pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Submission: On June 24 via api (June 24th 2023, 5:05:03 pm UTC) from TR — Scanned from DE

Summary HTTP 416 Redirects Behaviour Indicators

Summary

This website contacted 48 IPs in 6 countries across 35 domains to perform 416 HTTP transactions. The main IP is 20.60.220.36, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pcloak.blob.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on March 22nd 2023. Valid for: a year.

This is the only time pcloak.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	20.60.220.36 20.60.220.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NIOBEBILI...) (NIOBEBILISIMHIZMETLERI)
2	94.138.206.83 94.138.206.83	49126 (AS49126) (AS49126)
3	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
40	2a02:6ea0:c70... 2a02:6ea0:c700::19	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
2	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	23.213.164.100 23.213.164.100	16625 (AKAMAI-AS) (AKAMAI-AS)
21	185.7.176.222 185.7.176.222	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
2	2a03:2880:f08... 2a03:2880:f080:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
35	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
75	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
3	13.224.192.181 13.224.192.181	16509 (AMAZON-02) (AMAZON-02)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	18.66.138.185 18.66.138.185	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
36	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:80e::2002	() ()
16 18	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
4 8	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
4 6	185.89.211.116 185.89.211.116	29990 (ASN-APPNEX) (ASN-APPNEX)
10	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
10	104.75.89.75 104.75.89.75	16625 (AKAMAI-AS) (AKAMAI-AS)
2 4	34.250.56.160 34.250.56.160	16509 (AMAZON-02) (AMAZON-02)
63	2a00:1450:400... 2a00:1450:4001:827::2006	15169 (GOOGLE) (GOOGLE)
4	2a02:26f0:170... 2a02:26f0:1700:6::17d5:a191	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
16	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
1	3.75.5.170 3.75.5.170	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:245... 2600:9000:2450:c000:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
8	2600:1f18:1ac... 2600:1f18:1aca:4282:2a0a:6ee9:5131:f962	() ()
3	74.121.143.241 74.121.143.241	() ()
6	2001:4860:480... 2001:4860:4802:32::3	() ()
2	2a00:1450:400... 2a00:1450:4001:809::2003	() ()
1	2a02:2638:3::12 2a02:2638:3::12	() ()
2	2a02:2638:d::2 2a02:2638:d::2	() ()
2	178.250.1.6 178.250.1.6	() ()
1	2a02:2638:d::11 2a02:2638:d::11	() ()
1	138.201.63.117 138.201.63.117	() ()
1	95.101.148.198 95.101.148.198	() ()
2	144.76.104.53 144.76.104.53	() ()
1	141.101.90.96 141.101.90.96	() ()
1	2a0b:4d07:102::1 2a0b:4d07:102::1	() ()
416	48

4 20.60.220.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pcloak.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NIOBEBILISIMHIZMETLERI, TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 94.138.206.83 (Turkey)

ASN49126 (AS49126, TR)

ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a02:6ea0:c700::19 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

cdn.ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.213.164.100 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-213-164-100.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 185.7.176.222 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

static.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c1.imgiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng2.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f080:9:face:b00c:0:3 (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

75 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.192.181 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-192-181.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

feed.pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.138.185 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-138-185.fra60.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80e::2002 (None, )

ASN- ()

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 142.250.184.226 (United States) 16 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.80.39.216 (Canada) 4 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.89.211.116 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.75.89.75 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-89-75.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.250.56.160 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-56-160.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

63 2a00:1450:4001:827::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:1700:6::17d5:a191 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 172.217.18.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.75.5.170 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-5-170.eu-central-1.compute.amazonaws.com

red.vtracy.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2450:c000:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:1f18:1aca:4282:2a0a:6ee9:5131:f962 (None, )

ASN- ()

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 74.121.143.241 (None, )

ASN- ()

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2001:4860:4802:32::3 (None, )

ASN- ()

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2003 (None, )

ASN- ()

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::12 (None, )

ASN- ()

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:d::2 (None, )

ASN- ()

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.1.6 (None, )

ASN- ()

cat.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:d::11 (None, )

ASN- ()

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 138.201.63.117 (None, )

ASN- ()

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.101.148.198 (None, )

ASN- ()

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 144.76.104.53 (None, )

ASN- ()

hal900022.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.101.90.96 (None, )

ASN- ()

portal.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:102::1 (None, )

ASN- ()

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
121	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 133 b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 155	1 MB
69	doubleclick.net 16 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 219 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 cm.g.doubleclick.net — Cisco Umbrella Rank: 244 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 359	531 KB
63	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 338	3 MB
42	ye-mek.net ye-mek.net — Cisco Umbrella Rank: 858491 cdn.ye-mek.net	614 KB
19	virgul.com static.virgul.com — Cisco Umbrella Rank: 63446 ng.virgul.com — Cisco Umbrella Rank: 55403 ng2.virgul.com	232 KB
16	adsafeprotected.com 2 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 957 static.adsafeprotected.com — Cisco Umbrella Rank: 628 dt.adsafeprotected.com	198 KB
10	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1404	2 KB
10	openx.net us-u.openx.net — Cisco Umbrella Rank: 492	1 KB
9	googletagservices.com www.googletagservices.com	505 KB
8	gstatic.com csi.gstatic.com fonts.gstatic.com	32 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 621	6 KB
7	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 422 imasdk.googleapis.com — Cisco Umbrella Rank: 495 fonts.googleapis.com — Cisco Umbrella Rank: 80	296 KB
6	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 249	6 KB
4	mathtag.com tags.mathtag.com pixel.mathtag.com	3 KB
4	doubleverify.com cdn.doubleverify.com — Cisco Umbrella Rank: 490 tps.doubleverify.com Failed	211 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 357 aax.amazon-adsystem.com — Cisco Umbrella Rank: 444	62 KB
4	windows.net pcloak.blob.core.windows.net	3 KB
3	redintelligence.net hal9000.redintelligence.net hal900022.redintelligence.net	5 KB
3	criteo.net static.criteo.net csm.eu.criteo.net	1 KB
3	criteo.com ads.eu.criteo.com cat.nl3.eu.criteo.com	7 KB
3	google.com adservice.google.com — Cisco Umbrella Rank: 107	743 B
2	imgiz.com c1.imgiz.com — Cisco Umbrella Rank: 102765	131 KB
2	pghub.io pghub.io — Cisco Umbrella Rank: 1964 feed.pghub.io — Cisco Umbrella Rank: 2174	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 176	89 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 13184	6 KB
2	cloakan.co www.cloakan.co	1 KB
1	office-partner.de adv.office-partner.de
1	o2online.de portal.o2online.de	608 B
1	vtracy.de red.vtracy.de — Cisco Umbrella Rank: 110607	17 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 60	21 KB
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2353	361 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 82	47 KB
0	awin1.com Failed www.awin1.com Failed
0	webgains.com Failed track.webgains.com Failed
0	medialead.de Failed pv.medialead.de Failed medialead.de Failed
416	35

	Domain	Requested by
75	pagead2.googlesyndication.com	static.virgul.com pagead2.googlesyndication.com b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net ye-mek.net
63	s0.2mdn.net	pcloak.blob.core.windows.net s0.2mdn.net b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com ye-mek.net
40	cdn.ye-mek.net	ye-mek.net cdn.ye-mek.net
36	tpc.googlesyndication.com	b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com pcloak.blob.core.windows.net tpc.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net
20	googleads.g.doubleclick.net	pagead2.googlesyndication.com b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com ye-mek.net
18	cm.g.doubleclick.net	16 redirects googleads.g.doubleclick.net
16	googleads4.g.doubleclick.net	pcloak.blob.core.windows.net googleads.g.doubleclick.net
15	securepubads.g.doubleclick.net	static.virgul.com securepubads.g.doubleclick.net b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com ye-mek.net www.googletagservices.com
10	sync.teads.tv	googleads.g.doubleclick.net
10	us-u.openx.net	googleads.g.doubleclick.net
10	b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
9	www.googletagservices.com	b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com googleads.g.doubleclick.net
9	ng.virgul.com	static.virgul.com ye-mek.net
8	dt.adsafeprotected.com	b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
7	static.virgul.com	ye-mek.net static.virgul.com pcloak.blob.core.windows.net
6	csi.gstatic.com	imasdk.googleapis.com
6	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
4	static.adsafeprotected.com	b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
4	cdn.doubleverify.com	s0.2mdn.net pcloak.blob.core.windows.net
4	fw.adsafeprotected.com	2 redirects pcloak.blob.core.windows.net
4	pcloak.blob.core.windows.net	pcloak.blob.core.windows.net
3	ng2.virgul.com	ye-mek.net
3	tags.mathtag.com	googleads.g.doubleclick.net tags.mathtag.com
3	imasdk.googleapis.com	c1.imgiz.com b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
3	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
3	c.amazon-adsystem.com	static.virgul.com c.amazon-adsystem.com
3	ajax.googleapis.com	ye-mek.net s0.2mdn.net
2	hal900022.redintelligence.net	hal9000.redintelligence.net hal900022.redintelligence.net
2	cat.nl3.eu.criteo.com	ye-mek.net
2	static.criteo.net	b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
2	fonts.gstatic.com	fonts.googleapis.com
2	c1.imgiz.com	static.virgul.com c1.imgiz.com
2	connect.facebook.net	ye-mek.net connect.facebook.net
2	images.dmca.com	ye-mek.net
2	ye-mek.net	www.cloakan.co ye-mek.net
2	www.cloakan.co	pcloak.blob.core.windows.net
1	adv.office-partner.de	hal900022.redintelligence.net
1	portal.o2online.de	ye-mek.net
1	pixel.mathtag.com	tags.mathtag.com
1	hal9000.redintelligence.net	pcloak.blob.core.windows.net
1	csm.eu.criteo.net	ye-mek.net
1	ads.eu.criteo.com	imasdk.googleapis.com
1	red.vtracy.de	b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
1	fonts.googleapis.com	b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	feed.pghub.io	pghub.io
1	pghub.io	static.virgul.com
1	www.google-analytics.com	www.googletagmanager.com
1	s7.addthis.com	ye-mek.net
1	www.googletagmanager.com	ye-mek.net
0	www.awin1.com Failed	googleads.g.doubleclick.net
0	medialead.de Failed	googleads.g.doubleclick.net
0	track.webgains.com Failed	pcloak.blob.core.windows.net
0	pv.medialead.de Failed	hal900022.redintelligence.net
0	tps.doubleverify.com Failed	cdn.doubleverify.com
416	56

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2023-03-22` - `2024-03-22`	a year	crt.sh
cpanel.cloakan.co R3	`2023-05-03` - `2023-08-01`	3 months	crt.sh
www.ye-mek.net RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-11-29` - `2023-07-07`	7 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
1099124734.rsc.cdn77.org R3	`2023-06-13` - `2023-09-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
images.dmca.com R3	`2023-05-13` - `2023-08-11`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
*.virgul.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-24` - `2023-09-28`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-04-03` - `2023-07-02`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
*.imgiz.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-27` - `2023-09-09`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
teads.tv R3	`2023-05-11` - `2023-08-09`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.doubleverify.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-07`	a year	crt.sh
vtracy.de Amazon RSA 2048 M01	`2023-06-05` - `2024-07-02`	a year	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M01	`2023-02-24` - `2023-09-04`	6 months	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M02	`2023-05-09` - `2024-06-07`	a year	crt.sh
*.mathtag.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-30` - `2024-04-29`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-13` - `2023-08-10`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-27` - `2023-08-27`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-18` - `2023-08-18`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-07` - `2023-08-30`	3 months	crt.sh
redintelligence.net R3	`2023-06-09` - `2023-09-07`	3 months	crt.sh
pixel.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-05`	a year	crt.sh
portal.o2online.de E1	`2023-05-25` - `2023-08-23`	3 months	crt.sh
adv.office-partner.de R3	`2023-05-01` - `2023-07-30`	3 months	crt.sh

This page contains 49 frames:

Primary Page: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Frame ID: 8DA16B856A9E57AF3B39514518EF8A33
Requests: 6 HTTP requests in this frame

Frame: https://ye-mek.net/
Frame ID: 2E7E0E77EB78FD45BDD6ED3559577AD2
Requests: 91 HTTP requests in this frame

Frame: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Frame ID: 29468A55B58A5162BA3EBF3C533BA74F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230620/r20190131/zrt_lookup.html
Frame ID: BEE7592B5DB815F22876237BC1C7E175
Requests: 1 HTTP requests in this frame

Frame: https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D
Frame ID: 2D7E2F93E197CE8AB379DD66DEF6ED65
Requests: 1 HTTP requests in this frame

Frame: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: E6EEBC94BE467287BA7A115A72A03B6B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687626298340&bpp=3&bdt=629&idt=295&shv=r20230620&mjsv=m202306200101&ptt=9&saldr=aa&nras=1&correlator=1088079189640&frm=24&ife=1&pv=2&ga_vid=960498460.1687626298&ga_sid=1687626299&ga_hid=1486286444&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31071755%2C31075511%2C44788442&oid=2&pvsid=373190335099830&tmod=13974008&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.b5r03pbileis&fsb=1&dtd=307
Frame ID: 63E9112D8738244F4956DD09003C43CF
Requests: 1 HTTP requests in this frame

Frame: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 61C777EAA8DE7ACC76A666BAE763DD79
Requests: 25 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjRjbbrATAB&v=APEucNVL9zkpKcLh-klY9hnS1ESmuyw7xtVGVC3f-FUBZ21ob3vMQlsvB1g32CU4GW4GHiFClka32bdybFTVVI1FhQ3_JAVp-K1BWYhvgNY4P82D_zq8jVngIInibdTizrf0JARxy9dJd2yxQ7XWs_2FKoBroUn2UcXrDQJHg2ERof9Z3fzh3wg
Frame ID: C89E231F8EB1971587D2934ACF973E3B
Requests: 5 HTTP requests in this frame

Frame: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 11C9C199340FDA37F04294A1957E9032
Requests: 9 HTTP requests in this frame

Frame: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 7F38D0A45139B5D2CABD7E5C2F7FF424
Requests: 17 HTTP requests in this frame

Frame: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: B7FBA1E1C9657A7907ABD00E3BF62EF2
Requests: 17 HTTP requests in this frame

Frame: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: DC566511DFBB67CA48971D9994994835
Requests: 17 HTTP requests in this frame

Frame: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: B6B629AC6871DC61672741470F7CB7B0
Requests: 18 HTTP requests in this frame

Frame: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: AE795115E1847E989C6A3A52263D7BE4
Requests: 25 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjH8_zbATAB&v=APEucNUeBLaVyV05aV6Ksc-gEtFEt4wpzvCER_qAPZ5lVIwAMPEeicYeOE2h2vqi0ecy5np44BP3izpmmMhYGl-7bPa8tjoy-6YZXlwmfzjV2hT1JIdiUu3joX-1MEjtnMeygBJOPMLLxmVvnI3d3fIRv1HsxMSyMt0NXaPEI9CRZ1e7tvgXwBw
Frame ID: C86B13E0F277CBF45D5B41896019F397
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNUznaJX8_SdnkPaOwsumWUUFWXzG6DI44RgU3eCyNGvN_E6f480yilc_IyRL2ji0z7YBeVXEz-7PCWkXPeV_q5D4Y_RSn9UwSWVX1Ek43z0BO2Ya3fuLxxsat72UIRc_bw0BcHBB8QYQWrnpJ5GqXpyBkEyV02kGbnY67qI7NkSlJFZtuc
Frame ID: 930A25C82E3187468B49F5E29114F59C
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY8aj5xgEwAQ&v=APEucNWG5Myl8N3H93rDN96_XvoE-VYcGDY0gzXDPpKHgTiruD4QYCB2RGqwSaZ2BZVUjDegTNELytME4pVQK0aNeMI8ohjpMlZRCuKR_OXrgb7s8vuUSpKE8f6TdQaJYdB4jOcirYtvDwttJu1MzvvjD9XbltAKRjo09wjMl5V7fIlHrmkluNY
Frame ID: F594BFF44440AF993A1A45572337E264
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLO_UBCb3VAYn_iJ6gEwAQ&v=APEucNXCyZsOpaWNtx_kjXKS2cwulizGWvfkd4TZfC65j6Ob4vMfJ71U2kC_uzwlx0lXXY-iNgh3gbm5s1lpOGdc1xhmLO1K7zL0FBKOUtOcJU-iwC6207vXnc2MlIxdltS-m7-55RD_njMCeNhF-1iJwrqES_qlfSpZXRLve1qEx1avb0K6NE0
Frame ID: ED372FA05749A89B7338D8BA56CA9B1D
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNVBBNQP53dSjgdPf44gg_HJ7ZnmooCyvXi7d9nnyNsz8v4r0ps0l7INc3NA4_hMlB4d5TH2b1N5HwB030lVc3woT79TIwDsbTRkeb9_rqtA2i3-7AfOWPYnVoPRwJtB-Xc2z_lZsG86L18ZVPwU4vOp4tMqYCgoTcvpmVZDUia3Ead5FOU
Frame ID: 085BA89576F1ECBF175C1A227ACD3575
Requests: 5 HTTP requests in this frame

Frame: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 5293AEE6E526DC3C2B67E7FA3083E4E1
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ3cu5ARjS75DkATAB&v=APEucNWiwuNgi1a1mP4IBbuZdzCcdrdLOdQaJ5jS0WGilh-ov6McruIWnxnkhzSEmqB_N-x8J0ZPZZB61sGjp-MQlD4IIsDhZx47apKrOWZKlDXvbCRrKxxhViWDQKba8Bb_5BOrMot65ZPO54JXHfxOWKBrzbRwsCTT8KHQHJRp1aueLglcvt0
Frame ID: 55A66C09AD1670567993B231C51368F6
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: CDCEF0AB96F31839200F4FFFFBED0DFB
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=IfwNYydE11&t=1&renderingType=2&ev=01_250
Frame ID: A54276D2704AAA97FBEEFBB7214A4567
Requests: 9 HTTP requests in this frame

Frame: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 72E5107759F28F7EFA95396711444AD6
Requests: 27 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=xKKNQixwyM&t=1&renderingType=2&ev=01_250
Frame ID: 4EFCC465677CCDFA0B124D5A2FFAC649
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407280060&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687626299170&bpp=3&bdt=179&idt=298&shv=r20230620&mjsv=m202306160901&ptt=9&saldr=aa&nras=1&correlator=3947787696511&frm=8&ife=1&pv=2&ga_vid=105568830.1687626299&ga_sid=1687626299&ga_hid=1652697002&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2836371973&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759837%2C44759926%2C31075412%2C44788441%2C44794789&oid=2&pvsid=4500014196868433&tmod=1285845116&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.iofavtxybwq5&fsb=1&dtd=310
Frame ID: 06AB7019BEDFA7147D9891904D594935
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8CA471AE54CCC2C74F8C8F8C0B05FCDD
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198791085&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687626299173&bpp=1&bdt=182&idt=325&shv=r20230620&mjsv=m202306160901&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3947787696511&frm=8&ife=1&pv=1&ga_vid=105568830.1687626299&ga_sid=1687626299&ga_hid=1652697002&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2836371973&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759837%2C44759926%2C31075412%2C44788441%2C44794789&oid=2&pvsid=4500014196868433&tmod=1285845116&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.u4j84p8ybqvn&fsb=1&dtd=332
Frame ID: 7F1E21D463CE481112F9BA69B227DE91
Requests: 14 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/16325822350322053850/index.html?ev=01_250
Frame ID: 4781EE56CFBC4FB6E650EAF0687EAA42
Requests: 13 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=hVNm8hCwMa&t=1&renderingType=2&ev=01_250
Frame ID: DF47D1311DC67ABAD01CB04A51A72D98
Requests: 13 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: A772E2216B101648BA831B6A23F3AF61
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B1E74DC64C2D0785E3A71A265D4272BA
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=L9mcdMOyTD&t=1&renderingType=2&ev=01_250
Frame ID: B1CDC84BEC2F6CD6771DC9471D77B480
Requests: 9 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: E6DC36E8CC9D0F1983C76AF10807BD9E
Requests: 1 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements3986.js
Frame ID: 27B6187D1A89D1BBC41E2B56A7A9DF04
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=Y5W2J8r0Ai&t=1&renderingType=2&ev=01_250
Frame ID: 1EB51E63128D01FF49981E40088E1F04
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: BF21C67726157E02018E69CBC7F458DB
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 42DB0484E0B0EA3FCD3ACE8029277D98
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: A7CED6416EA7C0FF287E42393C0FB1B2
Requests: 3 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements3986.js
Frame ID: F4151D92DA4289A60C8159B04F8F91AF
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: BDC6D06CF458F53491073F305DCB6275
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js
Frame ID: 7749A57E096E3A75E0D02F09E0380AEA
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js
Frame ID: 995C185ADEEA3BCA0DF50D136E02971A
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js
Frame ID: A7306B3884103FE925E0634FAA4A9249
Requests: 1 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=32529800079007700951389012365022&t=htlp&gdpr=1&consent=1&gdpr_consent=li
Frame ID: 10BBAC732D7F3E9B0A3A59CBF1A0AB9D
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: E431A024BAE7C7DA9C30A9AB3A75469D
Requests: 1 HTTP requests in this frame

Frame: https://hal900022.redintelligence.net/request_content.php?s=32529800079007700951389012365022&a=85ef9c5d
Frame ID: FFAAAB0C44CB3DF84F291810D3572D5B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A696F72930246AFA236D772B7F3FD748
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

googleapis\.com/.+webfont

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

416
Requests

93 %
HTTPS

49 %
IPv6

35
Domains

56
Subdomains

48
IPs

6
Countries

6694 kB
Transfer

33159 kB
Size

9
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 107

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJxAxGDfsvukfwTWZQ1P6Cs&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJxAxGDfsvukfwTWZQ1P6Cs&google_cver=1&C=1

Request Chain 108

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJciO0tQf1.U.AEHcl1p2gAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJxAxGDfsvukfwTWZQ1P6Cs&google_cver=1&google_hm=2

Request Chain 109

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEBDMbZ4EZwxJGIQomjlCNwg&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEBDMbZ4EZwxJGIQomjlCNwg%26google_cver%3D1

Request Chain 110

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzU3OTE3NTI2NzQzNDExODMx

Request Chain 153

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJxAxGDfsvukfwTWZQ1P6Cs&google_cver=1

Request Chain 154

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJciO0tQf1.U.AEHcl1p2gAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJxAxGDfsvukfwTWZQ1P6Cs&google_cver=1&google_hm=2

Request Chain 155

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEBDMbZ4EZwxJGIQomjlCNwg&google_cver=1

Request Chain 156

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzU3OTE3NTI2NzQzNDExODMx

Request Chain 159

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL6SGguFe9WqiyW_HLneki4&google_cver=1

Request Chain 161

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEIWUbLTbhiIZ6Ey0wA15Yhk&google_cver=1

Request Chain 163

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL6SGguFe9WqiyW_HLneki4&google_cver=1

Request Chain 165

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEIWUbLTbhiIZ6Ey0wA15Yhk&google_cver=1

Request Chain 167

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL6SGguFe9WqiyW_HLneki4&google_cver=1

Request Chain 169

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEIWUbLTbhiIZ6Ey0wA15Yhk&google_cver=1

Request Chain 174

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL6SGguFe9WqiyW_HLneki4&google_cver=1

Request Chain 176

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEIWUbLTbhiIZ6Ey0wA15Yhk&google_cver=1

Request Chain 209

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL6SGguFe9WqiyW_HLneki4&google_cver=1

Request Chain 211

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEIWUbLTbhiIZ6Ey0wA15Yhk&google_cver=1

