA6J-g.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33197f40746917701227ed14258cbec6706787fb7ca85031327cafa8103a27e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 11:26:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17756
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19812
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Feb 2025 11:26:00 GMT

GET
H3 200 Mxl_QHRpF3ASJ-0UJYy-xnBnh_t8qFAxMnyvqBA6J-g.js Show response
pagead2.googlesyndication.com/bg/ Frame E616 51 KB
19 KB 34ms
33ms Script
text/javascript 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Mxl_QHRpF3ASJ-0UJYy-xnBnh_t8qFAxMnyvqBA6J-g.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33197f40746917701227ed14258cbec6706787fb7ca85031327cafa8103a27e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 11:26:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17756
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19812
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Feb 2025 11:26:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 100ms
98ms XHR
application/json 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240214&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7039e947f8f95329ee83a8b887f2853dd54e79747bf9cf77e21d8bd871c4135a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:56 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12422
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 45ms
42ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 16 Feb 2024 16:21:56 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 4DAD 13 KB
5 KB 35ms
35ms Document
text/html 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mal-ware.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 30798
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 07:48:38 GMT
expires: Sat, 15 Feb 2025 07:48:38 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 111B 829 B
559 B 56ms
55ms Document
text/html 2607:f8b0:4004:c09::68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::68 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f0e4d1290ab336a733e5d243b83c5f4b469f72ce35ddcd4aa6d71e2096a526fd