Request Chain 265

https://fw.adsafeprotected.com/rfw/st/1484055/72040526/4.js?ias_dspID=64&adContainerId=brand_safety_OyKXZJryCNaSjuwPzMiA0Ao&cbFunctionName=goog_wrapCb_OyKXZJryCNaSjuwPzMiA0Ao&true_pb=&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fb84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fb84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:b68839bd-4885-7266-b2b0-66babc76c695,c:gtzuXR,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-664b4f8f74-cszgj,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:4,mot:0,app:0,maw:0,fm:tI7pXWH+111%7C112%7C113%7C114%7C115%7C116*.1484055-72040526%7C1161%7C1162%7C1163%7C1171%7C1172%7C1181%7C1182%7C1183%7C1191%7C11a1%7C11a2%7C11b1%7C11b2%7C11c1%7C11d1%7C11e,idMap:116*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:37,oid:4060c891-12b1-11ee-8394-5a5bf3707a9d,v:19.8.421,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4a.js

Request Chain 284

https://fw.adsafeprotected.com/rfw/st/1484055/72040524/4.js?ias_dspID=64&adContainerId=brand_safety_OyKXZKm9EuGRjuwPpM2U8AI&cbFunctionName=goog_wrapCb_OyKXZKm9EuGRjuwPpM2U8AI&true_pb=&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fb84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fb84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:e5965e74-6ca4-9b7a-f466-423f5ed01faf,c:gtzuZY,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-664b4f8f74-r7hnz,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:3,mot:0,app:0,maw:0,fm:tI7pXZ1+111%7C112%7C113%7C114%7C115%7C1161%7C11621%7C1163%7C1164%7C1171%7C1172%7C1181%7C1182%7C1183%7C1191%7C11a1%7C11a2%7C11b1%7C11b2%7C11c*.1484055-72040524%7C11c1%7C11c2%7C11c3%7C11d1%7C11e,idMap:11c*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:24,oid:4064c027-12b1-11ee-8d6b-6aca6b8e109d,v:19.8.421,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4a.js

416 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 6x69807j0b5.html Show response
pcloak.blob.core.windows.net/web/ 1 KB
2 KB 403ms
101ms Document
text/html 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: d469330093a2cebd898628a339df6abaf5edcb89e85769ff79840371195a7d1f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 1318
Content-MD5: +Dz/d7Mp2GQfilgWrAkqiw==
Content-Type: text/html
Date: Sat, 24 Jun 2023 17:04:55 GMT
ETag: 0x8DB5ED0599CC10C
Last-Modified: Sat, 27 May 2023 16:35:15 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 88ab7bd1-f01e-0058-2ebe-a69a52000000
x-ms-version: 2009-09-19

GET
H/1.1 404
The specified blob does not exist. jquery.min.js
pcloak.blob.core.windows.net/web/ 0
0 95ms
94ms Script
application/xml 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/jquery.min.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-request-id: 88ab7c4d-f01e-0058-22be-a69a52000000
Date: Sat, 24 Jun 2023 17:04:55 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 200
OK cloakan.js Show response
pcloak.blob.core.windows.net/web/ 308 B
717 B 289ms
95ms Script
text/javascript 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 24 Jun 2023 17:04:55 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: zPiKctHo6j8i1UGOFPpInw==
ETag: 0x8DA4D4A263C11C2
Content-Type: text/javascript
x-ms-request-id: 88ab7d0f-f01e-0058-55be-a69a52000000
x-ms-version: 2009-09-19
Content-Length: 308

GET
H/1.1 200
OK style.css
pcloak.blob.core.windows.net/web/ 166 B
568 B 192ms
97ms Stylesheet
text/css 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/style.css
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 24 Jun 2023 17:04:55 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 9ruAIrm4XHnQO3/sM8J0AQ==
ETag: 0x8DA4D4A26527CA0
Content-Type: text/css
x-ms-request-id: 88ab7cbe-f01e-0058-09be-a69a52000000
x-ms-version: 2009-09-19
Content-Length: 166

GET
H2 200 px.php Show response
www.cloakan.co/ 743 B
681 B 310ms
139ms XHR
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/px.php?id=6x69807j0b5
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:54 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 404

GET
H2 200 nv.php Show response
www.cloakan.co/ 232 B
385 B 213ms
103ms Script
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/nv.php?id=6x69807j0b5-m
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:55 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 112

GET
H2 200 / Show response
ye-mek.net/ Frame 2E7E 76 KB
76 KB 353ms
57ms Document
text/html 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/
Requested by: Host: www.cloakan.co
URL: https://www.cloakan.co/nv.php?id=6x69807j0b5-m
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 775ae37bbdaac699490e13908703f9fa724ad405a583c4d964c3a2705e25199a

Request headers

Referer: https://pcloak.blob.core.windows.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-length: 77353
content-type: text/html; charset=utf-8
date: Sat, 24 Jun 2023 17:04:57 GMT
expires: -1
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame 2E7E 90 KB
33 KB 38ms
8ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 17:18:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 171964
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33018
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Jun 2024 17:18:53 GMT

GET
H2 200 yemeknet.js Show response
ye-mek.net/js/ Frame 2E7E 10 KB
2 KB 88ms
88ms Script
application/javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/js/yemeknet.js?v=1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Sat, 24 Jun 2023 17:04:57 GMT
content-encoding: br
last-modified: Tue, 20 Aug 2019 13:15:54 GMT
server: Microsoft-IIS/10.0
etag: "0a144655957d51:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=691200
accept-ranges: bytes
content-length: 2179

GET
H2 200 maincss.css
cdn.ye-mek.net/ Frame 2E7E 40 KB
12 KB 130ms
17ms Stylesheet
text/css 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ye-mek.net/maincss.css?v=434
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 5816844
x-accel-date: 1681809453
x-77-nzt: AcO1qhFYtrj/DMJYAA
x-accel-expires: @1713345453
last-modified: Tue, 24 Nov 2020 00:00:32 GMT
server: CDN77-Turbo
etag: W/"5fbc4d20-9e5b"
x-77-nzt-ray: 4c156224507bd3a83922976401cf3a31
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 2E7E 121 KB
47 KB 68ms
18ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-38733763-1

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

da90c264ecd4396397dc073f546f0bf6fcee4d1b33c3445622d799a3a4ff577b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47884
x-xss-protection: 0
last-modified: Sat, 24 Jun 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 24 Jun 2023 17:04:57 GMT

GET
H2 200 searchButton.png
cdn.ye-mek.net/App_UI/Img/ Frame 2E7E 542 B
896 B 13ms
13ms Image
image/png 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/searchButton.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5816909
x-accel-date: 1681809388
content-length: 542
x-77-nzt: AcO1qhFOAnD/TcJYAA
x-accel-expires: @1713345388
last-modified: Sat, 22 Oct 2022 20:00:57 GMT
server: CDN77-Turbo
etag: "63544bf9-21e"
x-77-nzt-ray: 4c156224507bd3a83922976415ea4a32
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ara.png
cdn.ye-mek.net/App_UI/Img/ Frame 2E7E 2 KB
2 KB 18ms
11ms Image
image/png 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/ara.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5816844
x-accel-date: 1681809453
content-length: 1651
x-77-nzt: AcO1qhE0nwH/DMJYAA
x-accel-expires: @1713345453
last-modified: Mon, 14 May 2018 22:41:08 GMT
server: CDN77-Turbo
etag: "5afa1084-673"
x-77-nzt-ray: 4c156224507bd3a8392297649268c632
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 bezelyeli-enginar-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 2E7E 13 KB
14 KB 25ms
16ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/bezelyeli-enginar-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b28212f4baadf3c72472e06c83eeb9f674659bc3390f8279644cc35c2b3cca60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 62691
x-accel-date: 1687563606
content-length: 13577
x-77-nzt: AcO1qhHgRY3/4/QAAA
x-accel-expires: @1719099606
last-modified: Fri, 23 Jun 2023 23:12:58 GMT
server: CDN77-Turbo
etag: "649626fa-3509"
x-77-nzt-ray: 4c156224507bd3a83922976456e3f632
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cilek-kompostosu-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 2E7E 13 KB
13 KB 29ms
21ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/cilek-kompostosu-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 1c850554971fd0815ab530813c41947b41fd5485122fcc6ddad7e52554ca4c5f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 153229
x-accel-date: 1687473068
content-length: 13316
x-77-nzt: AcO1qhFJVfH/jVYCAA
x-accel-expires: @1719009068
last-modified: Thu, 22 Jun 2023 22:09:37 GMT
server: CDN77-Turbo
etag: "6494c6a1-3404"
x-77-nzt-ray: 4c156224507bd3a8392297648e51fc32
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 buzlukta-havuc-saklama-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 2E7E 15 KB
15 KB 35ms
26ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/buzlukta-havuc-saklama-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: c2b14f3faab1ff78bc25ec1143035f67f3653c08c243adfa3772e33e52502a1a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 236890
x-accel-date: 1687389407
content-length: 14858
x-77-nzt: AcO1qhGI3aL/Wp0DAA
x-accel-expires: @1718925407
last-modified: Wed, 21 Jun 2023 22:51:04 GMT
server: CDN77-Turbo
etag: "64937ed8-3a0a"
x-77-nzt-ray: 4c156224507bd3a839229764b1960033
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kayisi-peltesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 2E7E 10 KB
10 KB 35ms
27ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/kayisi-peltesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4fdc5391bf7f26b8640e050ae3e95ff1ea315746f0062053a894101b910f4049

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 325278
x-accel-date: 1687301019
content-length: 9934
x-77-nzt: AcO1qhFUD4H/nvYEAA
x-accel-expires: @1718837019
last-modified: Tue, 20 Jun 2023 22:25:01 GMT
server: CDN77-Turbo
etag: "6492273d-26ce"
x-77-nzt-ray: 4c156224507bd3a839229764ca750433
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 et-sote-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/07/ Frame 2E7E 13 KB
13 KB 35ms
27ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/07/et-sote-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7b74b15c0e0224974c8f830453f4141254e43fc02d4d95a8bce9c1a27a893079

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5816273
x-accel-date: 1681810024
content-length: 13282
x-77-nzt: AcO1qhHpkKn/0b9YAA
x-accel-expires: @1713346024
last-modified: Wed, 01 May 2019 23:21:08 GMT
server: CDN77-Turbo
etag: "5cca29e4-33e2"
x-77-nzt-ray: 4c156224507bd3a839229764ba5b0633
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 nohutlu-misket-kofte-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/02/ Frame 2E7E 13 KB
13 KB 35ms
27ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/02/nohutlu-misket-kofte-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 50282fee83281adfa1bd8aa7771950d435a2799ca90959ae8f3a483ff4fb0be0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5815929
x-accel-date: 1681810368
content-length: 13272
x-77-nzt: AcO1qhFwioH/eb5YAA
x-accel-expires: @1713346368
last-modified: Wed, 01 May 2019 22:22:18 GMT
server: CDN77-Turbo
etag: "5cca1c1a-33d8"
x-77-nzt-ray: 4c156224507bd3a8392297641a7d0833
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cokertme-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2013/07/ Frame 2E7E 16 KB
16 KB 39ms
31ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2013/07/cokertme-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: de828c1de3b057a2132f7e790523411695d4c0189b0eaeb5f0f4f3d92462a540

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5814396
x-accel-date: 1681811901
content-length: 15954
x-77-nzt: AcO1qhErkL7/fLhYAA
x-accel-expires: @1713347901
last-modified: Wed, 01 May 2019 22:16:47 GMT
server: CDN77-Turbo
etag: "5cca1acf-3e52"
x-77-nzt-ray: 4c156224507bd3a8392297647a1b0a33
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 islim-kebabi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/05/ Frame 2E7E 12 KB
12 KB 40ms
32ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/05/islim-kebabi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 580dad1a7f46af3417b3d06e483f4cfb043ce1d9e443398a4c0d98b47947d6ec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5816083
x-accel-date: 1681810214
content-length: 11900
x-77-nzt: AcO1qhGhglb/E79YAA
x-accel-expires: @1713346214
last-modified: Wed, 01 May 2019 23:34:43 GMT
server: CDN77-Turbo
etag: "5cca2d13-2e7c"
x-77-nzt-ray: 4c156224507bd3a83922976439b20c33
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 helle-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/05/ Frame 2E7E 10 KB
11 KB 40ms
32ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/05/helle-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 1cea80ffc30d80158c46d24a373c07f3fd1f12b0964ec0960d54cc7476dbe5ae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5816612
x-accel-date: 1681809685
content-length: 10666
x-77-nzt: AcO1qhFEkY3/JMFYAA
x-accel-expires: @1713345685
last-modified: Fri, 03 May 2019 21:45:18 GMT
server: CDN77-Turbo
etag: "5cccb66e-29aa"
x-77-nzt-ray: 4c156224507bd3a8392297643efe0e33
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 salcali-pirincli-sulu-kofte-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/08/ Frame 2E7E 13 KB
14 KB 40ms
32ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/08/salcali-pirincli-sulu-kofte-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b1701639174cb872a535071c10f17980f509ef1588d3a06bc7f8aad5ef0d25aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5814679
x-accel-date: 1681811618
content-length: 13484
x-77-nzt: AcO1qhGuEzH/l7lYAA
x-accel-expires: @1713347618
last-modified: Wed, 01 May 2019 22:27:36 GMT
server: CDN77-Turbo
etag: "5cca1d58-34ac"
x-77-nzt-ray: 4c156224507bd3a83922976419da1033
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sivas-katmeri-resimli-yemek-tarifi(24).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/04/ Frame 2E7E 10 KB
11 KB 40ms
32ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/04/sivas-katmeri-resimli-yemek-tarifi(24).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 505c82241812470854d47dbfda8144e5326b3264363a233e75efced811a1a3e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 62998
x-accel-date: 1687563299
content-length: 10624
x-77-nzt: AcO1qhGGT/H/FvYAAA
x-accel-expires: @1719099299
last-modified: Thu, 09 Apr 2020 00:02:49 GMT
server: CDN77-Turbo
etag: "5e8e6629-2980"
x-77-nzt-ray: 4c156224507bd3a83922976456c51233
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 uskup-boregi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/08/ Frame 2E7E 13 KB
13 KB 40ms
33ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/08/uskup-boregi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 75f2b3e1739c7ed8ee367a6990d7f5abdb0fd1040724273ee5a5f87489a41228

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5815240
x-accel-date: 1681811057
content-length: 12833
x-77-nzt: AcO1qhEgNIX/yLtYAA
x-accel-expires: @1713347057
last-modified: Sun, 23 Aug 2020 23:39:16 GMT
server: CDN77-Turbo
etag: "5f42fe24-3221"
x-77-nzt-ray: 4c156224507bd3a839229764e5601433
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ciftlik-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/03/ Frame 2E7E 17 KB
18 KB 40ms
33ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/03/ciftlik-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 0fb87da221f6bd6ca2145dbfdc42e0d7d4a73fe418fb409cc2b019ce0a3506d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5816806
x-accel-date: 1681809491
content-length: 17645
x-77-nzt: AcO1qhEo0X7/5sFYAA
x-accel-expires: @1713345491
last-modified: Mon, 20 Mar 2023 20:46:38 GMT
server: CDN77-Turbo
etag: "6418c62e-44ed"
x-77-nzt-ray: 4c156224507bd3a839229764777c1733
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tire-sis-kofte-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/04/ Frame 2E7E 16 KB
16 KB 40ms
33ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/04/tire-sis-kofte-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 89529d02905772e8146d7e1ff9addc92072c23e60bb3dc84b8d61c4e898e93d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5816856
x-accel-date: 1681809441
content-length: 16300
x-77-nzt: AcO1qhE4pKX/GMJYAA
x-accel-expires: @1713345441
last-modified: Fri, 01 Apr 2022 17:34:02 GMT
server: CDN77-Turbo
etag: "6247378a-3fac"
x-77-nzt-ray: 4c156224507bd3a839229764518b1933
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ev-koftesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/12/ Frame 2E7E 17 KB
17 KB 40ms
33ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/12/ev-koftesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a1a1863860f40862a7df0b5316bc3805f213fa1c9fb01060bbd994d91dc140ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5816806
x-accel-date: 1681809491
content-length: 17248
x-77-nzt: AcO1qhHoSrj/5sFYAA
x-accel-expires: @1713345491
last-modified: Sun, 25 Dec 2022 22:38:25 GMT
server: CDN77-Turbo
etag: "63a8d0e1-4360"
x-77-nzt-ray: 4c156224507bd3a839229764ace81b33
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sebzeli-firinda-kofte-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/05/ Frame 2E7E 12 KB
12 KB 40ms
34ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/05/sebzeli-firinda-kofte-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3785a64ea212b675fabed56a2d69b001dde3a875471a6bb395493bc2321103d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5813718
x-accel-date: 1681812579
content-length: 11965
x-77-nzt: AcO1qhHFSz//1rVYAA
x-accel-expires: @1713348579
last-modified: Tue, 14 May 2019 20:51:03 GMT
server: CDN77-Turbo
etag: "5cdb2a37-2ebd"
x-77-nzt-ray: 4c156224507bd3a83922976438191e33
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavada-soslu-citir-tavuk-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/03/ Frame 2E7E 14 KB
14 KB 41ms
34ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/03/tavada-soslu-citir-tavuk-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 1e066beb1036ff4d1c6237858048930493e92415f9d6441b956c1133c6eafeef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5814856
x-accel-date: 1681811441
content-length: 14041
x-77-nzt: AcO1qhF/5Gz/SLpYAA
x-accel-expires: @1713347441
last-modified: Wed, 01 May 2019 22:55:30 GMT
server: CDN77-Turbo
etag: "5cca23e2-36d9"
x-77-nzt-ray: 4c156224507bd3a83922976411502033
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sebzeli-soslu-tavuk-yemegi-resimli-yemek-tarifi(24).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/03/ Frame 2E7E 16 KB
16 KB 41ms
34ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/03/sebzeli-soslu-tavuk-yemegi-resimli-yemek-tarifi(24).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 680026f318b1fd16bc8e7b24ba4e32073bc98978f5bd67f19c1b30019a6decf0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5816828
x-accel-date: 1681809469
content-length: 16450
x-77-nzt: AcO1qhHlDWT//MFYAA
x-accel-expires: @1713345469
last-modified: Mon, 22 Mar 2021 22:09:22 GMT
server: CDN77-Turbo
etag: "60591592-4042"
x-77-nzt-ray: 4c156224507bd3a839229764d38e2233
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuk-burger-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/02/ Frame 2E7E 11 KB
11 KB 41ms
34ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/02/tavuk-burger-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 17fb6396682c034e75e55c2ca06f182c40b971281b0c219b049ea2d60f3e34de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5816828
x-accel-date: 1681809469
content-length: 11270
x-77-nzt: AcO1qhH3wfb//MFYAA
x-accel-expires: @1713345469
last-modified: Wed, 09 Feb 2022 23:06:28 GMT
server: CDN77-Turbo
etag: "620448f4-2c06"
x-77-nzt-ray: 4c156224507bd3a83922976481ac2433
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-citir-tavuk-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 2E7E 14 KB
14 KB 41ms
34ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/firinda-citir-tavuk-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 6e517f1f2da440c36103d61ae698974db84ded6b3ac8635a8c24d8ac8652c10d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 671962
x-accel-date: 1686954335
content-length: 14117
x-77-nzt: AcO1qhFk8xH/2kAKAA
x-accel-expires: @1718490335
last-modified: Fri, 16 Jun 2023 22:14:46 GMT
server: CDN77-Turbo
etag: "648cded6-3725"
x-77-nzt-ray: 4c156224507bd3a839229764a6882633
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-kremali-mantarli-pirasa-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/12/ Frame 2E7E 10 KB
11 KB 41ms
35ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/12/firinda-kremali-mantarli-pirasa-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: de1f5d1b2a64b34a33a3981dbd472b724437aad046625207654e4d2759c30d0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5813850
x-accel-date: 1681812447
content-length: 10442
x-77-nzt: AcO1qhGLV3X/WrZYAA
x-accel-expires: @1713348447
last-modified: Sun, 15 Dec 2019 22:16:23 GMT
server: CDN77-Turbo
etag: "5df6b0b7-28ca"
x-77-nzt-ray: 4c156224507bd3a83922976420382833
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-sebzeli-tavuk-yemegi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/12/ Frame 2E7E 15 KB
15 KB 41ms
35ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/12/firinda-sebzeli-tavuk-yemegi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4f1949e21d597e282a24f9a971964cc38fea30c795c1b02d864f8e22988d4571

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5816698
x-accel-date: 1681809599
content-length: 14959
x-77-nzt: AcO1qhHbJa3/esFYAA
x-accel-expires: @1713345599
last-modified: Wed, 01 May 2019 23:10:01 GMT
server: CDN77-Turbo
etag: "5cca2749-3a6f"
x-77-nzt-ray: 4c156224507bd3a839229764da092a33
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ic-bakla-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/05/ Frame 2E7E 16 KB
16 KB 41ms
35ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/05/ic-bakla-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: fcc58cc9d4be09fdd40a74ca3a453622a269f2bdd1c598a863f54d2bd07a2126

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3955169
x-accel-date: 1683671128
content-length: 16203
x-77-nzt: AcO1qhGw0Qb/4Vk8AA
x-accel-expires: @1715207128
last-modified: Tue, 09 May 2023 22:05:32 GMT
server: CDN77-Turbo
etag: "645ac3ac-3f4b"
x-77-nzt-ray: 4c156224507bd3a8392297646e4f2c33
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 butun-mantar-kavurmasi-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/09/ Frame 2E7E 15 KB
16 KB 41ms
35ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/09/butun-mantar-kavurmasi-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a9813636d064a6c030d55ade3e86f5de6475ea07aa4bb75d2197f653bd8f60d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5813915
x-accel-date: 1681812382
content-length: 15573
x-77-nzt: AcO1qhEo+Bn/m7ZYAA
x-accel-expires: @1713348382
last-modified: Thu, 16 Sep 2021 22:01:48 GMT
server: CDN77-Turbo
etag: "6143becc-3cd5"
x-77-nzt-ray: 4c156224507bd3a8392297648c092e33
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sarimsakli-un-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/01/ Frame 2E7E 14 KB
14 KB 41ms
35ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/01/sarimsakli-un-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 90bbc71f5c932fd82f6557834c468dd96219e535f4128c0838669f56cb35f1ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5815911
x-accel-date: 1681810386
content-length: 14437
x-77-nzt: AcO1qhFTB2T/Z75YAA
x-accel-expires: @1713346386
last-modified: Sat, 28 Jan 2023 22:54:15 GMT
server: CDN77-Turbo
etag: "63d5a797-3865"
x-77-nzt-ray: 4c156224507bd3a839229764aa802f33
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mahluta-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/11/ Frame 2E7E 12 KB
13 KB 41ms
36ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/11/mahluta-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 837d63620657b055c980948022e01ba5c63c986d3d08ca7db80558411eab45d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5814800
x-accel-date: 1681811497
content-length: 12542
x-77-nzt: AcO1qhHEE9f/ELpYAA
x-accel-expires: @1713347497
last-modified: Wed, 01 May 2019 23:07:46 GMT
server: CDN77-Turbo
etag: "5cca26c2-30fe"
x-77-nzt-ray: 4c156224507bd3a839229764d2313133
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sogan-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/04/ Frame 2E7E 10 KB
10 KB 41ms
36ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/04/sogan-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 990889e9ed9332f77e31d1c92c63487d5333dc907946989bb977c33df515c32e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5816508
x-accel-date: 1681809789
content-length: 9967
x-77-nzt: AcO1qhH8min/vMBYAA
x-accel-expires: @1713345789
last-modified: Wed, 01 May 2019 23:32:56 GMT
server: CDN77-Turbo
etag: "5cca2ca8-26ef"
x-77-nzt-ray: 4c156224507bd3a839229764e7e43233
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yogurtlu-yesil-mercimek-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/04/ Frame 2E7E 12 KB
12 KB 41ms
36ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/04/yogurtlu-yesil-mercimek-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 870c6dba95d95d6be10a7bc73f718c786dd35c619864cd9b3754b30c0e377c58