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-gOZvnnvdiZ_e8JekkTkNVQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mal-ware.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-gOZvnnvdiZ_e8JekkTkNVQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 16 Feb 2024 16:21:56 GMT
expires: Fri, 16 Feb 2024 16:21:56 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js Show response
pagead2.googlesyndication.com/bg/ Frame 4DAD 39 KB
15 KB 32ms
32ms Script
text/javascript 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29ef35d4653c0fda0fd74b8cbb9e040ea5ae2390c608e8c2eaf34819c649d9d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 10:08:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22420
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15261
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Feb 2025 10:08:16 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 111B 0
0 93ms
93ms Image
text/html 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240214&jk=1199230194513934&rc=05AESoLlt6i2aBMhs9RjHpgi12-C5AUPA51OHiFTQZDH17o_u0tav7IcZ1dGGxtIv78kE0vsIW97Xu0z206tArMRiqrWeU52QTuAkAdSA3AuUYN7EEjx5tWxde1L53hpwAPJUTW_PeN2tWpV_eh1EZSkpVg0p6msYbVForN3gkYepL8RjblRipo4RZxThDyywWw6Q_8p_TJbgWoV3ylyo2BQBcC3Cpz3JDzburzIFBT8mxatx4Rg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FC53 42 B
64 B 92ms
91ms Fetch
image/gif 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssULL-1pLh3v9Sks_mpacEFRAFF1Oldn5Zv3BaVvQ4LF3NdYmhu0LZ__gk4L8EMbKxp2Q6QJmbBMK6Tpc5dxh8yD7TEnId7fZDB-vKrOHHj4sKxUnvMklm68RYoTfUWffG_kRoKVnY6Jh5xHQNih_gwgQGndGfT3MQhB6hmRrlKANPjfS-KcFMfVv1w0w&sai=AMfl-YSRsgmxbF1KcPiV_oXtwXVNgVRwza6AIJsPBINMTjNLrS6A-8xw5NLgAYUQ-zBXxQ2FTS7gwZysaUXWeW4Dtu1wiB9elAmFOSvTar4jJ94mI4hawnuo65XubocN2gM1muYIyFc1rMeq8AmmVi-4tQ&sig=Cg0ArKJSzDVqZEscm1cpEAE&cid=CAQSTwAvHhf_T8_7usLYRp2nlNRh0NQTX8lf4XTxhWxK9r2Zr54uUYdlXwC75aNIKSLvE0rnCFoi9NOLpIQCQ1Rmf6eieNuJHAKRQOhnP5PMAHwYAQ&id=lidar2&mcvt=1000&p=0,0,280,1200&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240215&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3809598800&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=403331500&rst=1708100514071&rpt=1579&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 4DAD 0
10 B 31ms
30ms Image
text/plain 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?vjWsMw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 16:21:56 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 90ms
90ms Image
text/html 2607:f8b0:4004:c09::9b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240214&jk=1199230194513934&bg=!DA-lD0DNAAZN4L4YbeA7ADQBe5WfOE_ZDmjiRnFe95B3PWYDRbqedWjoEatirn3fN0VDXW_8ne3cshDeKu2K8sBI9I9lAgAAAGdSAAAABGgBBwoAn0Z3AaumYh6tkiKc6O_rRrWH8Lu4W8WHEwRpLsM2Whu76x9DN2MXSf6X5W6Vk8OykbXaCbEJMGIbXFy-ooTHG9gSex391Ryqo8Mqw96kXez1UOcf29BBZz89UbrPR5iZSTa_hB0A9lNfR4GAI01sDuBIJCd2pPRBjd3tVSmz2HOt0yQOzivPhyzLlaQK2_WBJptRt5XCdICQSZhKq1O6kJkCwme9evbylAonlIn0XWBwDM9tainRXkRtfnSkoezZESIVUsX5XP1nKUdmKjP2Z0oRWRATOiLpqr0nRIeZbCNDe0eF4mGdfWt10MRE7UWwUbcah1_8yyYxTOR6XUW87vDRRO47Ftb7NIRhMFV4qq2rVJ29rdGJCL8dozE4bmr7hbA7h2VNw1KbPkmDRWVYPFTCx4mqFoZ5EEUc7KQjprrQ2bdoXWcSwCvVAVHxstRt_nVk5IrOeiPWOkSObMNzc6I3eVf2UiKD32InuTCYmnaY5YyL435yDx7Y3YHuLGFhx4ClThwE44fuaAFcr5PF0eMcnQw-e046cmHd-7Mh6nb2RCtyiD35xnQzHz7nl0U6pPAHAJSeyNDE0V5e84B5uebugmflLChs2bb4ituX_DQvpApa5574AVrLEEWm-vmk5vvRGnyW5nH_KVNfLAX1lXWtgAvGoiKw3iiOhBkWyf4VXrzkjIcTe-Erpd8lqf5wBkCoyJZn8GKYc5dQv2qf7PXB5KuOMfJYbi64HpFJlndwlQ2WPzLRptKP8l_ktzZgFfRO0VT9SNtf0R_RHNZMDPVQ7nWkPkFZJO8QWkBru5s6Ik9WBzr36Aj0x6bFctL9FJJ_HH33FSCioeIyELE7QAK914Y_yzALd7ePkSpyoVxthyQ42nf6SCrZoCaZ6ADSjFM60zFV4NTb7SXvbT7ydtfSoYQ5PYdyhef63vl0A35eT4WEr8Iocid4re0ZXn25UKFu5w4GvylfWWC1Aymx0zooknWaQfIX9PxSd1pYIbI-M4W9kZrP_pNO3a5EHTG6iiUV3mg766JWb5oZpeu7lqoJjVSwMvUf7ekjgyE9vJJ9fJqOg0ETts8uyCmL5cZXew3LDGsIoKEZDmt_oIkYvyKU1B0ir9Gz4qtELGDR_5ATbdsvaXZhKYi8pXZNhZBBkwAj3tQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c09::9b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

POST
H2 204 collect
www.google-analytics.com/g/ 0
54 B 39ms
39ms Ping
text/plain 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-WFC5JE8V08&gtm=45je42e0v886240969za200&_p=1708100513136&gcd=13l3l3l3l1&npa=0&dma=0&gdid=dZGIzZG.dZTNiMT&cid=1584802085.1708100513&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AAAC&_s=2&sid=1708100513&sct=1&seg=1&dl=https%3A%2F%2Fmal-ware.com%2F&dt=Mal-Ware%20-%20Best%20Ransomware%20and%20Malware%20Removal%20Service&en=page_view&_ee=1&_et=3&tfd=6222
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WFC5JE8V08
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mal-ware.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Feb 2024 16:21:58 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://mal-ware.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