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5816479
x-accel-date: 1681809818
content-length: 12218
x-77-nzt: AcO1qhETph3/n8BYAA
x-accel-expires: @1713345818
last-modified: Mon, 12 Apr 2021 00:26:16 GMT
server: CDN77-Turbo
etag: "607393a8-2fba"
x-77-nzt-ray: 4c156224507bd3a839229764d5973433
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sodali-kek-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/01/ Frame 2E7E 17 KB
17 KB 41ms
36ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/01/sodali-kek-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: eb5bff425311a4b245089f68cd39715e1c7d802e2ce30fd8c3d8caf90bc9a62c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 110083
x-accel-date: 1687516214
content-length: 17310
x-77-nzt: AcO1qhGOGpT/A64BAA
x-accel-expires: @1719052214
last-modified: Sat, 04 Jan 2020 21:39:52 GMT
server: CDN77-Turbo
etag: "5e110628-439e"
x-77-nzt-ray: 4c156224507bd3a8392297643e233633
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 klasik-revani-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/04/ Frame 2E7E 8 KB
8 KB 42ms
36ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/04/klasik-revani-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 466d84e17dc7459ae25cb60d72f1fddf8e574b1b0affd560332250b0ef75f41e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5814701
x-accel-date: 1681811596
content-length: 8322
x-77-nzt: AcO1qhHe1vH/rblYAA
x-accel-expires: @1713347596
last-modified: Wed, 01 May 2019 23:15:55 GMT
server: CDN77-Turbo
etag: "5cca28ab-2082"
x-77-nzt-ray: 4c156224507bd3a8392297647a9e3a33
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 havuclu-tart-kek-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/05/ Frame 2E7E 15 KB
16 KB 42ms
37ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/05/havuclu-tart-kek-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 951e603e21d6a04762e7712ece4db18412a25c2d3ad1196080add1df68597f26

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5813014
x-accel-date: 1681813283
content-length: 15636
x-77-nzt: AcO1qhFf7m3/FrNYAA
x-accel-expires: @1713349283
last-modified: Sun, 22 May 2022 22:50:57 GMT
server: CDN77-Turbo
etag: "628abe51-3d14"
x-77-nzt-ray: 4c156224507bd3a839229764d7653c33
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sufle-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/05/ Frame 2E7E 13 KB
14 KB 42ms
37ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/05/sufle-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4595241cedd0561ea7df5dae27079da65aff6eea25ca9a06869c82524835bd44

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5816062
x-accel-date: 1681810235
content-length: 13763
x-77-nzt: AcO1qhGQS+n//r5YAA
x-accel-expires: @1713346235
last-modified: Mon, 04 May 2020 00:10:13 GMT
server: CDN77-Turbo
etag: "5eaf5d65-35c3"
x-77-nzt-ray: 4c156224507bd3a83922976490893e33
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 koy-ekmegi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/03/ Frame 2E7E 12 KB
12 KB 42ms
37ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/03/koy-ekmegi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9fe178b3a246dfa8391758b6964ea91fa324fc0942c9d3fb8e7c652a47ab23da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 69420
x-accel-date: 1687556877
content-length: 12085
x-77-nzt: AcO1qhG7sanvLA8BAA
x-accel-expires: @1719092877
last-modified: Sat, 21 Mar 2020 22:47:47 GMT
server: CDN77-Turbo
etag: "5e769993-2f35"
x-77-nzt-ray: 4c156224507bd3a839229764b47e4833
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kahvaltilik-zeytin-kavurmasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/01/ Frame 2E7E 18 KB
18 KB 42ms
37ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/01/kahvaltilik-zeytin-kavurmasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: db57b06a6b88efaf8f7e7c4e7e8f252e5b2e53378734e84c3a5b220ae2209dbb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 1378188
x-accel-date: 1686248109
content-length: 18110
x-77-nzt: AcO1qhF6a0X/jAcVAA
x-accel-expires: @1717784109
last-modified: Sat, 07 Jan 2023 22:13:26 GMT
server: CDN77-Turbo
etag: "63b9ee86-46be"
x-77-nzt-ray: 4c156224507bd3a8392297647f024b33
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tirnak-pide-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/05/ Frame 2E7E 18 KB
18 KB 42ms
37ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/05/tirnak-pide-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3c49765312e00e45feb2f6b420b62c5ea0b8e047c5e92cdb2588223a167b7886

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5816082
x-accel-date: 1681810215
content-length: 18065
x-77-nzt: AcO1qhG9cQX/Er9YAA
x-accel-expires: @1713346215
last-modified: Thu, 06 May 2021 00:58:27 GMT
server: CDN77-Turbo
etag: "60933f33-4691"
x-77-nzt-ray: 4c156224507bd3a839229764e3d04d33
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 karmaca-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/11/ Frame 2E7E 15 KB
16 KB 42ms
37ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/11/karmaca-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2eb2914e0253d3d949c2aad28f6f109c7b3a67ef37696a4496592837c0f9d7a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5816749
x-accel-date: 1681809548
content-length: 15740
x-77-nzt: AcO1qhHjm3j/rcFYAA
x-accel-expires: @1713345548
last-modified: Mon, 15 Nov 2021 22:38:31 GMT
server: CDN77-Turbo
etag: "6192e167-3d7c"
x-77-nzt-ray: 4c156224507bd3a8392297648bfa5433
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 _dmca_premi_badge_5.png
images.dmca.com/Badges/ Frame 2E7E 5 KB
6 KB 43ms
10ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_5.png?ID=da1d399b-5fd3-4da3-b5cd-8af692c19999
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:57 GMT
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: Microsoft-IIS/10.0
etag: "8ae3cdbd420cc1:0"
x-powered-by: ASP.NET
x-hw: 1687626297.cds147.fr8.hn,1687626297.cds153.fr8.c
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/_dmca_premi_badge_5.png>; rel="canonical"
content-length: 5605

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ Frame 2E7E 56 B
361 B 80ms
14ms Script
text/javascript 23.213.164.100
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.213.164.100 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-213-164-100.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 24 Jun 2023 17:04:57 GMT
server: Oracle API Gateway
opc-request-id: /F0B595CE1F73BA800421CABF419A7F3F/6053AA7FB1FD6369D71DB11FB7EC9ABD
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H2 200 DMCABadgeHelper.min.js Show response
images.dmca.com/Badges/ Frame 2E7E 465 B
585 B 43ms
10ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://images.dmca.com/Badges/DMCABadgeHelper.min.js
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:57 GMT
content-encoding: gzip
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
server: Microsoft-IIS/10.0
etag: "26b181f16d28d51:0"
x-powered-by: ASP.NET
x-hw: 1687626297.cds147.fr8.hn,1687626297.cds057.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/DMCABadgeHelper.min.js>; rel="canonical"
content-length: 395

GET
H2 200 outside.js Show response
static.virgul.com/theme/mockups/adcode/ Frame 2E7E 75 KB
26 KB 310ms
48ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19532
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
content-encoding: gzip
last-modified: Fri, 23 Jun 2023 06:55:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=43200

GET
H2 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 2E7E 3 KB
2 KB 48ms
15ms Script
application/x-javascript 2a03:2880:f080:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f080:9:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4c138a2c89869b1e60bf8941147e2e2c21378af8ffeb407392091c688a76f392

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 24 Jun 2023 17:04:57 GMT
content-md5: OwMOReGHVBzjUFaqQVVP7A==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
x-fb-debug: A06sz2IRB564G66Qo7zDmT5ARPCZgl1h2Y7Kb4FwTDaWHYvCazFcxQ6LKGoTe6YQFFgkFZZ2LS+23cLh7PzfDA==
x-fb-content-md5: 19bc090b7c7e37c92bd41a7ef0d9b9a1
cross-origin-opener-policy: same-origin-allow-popups
etag: "4e7ad5967c4563510416d56946b878ca"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:10:47 GMT

GET
H2 200 sprite_3.png
cdn.ye-mek.net/grafik/ Frame 2E7E 21 KB
21 KB 39ms
37ms Image
image/png 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/grafik/sprite_3.png
Requested by: Host: cdn.ye-mek.net
URL: https://cdn.ye-mek.net/maincss.css?v=434
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.ye-mek.net/maincss.css?v=434
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 24 Jun 2023 17:04:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5816844
x-accel-date: 1681809453
content-length: 21525
x-77-nzt: AcO1qhHEQOD/DMJYAA
x-accel-expires: @1713345453
last-modified: Mon, 14 May 2018 20:55:05 GMT
server: CDN77-Turbo
etag: "5af9f7a9-5415"
x-77-nzt-ray: 4c156224507bd3a8392297646ee95733
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 2E7E 52 KB
21 KB 33ms
8ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-38733763-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 24 Jun 2023 16:35:22 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 1775
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sat, 24 Jun 2023 18:35:22 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 2E7E 307 KB
87 KB 33ms
16ms Script
application/x-javascript 2a03:2880:f080:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js?hash=bf91a3e19ccb9c616ca2a195aff5a251

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/tr_TR/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f080:9:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f46406d6862aac4d30a26d7339785a1632165f75387f98093d366d514fc3b640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 24 Jun 2023 17:04:57 GMT
content-md5: fxYhc8V8KYKzgD6vobRxCg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88819
x-fb-debug: A3HaIrA633PUt9AeZ9HEqsJ51u+Wr3unBpfTAF12w6mBup8kX7Kn5UY0/zrZAejEY1pP0FmW4wZoqDtJvbwHKQ==
x-fb-content-md5: ce5826278fa1ea028d9369116372a97a
cross-origin-opener-policy: same-origin-allow-popups
etag: "ab022ef73526f284e676386b52b4c642"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Sun, 23 Jun 2024 16:44:07 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 2E7E 78 KB
27 KB 154ms
85ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19532

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c6b18981cf714e585f539a908be7ec3edf6ea2fb86c507204a6e47d56a771eb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26636
x-xss-protection: 0
server: cafe
etag: 431 / 19532 / 31075547 / config-hash: 3635630053877940451
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:04:58 GMT

GET
H2 200 ads.js Show response
static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ Frame 2E7E 120 B
306 B 53ms
53ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ads.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19532
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
last-modified: Wed, 21 Dec 2022 18:47:42 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 120

GET
H2 200 str.html Show response
static.virgul.com/theme/mockups/outside/ Frame 2946 891 B
1 KB 49ms
48ms Document
text/html 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19532
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
content-length: 891
content-type: text/html
date: Sat, 24 Jun 2023 17:04:58 GMT
last-modified: Wed, 28 Sep 2022 10:07:57 GMT
server: openresty/1.15.8.3

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2E7E 140 KB
48 KB 101ms
61ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19532

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

34a9787ac484284d5f427da581c93144c33ab5afcf6cb8b0193bd9f068b00ae5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49034
x-xss-protection: 0
server: cafe
etag: 9209822171690017957
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:04:58 GMT

GET
H2 200 prebid7.38.0.js Show response
static.virgul.com/theme/mockups/outside/ Frame 2E7E 489 KB
182 KB 54ms
54ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19532
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
content-encoding: gzip
last-modified: Mon, 27 Mar 2023 14:56:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 2E7E 236 KB
58 KB 59ms
11ms Script
application/javascript 13.224.192.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19532
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-181.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 16:40:35 GMT
content-encoding: gzip
via: 1.1 0dec5f752f0f332c449471a83f050dd2.cloudfront.net (CloudFront), 1.1 8002c303d4f2295f77566a349deba122.cloudfront.net (CloudFront)
last-modified: Thu, 15 Jun 2023 18:14:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA2-C1
age: 1464
x-amz-server-side-encryption: AES256
etag: W/"9352f20e556bff9fea6fd0461aac850d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: VsyltlMr6TkOij69NOcE1UnxZl8Xce-F01cY9u95w_EUgAeYVPM9yg==

GET
H2 200 pageview Show response
ng.virgul.com/ Frame 2E7E 34 KB
6 KB 181ms
57ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/pageview?c=site_geneli&mt=1687626298218&v=https%3A%2F%2Fye-mek.net%2F&r=yemek_net:site_geneli&userId=&tp=&os=&call=noktaad.ads.vvad&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc0,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.9574511767879779
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19532
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: de6441ae50359b25da5ad72bd6f467066df9a220390eefc3a4d87ac076cab85d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/fallback/ Frame 2E7E 12 KB
2 KB 48ms
48ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/fallback/yemek_net.js?dts=19532
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19532
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
content-encoding: gzip
last-modified: Tue, 20 Jun 2023 21:45:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 hb Show response
ng.virgul.com/ Frame 2E7E 50 KB
5 KB 168ms
50ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/hb?call=noktaad.setHbParameters&site=yemek_net&dts=468785
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19532
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: c2096c7f8c43a3751ad70e80d6a23fd56cb255665a2c089ca8929eec2fbc45e6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
cache-control: max-age=3600
access-control-allow-credentials: true

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 2E7E 0
304 B 10ms
9ms XHR
text/plain 13.224.192.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fye-mek.net&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-181.fra2.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 15:51:09 GMT
via: 1.1 8002c303d4f2295f77566a349deba122.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
age: 4428
x-cache: Hit from cloudfront
access-control-allow-origin: https://ye-mek.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: srE-a2JP6078N6UmUfMndBOs2DtfFgUP-aPFR_amk-U32UW6Jspe_w==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 2E7E 6 KB
3 KB 25ms
8ms XHR
application/javascript 13.224.192.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-181.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 09:19:15 GMT
x-amz-version-id: rBtfgJUMGYsy5fZuQwMAU7hSD.fVdF76
content-encoding: gzip
via: 1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 27944
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sat, 24 Jun 2023 09:19:11 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: _E3pEnZ-VxO-ejkKAoZeMZW6WcGwcc9W0xju7oVaUDfJVZT13fuB6Q==

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306200101/ Frame 2E7E 345 KB
119 KB 126ms
81ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306200101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net&bust=31075511

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c6a1a76527915c6ae9a97a59528a1c0ac871a858be8cca711a763109ef06e1a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121311
x-xss-protection: 0
server: cafe
etag: 16787164542614073208
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:04:58 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230620/r20190131/ Frame BEE7 10 KB
5 KB 12ms
8ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230620/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 35711
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 07:09:47 GMT
etag: 15057649708203361565
expires: Sat, 08 Jul 2023 07:09:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/ Frame 2E7E 393 KB
125 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/pubads_impl.js?cb=31075547

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b682cb846d14bb05298861383969201f50f3334cd261828d904b198b21a81c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 10:36:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 23334
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127958
x-xss-protection: 0
server: cafe
etag: 9594374905283295825
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sun, 23 Jun 2024 10:36:04 GMT

GET
H2 200 empowerwebplayer3.js Show response
static.virgul.com/theme/mockups/outside/ Frame 2E7E 10 KB
3 KB 45ms
45ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
content-encoding: gzip
last-modified: Tue, 13 Jun 2023 13:36:40 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/sites/ Frame 2E7E 11 KB
5 KB 45ms
45ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/sites/yemek_net.js?dts=468785
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19532
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 09:08:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ Frame 2E7E 17 KB
5 KB 89ms
9ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19532
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 16:49:09 GMT
content-encoding: gzip
age: 949
x-guploader-uploadid: ADPycdubpNHeBom5mEYYDv_FoULa_L6gb2YmFe_OaTiWSI90NZv5lOIC1eLKzAfRYqJ7I5MwlxQ7rsh9GkMZFFID9oFgrZL4Y6Kx
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5009
last-modified: Mon, 05 Jun 2023 16:36:50 GMT
server: UploadServer
etag: "47a886353056caf33a998c6041e20896"
vary: Accept-Encoding
x-goog-generation: 1685983010517890
x-goog-hash: crc32c=aHj4lg==, md5=R6iGNTBWyvM6mYxgQeIIlg==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 5009
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 zoneview
ng.virgul.com/ Frame 2E7E 0
209 B 44ms
43ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1687626298408&v=https%3A%2F%2Fye-mek.net%2F&r=153366@153377@153378@153379@153379@153382@153383:yemek_net&userId=vnet882f387d-b009-4a3a-a2fb-177357578087&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.04882726924086911
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Sat, 24 Jun 2023 17:04:58 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 zoneview
ng.virgul.com/ Frame 2E7E 0
209 B 45ms
44ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1687626298497&v=https%3A%2F%2Fye-mek.net%2F&r=153394@153493:yemek_net&userId=vnet882f387d-b009-4a3a-a2fb-177357578087&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.5935373748883395
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Sat, 24 Jun 2023 17:04:58 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ Frame 2E7E 7 KB
3 KB 356ms
44ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19532
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Sat, 01 Jul 2023 17:04:58 GMT

GET
H2 200 tag Show response
feed.pghub.io/ Frame 2D7E 13 B
257 B 71ms
22ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Sat, 24 Jun 2023 17:04:58 GMT
strict-transport-security: max-age=31536000
via: 1.1 google

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ Frame 2E7E 23 B
458 B 90ms
41ms XHR
text/javascript 18.66.138.185
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pr=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pid=woqHu6kwEu7NS&cb=0&ws=1600x1200&v=23.612.1758&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338221728129623web_yemeknet_right_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_right_tower%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338321728129623web_yemeknet_left_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_left_tower%22%7D%5D&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.138.185 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-138-185.fra60.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 da78abc509aafffb42eec33ca2dc60d4.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA60-P4
x-amz-rid: H5Q5A19PRMZ38DYEE6NW
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: jnHbrFqRQdcDytIGsypYQz2U-5zTbCV988TyoZfQ92yOZiA63A8MeQ==

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2E7E 107 B
456 B 49ms
27ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/pubads_impl.js?cb=31075547

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2E7E 27 KB
11 KB 388ms
387ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=373190335099830&correlator=1892776713612628&eid=31075547&output=ldjh&gdfp_req=1&vrg=202306210101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=2&adks=3733009076&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687626298218%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet882f387d-b009-4a3a-a2fb-177357578087%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet882f387db0094a3aa2fb177357578087&sc=1&cdm=ye-mek.net&abxe=1&dt=1687626298550&lmt=1687626298&dlt=1687626297712&idt=806&adxs=436&adys=2665&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=89wml5etvemm&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=960498460.1687626298&ga_sid=1687626299&ga_hid=1486286444&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/pubads_impl.js?cb=31075547

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e0524c7c780f39ce783aa0ea6de90f35f622e2625086841e2608405db807f1bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11653
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425583933
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E6EE 6 KB
3 KB 94ms
15ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/pubads_impl.js?cb=31075547

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:58 GMT
expires: Sun, 23 Jun 2024 17:04:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2E7E 21 KB
10 KB 332ms
331ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=373190335099830&correlator=121508316723072&eid=31075547&output=ldjh&gdfp_req=1&vrg=202306210101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=3&adks=3300439151&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687626298218%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet882f387d-b009-4a3a-a2fb-177357578087%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D%26amznbid%3D1%26amznp%3D1&ppid=vnet882f387db0094a3aa2fb177357578087&sc=1&cdm=ye-mek.net&abxe=1&dt=1687626298570&lmt=1687626298&dlt=1687626297712&idt=806&adxs=315&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=d1cfmwjb1i93&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=960498460.1687626298&ga_sid=1687626299&ga_hid=1486286444&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/pubads_impl.js?cb=31075547

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6842377b16ee09324c96db8ffdb678dbafcef35ccb49fbf5c740fa046935604

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9750
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2E7E 64 KB
15 KB 803ms
803ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=373190335099830&correlator=121508316723072&eid=31075547&output=ldjh&gdfp_req=1&vrg=202306210101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=4&adks=2697397062&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687626298218%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet882f387d-b009-4a3a-a2fb-177357578087%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D%26amznbid%3D1%26amznp%3D1&ppid=vnet882f387db0094a3aa2fb177357578087&sc=1&cdm=ye-mek.net&abxe=1&dt=1687626298573&lmt=1687626298&dlt=1687626297712&idt=806&adxs=349&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=n71s9ejjddaq&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=960498460.1687626298&ga_sid=1687626299&ga_hid=1486286444&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/pubads_impl.js?cb=31075547

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ac8dc957a0bd33bfd1038973cb3a70e611baa3ef7d44f92d8eda47866ef8acc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15570
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2E7E 22 KB
10 KB 590ms
590ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=373190335099830&correlator=121508316723072&eid=31075547&output=ldjh&gdfp_req=1&vrg=202306210101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_3&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=5&adks=1351592814&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687626298218%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet882f387d-b009-4a3a-a2fb-177357578087%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D%26amznbid%3D1%26amznp%3D1&ppid=vnet882f387db0094a3aa2fb177357578087&sc=1&cdm=ye-mek.net&abxe=1&dt=1687626298577&lmt=1687626298&dlt=1687626297712&idt=806&adxs=985&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=8qdo3awcxqie&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=960498460.1687626298&ga_sid=1687626299&ga_hid=1486286444&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/pubads_impl.js?cb=31075547

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ddb6297b4c0fb187165a864cbecf7db510c5e12ee6e662754f1f960c201b5c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9859
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2E7E 107 B
165 B 28ms
27ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306200101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net&bust=31075511

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 63E9 603 B
67 B 178ms
178ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687626298340&bpp=3&bdt=629&idt=295&shv=r20230620&mjsv=m202306200101&ptt=9&saldr=aa&nras=1&correlator=1088079189640&frm=24&ife=1&pv=2&ga_vid=960498460.1687626298&ga_sid=1687626299&ga_hid=1486286444&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31071755%2C31075511%2C44788442&oid=2&pvsid=373190335099830&tmod=13974008&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.b5r03pbileis&fsb=1&dtd=307

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2E7E 22 KB
10 KB 333ms
333ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=373190335099830&correlator=2517633430720133&eid=31075547&output=ldjh&gdfp_req=1&vrg=202306210101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_left_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=6&adks=3299242717&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687626298218%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet882f387d-b009-4a3a-a2fb-177357578087%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet882f387db0094a3aa2fb177357578087&sc=1&cdm=ye-mek.net&abxe=1&dt=1687626298665&lmt=1687626298&dlt=1687626297712&idt=806&adxs=122&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=oo2xkseydhs4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=960498460.1687626298&ga_sid=1687626299&ga_hid=1486286444&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/pubads_impl.js?cb=31075547

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6a3184831806c6d057113cc853f0b95a8150143fbe8a29c00a671d5814ac2431

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9964
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2E7E 21 KB
10 KB 307ms
306ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=373190335099830&correlator=713606213286166&eid=31075547&output=ldjh&gdfp_req=1&vrg=202306210101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=7&adks=345722362&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687626298218%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet882f387d-b009-4a3a-a2fb-177357578087%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet882f387db0094a3aa2fb177357578087&sc=1&cdm=ye-mek.net&abxe=1&dt=1687626298668&lmt=1687626298&dlt=1687626297712&idt=806&adxs=436&adys=1389&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=l86r8gixa8iy&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=960498460.1687626298&ga_sid=1687626299&ga_hid=1486286444&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/pubads_impl.js?cb=31075547

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2cf6ba91e0fd2d7ae476ccb034c9c3febd07006491f3868fd87d5d9a05497733

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9945
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2E7E 21 KB
9 KB 336ms
335ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=373190335099830&correlator=1882546871851503&eid=31075547&output=ldjh&gdfp_req=1&vrg=202306210101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_right_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=8&adks=3203893797&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687626298218%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet882f387d-b009-4a3a-a2fb-177357578087%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet882f387db0094a3aa2fb177357578087&sc=1&cdm=ye-mek.net&abxe=1&dt=1687626298670&lmt=1687626298&dlt=1687626297712&idt=806&adxs=1318&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=if00jaqpn2u6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=960498460.1687626298&ga_sid=1687626299&ga_hid=1486286444&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/pubads_impl.js?cb=31075547

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01fa226664394f42315f127309e22db4105760d53b5fdfb3a6210942ccc4b3f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9632
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2E7E 21 KB
10 KB 309ms
308ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=373190335099830&correlator=3894851697306215&eid=31075547&output=ldjh&gdfp_req=1&vrg=202306210101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_ust_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=9&adks=456810305&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687626298218%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet882f387d-b009-4a3a-a2fb-177357578087%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet882f387db0094a3aa2fb177357578087&sc=1&cdm=ye-mek.net&abxe=1&dt=1687626298672&lmt=1687626298&dlt=1687626297712&idt=806&adxs=436&adys=751&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=hgv386jbrc3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=960498460.1687626298&ga_sid=1687626299&ga_hid=1486286444&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/pubads_impl.js?cb=31075547