87 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

47 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-20 22:47:32	Name: _GRECAPTCHA Value: 09AESoLlt4eEin5nx85sE9KLLirt3EFFtpl3sk1Oc_Fi1MFRUBsli4rvi4Oyb9kYKiP_FKbNxJN-XdM4vCHXLyVMw
mal-ware.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: ppodbdtc6thvdrqogcqa4i1uoc
.mal-ware.com/	1970-01-21 04:04:20	Name: _ga Value: GA1.1.1584802085.1708100513
.mal-ware.com/	1970-01-21 04:04:20	Name: _ga_WFC5JE8V08 Value: GS1.1.1708100513.1.1.1708100513.0.0.0
.mal-ware.com/	1970-01-21 03:49:56	Name: __gads Value: ID=95c0659fa260ad0f:T=1708100514:RT=1708100514:S=ALNI_Mbp_ww60zzYJ-_AtjXdW-VHGs1K0A
.mal-ware.com/	1970-01-21 03:49:56	Name: __gpi Value: UID=00000dca71201e36:T=1708100514:RT=1708100514:S=ALNI_MYf1SEFglQ-b0hQCGIMQJ83h0imVA
.mal-ware.com/	1970-01-20 22:47:32	Name: __eoi Value: ID=4aabb02e0b47dd0d:T=1708100514:RT=1708100514:S=AA-AfjbS-8WW1F2w0k5YKaHKIXMn
.doubleclick.net/	1970-01-21 04:04:20	Name: IDE Value: AHWqTUm8NJ60ZQXoWmrGrrWFc85p_lfpvyxpqUu_HePB2Ibx1vPQWcLPVK-nIU884Fg
.doubleclick.net/	1970-01-20 18:28:24	Name: DSID Value: NO_DATA
.everesttech.net/	1970-01-21 03:13:56	Name: everest_g_v2 Value: g_surferid~Zc_LowAAAM2fJgA9
.sitescout.com/	1970-01-21 03:13:56	Name: ssi Value: 07ba1d8d-0748-4743-bb59-e351f3bacb06#1708100515565
.adkernel.com/	1970-01-20 18:48:30	Name: ADK_EX_11 Value: 1
.adkernel.com/	1970-01-20 19:11:32	Name: ADKUID Value: A9205365671058358772
.adsrvr.org/	1970-01-21 03:15:22	Name: TDID Value: 0a276d29-f542-48d4-a126-14bd176ea665
.sitescout.com/	1970-01-20 19:11:32	Name: _ssuma Value: eyI2OCI6MTcwODEwMDUxNTYwM30
.adsrvr.org/	1970-01-21 03:15:22	Name: TDCPM Value: CAESFQoGZ29vZ2xlEgsInIbgy63F1zwQBRgFIAEoAjILCPSHufjDxdc8EAU4AQ..
.inmobi.com/	1970-01-20 20:37:56	Name: idsp_c Value: d43fd1a4-aced-4f88-8c6d-ef2f915206df
beacon.lynx.cognitivlabs.com/	1970-01-21 03:15:22	Name: UID Value: d3f44a7a-2563-4944-9df8-1e1fdc4feb38
beacon.lynx.cognitivlabs.com/	1970-01-21 03:15:22	Name: ss Value: E2nQkHONsXB0dobQm7f45zTIGyechwqVYwj4R3e8uB9Dsj2iSZABL9k44EkeXMC8MNX17lj1HEvxYLF78W9k%2BQ%3D%3D
.travelaudience.com/	1970-01-21 03:55:42	Name: _tracker Value: %7B%22UUID%22%3A%2244909FD3-6A0A-48D2-0900-40BC1E09FCEC%22%7D
ads.travelaudience.com/	1970-01-21 03:55:42	Name: _tracker Value: %7B%22UUID%22%3A%2244909FD3-6A0A-48D2-0900-40BC1E09FCEC%22%7D
.rfihub.com/	1970-01-21 03:49:56	Name: eud Value: H4sIAAAAAAAA_-OSMXR2dA129fIxKnErNckKLDH3Mi43Mc_xM81PDw3iNTQ3sDA0MDA1NLU0s3jFiMoHAJR52Lc9AAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSMjazNDe0MLAwNzeyNDA1MTYyF-Iz1M1NKzayiE9J8fUM9QcAuD90fiQAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAA_-OSMXR2dA129fIxKnErNckKLDH3Mi43Mc_xM81PDwUAeU9Bgh4AAAA
.rfihub.com/	1970-01-21 03:49:56	Name: rud Value: H4sIAAAAAAAA_-MSMjazNDe0MLAwNzeyNDA1MTYyF-Iz1M1NKzayiE9J8fUM9QcAuD90fiQAAAA
.mfadsrvr.com/	1970-01-21 04:04:20	Name: tuuid Value: d97317d0-4bd6-45ef-b279-39675ae5df5e
.mfadsrvr.com/	1970-01-21 04:04:20	Name: c Value: 1708100515
.w55c.net/	1970-01-21 03:55:42	Name: wfivefivec Value: oClwZLS21RB0Yk5
sync.srv.stackadapt.com/	1970-01-21 03:13:56	Name: sa-user-id Value: s%3A0-2742d60c-b004-5fbd-5c8b-30643ddb21b0.CO5BGdkYcWEr7tp9LFaNi7%2F7U8OJB9egat%2Fn%2Bb9e9XQ
.srv.stackadapt.com/	1970-01-21 03:13:56	Name: sa-user-id Value: s%3A0-2742d60c-b004-5fbd-5c8b-30643ddb21b0.CO5BGdkYcWEr7tp9LFaNi7%2F7U8OJB9egat%2Fn%2Bb9e9XQ
sync.srv.stackadapt.com/	1970-01-21 03:13:56	Name: sa-user-id-v2 Value: s%3AJ0LWDLAEX71cizBkPdshsGAJ9sM.ckUGFNSdeNGRSIQiXf9Hv5flcdeSuS24AX963ADM3f8
.srv.stackadapt.com/	1970-01-21 03:13:56	Name: sa-user-id-v2 Value: s%3AJ0LWDLAEX71cizBkPdshsGAJ9sM.ckUGFNSdeNGRSIQiXf9Hv5flcdeSuS24AX963ADM3f8
sync.srv.stackadapt.com/	1970-01-21 03:13:56	Name: sa-user-id-v3 Value: s%3AAQAKIG1-rbvIl9DmaqxnWl77NRz36RfVFvXw4-D7jAbpc1T5EHwYBCCkl76uBjABOgTBqNnoQgQbpS2q.V30MQs2lpGnLmMOHN0DMOA1QvpwEn%2FW%2FSpZ%2BpXb88Vc
.srv.stackadapt.com/	1970-01-21 03:13:56	Name: sa-user-id-v3 Value: s%3AAQAKIG1-rbvIl9DmaqxnWl77NRz36RfVFvXw4-D7jAbpc1T5EHwYBCCkl76uBjABOgTBqNnoQgQbpS2q.V30MQs2lpGnLmMOHN0DMOA1QvpwEn%2FW%2FSpZ%2BpXb88Vc
.creativecdn.com/	1970-01-21 03:13:56	Name: ts Value: 1708100516
.creativecdn.com/	1970-01-21 03:13:56	Name: g Value: ecxpORGlR7TbGcs4bk7h_1708100516006
.uuidksinc.net/	1970-01-21 03:13:56	Name: jcsuuid Value: tnWOssHG1SnJ1eRnR7mz
.adx.opera.com/	1970-01-21 03:13:56	Name: UID Value: OPU5070c073f22e4a2bbaace3aa92b1e361
.yandex.ru/	1970-01-21 04:04:20	Name: yuidss Value: 2365112001708100516
.yandex.ru/	1970-01-21 04:04:20	Name: yandexuid Value: 2365112001708100516
.w55c.net/	1970-01-20 19:11:32	Name: matchgoogle Value: 5
.mfadsrvr.com/	1970-01-21 04:04:20	Name: tuuid_lu Value: 1708100516
.mfadsrvr.com/	1970-01-21 04:04:20	Name: ssh Value: !google,1708100516
.c.appier.net/	1970-01-21 03:13:56	Name: _auid Value: eDY_rHkBAmui4moapIvPZQ
.c.appier.net/	1970-01-20 19:11:32	Name: _gu Value: CAESEMQYijq88sqTcEKUDJZeDi8
.dotomi.com/	1970-01-20 18:28:20	Name: DotomiTest Value: 624d1a01d0f705e4
.googleadservices.com/	1970-01-20 20:37:56	Name: ar_debug Value: 1