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

82ef6d77d41231210adf1d19724884bfc3cb6da85b1d011cb77d4586dc380774

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9741
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2E7E 21 KB
10 KB 355ms
354ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=373190335099830&correlator=2615289948258492&eid=31075547&output=ldjh&gdfp_req=1&vrg=202306210101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=10&adks=2157304621&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687626298218%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet882f387d-b009-4a3a-a2fb-177357578087%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet882f387db0094a3aa2fb177357578087&sc=1&cdm=ye-mek.net&abxe=1&dt=1687626298675&lmt=1687626298&dlt=1687626297712&idt=806&adxs=436&adys=2027&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=vt238ql94zvd&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=960498460.1687626298&ga_sid=1687626299&ga_hid=1486286444&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/pubads_impl.js?cb=31075547

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a093402225ac56a46e1ec1c3ab2a2f7d6607f15c562143fe8c64de4f51e81706

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9786
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 2E7E 361 KB
121 KB 85ms
26ms Script
text/javascript 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19532

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123120
x-xss-protection: 0
expires: Sat, 24 Jun 2023 17:04:58 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ Frame 2E7E 398 KB
128 KB 52ms
52ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=6/24/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19532
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
content-encoding: gzip
last-modified: Mon, 29 May 2023 18:51:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Sat, 01 Jul 2023 17:04:58 GMT

GET
H2 200 container.html Show response
b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 61C7 6 KB
3 KB 10ms
9ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/pubads_impl.js?cb=31075547

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:58 GMT
expires: Sun, 23 Jun 2024 17:04:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C89E 624 B
246 B 52ms
51ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjRjbbrATAB&v=APEucNVL9zkpKcLh-klY9hnS1ESmuyw7xtVGVC3f-FUBZ21ob3vMQlsvB1g32CU4GW4GHiFClka32bdybFTVVI1FhQ3_JAVp-K1BWYhvgNY4P82D_zq8jVngIInibdTizrf0JARxy9dJd2yxQ7XWs_2FKoBroUn2UcXrDQJHg2ERof9Z3fzh3wg

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:58 GMT
expires: Sat, 24 Jun 2023 17:04:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 61C7 78 KB
27 KB 77ms
77ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:04:58 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 61C7 42 B
63 B 43ms
43ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bg4uy7i-NaOgpLkS8oUvfuE-cYM5Ez-7Ae69gTLK_5PLjfIeCOYvWehWldZ0qSZbN6oLv90Tq7ibm9DdDbZBbRBIYs6gZcYT1gLaktmlXf5GLe2uc

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 61C7 0
20 B 45ms
44ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=15500453450574714531&x=1&ct=76

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 61C7 3 KB
1 KB 49ms
11ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:48:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76577
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:48:41 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 61C7 19 KB
8 KB 48ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78320
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:19:38 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 61C7 179 KB
56 KB 2260ms
2221ms Script
text/javascript 2a00:1450:4001:80e::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

13b4bb0bb059eee9a7ddf5b8ae3f395e28e7f81918eeac0ec934f3d050c4d0a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57242
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687383875062185"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:05:01 GMT

GET
H2 200 container.html Show response
b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 11C9 6 KB
3 KB 11ms
10ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/pubads_impl.js?cb=31075547

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:58 GMT
expires: Sun, 23 Jun 2024 17:04:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7F38 6 KB
3 KB 12ms
11ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/pubads_impl.js?cb=31075547

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:58 GMT
expires: Sun, 23 Jun 2024 17:04:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B7FB 6 KB
3 KB 16ms
13ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/pubads_impl.js?cb=31075547

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:58 GMT
expires: Sun, 23 Jun 2024 17:04:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 11C9 24 KB
7 KB 14ms
11ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 277328
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 20 Jun 2024 12:02:51 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 11C9 137 KB
47 KB 64ms
62ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6978dedf12d2dc2d1ce72b2ccca398e1c09e7acdedff0ad3ee9b7b009e6f1647

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Origin: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48162
x-xss-protection: 0
server: cafe
etag: 11442726570640540907
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 11C9 179 KB
56 KB 2205ms
2203ms Script
text/javascript 2a00:1450:4001:80e::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

13b4bb0bb059eee9a7ddf5b8ae3f395e28e7f81918eeac0ec934f3d050c4d0a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57242
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687383875062185"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:05:01 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C89E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJxAxGDfsvukfwTWZQ1P6Cs&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJxAxGDfsvukfwTWZQ1P6Cs&google_cver=1&C=1

43 B
632 B

8ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJxAxGDfsvukfwTWZQ1P6Cs&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjRjbbrATAB&v=APEucNVL9zkpKcLh-klY9hnS1ESmuyw7xtVGVC3f-FUBZ21ob3vMQlsvB1g32CU4GW4GHiFClka32bdybFTVVI1FhQ3_JAVp-K1BWYhvgNY4P82D_zq8jVngIInibdTizrf0JARxy9dJd2yxQ7XWs_2FKoBroUn2UcXrDQJHg2ERof9Z3fzh3wg
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 24 Jun 2023 17:04:59 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Sat, 24 Jun 2023 17:04:59 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEJxAxGDfsvukfwTWZQ1P6Cs&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C89E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJciO0tQf1.U.AEHcl1p2gAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJxAxGDfsvukfwTWZQ1P6Cs&google_cver=1&google_hm=2

43 B
632 B

9ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJxAxGDfsvukfwTWZQ1P6Cs&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjRjbbrATAB&v=APEucNVL9zkpKcLh-klY9hnS1ESmuyw7xtVGVC3f-FUBZ21ob3vMQlsvB1g32CU4GW4GHiFClka32bdybFTVVI1FhQ3_JAVp-K1BWYhvgNY4P82D_zq8jVngIInibdTizrf0JARxy9dJd2yxQ7XWs_2FKoBroUn2UcXrDQJHg2ERof9Z3fzh3wg
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 24 Jun 2023 17:04:59 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJxAxGDfsvukfwTWZQ1P6Cs&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame C89E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEBDMbZ4EZwxJGIQomjlCNwg&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEBDMbZ4EZwxJGIQomjlCNwg%26google_cver%3D1

43 B
1 KB

16ms
16ms

Image
image/gif

185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEBDMbZ4EZwxJGIQomjlCNwg%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjRjbbrATAB&v=APEucNVL9zkpKcLh-klY9hnS1ESmuyw7xtVGVC3f-FUBZ21ob3vMQlsvB1g32CU4GW4GHiFClka32bdybFTVVI1FhQ3_JAVp-K1BWYhvgNY4P82D_zq8jVngIInibdTizrf0JARxy9dJd2yxQ7XWs_2FKoBroUn2UcXrDQJHg2ERof9Z3fzh3wg

Protocol

HTTP/1.1

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 24 Jun 2023 17:04:59 GMT
AN-X-Request-Uuid: b02169f2-1f7c-4c4e-89b8-ec7909976aac
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 37.58.57.5; 37.58.57.5; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 24 Jun 2023 17:04:59 GMT
AN-X-Request-Uuid: 3545e58a-4e2d-465d-a86b-f9a94aaabff9
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEBDMbZ4EZwxJGIQomjlCNwg%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 37.58.57.5; 37.58.57.5; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C89E
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzU3OTE3NTI2NzQzNDExODMx

170 B
188 B

22ms
19ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzU3OTE3NTI2NzQzNDExODMx

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 24 Jun 2023 17:04:59 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 37.58.57.5; 37.58.57.5; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 458a4008-23c0-45be-a269-c647f145ef3c
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzU3OTE3NTI2NzQzNDExODMx
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 container.html Show response
b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame DC56 6 KB
3 KB 13ms
12ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/pubads_impl.js?cb=31075547

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:58 GMT
expires: Sun, 23 Jun 2024 17:04:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B6B6 6 KB
3 KB 11ms
11ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/pubads_impl.js?cb=31075547

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:58 GMT
expires: Sun, 23 Jun 2024 17:04:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame AE79 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/pubads_impl.js?cb=31075547

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:58 GMT
expires: Sun, 23 Jun 2024 17:04:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C86B 624 B
245 B 49ms
49ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjH8_zbATAB&v=APEucNUeBLaVyV05aV6Ksc-gEtFEt4wpzvCER_qAPZ5lVIwAMPEeicYeOE2h2vqi0ecy5np44BP3izpmmMhYGl-7bPa8tjoy-6YZXlwmfzjV2hT1JIdiUu3joX-1MEjtnMeygBJOPMLLxmVvnI3d3fIRv1HsxMSyMt0NXaPEI9CRZ1e7tvgXwBw

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:59 GMT
expires: Sat, 24 Jun 2023 17:04:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 7F38 78 KB
27 KB 66ms
64ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7F38 42 B
63 B 45ms
43ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BpIS_OTr9NMBtVbncvt3lhF5ZQAAkvRWGBOyXULefokUscGORe_mUskBeLNVp1cHmImw6gAMa7Eq233QkyUnRS_S0dkTfiqSUDVbjgV07Uri5CQSw

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7F38 0
20 B 45ms
44ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=6750004804482573451&x=1&ct=76

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 7F38 3 KB
1 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:48:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76578
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:48:41 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 7F38 19 KB
8 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78321
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:19:38 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7F38 179 KB
56 KB 2120ms
2119ms Script
text/javascript 2a00:1450:4001:80e::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

13b4bb0bb059eee9a7ddf5b8ae3f395e28e7f81918eeac0ec934f3d050c4d0a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57242
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687383875062185"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:05:01 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 61C7 0
20 B 44ms
43ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9573447208267&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 61C7 0
20 B 43ms
43ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9573447208267&version=m202301230201&ct=76&x=1&cor=15500453450574715000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 61C7 103 KB
39 KB 72ms
71ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ARRDXqFK3RKEH_j8KHv8crR-HrXndBqEekK5ql2ez0FiodxWdExyBFswErOD-WyNOHgh5fUp52BNq__D8Ou1ceElRXGV5Oet_veM-UdkEd7vgUOHu0xb4Df6MpoqcGB6k0DHA1_iytCgYzKqnSNTwxRyvLuiHyq9VHI-0A5QQ6AmACrGY&dbm_d=AKAmf-DC2p_3XU7EBuz9JukolN12HD3o7SeHxdydRxz0eBPYHtl-wZl4yOIG-9rQIM5kf8lZLD9Vdy4ew_sxm_Pm5NN2TeaORijdDel7VMJ-8GeVWZ8LQB9OGMHVPzpiLEtPlccWSrC26zynDNFRWUK7-WqCbg4WTllK1WbVxos-z27Sy7E9e4EZCnoSS3WgPW-aVsVgp9tF90WykNLJSXXfHvrXR4LUCk3fvdz9yBLykmoFaI5je-Encdd0wUsFA8wINHCtnB4fHwSixTJePPTjw8FVPz8OrvIf9PEUdhZs8AbahcpYCY8dFzDZwyHuYTFwv9VjZpWjyZB-gXgQqvdEb9lnE6vkgxZJH54_W9ctOSqALGJJvldpvXwjXjxqwNyAvzTcUCivIJy9nnzNxvKKl7fI4HoFsbJ_2eA570DG9fJHVw5l1YpRywj3LEj3Vuil-L3dYsQHGi5btBJR-p87PR1UnBCj3xWsnZQNs6sBRPnQuKQBjwsOb-R1sgPvuZlT-uS6j7AYq8GwEg1uc9lOpVKiTDjyBRlQO4BncwvY_lOOYp6M0pHUb6GGjnKFl7PiqHxyaFPGuK3-8SPavif4DnVWUvHFSArptMuAotG_kWLSquaUZ3KDfs6qjju_l7W3IrvUoYVc13weLR9m47Ckh0NB-T7fhZhOeHGDSCsnQsqmsKehUDvrOeRpWI0Sy2En9x0aTNgsaE1BmDvIVrBKhg1JC-PuSK5BGY-TduMEuF_xzzeY07LkE0KqNuilP9LxhpweRrHwS5hTO-b9y7A6LxsEN-GgjHSRTHTbp7yms4iDH35zQUY3AdeRqrWKIsTcrqIXdLlQDt-EhFAYTdUDUV9kkVq_0_sY08HqQFDGRX8WPDeSSFXQlwEz97IHg8VbOragIbu3QHzkXj69Z5KASfg4Xt3NiCb592UNt-cjqqmXFl-2VioagQUu17QcNeTtgE6Oi0PTOXTaKI2wSTCJU-9WxlYZa_wVugdfw1RS9dSDWHB5hw-f4Mun6RaoDVD5RehpmCX8ui-dIzDQvL0XvchK0Op4_UTbpwkzO0lkj7gu5ceHyBiwYi80tDk9ueyOfQxd4qnZ_LGrOFK8v6BK_5YfWzw9a2pMaYN_cKVty18hxBhMMkMB1-C12bQj0Z79M6DyFyWwc1Tfo9k_pVcgBgapFEFvMhKgHz6bqBYlr7gVaUZCD4KbfxfYNc2qmrTfcVCpKy260CR-_ZpwD_X6RaCZ717iakF5pK2md4QbWFtpFaYhTG1IM66OqCOiNLXBaFHwlILSkPQ1q297tn8cjc1Ag4-bkAcGUf_2OUELMVyWZc8kUkYyyFh6EYMg3dWh34PdFN2nMD5_kQpgT60Wb1zLu_hb6TjDC_9edSa2Nzh1qU7PF4NGu35VwIz27PR6MSfTh4CDSsNo895CEkGx4f1uYHVJbfLtcM1ZiXnAA8tBBNEmc7aEmKyPHK823xyHSn7v3v6R7lcRNvuCkMoO1eSraJIPpPB_MSrqNymY3Bmz6Ukl5P8lA6MRNfvrXuIqgAa34pDWn46_alT4yurSEd7FAKko7cppCNmM1rWEcM2Lke5qK6pRK50S2EQTiTbi3YA6G6sKS3dvyMaIO_70TwpvXF_VtjZhpYKND6LFNd53zEnPzdvQpCecT2tO7qhrbYUFd-TSIAGYIvTpbpq47jAztYdeqNzba1iBpvcVFbyn5Rp0mn7RjoqO1UlJmgASFVl9F9F4ckG9s0qSbc_JSqbr1Jd5CC9Ap6NANom7vecUoUTfgmv7Sk0QXot4ZpDMXZq5TWYqlPSBfaG7Jmz-QG6s0Un95vIsGl6IaaUHRtHUS-FWUb1hI3HraJL7wNp0Du_UA8lLM6vEpk9_n_Cn_lZwK8b3byY1zkeoRrJvOkg3uwHkZdaiQS3jHAgxvZom970oPElH38cvbGlE7axdhKqqEQkShh-KEtuvvcBXi20Mf1Rp4LgIhHzwQYhzhN52Z0NWwSCCVgwLWjtpEIj99dJ8KgmQ_iimkgH-VNgHUevVwBobvMVQlYid6ho3ZLfVy71JsmWgi7LX-ciEGk-DZ0Y67A0Vgx5I9eIlbVeVqIJLThfaLbja9MDN-DSo0aJA2EVI8gDkSxf3wcwS9EAFHRMMIPjpYN8vID2SdPOr1C9Y_8u1Ld7tX1bjOvVro1ApYvD0ZqQHQH5UedIYhHgiBh3zW2aldaVE9kE0MWWrbBc8BorUxkGqS37HSxunWMLvxp7RNGToTEKxagyhu6wMEEF2vL2i7taDPjARwHc1frJ_8SCPeEQM8sni3FjrQ5p0NIzELdqyTNPYSxLLcCbBWGnjD6Gi8yzxsdvBQ7q2mTjeKB5XVtA9kgr3Mte89KFJWzMWuSSaT65DxRfyiHPJHWN6ql29jaYuxCUMe9MBKPmrbOF8H9cEYZjZTtyddqBX7LV_jtWptelQQHPkYjg_0MFY6rVpkqoJRa7GSWWWAHHmkHhPLa6RkA7b_1D99ux050qcSV7nJzzIB2XuGPAI4SbPqdl9S-Tietwu4WcSoFTjktW2p4C3vJTjLo_Zhb1_Bc9cE9BfLycImA_i-l8kEWQRLF5GC2a5oxyqFWBmFfjZZ6EzxHLgmbQ9uJnXffaCN0BSStk4wekHXsuRX1lPLzXFIog3yQAVjvC5zjMl0ZnEbBtQ6vs0LFuxtUUPVbXfWkzsZSU8uZT23QYUq6-xRNTfAg2diD5vFx68G8-KzNGQ86nKm4uGvK0chxcVkBYP0y5RM2MY-C41xUuQvswcHXN203_Txs0GQmxFzMQ0tUKK6ivpJ-22GbgUQV8XIurprImSEpSsnmzj_1OVx5jwlq5zCiHJnwBREDx0oHw3Rlv2RMtQ0A_pRhX8XApgMYhWunWqa9yFP0tItkDX2sxbIY5MXJpmMT_6HmIt-36FVWWs3MriLwTOtlLGOh-sbS6ikJY3UJ49V4QtgZiZi24WcJ_eiOB-xCp9ktmogOiIAN6JnylQT0HSXQeiuiKrL8bTtsuxyIvd7MBNYXUWVBp-sHs4YoR3pbmHNKhHBTqVAPdXZCy13_9ffGXvTZ17er8foWSYNq6RFo0-rMXukGBai2rGiJxjBPLyc5-UwmvW5U2WxrH_CWOy5dRJS4FakdRdK0FYffXjwOcXyl7sKxXPoVKcaZ83hpSOKByZabh1AxHzSrYQ6zA7CalnMr0Bs1DpiIp3ZDDMmEOl0fEWRG86vuHJBdbiPF5pAlpjvgtZYVxMrbsJ_v3XGucapcuCRDmRXKAwugqM7394JH-Kss65pZMr7X1uXMYEqz8yf1mtQ__OLnpuRXpLMGJwaLHShgNCqIT4GEgtbkuKBw53dp060ATcpyIfy3Dk0mb0J30p6efFnGSrZxcea-i4HAmGYkoN0ho_wPVUnyfKwoK4a6_iWW3HLh8ddACEeDPdgoXJDe83QWojbJUkWcoYTPI_7U2QI-rzCSB_QdXfTwmtJl8Ef-8K3ci4QcHl2rkw1uMeeqCcoADYSMGqmpFd5DLBWd_tpJ2ObXle&cid=CAQSbQBygQiDG0Fmpm3Ylsh0Bny2XEnB0rnGvSYc9_sDrpB3tPQMxbKLSQaV53SnU82HqYoAzL3dGV0C3G6PYCH9Y7GRjxp0B_CZrkFJT1PidP4Ydf2kMEAgBXApm9H1sKUO_bwYomcF4DFvx357-QUYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=15500453450574715000&adk=3468572599&idt=83&cac=0&dtd=17

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

22b5277b17bcc9f682004e6c7dc1e41ffd42c83a3476f14c7e3324c291cc86e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40118
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 930A 640 B
265 B 50ms
49ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNUznaJX8_SdnkPaOwsumWUUFWXzG6DI44RgU3eCyNGvN_E6f480yilc_IyRL2ji0z7YBeVXEz-7PCWkXPeV_q5D4Y_RSn9UwSWVX1Ek43z0BO2Ya3fuLxxsat72UIRc_bw0BcHBB8QYQWrnpJ5GqXpyBkEyV02kGbnY67qI7NkSlJFZtuc

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:59 GMT
expires: Sat, 24 Jun 2023 17:04:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame B7FB 78 KB
27 KB 114ms
114ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B7FB 42 B
63 B 43ms
42ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CTSuRzwCNAcaRNzxrFDtk9WL95N9zdbfHnPjqgEC2Ki-oZosp3SeN99c5YUW7zkFXyjitHbUiVoeylK56pq12tUKYB-8wGd7Zt_9EST7jxElmwv6c

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B7FB 0
20 B 45ms
44ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=4074796012635077209&x=1&ct=76

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame B7FB 3 KB
1 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:48:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76578
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:48:41 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame B7FB 19 KB
8 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78321
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:19:38 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B7FB 179 KB
56 KB 2098ms
2097ms Script
text/javascript 2a00:1450:4001:80e::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

13b4bb0bb059eee9a7ddf5b8ae3f395e28e7f81918eeac0ec934f3d050c4d0a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57242
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687383875062185"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:05:01 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F594 640 B
265 B 50ms
49ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY8aj5xgEwAQ&v=APEucNWG5Myl8N3H93rDN96_XvoE-VYcGDY0gzXDPpKHgTiruD4QYCB2RGqwSaZ2BZVUjDegTNELytME4pVQK0aNeMI8ohjpMlZRCuKR_OXrgb7s8vuUSpKE8f6TdQaJYdB4jOcirYtvDwttJu1MzvvjD9XbltAKRjo09wjMl5V7fIlHrmkluNY

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:59 GMT
expires: Sat, 24 Jun 2023 17:04:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame DC56 78 KB
27 KB 105ms
105ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame DC56 42 B
63 B 46ms
45ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AwgEhAtk8qT9bDgd1qaWgVylBZxyL59tdGnYzqvvZwa38m6au7fFMHcFonHpgcqEl4glh175ZyACdh2NMoB3viBez8CX4-bO-7LR7xjlSo5Rznok0

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DC56 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=6596198850483686805&x=1&ct=76

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame DC56 3 KB
1 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:48:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76578
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:48:41 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame DC56 19 KB
8 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78321
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:19:38 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DC56 179 KB
56 KB 2067ms
2066ms Script
text/javascript 2a00:1450:4001:80e::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

13b4bb0bb059eee9a7ddf5b8ae3f395e28e7f81918eeac0ec934f3d050c4d0a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57242
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687383875062185"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:05:01 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame ED37 640 B
265 B 50ms
48ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLO_UBCb3VAYn_iJ6gEwAQ&v=APEucNXCyZsOpaWNtx_kjXKS2cwulizGWvfkd4TZfC65j6Ob4vMfJ71U2kC_uzwlx0lXXY-iNgh3gbm5s1lpOGdc1xhmLO1K7zL0FBKOUtOcJU-iwC6207vXnc2MlIxdltS-m7-55RD_njMCeNhF-1iJwrqES_qlfSpZXRLve1qEx1avb0K6NE0

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:59 GMT
expires: Sat, 24 Jun 2023 17:04:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame B6B6 78 KB
27 KB 100ms
100ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B6B6 42 B
63 B 44ms
42ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BDNbgwPPfEUWlWTlF8qPWLzmq_eD83fl_P2g4JGItgB70qaMAuOT0YJTxK01pfoML6RLt-ztZrGwk502M1zK-HaY2RKkpDoBX_XnOZ2onFsy7EuQo

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B6B6 0
20 B 44ms
41ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1242215832749930583&x=1&ct=76

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame B6B6 3 KB
1 KB 11ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:48:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76578
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:48:41 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame B6B6 19 KB
8 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78321
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:19:38 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B6B6 179 KB
56 KB 2091ms
2088ms Script
text/javascript 2a00:1450:4001:80e::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

13b4bb0bb059eee9a7ddf5b8ae3f395e28e7f81918eeac0ec934f3d050c4d0a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57242
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687383875062185"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:05:01 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 11C9 0
0 46ms
45ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvFPPFqiYy-Z5xtWrp6DKMcgTNTvmW2QWWNGdDp-ZPLoEnlo-hyjiQFKSYYwB49teMGSMVkF--CNhLWh25b2Y8HQHIoue5PN9h0EhKhdHrF9GRcWqqmKw424ZZQ2FfbfClXL170AarLz1yHv_irtsbcpezI8g9wliffYu8zYFPVful39jR60CFWt39r_XgeBmgJzOw1sIiya_iD1I2q5o7Ra1q-0nif8w2PT9Nqp_kD8moTqNxoZtdrKo_MuwtUQu_rHG8gpqYXRFVuPWp_xoogqQ4j8OaH4rxwZmwMBn4X2wLyVVeWtncT9qguCneiu8BMNwsvSN0rr1Q6ctUPkpetkib0kcJzaIVVJp0RjbodqSsR2484arHjqA&sai=AMfl-YQcy0FoUG59vc5VuVNNmaOkIqB_jZTCQ6xlEy3qLvK_qyNEUwJKnVcnktWmy_fr10IejX3MGHhrgfDWGzL6jlvUi3_9LV25N8U2EsO8DGc&sig=Cg0ArKJSzMnI48StN5k9EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 085B 640 B
262 B 50ms
49ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNVBBNQP53dSjgdPf44gg_HJ7ZnmooCyvXi7d9nnyNsz8v4r0ps0l7INc3NA4_hMlB4d5TH2b1N5HwB030lVc3woT79TIwDsbTRkeb9_rqtA2i3-7AfOWPYnVoPRwJtB-Xc2z_lZsG86L18ZVPwU4vOp4tMqYCgoTcvpmVZDUia3Ead5FOU

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame AE79 78 KB
27 KB 88ms
88ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame AE79 42 B
63 B 43ms
42ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AvS7Mwcb_eS7T56cYqqGXfc0zTw_cfo1Sk4vuyZdqP64QYUva1O80UhfM6GElCT6p3ATToTXC41ovYolJv_oD6F3qP-FxFo5rWczP9ej0304SDmA4

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AE79 0
20 B 43ms
41ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=16964022107142402116&x=1&ct=76

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame AE79 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:48:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76578
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:48:41 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame AE79 19 KB
8 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78321
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:19:38 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AE79 179 KB
56 KB 2073ms
2071ms Script
text/javascript 2a00:1450:4001:80e::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

13b4bb0bb059eee9a7ddf5b8ae3f395e28e7f81918eeac0ec934f3d050c4d0a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57242
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687383875062185"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:05:01 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C86B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJxAxGDfsvukfwTWZQ1P6Cs&google_cver=1

43 B
632 B

8ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJxAxGDfsvukfwTWZQ1P6Cs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjH8_zbATAB&v=APEucNUeBLaVyV05aV6Ksc-gEtFEt4wpzvCER_qAPZ5lVIwAMPEeicYeOE2h2vqi0ecy5np44BP3izpmmMhYGl-7bPa8tjoy-6YZXlwmfzjV2hT1JIdiUu3joX-1MEjtnMeygBJOPMLLxmVvnI3d3fIRv1HsxMSyMt0NXaPEI9CRZ1e7tvgXwBw
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 24 Jun 2023 17:04:59 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJxAxGDfsvukfwTWZQ1P6Cs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C86B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJciO0tQf1.U.AEHcl1p2gAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJxAxGDfsvukfwTWZQ1P6Cs&google_cver=1&google_hm=2

43 B
632 B

8ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJxAxGDfsvukfwTWZQ1P6Cs&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjH8_zbATAB&v=APEucNUeBLaVyV05aV6Ksc-gEtFEt4wpzvCER_qAPZ5lVIwAMPEeicYeOE2h2vqi0ecy5np44BP3izpmmMhYGl-7bPa8tjoy-6YZXlwmfzjV2hT1JIdiUu3joX-1MEjtnMeygBJOPMLLxmVvnI3d3fIRv1HsxMSyMt0NXaPEI9CRZ1e7tvgXwBw
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 24 Jun 2023 17:04:59 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJxAxGDfsvukfwTWZQ1P6Cs&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame C86B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEBDMbZ4EZwxJGIQomjlCNwg&google_cver=1

43 B
1 KB

34ms
28ms

Image
image/gif

185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEBDMbZ4EZwxJGIQomjlCNwg&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjH8_zbATAB&v=APEucNUeBLaVyV05aV6Ksc-gEtFEt4wpzvCER_qAPZ5lVIwAMPEeicYeOE2h2vqi0ecy5np44BP3izpmmMhYGl-7bPa8tjoy-6YZXlwmfzjV2hT1JIdiUu3joX-1MEjtnMeygBJOPMLLxmVvnI3d3fIRv1HsxMSyMt0NXaPEI9CRZ1e7tvgXwBw

Protocol

HTTP/1.1

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 24 Jun 2023 17:04:59 GMT
AN-X-Request-Uuid: 95e7ba01-2bc3-492e-8553-1421559f0342
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 37.58.57.5; 37.58.57.5; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEBDMbZ4EZwxJGIQomjlCNwg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C86B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzU3OTE3NTI2NzQzNDExODMx

170 B
188 B

20ms
20ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzU3OTE3NTI2NzQzNDExODMx

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 24 Jun 2023 17:04:59 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 37.58.57.5; 37.58.57.5; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 0161c828-a76a-4f49-a559-85556b92856f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzU3OTE3NTI2NzQzNDExODMx
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306160901/ Frame 11C9 356 KB
119 KB 74ms
74ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306160901/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee444638576caade6517ecf8d6051bc1b9abe41c6e34b2bce54a2027af454dda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 122034
x-xss-protection: 0
server: cafe
etag: 7515014773425891801
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
H3 200 container.html Show response
b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5293 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/pubads_impl.js?cb=31075547

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:58 GMT
expires: Sun, 23 Jun 2024 17:04:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 930A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL6SGguFe9WqiyW_HLneki4&google_cver=1

43 B
114 B

39ms
27ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL6SGguFe9WqiyW_HLneki4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNUznaJX8_SdnkPaOwsumWUUFWXzG6DI44RgU3eCyNGvN_E6f480yilc_IyRL2ji0z7YBeVXEz-7PCWkXPeV_q5D4Y_RSn9UwSWVX1Ek43z0BO2Ya3fuLxxsat72UIRc_bw0BcHBB8QYQWrnpJ5GqXpyBkEyV02kGbnY67qI7NkSlJFZtuc
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL6SGguFe9WqiyW_HLneki4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 930A 43 B
304 B 80ms
26ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNUznaJX8_SdnkPaOwsumWUUFWXzG6DI44RgU3eCyNGvN_E6f480yilc_IyRL2ji0z7YBeVXEz-7PCWkXPeV_q5D4Y_RSn9UwSWVX1Ek43z0BO2Ya3fuLxxsat72UIRc_bw0BcHBB8QYQWrnpJ5GqXpyBkEyV02kGbnY67qI7NkSlJFZtuc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 930A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEIWUbLTbhiIZ6Ey0wA15Yhk&google_cver=1

23 B
163 B

94ms
55ms

Image
image/gif

104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEIWUbLTbhiIZ6Ey0wA15Yhk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNUznaJX8_SdnkPaOwsumWUUFWXzG6DI44RgU3eCyNGvN_E6f480yilc_IyRL2ji0z7YBeVXEz-7PCWkXPeV_q5D4Y_RSn9UwSWVX1Ek43z0BO2Ya3fuLxxsat72UIRc_bw0BcHBB8QYQWrnpJ5GqXpyBkEyV02kGbnY67qI7NkSlJFZtuc
Protocol: H2
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Sat, 24 Jun 2023 17:04:59 GMT
pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEIWUbLTbhiIZ6Ey0wA15Yhk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 930A 23 B
163 B 132ms
50ms Image
image/gif 104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNUznaJX8_SdnkPaOwsumWUUFWXzG6DI44RgU3eCyNGvN_E6f480yilc_IyRL2ji0z7YBeVXEz-7PCWkXPeV_q5D4Y_RSn9UwSWVX1Ek43z0BO2Ya3fuLxxsat72UIRc_bw0BcHBB8QYQWrnpJ5GqXpyBkEyV02kGbnY67qI7NkSlJFZtuc
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Sat, 24 Jun 2023 17:04:59 GMT
pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame F594
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL6SGguFe9WqiyW_HLneki4&google_cver=1

43 B
106 B

137ms
125ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL6SGguFe9WqiyW_HLneki4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY8aj5xgEwAQ&v=APEucNWG5Myl8N3H93rDN96_XvoE-VYcGDY0gzXDPpKHgTiruD4QYCB2RGqwSaZ2BZVUjDegTNELytME4pVQK0aNeMI8ohjpMlZRCuKR_OXrgb7s8vuUSpKE8f6TdQaJYdB4jOcirYtvDwttJu1MzvvjD9XbltAKRjo09wjMl5V7fIlHrmkluNY
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL6SGguFe9WqiyW_HLneki4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame F594 43 B
120 B 76ms
27ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY8aj5xgEwAQ&v=APEucNWG5Myl8N3H93rDN96_XvoE-VYcGDY0gzXDPpKHgTiruD4QYCB2RGqwSaZ2BZVUjDegTNELytME4pVQK0aNeMI8ohjpMlZRCuKR_OXrgb7s8vuUSpKE8f6TdQaJYdB4jOcirYtvDwttJu1MzvvjD9XbltAKRjo09wjMl5V7fIlHrmkluNY
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame F594
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEIWUbLTbhiIZ6Ey0wA15Yhk&google_cver=1

23 B
163 B

89ms
50ms

Image
image/gif

104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEIWUbLTbhiIZ6Ey0wA15Yhk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY8aj5xgEwAQ&v=APEucNWG5Myl8N3H93rDN96_XvoE-VYcGDY0gzXDPpKHgTiruD4QYCB2RGqwSaZ2BZVUjDegTNELytME4pVQK0aNeMI8ohjpMlZRCuKR_OXrgb7s8vuUSpKE8f6TdQaJYdB4jOcirYtvDwttJu1MzvvjD9XbltAKRjo09wjMl5V7fIlHrmkluNY
Protocol: H2
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Sat, 24 Jun 2023 17:04:59 GMT
pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEIWUbLTbhiIZ6Ey0wA15Yhk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame F594 23 B
163 B 131ms
50ms Image
image/gif 104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY8aj5xgEwAQ&v=APEucNWG5Myl8N3H93rDN96_XvoE-VYcGDY0gzXDPpKHgTiruD4QYCB2RGqwSaZ2BZVUjDegTNELytME4pVQK0aNeMI8ohjpMlZRCuKR_OXrgb7s8vuUSpKE8f6TdQaJYdB4jOcirYtvDwttJu1MzvvjD9XbltAKRjo09wjMl5V7fIlHrmkluNY
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Sat, 24 Jun 2023 17:04:59 GMT
pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame ED37
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL6SGguFe9WqiyW_HLneki4&google_cver=1

43 B
106 B

131ms
125ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL6SGguFe9WqiyW_HLneki4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLO_UBCb3VAYn_iJ6gEwAQ&v=APEucNXCyZsOpaWNtx_kjXKS2cwulizGWvfkd4TZfC65j6Ob4vMfJ71U2kC_uzwlx0lXXY-iNgh3gbm5s1lpOGdc1xhmLO1K7zL0FBKOUtOcJU-iwC6207vXnc2MlIxdltS-m7-55RD_njMCeNhF-1iJwrqES_qlfSpZXRLve1qEx1avb0K6NE0
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL6SGguFe9WqiyW_HLneki4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame ED37 43 B
120 B 66ms
27ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLO_UBCb3VAYn_iJ6gEwAQ&v=APEucNXCyZsOpaWNtx_kjXKS2cwulizGWvfkd4TZfC65j6Ob4vMfJ71U2kC_uzwlx0lXXY-iNgh3gbm5s1lpOGdc1xhmLO1K7zL0FBKOUtOcJU-iwC6207vXnc2MlIxdltS-m7-55RD_njMCeNhF-1iJwrqES_qlfSpZXRLve1qEx1avb0K6NE0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame ED37
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEIWUbLTbhiIZ6Ey0wA15Yhk&google_cver=1

23 B
163 B

126ms
87ms

Image
image/gif

104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEIWUbLTbhiIZ6Ey0wA15Yhk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLO_UBCb3VAYn_iJ6gEwAQ&v=APEucNXCyZsOpaWNtx_kjXKS2cwulizGWvfkd4TZfC65j6Ob4vMfJ71U2kC_uzwlx0lXXY-iNgh3gbm5s1lpOGdc1xhmLO1K7zL0FBKOUtOcJU-iwC6207vXnc2MlIxdltS-m7-55RD_njMCeNhF-1iJwrqES_qlfSpZXRLve1qEx1avb0K6NE0
Protocol: H2
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Sat, 24 Jun 2023 17:04:59 GMT
pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEIWUbLTbhiIZ6Ey0wA15Yhk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame ED37 23 B
163 B 128ms
49ms Image
image/gif 104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLO_UBCb3VAYn_iJ6gEwAQ&v=APEucNXCyZsOpaWNtx_kjXKS2cwulizGWvfkd4TZfC65j6Ob4vMfJ71U2kC_uzwlx0lXXY-iNgh3gbm5s1lpOGdc1xhmLO1K7zL0FBKOUtOcJU-iwC6207vXnc2MlIxdltS-m7-55RD_njMCeNhF-1iJwrqES_qlfSpZXRLve1qEx1avb0K6NE0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Sat, 24 Jun 2023 17:04:59 GMT
pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7F38 0
20 B 42ms
42ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=566066902169&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7F38 0
20 B 43ms
42ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=566066902169&version=m202301230201&ct=76&x=1&cor=6750004804482573000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7F38 93 KB
37 KB 61ms
60ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BA2ez_zQxr6W8DOeCD25aUIEI9xsvs20Raurc5G2mFdKISpTTvfvPCJkhgYarUER1Gfw_cUJigktWl3S02pGfzizZPjSrww_2QmQ1Kh9F_VIXzXew&cry=1&dbm_d=AKAmf-DC60K4ltC2XTaVcQRAzfIacm8XxaxNHOdklUC2_w8JtTrBm9c20etbzjxGKAiMn3hdum8bqfHxJq8UsPn1fhhAuEs5yC_srsJtD8MHikiUa11I8KnA943eL39wf8BrdgrwXzWtm83TmK5AQT8JLj-rBdaB9BoQj4CbWyVeYEbfx2FMTsVhwm0_Ocan70qlNp4otwZvBwbhm0pE1GUkfeqgSFfUiCYhjzvni8qWyXX1DdTKJBdboNhyKKRkgSSN6miU8QtoXNbUek4kPZraa8kMMQbxpLSsHBfYO8vWd7IbFR1UwByV4YlR9nBl0e-CY8aJKa1kDRNFBMkbOwLy5DrRxWbkBCJ4JNeROwKvidzIGLHkTwNc0OFMazmJZiWhsTgqQ5sBGZph7kPmiQSMObSZZced64F9coiRsxChzmuVsLoQ8XCvswm73QiGVeCwZLIoY4B6JRP0GCSrbTmLFvCjMlQ__mRFuZzPLjv_K2U8c5c3Sd3lHzkPPZUQFtZ45F2LTsVM01Spo612lMT3Nwbtqec5VQxYLeUvDJ-f9KHiIyhFVXmNcfSF2EEKrMUo7frL_VfZYYdm95srHSNl7C8QBcxvxdL9jHGhxYwNsoW2sBvnrPrrJZoY1txSzaP4vjA5e0aQA_G-sYn8qP4vcbCIZ6MA8kddK11KUfWPJYUQ2sMs-eaco7xUDKBwSuqJ-wWs6RBQFN1AOn7kByKp75wSy49oOrXsTnQv_AijPf3thqft-uBosj_6fBmhQDqWKrFue81F_1ZhBPbmck0KFlEBERVNRfmw1fxqVQrRSiBUTrMe8hMuDPMQHruj9QkzT0VmjA3lBz9N7Dc2XsC2eYdLbaHU-f7pSJbmykn8qQoznBjmnaXuW7HPXLSkuzgJ8R69SsDO-0M_OjhwB-GPi0LlXaBjljMU-SVK4QGxsdUzcbMStMHUpihuyhVaRLgU-LHQVKRAgJ4pwflvxBHhW3CSfHoER1euwOJ65X9BNf1PuNWtcwgaTrU9FrKs8q3W5VsEu5R9bkwHCMWxXIUKTS6P27a-xey5bNMDhgnTKNm78xrNB6ke3Kp24SRw1HFhXAapjX4opFlLxBC8Cecc86-MBcFYsOku-xBRvS7b5j7CYZOtuHfFEYxxCiYXbMXCxXg-54MMt3o8nhXZ1gtCXZuWVl84wVZKTyjhbzZuK-_aSrpP063ygMh6Zq6K1EdoJtPF1oXMQg-uL0DQt-VU2TD30xJamXg17-x4EZFcn5AzChrXzWKvxKnqyGgJ_3DWkkVlbadKRiwFdFLx6bNV3gm220CdMfhIVVRfImCBKfnJfmP6ya9yG8u42ftcQkKnuCfze9S1RN6Vhg_jCPgkaR1HIeJI4rdYwflCy6g6SurCRlsJGIxJ2g2fa_AVgJY0K36m0tNPzmmS0feo9yZX778O9cWrleSFPxy6ETpDUIHMSS-RfCWJzvrjkqlb2xwgYeGYYxJ_mLedpNCiuuePzLbb0PLQuazQKhhuliJVs2VNEGIXNV7GWjB-ETpUVehVHEAoxSSTEfegcPxnJl7gfyAgziESVKReZ0trlrcOGbjHnnZ3V2stl7DRsHeQHcC766xXlrZoS-wg_uXNC_99PducdYvUjop7-5vDeWBMC5iRrsov1PZFrEavSEnIbTGvYxnlLdynsMhtM9UEbnr3UHB1psgsjJ80yNKkOtKRsIu4QmMTCaiUQqQuvQlBgG-n0d5jfnkjUqXBimS3vOt3JSagljJdJBdmJcbqv7J4VOLLzjIHZkS6hW6szViPmU0qGdT19A6vdWfDBMKmyAVELpxCwB4o2R22s13hlAXDsq3gMOvOZ8jr-bl-Vbth4fVWA_2SBIxFW1evyjZTQ6F1Z84Op72yvZXBQPdlRlbuNr0FD00C5PCmUEQPn6gs1H20jG1Q8gerntTrjye3Ok8TMO1mVzYtPHB0uBuAulJW1Ws8yI9RZStpf2zC5QxPcwGGXORYxN8Gg4yuPerTMs_UEoJzBm-ErucGf0kpsTm0uzMuN5hYTUr6C77CeAl68dKY4oe-dygzP1uGDN95RhOVpqeV5QQKtglCw_FEgsr3DCh1EZOtyHGz1TqT28sMZz2p-1HJKtrEpmDEGIR1zwaYATFzEqDsuQdDjVeIX8UuRPqRZ6MvsdEDEb-y20lK-b8mJh3ZoipNAb4Hfy3godOBpWdxnqdiLDAsnpCQ1eRKJqHXqa4z5JjMfpHgfqVgJwBradeCkDoCXkvmNTjPHiQGBhgoFiR0chUKJK99doNKJjNgDqZ-wb-i1J8h7xlriuFmhxHrdKK3gVzdUJUX5sglENPL1vpZi30ufji9Qkjavr85Hs7svc8OI0meml1Nm9IESorliAlWVKVTU8O8OQaw1gtazxPKY6-h1H5k1tP6qwAHJ2juuXzRVISGxRVIO714p7odykrzzfA1nvajhbSAI4M7RAbK9FmrxJtt8-P1ysSB_gDMEVXitajJlk9YHeks4TOd0WVPkHBmNlJGK8czNI_KqFiutGvhnmQft6Xh8AxmmSqpuTgOXu8b7jaCZdCOuwO9AGrT4V1D18fJBm0BVVzS2pWpekOW_VjFFauT0WHHA81C8cHODbC6C1nqAGcvldjyxLircNgVSiwhNnY6ZD9CT3HrnA4C9c5Ej6uXevmiw0jUZoMJrkUNNP9Hh6u85A9TrniOHmymFz0njHgip1Da5rHXNXgoUQcgfxaHQUsxqnSOTFah43xA-7SPuwJleFeyza5-kW7ITttSHi083wl0JBdsqF7a7Uc-W8BqPE4X-an9vWT3kESzzBW1VLLtYC1ilKtbCTlr1mqkQc4pgdv85skqp8QpPX6Tl9xu2V8DeZHTBkVnn_wyWLMqkbNONuHrXgyAHmBQ0hMJ_qMfFPkgsbaIMbtiFielINg3s-l3VIv16n82WVGMr56Wo0dUuSzrTWXxpDUBuBrLsdgeV0wahB_3GGvakxUtI-0cQc0jpYjp0msQbwR-xfx8WRKvAZlxJ30tNa_8g2iJ2jiE1jUx0Ts9PGEu9VflmezQVDJeshZqrIa9-fhurAyAVDppwzwG5juG5u5z0szJDKNzKPkoBxBhJIOFsYVd9g7qIbh9qJNsz-tbuv_NLaicPrFc9xTgRiLl9McLAfLlxyFR-IWtFt2XPFvjS5jjnh262pqLFWPAMIBUtgyihRkN512lHah__JO0Jb1mt8XDbpbYzl17ey7rDnwU0yk1cb3DaXn1PvCKToy6OCcWxRoDt-RzCpTGYlmvFs1JDRfIRPFYyVEEMUg8giBP-rgUgfns80xTyEQhjhOz2rb9RVaud6HKeCh4UH0E0gLoZJW_FBhnv-msjQMSPc9KqFDKIqHz92sGVCfUaGNNKavwN3RqA18XvofUQdz12kdR0iVWTsuFOQ27oovqb6fHpSR6xAFTY5h2WvADWrZ2PKNTcvdooYSU1DX_QYYj3D6wGf3ANmLkJaOScijpGJbg16jP2uSeRE9yLbAlB3bdebrGFAS_ISyrFCMIo2xHgJn0U1-egJn_ICETAWUyP1x4hI5A5ctF0qroZ_8nK329_I_nXBojjVSJMQtsBbfdF-BLqymna3n_q1E4xUhuxVbjfy6EbSdZBkdkpApL2_pm4O1qvJkhUCPilVrqEMXI6xWXUNyQByER3KEbZqtsipjfcJ86d6KIYyikN0r7g2zr2P2EZ3JCjf9g8lWVKgNBZUd6xjihBSKOSAAP6lFPpZ3vvLNdM_eG_NAsycvFXxU4qcsqbbsPtBVEkCZ_Pm3B0DHpSeEUV2yXIDU9qyMV5g&cid=CAQSbQBygQiD2xUH96aj323EDLGPJLS945KebvFjVTsiqv7nUjPKo7CIzGfFbaG_kVvhXfmWpP0kplvOyaNMPQ8wKp6HzXNfoTV3eJXyQt_GZAwFunttgn9opCkVQXrm8528pI2ofcoZv-hayLh6R54YAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=6750004804482573000&adk=1599433117&idt=73&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1952a4ce15a2d6bd329c3f512222346d2bf9babbed49c8d2f25faef086fc95c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38289
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 085B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL6SGguFe9WqiyW_HLneki4&google_cver=1

43 B
106 B

124ms
124ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL6SGguFe9WqiyW_HLneki4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNVBBNQP53dSjgdPf44gg_HJ7ZnmooCyvXi7d9nnyNsz8v4r0ps0l7INc3NA4_hMlB4d5TH2b1N5HwB030lVc3woT79TIwDsbTRkeb9_rqtA2i3-7AfOWPYnVoPRwJtB-Xc2z_lZsG86L18ZVPwU4vOp4tMqYCgoTcvpmVZDUia3Ead5FOU
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL6SGguFe9WqiyW_HLneki4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 085B 43 B
120 B 156ms
126ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNVBBNQP53dSjgdPf44gg_HJ7ZnmooCyvXi7d9nnyNsz8v4r0ps0l7INc3NA4_hMlB4d5TH2b1N5HwB030lVc3woT79TIwDsbTRkeb9_rqtA2i3-7AfOWPYnVoPRwJtB-Xc2z_lZsG86L18ZVPwU4vOp4tMqYCgoTcvpmVZDUia3Ead5FOU
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 085B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEIWUbLTbhiIZ6Ey0wA15Yhk&google_cver=1