213 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://mal-ware.com/wp-content/themes/uptech/assets/css/assets/images/bg-footer.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://mal-ware.com/wp-content/uploads/2022/08/code-2vhhhh4.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://mal-ware.com/wp-content/uploads/2022/08/cchhch4sport-team.png Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://mal-ware.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.c.appier.net
a.rfihub.com
ads.travelaudience.com
an.yandex.ru
analytics.pangle-ads.com
beacon.lynx.cognitivlabs.com
cm.creativecdn.com
cm.g.doubleclick.net
creativecdn.com
dclk-match.dotomi.com
dis.criteo.com
dsp.adkernel.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
mal-ware.com
match.adsrvr.org
mweb.ck.inmobi.com
onetag-sys.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pm.w55c.net
rtb.mfadsrvr.com
s.uuidksinc.net
sync-tm.everesttech.net
sync.srv.stackadapt.com
t.adx.opera.com
tpc.googlesyndication.com
ums.acuityplatform.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
142.251.167.157
151.101.130.49
172.105.221.240
172.253.122.156
174.137.133.49
181.215.49.64
185.184.10.30
185.184.8.90
199.38.167.131
20.253.86.149
2001:4860:4802:38::178
207.198.113.88
23.45.233.16
2606:ae80:1471:13::730
2607:f8b0:4004:c06::61
2607:f8b0:4004:c06::84
2607:f8b0:4004:c07::9b
2607:f8b0:4004:c08::5e
2607:f8b0:4004:c09::5e
2607:f8b0:4004:c09::68
2607:f8b0:4004:c09::9b
2607:f8b0:4004:c1b::5f
2a02:6b8::90
3.33.220.150
31.220.27.155
35.173.142.156
35.190.0.66
35.207.24.140
51.222.239.230
54.172.26.66
54.227.152.214
69.90.254.78
74.119.119.150
82.145.213.8
04fa628bda6f9b1ab5f71827ce6c71e8c6ad495a3a5a0ed8858c6f5b2f0513ff
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bd3e64a75f43409aa3141f35c5d1bd599773aec49d61aaa02522dbe6101c247
0e33434b042c688fa1972d51e9c103fe592fca7a4dd50358c08449c7b0f5cb4c
110247c7157ad59af41c38ce979a06a11af5a8e0e44e87b9234721f6c7e24750
12206a0a470277e4afe5cc053f3185694630b1ee83f8a33277b159f83f9cd8bd
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1d52e1ac7d3bc25a8b0ffc257153f9dd50249f96fe9a4df5e0d771241a69062c
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c
29ef35d4653c0fda0fd74b8cbb9e040ea5ae2390c608e8c2eaf34819c649d9d6
2c6c8389d7ac0ab60f49dec611417cfae5583addbdcb678f879bc2b8ed0f063d
2dea57483641f8762937dfd9b09126a9b21c88bd3d7486186003e0bbb9043145
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
327a11ef5fa6dbc3069174b88a5ed34f00624c53b47a3dcb4cb4a162aa4445b7
33197f40746917701227ed14258cbec6706787fb7ca85031327cafa8103a27e8
350663a4665e00072c68a87ad3fa0be47b8a91424127f5f3e09f664197295f01
37bab6cd583982e8eff58501a99d7c5c4d63664c1ca34f9e3b7cf526c5b73ae2
396bd1ab182a204c8c227c5d6aef6cbe3a3481500e816635b408da715695dfa1
3a7268011f29cc56beab656b173cb4d4df7126d09acfb53984d3a8e2020127bd
3ad6c8bd3624555dd79177efe91f0aca20e7f28597fa6b49762c27f337500d8d
3ad79aa9658771a808a02f917b05f6c0b99d69e96bcf308d8c282f5bf668e766
3bc6467a95cec8fa516c6f5f69e1301e37e16f9bb1046fe7756729249f901b95
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3f32df7c79c88bf6abe559bbd0b2752046a67e29a70e29296eb4871961c1d416
3fe543befe804b3847051f8d79d0f0bd7c0995248b9b87b1ab3a49f6862cb903