23 B
163 B

90ms
55ms

Image
image/gif

104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEIWUbLTbhiIZ6Ey0wA15Yhk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNVBBNQP53dSjgdPf44gg_HJ7ZnmooCyvXi7d9nnyNsz8v4r0ps0l7INc3NA4_hMlB4d5TH2b1N5HwB030lVc3woT79TIwDsbTRkeb9_rqtA2i3-7AfOWPYnVoPRwJtB-Xc2z_lZsG86L18ZVPwU4vOp4tMqYCgoTcvpmVZDUia3Ead5FOU
Protocol: H2
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Sat, 24 Jun 2023 17:04:59 GMT
pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEIWUbLTbhiIZ6Ey0wA15Yhk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 085B 23 B
163 B 117ms
50ms Image
image/gif 104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNVBBNQP53dSjgdPf44gg_HJ7ZnmooCyvXi7d9nnyNsz8v4r0ps0l7INc3NA4_hMlB4d5TH2b1N5HwB030lVc3woT79TIwDsbTRkeb9_rqtA2i3-7AfOWPYnVoPRwJtB-Xc2z_lZsG86L18ZVPwU4vOp4tMqYCgoTcvpmVZDUia3Ead5FOU
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Sat, 24 Jun 2023 17:04:59 GMT
pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1484055/72040526/ Frame 61C7 244 KB
74 KB 130ms
33ms Script
application/javascript 34.250.56.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1484055/72040526/skeleton.js?ias_dspID=64
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.56.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-250-56-160.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 1171c8807b128697ca1150b8a948d3e263e1aeb53f7eedc43b2d489e9cf33e22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 61C7 172 KB
61 KB 55ms
15ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Origin: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11544
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 25 Jun 2023 13:52:35 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/ Frame 61C7 11 KB
4 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ARRDXqFK3RKEH_j8KHv8crR-HrXndBqEekK5ql2ez0FiodxWdExyBFswErOD-WyNOHgh5fUp52BNq__D8Ou1ceElRXGV5Oet_veM-UdkEd7vgUOHu0xb4Df6MpoqcGB6k0DHA1_iytCgYzKqnSNTwxRyvLuiHyq9VHI-0A5QQ6AmACrGY&dbm_d=AKAmf-DC2p_3XU7EBuz9JukolN12HD3o7SeHxdydRxz0eBPYHtl-wZl4yOIG-9rQIM5kf8lZLD9Vdy4ew_sxm_Pm5NN2TeaORijdDel7VMJ-8GeVWZ8LQB9OGMHVPzpiLEtPlccWSrC26zynDNFRWUK7-WqCbg4WTllK1WbVxos-z27Sy7E9e4EZCnoSS3WgPW-aVsVgp9tF90WykNLJSXXfHvrXR4LUCk3fvdz9yBLykmoFaI5je-Encdd0wUsFA8wINHCtnB4fHwSixTJePPTjw8FVPz8OrvIf9PEUdhZs8AbahcpYCY8dFzDZwyHuYTFwv9VjZpWjyZB-gXgQqvdEb9lnE6vkgxZJH54_W9ctOSqALGJJvldpvXwjXjxqwNyAvzTcUCivIJy9nnzNxvKKl7fI4HoFsbJ_2eA570DG9fJHVw5l1YpRywj3LEj3Vuil-L3dYsQHGi5btBJR-p87PR1UnBCj3xWsnZQNs6sBRPnQuKQBjwsOb-R1sgPvuZlT-uS6j7AYq8GwEg1uc9lOpVKiTDjyBRlQO4BncwvY_lOOYp6M0pHUb6GGjnKFl7PiqHxyaFPGuK3-8SPavif4DnVWUvHFSArptMuAotG_kWLSquaUZ3KDfs6qjju_l7W3IrvUoYVc13weLR9m47Ckh0NB-T7fhZhOeHGDSCsnQsqmsKehUDvrOeRpWI0Sy2En9x0aTNgsaE1BmDvIVrBKhg1JC-PuSK5BGY-TduMEuF_xzzeY07LkE0KqNuilP9LxhpweRrHwS5hTO-b9y7A6LxsEN-GgjHSRTHTbp7yms4iDH35zQUY3AdeRqrWKIsTcrqIXdLlQDt-EhFAYTdUDUV9kkVq_0_sY08HqQFDGRX8WPDeSSFXQlwEz97IHg8VbOragIbu3QHzkXj69Z5KASfg4Xt3NiCb592UNt-cjqqmXFl-2VioagQUu17QcNeTtgE6Oi0PTOXTaKI2wSTCJU-9WxlYZa_wVugdfw1RS9dSDWHB5hw-f4Mun6RaoDVD5RehpmCX8ui-dIzDQvL0XvchK0Op4_UTbpwkzO0lkj7gu5ceHyBiwYi80tDk9ueyOfQxd4qnZ_LGrOFK8v6BK_5YfWzw9a2pMaYN_cKVty18hxBhMMkMB1-C12bQj0Z79M6DyFyWwc1Tfo9k_pVcgBgapFEFvMhKgHz6bqBYlr7gVaUZCD4KbfxfYNc2qmrTfcVCpKy260CR-_ZpwD_X6RaCZ717iakF5pK2md4QbWFtpFaYhTG1IM66OqCOiNLXBaFHwlILSkPQ1q297tn8cjc1Ag4-bkAcGUf_2OUELMVyWZc8kUkYyyFh6EYMg3dWh34PdFN2nMD5_kQpgT60Wb1zLu_hb6TjDC_9edSa2Nzh1qU7PF4NGu35VwIz27PR6MSfTh4CDSsNo895CEkGx4f1uYHVJbfLtcM1ZiXnAA8tBBNEmc7aEmKyPHK823xyHSn7v3v6R7lcRNvuCkMoO1eSraJIPpPB_MSrqNymY3Bmz6Ukl5P8lA6MRNfvrXuIqgAa34pDWn46_alT4yurSEd7FAKko7cppCNmM1rWEcM2Lke5qK6pRK50S2EQTiTbi3YA6G6sKS3dvyMaIO_70TwpvXF_VtjZhpYKND6LFNd53zEnPzdvQpCecT2tO7qhrbYUFd-TSIAGYIvTpbpq47jAztYdeqNzba1iBpvcVFbyn5Rp0mn7RjoqO1UlJmgASFVl9F9F4ckG9s0qSbc_JSqbr1Jd5CC9Ap6NANom7vecUoUTfgmv7Sk0QXot4ZpDMXZq5TWYqlPSBfaG7Jmz-QG6s0Un95vIsGl6IaaUHRtHUS-FWUb1hI3HraJL7wNp0Du_UA8lLM6vEpk9_n_Cn_lZwK8b3byY1zkeoRrJvOkg3uwHkZdaiQS3jHAgxvZom970oPElH38cvbGlE7axdhKqqEQkShh-KEtuvvcBXi20Mf1Rp4LgIhHzwQYhzhN52Z0NWwSCCVgwLWjtpEIj99dJ8KgmQ_iimkgH-VNgHUevVwBobvMVQlYid6ho3ZLfVy71JsmWgi7LX-ciEGk-DZ0Y67A0Vgx5I9eIlbVeVqIJLThfaLbja9MDN-DSo0aJA2EVI8gDkSxf3wcwS9EAFHRMMIPjpYN8vID2SdPOr1C9Y_8u1Ld7tX1bjOvVro1ApYvD0ZqQHQH5UedIYhHgiBh3zW2aldaVE9kE0MWWrbBc8BorUxkGqS37HSxunWMLvxp7RNGToTEKxagyhu6wMEEF2vL2i7taDPjARwHc1frJ_8SCPeEQM8sni3FjrQ5p0NIzELdqyTNPYSxLLcCbBWGnjD6Gi8yzxsdvBQ7q2mTjeKB5XVtA9kgr3Mte89KFJWzMWuSSaT65DxRfyiHPJHWN6ql29jaYuxCUMe9MBKPmrbOF8H9cEYZjZTtyddqBX7LV_jtWptelQQHPkYjg_0MFY6rVpkqoJRa7GSWWWAHHmkHhPLa6RkA7b_1D99ux050qcSV7nJzzIB2XuGPAI4SbPqdl9S-Tietwu4WcSoFTjktW2p4C3vJTjLo_Zhb1_Bc9cE9BfLycImA_i-l8kEWQRLF5GC2a5oxyqFWBmFfjZZ6EzxHLgmbQ9uJnXffaCN0BSStk4wekHXsuRX1lPLzXFIog3yQAVjvC5zjMl0ZnEbBtQ6vs0LFuxtUUPVbXfWkzsZSU8uZT23QYUq6-xRNTfAg2diD5vFx68G8-KzNGQ86nKm4uGvK0chxcVkBYP0y5RM2MY-C41xUuQvswcHXN203_Txs0GQmxFzMQ0tUKK6ivpJ-22GbgUQV8XIurprImSEpSsnmzj_1OVx5jwlq5zCiHJnwBREDx0oHw3Rlv2RMtQ0A_pRhX8XApgMYhWunWqa9yFP0tItkDX2sxbIY5MXJpmMT_6HmIt-36FVWWs3MriLwTOtlLGOh-sbS6ikJY3UJ49V4QtgZiZi24WcJ_eiOB-xCp9ktmogOiIAN6JnylQT0HSXQeiuiKrL8bTtsuxyIvd7MBNYXUWVBp-sHs4YoR3pbmHNKhHBTqVAPdXZCy13_9ffGXvTZ17er8foWSYNq6RFo0-rMXukGBai2rGiJxjBPLyc5-UwmvW5U2WxrH_CWOy5dRJS4FakdRdK0FYffXjwOcXyl7sKxXPoVKcaZ83hpSOKByZabh1AxHzSrYQ6zA7CalnMr0Bs1DpiIp3ZDDMmEOl0fEWRG86vuHJBdbiPF5pAlpjvgtZYVxMrbsJ_v3XGucapcuCRDmRXKAwugqM7394JH-Kss65pZMr7X1uXMYEqz8yf1mtQ__OLnpuRXpLMGJwaLHShgNCqIT4GEgtbkuKBw53dp060ATcpyIfy3Dk0mb0J30p6efFnGSrZxcea-i4HAmGYkoN0ho_wPVUnyfKwoK4a6_iWW3HLh8ddACEeDPdgoXJDe83QWojbJUkWcoYTPI_7U2QI-rzCSB_QdXfTwmtJl8Ef-8K3ci4QcHl2rkw1uMeeqCcoADYSMGqmpFd5DLBWd_tpJ2ObXle&cid=CAQSbQBygQiDG0Fmpm3Ylsh0Bny2XEnB0rnGvSYc9_sDrpB3tPQMxbKLSQaV53SnU82HqYoAzL3dGV0C3G6PYCH9Y7GRjxp0B_CZrkFJT1PidP4Ydf2kMEAgBXApm9H1sKUO_bwYomcF4DFvx357-QUYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=15500453450574715000&adk=3468572599&idt=83&cac=0&dtd=17

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:19:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78325
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:19:34 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame 61C7 30 KB
11 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:21:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78223
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11398
x-xss-protection: 0
server: cafe
etag: 3934322099733601226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:21:16 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 61C7 41 KB
15 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 357144
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jun 2024 13:52:35 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 55A6 640 B
262 B 53ms
51ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ3cu5ARjS75DkATAB&v=APEucNWiwuNgi1a1mP4IBbuZdzCcdrdLOdQaJ5jS0WGilh-ov6McruIWnxnkhzSEmqB_N-x8J0ZPZZB61sGjp-MQlD4IIsDhZx47apKrOWZKlDXvbCRrKxxhViWDQKba8Bb_5BOrMot65ZPO54JXHfxOWKBrzbRwsCTT8KHQHJRp1aueLglcvt0

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 5293 78 KB
27 KB 93ms
92ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5293 42 B
63 B 54ms
51ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CmTBMfSwUSpp0p4KKMiXq3-R1jr2pPv5RBNaH1UD0UTuit8SPAc6wO7bdrfJcoZKdl7ViE8Qf0mQibpfTUQF5bsCqvw2J7YSe6JLOK1blaDHkw62w

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5293 0
20 B 54ms
51ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=16510775900314661861&x=1&ct=76

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 5293 3 KB
1 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:48:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76578
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:48:41 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 5293 19 KB
8 KB 11ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78321
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:19:38 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5293 179 KB
56 KB 1946ms
1941ms Script
text/javascript 2a00:1450:4001:80e::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

13b4bb0bb059eee9a7ddf5b8ae3f395e28e7f81918eeac0ec934f3d050c4d0a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57242
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687383875062185"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:05:01 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B7FB 0
20 B 52ms
50ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6036089968621&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B7FB 0
20 B 52ms
50ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6036089968621&version=m202301230201&ct=76&x=1&cor=4074796012635077000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B7FB 93 KB
37 KB 102ms
102ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ClXTp7KePBnb9e4yRMkIrbr5oaWnjuPrlUCXoAaa9d9HHSgNs5bx-jOxjWYVI8Jxf9qLBeMM4MCZA2U8DllMHXxGDxg7L-vGgjhxi_kRaoh3fXpS97Ojnb01rC3viHSbyDXXSF2IpQs1ysfQJ77uNJIyoU-xz0szXBh9x4qspAeAa8miY&dbm_d=AKAmf-BBZC8I75jSLJ6BIKGyjByFrbUVtP3GyK-JVnCrvgk3qrs8IUgn2IA0Sur4rDwvqkIP1Ck_holinYt6bxkyVGzlXDjj3ir2xWwbDrB8wUOJ6JhNPtrQCzvk_tCdcYDdc5c9ZNVmBQ055zWgVLi2_ZVkXTFFD4VR4ImyVpG7m2Rqqi9n3V0gUEO46-PJS6sTa0MqnMOLbJTH8H7gbJmVzhLWnorkZMPbI6jrNP3AJrLCK8eUBTDqYE_ZMQMIeFpPwm7nZJnNXJTaznk3N9TailRXYy3c0YkQXVudY1CW20jjO_Qfh7ZVI2qc_lndvcey0UCD-niYY5lKv1xo1a5InXTp1qNqdYIrdnzSUoetX5vTMzRH2En8EEDo6HkqKKryU9kH-kn2CCI8wuYjC-jUITPgr9Qm0MgaGhVtHdphtOuzVfcab7kU5BJMglPj_S59CPIrRRug5tJVac9XzgcxWTVHocCkA4VqYI0INUiHOtePgNeUp-1BtvNeTg8t1PGKSLqvS0enbSaPpLtKfEsm4EuPkd6Zr4rnXsacmjXno6bV43eX_JoM8qF6nuNzOGLjG6iKPAUwidza2JA5BWJvCzCobL5dsERwNmH2i19SLx_AIctwJXA7vfQa167FZjxdLuyaqvcyJ_9vyo4PAifRps6toU_1LU5ByIwacXQPvevbtOAq0CNFbrhhKXnfsq_fpv6DNoCf16dBOOBtiATvjl1xkCTUYurUT2al0dg61Vi2A3-TKZi6F19CIpf5TTfyJZGh7RP6RW04MWumabf0DLPxDGIotPxzbvF67llmb-hc8DalXtV3doKQoCOD4HtZHm5-CMNtpET_jwPOSR2o6zYzxrOw0zy0hxyrQJoEBakcJhB1_OEEXHLeHLTziYevoKrD-x_PhJlEO_a4pNgvJPpwYs5YKGuWMrs7eY5_QtTC0An0tSHAhX1ruzYALlhzvwLfOKlEHglw316Hpl1RZSA9wwSfXXCOGKC4iP4p02YQFn8MuTQuswTSgeA29N29HCq_YjqyRmO3YCQbCUDXnZs9kBOvYRcAkJlSaE4wr16xGbe4GALNMAphUA3p73q4AgxBTIpLJb-mewu-2wKXqAL0hmKye-1QBLR4wM2JuHEHrH8jM18LDpvQIFz3Oe3GDle2TldnRQSfw0uvOfkifssZpo-2QlNEHKncARZdIepyTjLrhzVF76MVKT_TzTW-S3qlouRvN6HUUh_AsgAIwclg4xm7vBpPvvJWXxTYMSivQO7Ze2BSfNGwSiQ0mxauZnZpjwDUDqPZLQJZZVH1kGW_VGMUJLJxMc2y-1t_T9WhXzyN-RRHuQb-ignhDHXKE5v45DFMMRh_7M3ubHyT5qwUZGFvcK7XBvtnUHsOzQe_PgIHzshkhoflYFLHLW0mqTECT9o62pzPB5VzLlaccFChdIDfFQAUvJhRFfEJIh30mPRQ_usZlxs4Rg07fD3ZaUwlCVVnlicu6Lj9sJ41OyQ7yN1rBqGL153Jtde0fANLU80JD1CpnLUDhv1lewqjdh1IfDvOaN6bX2AmHn1-2hiP7Ug2L8KICETNfGblEcSfPJ2Umy3k_-7SwxzmXtoKPDzd3-YR5ZiJoAh1bOca3qw8XF4u8VY38gBvbSauNB0NyUWaJON_vhk4JT02yS7mAaH3hLdI6Nvzlu1nHSCAE4s-_3Gcq09FvtyAwF2WJ2Wgjnily-xAS_Ga-9KyKpY7Jd9LIRPQStAkkkRQT-rayO5NOPN2_gkcH7Uu4XO9vJ8oQWUfK4GgFg73cFVF6GE_PuYSfIzDSBL3FR_QNFWVmslNy46aPjtOjdkJGGPZ3mkCXBziUisBCUXBo1ac9kyVRth0e2FZk2wPZ0vlBQjFUqqo_cOolsrO_vyPQfaskrkxoPVc-kZaktMeC5wHd1aHLbUXRi2FIBnssdmGHZS7-RzMy4Et8REXpiErMdJ2D01RB0SNiGzrdVAxDCKRwNxyg78O2jlyGOoxh47id_75Jv3BTmigvmpEblYvawBbl_j-elXUQeDyp69a3HLVYOeHdtWOiIxChqU7vqDFC_iVvz8pSKiOhiO6Ir-RX1BFvxO5_Iq1FSTujZoxW3E2R1CmoU2sa3iOfmRHjv5RLmAr1x093wXC16jX3bmwwbnr1qb2mVs4Is-BJghUVIHTT_SDzWHL2Eys6PkIgAZR20fpj01dJ20gyvtIkXkQsnZldk2e6qDeuv9FnJT1-SEdAAFFsm9R49pKqCgXJsVskFrJplgNHAVYW1dk6M20qmqqJj5NG30G_QRtXxd5oCRgXeIo6y8zOHmvDyC3wZ0VU-aHh-jonN517N-X9NTAPvHLOwHQvDtb8oc1erYNb2sQs7KynPxlJMaI3iXo_o_MHRqBeboRCUPUGSsmpxmypqoRrpM6Od29AFBGWeqtCe9hL8FS-uM0C6v7RZ_tLDsRQiuRwqnp1VL32PtNDAA81OOfdTdRvo04F3yEo0GKM6aCK_GLh8oe0u3ANzf3oQVMWg-kFKVgtBferVs9i2-4JlYXqH4v3s2NMTUYA1lLQnPHZwMMmAYE8T_u_lhb07Aar_ysosIhDO4AUVuJZ44agbfI_VPVQZ9AWx-E16BJe1LrSp0G38lzDX-r5NjXp_ZCMNa7Yd3n1VmvkRnJSLdknRVDn30H9RGX-BvqEtibAJcLuWEu2iHbAldTOcyUpHCmPkX5-_CqrpWIt2ddpA2ChDdtdRwvZr7iY7OkhX8fa4njCfCE3yGpv2dQMWxuM71Y81JzwUyhIVOZIMNZ7GCGBgSKiMa4PacZZ5UhdNdz30UsxU9nDJX9OBOC3TPEht1oBJsmFJj8RlB52sLL6rzCUKklzN-zQEOTgB0ye1LHdz4BvdDWjweVPKBMa58jyVN6nGwA-1WSCA6ihwxcw_tuknxTBQrSiqtZQjkU8KPSzXwJfTgjf_xZjB-bZkAf_L15V3mN0QssKPRINETvje2hAwwOQWy5EYqHzVuMmFFvQpakfuFZwcUY3tvzC4hYcbAxPu-mte3UnKbhz95eKJMPvpiTbMRks7wiF4fJVt2k2c_x1PA5ITlATmsA013r331VD6awcNZcO4YEUYG6MWjz0nAmrWXm_XYqzoRqnXEIFuhKbpVnJ6jJBdpJnINWv_dNSBeruJ3-P8rP_ngXtikfb4-mg3e4sCK1Bc6_kqWXF7t7DZ_1aHKt8Ly9nCsb4aUv8F-HeHn4ZfMgwIbNcr6ydXYcXVxdT7s2yIvwBD1LfsyH9PoYejsR_TAHb46rzebvpUMeWdz3ibudTdpX9y6pPQS_terDVnoyGNufyk7xM-rMcAql3Wulz5znITXaFBiQkBhqg9QPFWsHDIHVA8t9m2DNpqR3aUqMA9AlTFi2gaQNIpHLhIoXR1gTwdwifH1_g2KiK3j65Fdq0Dpgx4Ppbpjzj7thXwLMrydsj0kK63zcMrVKUxKrLXJ4LGpNZmZonIwj0vqwMYT9YYlrTSyU4vsr8Tzux0kpVylGzN9joOfX7hhCMQskOhkounZ-JvfVINVKF32L_Jzpu1XJK11Zr6tNaEt8xw-6hNPpy6T0h3UrJZLTvVZlh8MJcCXsS5GgQ-VVr3L_zSlac330IahW8_hLn3K9xXbo1sY&cid=CAQSbQBygQiDuU7sNnyhhquJ9XY9inGbGgTwOGyEuRImlKe4TC9dXsLyo_w4y2wm-OXKpfOchiTXzPrZvMQMelCgj0wYz5JhlKu0vkJgfFrqr4SgBidcOWHcCIgy2knhY8L-Ebb75e78Ik3qNFzE9GYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=4074796012635077000&adk=2465470143&idt=123&cac=0&dtd=6

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba09d9e6a5ceaf234dad260b0a93f357137f70d0dce30b3abc8d9966bf8766f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38209
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DC56 0
20 B 45ms
45ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4305598316899&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DC56 0
20 B 45ms
44ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4305598316899&version=m202301230201&ct=76&x=1&cor=6596198850483686000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame DC56 93 KB
37 KB 83ms
82ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DFIsgv9BFwCZEnx2sD7xM9WGDpwlVJFre1V_PD1Xe2AJmMChTwJB-g1a-ZiZbO1SQrWQKQqRdP2jT6YSakiVnInD4AoWHbX_LjP0YG_qwNS8eXsr9UDENGZjMfPoN2CQY4RNxkGibrTJEzDa31GMt5qsqJktq_sauooCxvf5pSGOWWMP4&dbm_d=AKAmf-DtOsQZ1LepjBD64uw_UIkMcm3I3_4ueaNJKYNnb2Rkn-dwZkbeWRWQZiqWau_kXR5BZg3tc9wLPeoMclrp2q9q9Ezcrdn8Y_pButhKyJpT-5R6fAWDni4WSWB1mWf3uQJbcPtld_5U9TV4o6u1kNMCQFRPK9i0kZrRWuZzwa7TPCoWcPoOSeatVAzbYv-i2rPTXX18RQ-OjpfrbJwZx5wF_lH16-EJl0rLxzUjr2YrFrUPh5XjRf-9L82kQQcUUFn-dvYwR2MPsIETYi3itEdw1ljwZRuP6zrXEwoFvZZ98cfbA-l5KGHXbgob4ORFd0j7b5__upyZDv1uqR75JsyvndOAuq8LvnfC9xMXiBF0KkA1ewXVvGe3y3T2LQy4pGM-NCGQNyrUtWyBFcU6oWqui5v-4Z-fNGfn1EmPt7NAHF8Tk4K95Bz6Th240qNTdcu4n3sIR3PTfUyGxsHhZxYoec_K76WpZlujwPx-YwTVbE9HJx8MN2T_p2mKABx_wXEjm_DV4gdhgRUjxxuGpIPubuKH8wmQWGXldpewNx7USBSvMMMegE6GoF82KS80LrIR84liZTgv75fEiMUji370EMMEpAmYWXqBxedZvsEFponkEeDTxyKjsp1LNry53tCqSRCReAnOK2XzKwWi_edAMEI9YbzNYHXvk6p5VqVYyycljwvpZXE5AmD4IaEJO8Y-ebgnER-FFlHYqfbmZvzI_e6t1iIVp3qq-dzNFDMnCM6dk1rJfXI2-xQES1UsXtpGotQMyWZN7WLKSfS_TDJEfq0-9VuitZXgI240ZnNLhE84G-8biWtIAq1hNhCoYZOP2GB0WYAxDvtlwMT7zFNaYMASN9CF_4guV7kuambJ3D8smj2r467-lXXFQoyUNtYpwazb-YvF0umTh0YxtzJKQS_Y911RiQGqrj1xPf0lVs9pFcVump6KTgaNEJ3fYgYVRCtEVrEi-xLPEwY03YGvoxSD5VDdSY2QOs6kuWvJGNwMDYo_vrJ_dwMSakpm2VMWsbzZ3C-IOn1R9Uze0LI-Z4zb-Oznu2zOPJFDdTePpK02Mf8c3U0P3mAE96soX_UAfHdZ_kry788CPH6v8gaZqO0qBV9QOIQsFGB_H_gA5oL0t1eY4GJ8JPTVjsiFh6mTW82q-I74bFnkeSxsakStb5phDiZivkgjwWd9nRUzFZJyGawvl16olmPKUr1A4IAlcfRlcR0Kq-3Mk0dW6z0-s8s7F5N6J9k9jAcXpO-azfDaovXQyJvXlQtxjvGySKLCETIOjjEpUSOGAiId1dLCWjduYH1VpMu24_amwG-yPXf8NLKKSNIjO4LQZwUWQ-Sa-3JS5k0VdmElAS5qrRVIA4ist4uNkwScINWq8TBvmz-0mfiBNL1vGvOVnEvQrB_q0rcD3ArALfSt-6Y-qmMXljhPQT4ls8xoChOQ5ehCQJDrjDNRsGAgTgoMex_d2dwP1KbMrU20R1tfS7p1gfhIIg0wO_yH5iDy44yD8nO39a1jhqzSzXpQsBB67ZRTFOTxr18XxOtWWejeAfi0RlbT33uLMnWqu9diZMRWlleDy9QIhI6gGlFrXvFfit1oxroql_TG3lKd1SzIOCmoiUKQfeTWNO31qIBIAm5gk9btgeg467V3l5fBLWArkIYcL1KaSYFt4JCdLWuhSHqu_Z07W2Uuuj0q29pWN_r95iR71vClSfyVkM019rwttcJ1L4f8EUnItcVbUPHnlUrn1M2NqXKOKmq33x5Lz2QW69vl2Ox4UB-CbxiS27ztRzf6qij8j1b11hPU8fni2IN6myq9uUrG-aEIdvK-L9f7QNOaC_donWy6jboM1s5Vkp8O1IYW4XtfaEF7fIlRACNwO2d2_DVVuG6FdN3DzhJ6TfgVTO60cftW5chKXdt9J66VK1Fb7u2nCgrTb7Nkvx3hRoK19rpSuRjiVGzuw9gUS1tI20bScB9fmW_DTMGJlNFZaIsbDBuZOMpzs0di6et1ziSMnhBbUeW1WMorccB0NWEsceyNF4QCiaP4Lln3hUKZNsa0beuqD_FaKzQWX6UFsZfEonJay1JxSDvrjnQiPAtczrRxDekjSUgb00VwrWfYIVFK1s8mErMl83FrM_6eF0cDJ-pP--Q3FvSBC-MqMJ0E552EtzXZH1fVJKVRg1gARx9D1uph9kGZF-nWgqlCo0GelGxRKpc5Sh_iy-qobscHxU2FFaGvoWpYUdL8hEJKwPdTsO1_osHEsV5RcnvSALqPlPW-2N_g-g6m9OtmiHmIwoc0eRXLqkHHFz4SKKwU7v4J8Z4o0cVSE18zpvZD1ceUQ9YzWIisV8q2Fq6Ck3aIKAMk7s3XcHyzzebEuK0RraMCoPqEKLrFIkWLMZcwadNgmyEeOM8w2ZlovXKf63t8NLQkAEDysq-pWuJhTW3eCcf0gxTGKi2Md2pvTLw6YaAENY5QJX3s9NNlBmk37Ox-zCgxLb3X3495Lqisgfk9b7kfwkyR2ADTk9rxwx7WxSqEwCKWs9GJ2ndCyHPl91XtmRKbDU2k_ZJgHkIv7MpAH3R4OwpyKTAqE9IbgrELerrB2-kknOUMQs4NTATLAA5iy3zRNgTfOBhLcGf4XM3xyzgrjlupzAcsC2jCJjC_3nqTaDdPl6RHiay4asJHWXHwPz3AxQeE2e2apD3On64FUUxeMy1qIsPvqs0hZs8-d17R4q82tqO9GEf8C1sZ8Hs5bMDrYmWJWIWosK0o7uRFtvSiwUUhhND_Fs7xO3yJLv7Mo47tqdURp4_S6BR-mCK_aMj-q4F_K4oh6MZJV_-pJ1_8zOOUzbumR6AJlGkUHx5QMkurUEeIuW0FTplCXgWJeo5M-UZWdng2IXt99Nqa-PtNW1FEJviqNR3Om1JQuW435973H5KERMefFGMbjSJKk4OTDLb9-G66WqyUQBSoCEDhwoIV7h7hc5EVPvPZeXA3h9jmt_k7fhqv5sUQLFjYC4O8grIjHhPiq-BzvvawpIiJvzHGJ1E2AFMpwrFRF5-s5uGNy3oqSgzz-maIZYc51gSYqwtHkDjRgSLCHrkZzYA05WhqIqJKKq-KkHKh00d-ZDBBFRAJWvNVGSUnPJT22j3u0I90DxHIDioDnm5qLfCIE3lK1ynCHTTaqH6dqWPLwSl-XAq0DOL4FQI-TrjThrI4VCK3bC5DK7k_lFPl2mGIC4ibbdDFP80UfhTyXauOsbxp8SEFCYPOWGLozDgNPAjyEMIGb7DWpatzJuI_vYQl6OcyieyEoHPmEZL7bz1ZF2sW_ZovSC-VqB6tsQSLBM6gP3BUAaJd1RlBbqS1RJeyMcUZlk1-bDlmDv1l-hyiqA_5l3EhQQlBarwJRG02A9EdksXBll_6Jn_H8T1k_ITTptMz1YTvHdyXGLreNNRlNtiUI9rU2mjf4TcWYmws-pzPYmV1U_qdcOBtffWMtXlfdjNx86ThNMU36Fm0zrLgsFonWSE4cokGTdNYT0OOjcdUfhngmPXdO-Bl4k3NmMv9preFfJ1Bv9MCglSgQdUfNKdmfTrKoJ3Ta7jGzTSr_-T5QtwKUAmKwwcx0HYCRvOynKvNLAz-Ym7cbJwItfhP6MebtpcX03fJ9cr93ce0BiEOfEi68hSwkgi6-4yTuz2uv24plJOkIxCI-vc25jSEwvOm1BArIwHnTiYYqugnP8jW2G6MLkyRzEBT2w9Ybub-H2_MSbMMRDaqXyC1OIjXQI_JKdDk0gmQ2D7Nh1ski37HGFzkvnQX_xYpDXnzVoMgLEU-IYEelJ_IU29HCHhjSrCqHIq553VbrVyee-8Cn4RFvhw&cid=CAQSbQBygQiDRcho2pdN2-l1oo-cj5JmgCafsCfsiNnCk_yxFjv3Uv4E5h1z-lGKgR3UpOMbdWYw5WhjfTynuNMdqkj_DSkGkm_fLwww8zKftEdPIisZ7sywxh0Qs0i3RGPHo-eMvYo8pSMh6t4EUnEYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=6596198850483686000&adk=212707235&idt=112&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54898e3d3f6c366bcf27a7c00189b9095d79188fd8f3b688951975b989cc4063

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38183
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AE79 0
20 B 45ms
44ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7269425193743&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AE79 0
20 B 45ms
45ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7269425193743&version=m202301230201&ct=76&x=1&cor=16964022107142402000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame AE79 103 KB
39 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AX4waQ959SNrDyQYG6YUx1EToGQ6-w4jkWQd4c5VvckFZ255wvVOSumqJRvvYTqU6dhNYrtk5u4J9rlttKgn_FM17KxDmCqqWoDBYT4eBXS6potAcwtI_eXhVuEZLxVnE8hX7uT7t-bahZNeOni-kEkHlBJBpo0DdLeXWBRUjo8N6jkXs&dbm_d=AKAmf-CtXApSKAiguHF8VEz8QpSb-elb0v0FZgR4DoQBbOmiAH9-Ft7p4dgrVeZld7k-b-I9P79NGINF-mBSaudDUd1tG61zZT7Zt47jvsIllKucMkyH77p8rVYK8ECaWRvzPGeyxjBhcsV3e3oRLk7TbGZ0lxXXx29suqx7MPv6M6wTrmYIhT7wvxdEIbZIwB2-YvQQOGYpfmSO7flPOXCCW68fbglWSsjNlvmr9vOSLOrL0bksf1MoSvKf98WVKjl9Gr5lW23mIJPDOyR4hx0VouKhpYnzTciqmH1lwgqLK9rL4vFFQv9JyKAnsM0XsybTqwoNvXSUQERwcw599IAxtmL8CYAtPjOTh83Qz7gwYjizwqGdvTISlegc3QLfP3FQ8wuZRNkeiLY9gF5eTh6xqMkRHApgmmp1RM-43tFLAcfvLeha7ev8SKWYC19ikDeuK23vCPVO5v9UllJAoW1RV0rtLCDoItupikiklj3yxoBh6kvlFhjG8QLyn18Wfzx90db5cN1d74_ADOxM0BKvNL5CjFs1E-9-Dnpo_ocXhhJgwfAssmXeLQUQ2ll5ACMKsCXnzvVLrzpaTgIw4prMVchCcysAYo1sKHcUyPkXGm5gDWE60WSISon8AAFxLp-qcrxFrnO6Y-XzTjX3DwcBH1XbTieLd9VHF4XW5SPXTtt9Q83gpqDpZr0jYEWJa7NM_HlFX5kQ7femcjVz8ylZuYI8yQ7pK3K-YCWqgf4UVvCuCdTxQBearAy4-llvUpkKq5aWc9ewxipSamMVYuyna3tEuSzWJXdgLBkGeManP-idBzQhElPrBLn5FOjWcHcX393HECkvbbo3phSMDwmQ_jVqEAcDbZsamqXUUSz0lovfVS82_l5KhZwdgZizWU-x4_a-SLKaU5Y0x5ioCihWguzEO_HuH9VMKWiEd-0a13-Mzt5vJwSOHUNUrA9DpcCaXzc2tTa84pNk5bE31DM5gcDWImTUw6g4v_OVIu4IlkAMl-b5mEIQVFeFccSacp67DkrH7Jj8a4Ib3jadyaX3owsoQVw3JjOJ3z3d5OHZXPvSncBGW_EuuOxPhJV3Mo4hD5OXKVIaYmNMup-PCBLZvz903B1kT7CCvNZ7ZiQj4-Gxy7kN9LjVNlz9HHk_N3vD0mb0l3fx-Q6uYECVlSO5sg1HyooboChw7ZQy1gzeZwukHXcv3PprIPZqGq0hYx9-fYc-qKpVRRsF-1Hn5l1Arl9V6BJBhYoQGcwTuDiLp2Um-sceY66WuhqKGloqXUSJ1hy30ZCEwyzjyVrW0A51O6HtyZTpsFFjmMCjoezHkIQk5Kc6s5AFnebfUobNOVAA1LjZZL-C3rHwmf5S7KgulFZSPvBdO8ujoTiuFE9NjUDj9YQ9-fwvgzS6FQaSyAWDIyCcbAOnhbsvf5Xn7vhbuYRjhAgsm6I6wgtJaB35zDxgvh-n6OMHavZKdlvIhQ_ZRBSfYA8vO5u-TstQbc7IzvCRtU0g_vCbz8Noift91SH7xDvkctunfSMi6XIBoSBx7jyDvidLQxtuszLv2SNwRg9p-UqB6RuQT9cSxNKTm_ur6O7tmQK1AQNJVCYgOMda_kvRG37J8YUOjIwFwgyN9qPHCYQBclnRSwQvDfuNlHZs43GEC80HOU8bspLvPSwWiRPfb5qdmtLztBLdyKsLJQ-N-az5cLhgZWwhuJXE0_eFkHDJekhNzPxi305Br48EOg3L4KX_iLZvbWor0w8v3DEYAjByT8VIwWfPHTXdRbY1jPP7JvXN0k8Kt5CiZl-MDs7-XI_x28V3CXXZ99QxDaoC_PhPr3dXJMujgUFSzYW3RyhmA4j9llIYfBMo08-9siPjZFFSOLu4rFt9iVsSlOVqpr_Qlqbyib1HgeaXc_-xyVA8PJXt4xu1A6-2HEJL57Lnupm0fU65jmuVklEGrv58C6MuzgrerP0OGttbz9lbDnTbrwDjluFfXmtULNKaWHiGRY5sludQnYVInsUIXNNXgfEBbJ87ckggtz14PU8ywKLY5YtxvPigK5NsL_VRvHSeEsVvzipp_bA-aKzq8mxzDJ1CB7m5f_tVufMz-SHTFgCONxSz1CGi5-oFHWrygR_5yDU_pBM5of3pK9ltVncIy2igIW4W_1_a-bzyHpfDW6-QgKlSjm9YNAXFQ2lQVKbHgACgKOTDo2fnhNs706fN1z4ZfDI_HpqR9yTZk1m3AzHSe3AqaQ1pFNds09ocFVtmN6_6kpcIZcHa6DVt-uPFo1NurxXggAUEAh6a9Nkgoxc5xyIyGGZMgM2MpkBHgp0HcvzV82n19wUUREA_lPzd70PBiU5IG45vJG4-Nky6zd9tG87TcZIy0qkkrKLoEylptxX3DUuexGogZgLhsEQzmlswKvyl-Lr0FmjEIzFzlCYeon6JlXVy0BvfTORbhvBe6-BQIbkBW1OOJjo-x_LyG-m2QO2ALyKESoQil1dN3U88-gzN4oJefpE_RKXhpJyVbz2zaD9ROYm7M8qlgQBYTU4haOwOnUeW7mkKB97djpWRgCfJFMtHT8YUdv8AIwJrcFZdJDGKOVMPPQLJWlSWQk-UkXufE9yLKaTFvKUf8sgDK1_vme0hdAoQ08JqZxRYWzFoYEVAmytAsIXz3i9EwlL-pw8KwCpGARF6Ocpzv3_xJFk1Xw4aAKFN9IS4Xfwev49sr5Y-vnfK5Ku8MpqquoIetHjDnhkDk3rSOuYSPLZMa0M1a8qM5UYAbuH5eKkvP2zjf8Am4oWwUXeiGRO6J_xBF-u0g8focpUjsyyCuGqbA5FmHOLcpA0YLv0PAWPeQunE3wmf39HG5sOagG-bVza78xw8aC0_cRlkTS5hJXAP2-i26iu7e_2wj48zh0cgGNu47akJywuVnf5FxxtY8iEDZP3Q4UFn622_HyuzSPNV3B72nfXK4oWaKI5coEjEso9BQr8v-xP2pNVASOBxQx4cvnhxiF5XNqjBh1NkBiBvJYqn6_9hxV5BMW8Aqp67b-jdPUfaEq3GDfUwT30fnW1kqdxvP-KE3GMPXAJTkH-ROn0Y6KhN6LPzuxE8z5tBcppRnqETaOlCnWN5hhaR6JBYTE-vtDZIQKN52Xli_3N85IIgjPROFKk7qGsVrwvGQ_yLRC9lF4BCErthlLhAE_hX1jIqFrXK3naVDs3ZPxhut44MAOY0ZvxGgFBGb1N4zxogixqt9D1swnnxTTOLPam37qQ038uigm5vvt_p3R95AvjjO4IjVilFBWUXGg0XyPAHyKptyUdfYl5iIpU_-y_fReDZZYHJTfmZm31jIHDUyGe7cscwZ_ihN1iwJqHhN13N8vZkocn29EL8k_CNnksNIg0g8mFzOKS_DIEx28-KZhnCrcE1P5SQlwyBfVnSCjE5TihbKI48IrkH_dHQWKsluP-qeXqZHoc3csyEeXK6JAhrtqYsVtVpudz9f5GkVa3KC34dPhx7ABmJ8U-RsVl73QB7MPEqA_KMPhrgPv4KI2cVn2x9yc1ISATBaKPxSQwK&cid=CAQSbQBygQiDbb0BE2_HBgU1R8GMQs9miCI0mQ0HjZWRLXuEA9TBZIjuQwFYoyj4bbXIzTt1k19BevorPpvXMZLcpmNgYHRgNkByfWmFbcjEmA-2mjrSletwAAHmW3Xe8tZzHr7IkEqMpsVkZkkE2AIYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=16964022107142402000&adk=578009112&idt=91&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

15638b005a1ce6ef2b92d3495a8290ecf4d748bb2dd2524d886286e7dbac6a8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40229
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B6B6 0
20 B 43ms
43ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5943446656458&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B6B6 0
20 B 43ms
43ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5943446656458&version=m202301230201&ct=76&x=1&cor=1242215832749930500

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B6B6 88 KB
36 KB 64ms
64ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DCM9-JuPvB2RtMvzhe9FWFROSqbh8hHC_k-Y_ILMnQe4FQWpms77lkLHuvR3AkBx_9RIpmso7thGScBREwMkf_raESVA&cry=1&dbm_d=AKAmf-AhP4-RRns1CbUb8I2WsPkhcfvL_92zlEj3GkLgbi0kpOE6AgX26fMx1cMSfCD-P_xw45N5Us-xglAh1M2ycdxZnQcyW1uGFlb9eg8hLdw95-sJzWbKOLXNv1ZyynsQjy-ThLiQSb99WeKq9aNhtH0uOeGL9XXMWwVaLBJQyHCzwzDQObJEtS2ORclJdY764ngpdfzVQl6rzNwF4yc-E4gr0jka0TWpaKfN3I_0cTg2S6SBQ2KwGCH1yicamBwre_s13oE_XMh99pDeHBXITE9ihW0sW-WGeiX0dPhqtKwUY2kOtVSVSfMTHSPVAXu_tbR0h-AKLXCD54a3SUVwN10SEwOlPYfcYpIiXrFagwxME_lonB5X6l7sOEaFkRl39NM2ALyCuVYaplNrcAA2uBwu2BLrdDV_paUbcA3zs2MUPsxCQtVAQ2YA9kA3x43gJdSiZTnryqMBR8CHZfILgtAyH5bwSJN7OehlY_ybsCH4ER9pTvRVhJVnWAe68zTTjsHYui6Nb8vr-jC-wItm6urqysvXvPMmFg99fHEboH2ICiI0ieHWOVrkFyzHMB7gmdf256izi5sR6OIz9M9tgRx_2CMyw6R3U_fdJaE_qKrkz9cBGaiKheAL7GM9_Re-i9PYdW5x8l-Es1uegJbMoMoKd8gYcv3Mx0JSYT1lH_2Q452anPBZ0vZO1c6RuPIfBuxVRYsCUNR1qRn7p2qXFO71EXzA9SfN0piB6Q4IYGXgSeDs4D3eq98p_WHpla1-Fy2mE5PqKYRhZeYki7Ei2DyJMqu0FiIaKJYR0PV21qQHIXj9Sv5dkIRAHGBeCIwiJbnLXmdDrBt53MTNVlFlWxzNZV7Pq52ccIqWYNa3_lJm6nBFaDgHs9fQwj26uwBSa0m8kw2anlVSOzHqXiV5GIvXLfhIo7paixZeIToHPgpPRzBQeyjX6-suQ5Q_Sk5vz4zw5uGmVsT3twtfCLMg8msPnFBEdzfQgrbj15BSKW_TRj-QwkU1nnB9lJBOPQqMbLtTKRDpCfavN9L4_cr923DOjkjR7TjCwktz-ZEa-wtCCryBau4Gqu33HnV1YGScBhgeFp-eWS3VwZM0Cd3Kmz68LDtOY56NU-B2fIP5NALHvTEZB-qAPLp5L3axhpggXgBmznhNXbsDdk1K4mCdKJwjCG_ZpW-0b4MT4rrNSt3RcrO87ygP-fkblx7QjykclLPSQUVtApsXQDHL10JLo8TVDwy-GNkHGxapOLzJrFllJZj_5Wf4SfvZmSu6yASxhqqAe-H5NBI9oTf4KaQezc0IEcw4_oY6nmjCE-7zLN51OoOH1wmXJ5uckvLCnQ1jp-gyhdjWa_Jqz0NwqiCTt-hgHSEQKe79jhcj6XWyla-mUdzLLpZ6qFkjW_NjyetMBVGxEWugW79fMDwX0WplKm157oOkHJG6kwulBWBo_CNX3ZQmCI-oix-3M7XGha6-nApI3Ot5S4sflFI0jLU-159uAkajbzVBzRk8bzI81p9haA97dITqxqgQ2taEi7IWEpesFQrKHYTpQwszJVIxe7TNO-X7ik6vlvoVEsmSPXkwz94qeJfhmZUX3yzbweYLGsTM3H6wxN7nlrkErGmpaURrvUr1oWM0-eiN1qf0c4yJW3m0UDvhHjkWACjSfiqePQIXRdIDiKpdie7EfRq_ESJ4wxS5FakogZ-KYDe_vWpkN5qivzFohPwfpG7QdZ9lfQ1mro0xTO3QxWgsblfvjQG8SlGRJ6now52ZSnqQ7yVGA5JR_bUOL8_E0PALug6NXw61M77RM1XS-6Ck8CSSZaJsB7v4_xKn3SoMRfEKbX8MmYkSXYeWehhi_hgj0Ve_lNDidghZmo2vHuEkpjgFBcYxHuORRSK0kjEzRs2IDTpcr1qGKpYKWAR-UQ_aICqTuytkddodD8wncBAVkEr7PPwU1y71akVRsh6VJCQd1RPPVUJqWPJFT9WHqyi9Kr8Tt6_peZ1DuiRY16sFcrC5M6DM9SJ-lNiqReux2ejfojdc72YknUaYgRKHankMkYTWA2LavnQOfkn49mmD5m8ZBeGqHW0yPMR3OD0z-BIGk-D0fQC8N-OgywlxI3p_MSdeaL9w_wf_QxLuW2QsokevGoSMo_sXzXFVxpYMdpZjBDiN2NGMuCG4jGdKoGMSYtpqpktRxbWB6xsSQQrUsV234M87C8HJI4O8tMQm_FpqJKdsAyPgTTth-mUxAqybXtdec9F2abW7LLwttCEj64f7FOe1C2TpJhXUEjWzMOsd1qq6uW7eTrJTQvVj-_9cDjmxySWGNg20np7eC_f7VmemGTqdGNAqxmKwB_OSiJRMKTpR0we_M5rRSUDktnG0GgC4o8bLMn3MWn7RiX4cy8ppiv3xYqUvVAQ39vahxvFtcMVXQV1eq-KcDYwgnX8uerVLAaWQXCm3DzIbhayOiEA1xlPbKr2ppt6IAiIOK5s16d-zVNQG7AFHXnCFfdlZ90Rw1vbeHulGvMt_RqXE4UBDGojwuWwqfS8Eg6B8axm_dv7HzvAaRtgEP-PJhrR5TPI6dgUBOp7KN_zZZjVswiKcsS_XUpxiiW1bR4qjBD5b_6l-gRZzeIasAp-_-1UHgsJo2pWZDqLxdj_tCd6Lqs4anp_gcYW7QCZs23V5j8dCxShC9DLab5f0QOCteO67NDOIVM-eymVADySkisms-6dXvGcqehKjAiqYVCss6odfoOnsT3ujRXafN-3pR7MmT6EDAl82JaKZYrVund4c5Z4TaJqnvax_d5tUial_Jaa3Xo79TAGeaegNW0XyuYLgCeDZO1-a7M3LmYqs1zyN03KiteaNEe7-MLZrhl7flbSwaCSnqmQk4eA-XMkDfdfBmsn2pmnorO7Hg_UDhnIQ6v9bPBOUhZVCma9ogW-cLsxA31WuMxdytTQ4CM0CaPfDAaSYGuRgHj5MvWuw9krB-e_33LVZ5y5eBnYf2h4uUuL60nZoRGJm80yU1pEDeALR27mXTZyK_y2QSO8faVmNqmbqnlZJJkFr4r2kfRdrelo4egRw73vyispKyjsJDSow23mGCFB21qtL8AuijmzuWAk3W6zfiHHpVZwgYI2rBiYnnolUt9CyfTFL8hmsw4zkx9wSjEtcRGymyHDUOY0eydvcIcEBeXugZn36ckjwQn88YjK6zwKVRH3PrCVX3ayhFQS72rJ3Mx1oD4XKKR76w6sWmZ61ximozi6DlJNmJcHKitFe_4dnhA5pm0kqaa_O9xjiKcirEVmFbA3AW8nkrq2gQOTWFVFBanrJnjG5kJknn6_w5ItPHM91N33ODJ6CjAkkXojbbUOtiUtYEBK9L8YhS6diYBlR6FTsrpntnQy08YcM7t3JJ684lX8cKzL1t9fRdBkdmvWyO_0P2avM44IQSqyXjP8ep0CSuYy4LuueVnSQC8vUNLgfZmRqiBWTriuHGBdgLGwccAtBw34R9WcIhqdpDn_NYYCuYnE08kVrMPdSwJYqCeZUEw0WxKT8ORLeIYBmUX5XYbryISArEhXb7wE4ysJdCbTTRFm0TITZPs56I61vEHkKoZj8qVFD1sOwexS_Lb9_0Sk1IJ4DVOHUqueNqV91Og&cid=CAQSbQBygQiDfmYRI3XowZSMvqVXRmK9-17hVvnMCctE6RP9fYloRK_fGtb4ZCXS4Chs1qKxN5MHySKiG6_-QICOKh8hFL2f7x-q1OoQ-hxlu9dp5Mc2qcLwptPZuPB-Kc0B4GS4uZkxGT1iRofbMk8YAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=1242215832749930500&adk=3587751834&idt=108&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