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
473f98fc0967c2c122456fc402d7db00d57d3fe3b46a12d075d10eb26a55dd5b
47ce859f7f0f545825c8ab983547bbf88d0de3f52afebc7a1ccc0611661df70d
480352a16d07df92821362b18a9b7d831fbc162de85ee0078b6f4da7cb61620b
497207545e4aaa14add0c59adb6fc64a61a3375a525c9eb96527dd326a6d62aa
4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
4fd66999fb60ad3289dfaee132ff52c0b1ecba71661e4cbfe47d09ac4f1cd5a1
4fd864a1f926872dfd44a815bc545da4ba35464a5230d8c1c9a0c582f06d9426
51e6ec54a70e62a059ca14e5a79a603e7326e8ec32677babe745ec975b71220b
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
538c1141e711cfd44365390193c06e5d699f6b29b33b8a8ac9d3a03832745df9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54e63be15dfa27d7585436473d0be1451622ceac37637539fdf746ca63bbc8f2
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5f901dd9baecb42078ba25aa9e4fea357dc5fb1183d650e30b07e72a9cb6c4cd
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6283022d3d15fa5472d8351b2c1a29bcd0e66184adc783747822d1c2700304a5
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
6d6cf62995c10f8805b4cdeea31b5a3bb9fb5db69c912f66022755a003644896
701d640f152aadf261921a262acbfd15c479fd9717d480979a31279ade050bbb
7039e947f8f95329ee83a8b887f2853dd54e79747bf9cf77e21d8bd871c4135a
716b2a35acfc8e6a247c9e4d9e3c32dc2354b3a8a6e6481835a64b783a5ba4a3
719e619b2a16ba235f175ac7163617120e7229817c9a7f319d3c4a82e158f750
726b820e44f6ab90ad991d30a4bf26d3a5d71493cbcd1fb1efd0d14e89b9df2a
72edb950578570cee07206e0ebd58749b7cb247af27eb918ffab01692724742b
74aecdd5e4adef711039cfcf5b45315dae346888735b845773b9cadba3ea10eb
779601543eb68cb69562d51b8d021504028b0237caebb7895920c7a9b5667168
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
78622276fd9bd8110b9a92b726565f37e2d9f024160cc28b61cbd9ce1941c433
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
7af902b859fb38065e0072a80cf0db3331ac639b815b33980658648b9cd439bf
7d4765f9e5ef9c44c30128cf2055ea61529f0c9fdf121b4ddca394da954d82df
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7ee08c60d39f5712a56938fda3e2ab10fe3ef23ec98aeb3c9a29e54f6f31ffe1
7f56f5a085074581b6a80c806c6402d0638d7329dd370aa06036a967ae2c8ce2
80b5ef4f0243e6b9df1d3b922821553d459bf1dab40f852cf43223eeba437698
811c9e254f52ee41c67c23e2a744ee74b11a0bc9a5d262cafd103e5b975eee68
8227e5c6bdd8345ec6bca5a230032a7f65ccfc52248a7fd9c4a089e2d8ffd4a6
841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632
8753541a3a44842cd815d81c4f8c589e0a0d763112d622f3088cd6f064e825fd
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
8afc6e5e842baab16010c2ce6fcf48ec4ded8e1579a37c1f1bc027e120d04951
8bef383a20a6a528375e2fd0b9945f1c5de16614458812e66b7f1c18f1db6fcf
8e07015cd418cf7fa5470bff958e993954920ab6566e4cec7a9baf6753b35f86
8f377b969d4c52b8d76f761bda009f6595d3482ef7031527ea133ff1359021c2
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
940c1d55e89106dbfa17392cb271c52046a2ed1fd842887feb0385a016ec49ba
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589
9c1989ecd392a0c54fb799409154242706940a8e6d800542ba579dfda576bb9d
9f037d96ca11763ea316e940649d6b94633db6e5d69fa8a167b73465ef24a367
a3e9ee0a9fe603e0b29bb71d928e475fa389952f02ee8864f3a76c56cd86e224
a6ee58f60c407b083623fdc4586ae66d10f4586920a825a74e26762bc262eefd
a6f22f4f54a62cfb12c9e9dccc9d42ccf2aabe5d7fafbeacb2cc627403136234
aa90ea59627221180185809f04d0866c74f1932370c099ebfe5fe402fbee233e
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1546cdc84ba3bf3f2eacf0a300c64213ded7b0c8b031557793ee0a3540b0dcb
b1a9b4d4a874d9284ffcbc5f13a10e05dbfc8697abedafdaa52f0b86d6e345b9
b2ead0297249cee541338e500e0b547c3840aa194a378dd9f2bf82913ea1f1c3
bc4a0a2b4025db3daab7e6166e06c42566418e59494f976df177d4837c950941
bfbd80809e8f863fa4c57fee859cfb30ed989cb6d521928a73586ed1055e6ffe
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
c3f2f7535880ab76f7da7310295b4db7cf22a8dfab82ad48243f4f512d146640
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
ccd31ffa708d025833f954b3e0560cedd58df9a0d2706b2ccee5f501c5b2467b
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
ce50b6ff12b9cf28c801a3a5b87d607c07dbea403f885fa6ae7312ffbd60c012
cf2bc8471ca9269f57b173fb6c5ad405df0963fcc24aedb26be6e495d94c4e4f
d01a2ba2805c78957e15a2958135de0f3cb88e95159dd0f6c0a032bd76b1b0e9
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
d622534d53d3ac1095af275f0b30274fcd835785577df2dde6d9398e6f7a2c8f
d7bdba02afa8c04c13f280c71a50f8c8186c883711c5dabbd13566dd738bff0a
da9ed5720b674f0d297fe621ac2d8d518c4e622bef1e9b0d4ae489dee9aa43f8
dc032c361978c8fa496519488b6cee1b77554a1844ed6cb5d212d2fb87bc55e8
de7bbaf6aff3104af650b1b6ece30b6720503de11121e206d9ee9eb5f4445483
df0ec8330290d184b1084527076cb87d41b33ba706ff5ab579d761f0cb6a744b
e3031f7e4ffd92af228a4482af3012b055c763b4c52d5df01055c47f406d0f6b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3c350b68116b9527f43417b1b6f66dc0436798d3fb6472129de53e3ebd277d2
e49e4f22cc5186f3a68e94b9c5d7ef6c31aa05b683bea3799517676425f10fc8
e9a4f1e060e4847119dd0bb5b65a8fac4d308f493786ad328b2dde058e14a9ca
ebc28637e9a6cb3635a83c40baf95b4f41031b2153f5f8c03c9af07c05b9e8c1
eea3d6ccda7f6503078cce9dc41176c1357af1c93a5b3625131ef7cf21c9d7c4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0e4d1290ab336a733e5d243b83c5f4b469f72ce35ddcd4aa6d71e2096a526fd
f29f89af383aad18b40b7d8eb2453b8acba07f75f7f0284b58d7462c5113a053
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f7124819a4df2ed6820fd02a266a75c1ea3e0337b84b7f7e73ed2877423960f2
f7ff24972ad705ba178766d5b58d72a1f06ac10220b1136bddf8caa0c92045e9
f9a662c265daf6edb2cada03ec8d4e71c4733fc58a59814ae738cfa373f57ebe
fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c
fe775d0072ac2808084f11277db464678510460a15372ece3cd2ed9223342fa8
fea066fc2a7db2370c60bc0fb2c9e12b516d71215045a1a2bf8b272acbbb4f65
fec956ca86c2b59c957b083d715697b25891ea484813a1a6b8958c4d4b1c9a94

mal-ware.com Open in urlscan Pro 181.215.49.64 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

251 Requests

85 %HTTPS

32 %IPv6

30 Domains

34 Subdomains

17 IPs

6 Countries

3391 kBTransfer

8184 kBSize

47 Cookies

0 Outgoing links

Redirected requests

251 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

mal-ware.com Open in urlscan Pro
181.215.49.64 Public Scan

Screenshot
Live screenshot

Full Image

251
Requests

85 %
HTTPS

32 %
IPv6

30
Domains

34
Subdomains

17
IPs

6
Countries

3391 kB
Transfer

8184 kB
Size

47
Cookies

251 HTTP transactions
7 data transactions