704250744b0a9fd93ff4fb87761b3d04800ddf626bb2c624e3e7c5e2e76dba22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37027
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 61C7 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b824c71d1dc1892740b0e8f40cbe24c021d799113bba8fbb71d7b4109450e6f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 6363a944e4b0125bde9e6739
ng.virgul.com/tck/imp/ Frame 2E7E 0
209 B 48ms
48ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/imp/6363a944e4b0125bde9e6739?g=1&t=cpc_annotation&r=153366@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687626298218&userId=vnet882f387d-b009-4a3a-a2fb-177357578087
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Sat, 24 Jun 2023 17:04:59 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame CDCE 22 KB
8 KB 13ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 357112
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 13:53:07 GMT
expires: Wed, 19 Jun 2024 13:53:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 7F38 172 KB
60 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Origin: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11544
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 25 Jun 2023 13:52:35 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/ Frame 7F38 11 KB
4 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BA2ez_zQxr6W8DOeCD25aUIEI9xsvs20Raurc5G2mFdKISpTTvfvPCJkhgYarUER1Gfw_cUJigktWl3S02pGfzizZPjSrww_2QmQ1Kh9F_VIXzXew&cry=1&dbm_d=AKAmf-DC60K4ltC2XTaVcQRAzfIacm8XxaxNHOdklUC2_w8JtTrBm9c20etbzjxGKAiMn3hdum8bqfHxJq8UsPn1fhhAuEs5yC_srsJtD8MHikiUa11I8KnA943eL39wf8BrdgrwXzWtm83TmK5AQT8JLj-rBdaB9BoQj4CbWyVeYEbfx2FMTsVhwm0_Ocan70qlNp4otwZvBwbhm0pE1GUkfeqgSFfUiCYhjzvni8qWyXX1DdTKJBdboNhyKKRkgSSN6miU8QtoXNbUek4kPZraa8kMMQbxpLSsHBfYO8vWd7IbFR1UwByV4YlR9nBl0e-CY8aJKa1kDRNFBMkbOwLy5DrRxWbkBCJ4JNeROwKvidzIGLHkTwNc0OFMazmJZiWhsTgqQ5sBGZph7kPmiQSMObSZZced64F9coiRsxChzmuVsLoQ8XCvswm73QiGVeCwZLIoY4B6JRP0GCSrbTmLFvCjMlQ__mRFuZzPLjv_K2U8c5c3Sd3lHzkPPZUQFtZ45F2LTsVM01Spo612lMT3Nwbtqec5VQxYLeUvDJ-f9KHiIyhFVXmNcfSF2EEKrMUo7frL_VfZYYdm95srHSNl7C8QBcxvxdL9jHGhxYwNsoW2sBvnrPrrJZoY1txSzaP4vjA5e0aQA_G-sYn8qP4vcbCIZ6MA8kddK11KUfWPJYUQ2sMs-eaco7xUDKBwSuqJ-wWs6RBQFN1AOn7kByKp75wSy49oOrXsTnQv_AijPf3thqft-uBosj_6fBmhQDqWKrFue81F_1ZhBPbmck0KFlEBERVNRfmw1fxqVQrRSiBUTrMe8hMuDPMQHruj9QkzT0VmjA3lBz9N7Dc2XsC2eYdLbaHU-f7pSJbmykn8qQoznBjmnaXuW7HPXLSkuzgJ8R69SsDO-0M_OjhwB-GPi0LlXaBjljMU-SVK4QGxsdUzcbMStMHUpihuyhVaRLgU-LHQVKRAgJ4pwflvxBHhW3CSfHoER1euwOJ65X9BNf1PuNWtcwgaTrU9FrKs8q3W5VsEu5R9bkwHCMWxXIUKTS6P27a-xey5bNMDhgnTKNm78xrNB6ke3Kp24SRw1HFhXAapjX4opFlLxBC8Cecc86-MBcFYsOku-xBRvS7b5j7CYZOtuHfFEYxxCiYXbMXCxXg-54MMt3o8nhXZ1gtCXZuWVl84wVZKTyjhbzZuK-_aSrpP063ygMh6Zq6K1EdoJtPF1oXMQg-uL0DQt-VU2TD30xJamXg17-x4EZFcn5AzChrXzWKvxKnqyGgJ_3DWkkVlbadKRiwFdFLx6bNV3gm220CdMfhIVVRfImCBKfnJfmP6ya9yG8u42ftcQkKnuCfze9S1RN6Vhg_jCPgkaR1HIeJI4rdYwflCy6g6SurCRlsJGIxJ2g2fa_AVgJY0K36m0tNPzmmS0feo9yZX778O9cWrleSFPxy6ETpDUIHMSS-RfCWJzvrjkqlb2xwgYeGYYxJ_mLedpNCiuuePzLbb0PLQuazQKhhuliJVs2VNEGIXNV7GWjB-ETpUVehVHEAoxSSTEfegcPxnJl7gfyAgziESVKReZ0trlrcOGbjHnnZ3V2stl7DRsHeQHcC766xXlrZoS-wg_uXNC_99PducdYvUjop7-5vDeWBMC5iRrsov1PZFrEavSEnIbTGvYxnlLdynsMhtM9UEbnr3UHB1psgsjJ80yNKkOtKRsIu4QmMTCaiUQqQuvQlBgG-n0d5jfnkjUqXBimS3vOt3JSagljJdJBdmJcbqv7J4VOLLzjIHZkS6hW6szViPmU0qGdT19A6vdWfDBMKmyAVELpxCwB4o2R22s13hlAXDsq3gMOvOZ8jr-bl-Vbth4fVWA_2SBIxFW1evyjZTQ6F1Z84Op72yvZXBQPdlRlbuNr0FD00C5PCmUEQPn6gs1H20jG1Q8gerntTrjye3Ok8TMO1mVzYtPHB0uBuAulJW1Ws8yI9RZStpf2zC5QxPcwGGXORYxN8Gg4yuPerTMs_UEoJzBm-ErucGf0kpsTm0uzMuN5hYTUr6C77CeAl68dKY4oe-dygzP1uGDN95RhOVpqeV5QQKtglCw_FEgsr3DCh1EZOtyHGz1TqT28sMZz2p-1HJKtrEpmDEGIR1zwaYATFzEqDsuQdDjVeIX8UuRPqRZ6MvsdEDEb-y20lK-b8mJh3ZoipNAb4Hfy3godOBpWdxnqdiLDAsnpCQ1eRKJqHXqa4z5JjMfpHgfqVgJwBradeCkDoCXkvmNTjPHiQGBhgoFiR0chUKJK99doNKJjNgDqZ-wb-i1J8h7xlriuFmhxHrdKK3gVzdUJUX5sglENPL1vpZi30ufji9Qkjavr85Hs7svc8OI0meml1Nm9IESorliAlWVKVTU8O8OQaw1gtazxPKY6-h1H5k1tP6qwAHJ2juuXzRVISGxRVIO714p7odykrzzfA1nvajhbSAI4M7RAbK9FmrxJtt8-P1ysSB_gDMEVXitajJlk9YHeks4TOd0WVPkHBmNlJGK8czNI_KqFiutGvhnmQft6Xh8AxmmSqpuTgOXu8b7jaCZdCOuwO9AGrT4V1D18fJBm0BVVzS2pWpekOW_VjFFauT0WHHA81C8cHODbC6C1nqAGcvldjyxLircNgVSiwhNnY6ZD9CT3HrnA4C9c5Ej6uXevmiw0jUZoMJrkUNNP9Hh6u85A9TrniOHmymFz0njHgip1Da5rHXNXgoUQcgfxaHQUsxqnSOTFah43xA-7SPuwJleFeyza5-kW7ITttSHi083wl0JBdsqF7a7Uc-W8BqPE4X-an9vWT3kESzzBW1VLLtYC1ilKtbCTlr1mqkQc4pgdv85skqp8QpPX6Tl9xu2V8DeZHTBkVnn_wyWLMqkbNONuHrXgyAHmBQ0hMJ_qMfFPkgsbaIMbtiFielINg3s-l3VIv16n82WVGMr56Wo0dUuSzrTWXxpDUBuBrLsdgeV0wahB_3GGvakxUtI-0cQc0jpYjp0msQbwR-xfx8WRKvAZlxJ30tNa_8g2iJ2jiE1jUx0Ts9PGEu9VflmezQVDJeshZqrIa9-fhurAyAVDppwzwG5juG5u5z0szJDKNzKPkoBxBhJIOFsYVd9g7qIbh9qJNsz-tbuv_NLaicPrFc9xTgRiLl9McLAfLlxyFR-IWtFt2XPFvjS5jjnh262pqLFWPAMIBUtgyihRkN512lHah__JO0Jb1mt8XDbpbYzl17ey7rDnwU0yk1cb3DaXn1PvCKToy6OCcWxRoDt-RzCpTGYlmvFs1JDRfIRPFYyVEEMUg8giBP-rgUgfns80xTyEQhjhOz2rb9RVaud6HKeCh4UH0E0gLoZJW_FBhnv-msjQMSPc9KqFDKIqHz92sGVCfUaGNNKavwN3RqA18XvofUQdz12kdR0iVWTsuFOQ27oovqb6fHpSR6xAFTY5h2WvADWrZ2PKNTcvdooYSU1DX_QYYj3D6wGf3ANmLkJaOScijpGJbg16jP2uSeRE9yLbAlB3bdebrGFAS_ISyrFCMIo2xHgJn0U1-egJn_ICETAWUyP1x4hI5A5ctF0qroZ_8nK329_I_nXBojjVSJMQtsBbfdF-BLqymna3n_q1E4xUhuxVbjfy6EbSdZBkdkpApL2_pm4O1qvJkhUCPilVrqEMXI6xWXUNyQByER3KEbZqtsipjfcJ86d6KIYyikN0r7g2zr2P2EZ3JCjf9g8lWVKgNBZUd6xjihBSKOSAAP6lFPpZ3vvLNdM_eG_NAsycvFXxU4qcsqbbsPtBVEkCZ_Pm3B0DHpSeEUV2yXIDU9qyMV5g&cid=CAQSbQBygQiD2xUH96aj323EDLGPJLS945KebvFjVTsiqv7nUjPKo7CIzGfFbaG_kVvhXfmWpP0kplvOyaNMPQ8wKp6HzXNfoTV3eJXyQt_GZAwFunttgn9opCkVQXrm8528pI2ofcoZv-hayLh6R54YAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=6750004804482573000&adk=1599433117&idt=73&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:19:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78325
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:19:34 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame 7F38 30 KB
11 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:21:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78223
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11398
x-xss-protection: 0
server: cafe
etag: 3934322099733601226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:21:16 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7F38 41 KB
15 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 357144
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jun 2024 13:52:35 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 55A6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL6SGguFe9WqiyW_HLneki4&google_cver=1

43 B
61 B

23ms
20ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL6SGguFe9WqiyW_HLneki4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ3cu5ARjS75DkATAB&v=APEucNWiwuNgi1a1mP4IBbuZdzCcdrdLOdQaJ5jS0WGilh-ov6McruIWnxnkhzSEmqB_N-x8J0ZPZZB61sGjp-MQlD4IIsDhZx47apKrOWZKlDXvbCRrKxxhViWDQKba8Bb_5BOrMot65ZPO54JXHfxOWKBrzbRwsCTT8KHQHJRp1aueLglcvt0
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL6SGguFe9WqiyW_HLneki4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 55A6 43 B
120 B 30ms
27ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ3cu5ARjS75DkATAB&v=APEucNWiwuNgi1a1mP4IBbuZdzCcdrdLOdQaJ5jS0WGilh-ov6McruIWnxnkhzSEmqB_N-x8J0ZPZZB61sGjp-MQlD4IIsDhZx47apKrOWZKlDXvbCRrKxxhViWDQKba8Bb_5BOrMot65ZPO54JXHfxOWKBrzbRwsCTT8KHQHJRp1aueLglcvt0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 55A6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEIWUbLTbhiIZ6Ey0wA15Yhk&google_cver=1

23 B
163 B

46ms
46ms

Image
image/gif

104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEIWUbLTbhiIZ6Ey0wA15Yhk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ3cu5ARjS75DkATAB&v=APEucNWiwuNgi1a1mP4IBbuZdzCcdrdLOdQaJ5jS0WGilh-ov6McruIWnxnkhzSEmqB_N-x8J0ZPZZB61sGjp-MQlD4IIsDhZx47apKrOWZKlDXvbCRrKxxhViWDQKba8Bb_5BOrMot65ZPO54JXHfxOWKBrzbRwsCTT8KHQHJRp1aueLglcvt0
Protocol: H2
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Sat, 24 Jun 2023 17:04:59 GMT
pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEIWUbLTbhiIZ6Ey0wA15Yhk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 55A6 23 B
163 B 53ms
52ms Image
image/gif 104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMD3swEQ3cu5ARjS75DkATAB&v=APEucNWiwuNgi1a1mP4IBbuZdzCcdrdLOdQaJ5jS0WGilh-ov6McruIWnxnkhzSEmqB_N-x8J0ZPZZB61sGjp-MQlD4IIsDhZx47apKrOWZKlDXvbCRrKxxhViWDQKba8Bb_5BOrMot65ZPO54JXHfxOWKBrzbRwsCTT8KHQHJRp1aueLglcvt0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Sat, 24 Jun 2023 17:04:59 GMT
pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
DATA 200
OK truncated
/ Frame 7F38 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5f08dba2eb86f4f9356c53535440d69561700ca4b2fba167e923e5f70041abf1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1484055/72040524/ Frame AE79 244 KB
73 KB 70ms
69ms Script
application/javascript 34.250.56.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1484055/72040524/skeleton.js?ias_dspID=64
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.56.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-250-56-160.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: d20ac6f13cb794ee50fbe9df25666afe860c28230185fe219ceac6a32617dec5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame AE79 172 KB
60 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Origin: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11544
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 25 Jun 2023 13:52:35 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/ Frame AE79 11 KB
4 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AX4waQ959SNrDyQYG6YUx1EToGQ6-w4jkWQd4c5VvckFZ255wvVOSumqJRvvYTqU6dhNYrtk5u4J9rlttKgn_FM17KxDmCqqWoDBYT4eBXS6potAcwtI_eXhVuEZLxVnE8hX7uT7t-bahZNeOni-kEkHlBJBpo0DdLeXWBRUjo8N6jkXs&dbm_d=AKAmf-CtXApSKAiguHF8VEz8QpSb-elb0v0FZgR4DoQBbOmiAH9-Ft7p4dgrVeZld7k-b-I9P79NGINF-mBSaudDUd1tG61zZT7Zt47jvsIllKucMkyH77p8rVYK8ECaWRvzPGeyxjBhcsV3e3oRLk7TbGZ0lxXXx29suqx7MPv6M6wTrmYIhT7wvxdEIbZIwB2-YvQQOGYpfmSO7flPOXCCW68fbglWSsjNlvmr9vOSLOrL0bksf1MoSvKf98WVKjl9Gr5lW23mIJPDOyR4hx0VouKhpYnzTciqmH1lwgqLK9rL4vFFQv9JyKAnsM0XsybTqwoNvXSUQERwcw599IAxtmL8CYAtPjOTh83Qz7gwYjizwqGdvTISlegc3QLfP3FQ8wuZRNkeiLY9gF5eTh6xqMkRHApgmmp1RM-43tFLAcfvLeha7ev8SKWYC19ikDeuK23vCPVO5v9UllJAoW1RV0rtLCDoItupikiklj3yxoBh6kvlFhjG8QLyn18Wfzx90db5cN1d74_ADOxM0BKvNL5CjFs1E-9-Dnpo_ocXhhJgwfAssmXeLQUQ2ll5ACMKsCXnzvVLrzpaTgIw4prMVchCcysAYo1sKHcUyPkXGm5gDWE60WSISon8AAFxLp-qcrxFrnO6Y-XzTjX3DwcBH1XbTieLd9VHF4XW5SPXTtt9Q83gpqDpZr0jYEWJa7NM_HlFX5kQ7femcjVz8ylZuYI8yQ7pK3K-YCWqgf4UVvCuCdTxQBearAy4-llvUpkKq5aWc9ewxipSamMVYuyna3tEuSzWJXdgLBkGeManP-idBzQhElPrBLn5FOjWcHcX393HECkvbbo3phSMDwmQ_jVqEAcDbZsamqXUUSz0lovfVS82_l5KhZwdgZizWU-x4_a-SLKaU5Y0x5ioCihWguzEO_HuH9VMKWiEd-0a13-Mzt5vJwSOHUNUrA9DpcCaXzc2tTa84pNk5bE31DM5gcDWImTUw6g4v_OVIu4IlkAMl-b5mEIQVFeFccSacp67DkrH7Jj8a4Ib3jadyaX3owsoQVw3JjOJ3z3d5OHZXPvSncBGW_EuuOxPhJV3Mo4hD5OXKVIaYmNMup-PCBLZvz903B1kT7CCvNZ7ZiQj4-Gxy7kN9LjVNlz9HHk_N3vD0mb0l3fx-Q6uYECVlSO5sg1HyooboChw7ZQy1gzeZwukHXcv3PprIPZqGq0hYx9-fYc-qKpVRRsF-1Hn5l1Arl9V6BJBhYoQGcwTuDiLp2Um-sceY66WuhqKGloqXUSJ1hy30ZCEwyzjyVrW0A51O6HtyZTpsFFjmMCjoezHkIQk5Kc6s5AFnebfUobNOVAA1LjZZL-C3rHwmf5S7KgulFZSPvBdO8ujoTiuFE9NjUDj9YQ9-fwvgzS6FQaSyAWDIyCcbAOnhbsvf5Xn7vhbuYRjhAgsm6I6wgtJaB35zDxgvh-n6OMHavZKdlvIhQ_ZRBSfYA8vO5u-TstQbc7IzvCRtU0g_vCbz8Noift91SH7xDvkctunfSMi6XIBoSBx7jyDvidLQxtuszLv2SNwRg9p-UqB6RuQT9cSxNKTm_ur6O7tmQK1AQNJVCYgOMda_kvRG37J8YUOjIwFwgyN9qPHCYQBclnRSwQvDfuNlHZs43GEC80HOU8bspLvPSwWiRPfb5qdmtLztBLdyKsLJQ-N-az5cLhgZWwhuJXE0_eFkHDJekhNzPxi305Br48EOg3L4KX_iLZvbWor0w8v3DEYAjByT8VIwWfPHTXdRbY1jPP7JvXN0k8Kt5CiZl-MDs7-XI_x28V3CXXZ99QxDaoC_PhPr3dXJMujgUFSzYW3RyhmA4j9llIYfBMo08-9siPjZFFSOLu4rFt9iVsSlOVqpr_Qlqbyib1HgeaXc_-xyVA8PJXt4xu1A6-2HEJL57Lnupm0fU65jmuVklEGrv58C6MuzgrerP0OGttbz9lbDnTbrwDjluFfXmtULNKaWHiGRY5sludQnYVInsUIXNNXgfEBbJ87ckggtz14PU8ywKLY5YtxvPigK5NsL_VRvHSeEsVvzipp_bA-aKzq8mxzDJ1CB7m5f_tVufMz-SHTFgCONxSz1CGi5-oFHWrygR_5yDU_pBM5of3pK9ltVncIy2igIW4W_1_a-bzyHpfDW6-QgKlSjm9YNAXFQ2lQVKbHgACgKOTDo2fnhNs706fN1z4ZfDI_HpqR9yTZk1m3AzHSe3AqaQ1pFNds09ocFVtmN6_6kpcIZcHa6DVt-uPFo1NurxXggAUEAh6a9Nkgoxc5xyIyGGZMgM2MpkBHgp0HcvzV82n19wUUREA_lPzd70PBiU5IG45vJG4-Nky6zd9tG87TcZIy0qkkrKLoEylptxX3DUuexGogZgLhsEQzmlswKvyl-Lr0FmjEIzFzlCYeon6JlXVy0BvfTORbhvBe6-BQIbkBW1OOJjo-x_LyG-m2QO2ALyKESoQil1dN3U88-gzN4oJefpE_RKXhpJyVbz2zaD9ROYm7M8qlgQBYTU4haOwOnUeW7mkKB97djpWRgCfJFMtHT8YUdv8AIwJrcFZdJDGKOVMPPQLJWlSWQk-UkXufE9yLKaTFvKUf8sgDK1_vme0hdAoQ08JqZxRYWzFoYEVAmytAsIXz3i9EwlL-pw8KwCpGARF6Ocpzv3_xJFk1Xw4aAKFN9IS4Xfwev49sr5Y-vnfK5Ku8MpqquoIetHjDnhkDk3rSOuYSPLZMa0M1a8qM5UYAbuH5eKkvP2zjf8Am4oWwUXeiGRO6J_xBF-u0g8focpUjsyyCuGqbA5FmHOLcpA0YLv0PAWPeQunE3wmf39HG5sOagG-bVza78xw8aC0_cRlkTS5hJXAP2-i26iu7e_2wj48zh0cgGNu47akJywuVnf5FxxtY8iEDZP3Q4UFn622_HyuzSPNV3B72nfXK4oWaKI5coEjEso9BQr8v-xP2pNVASOBxQx4cvnhxiF5XNqjBh1NkBiBvJYqn6_9hxV5BMW8Aqp67b-jdPUfaEq3GDfUwT30fnW1kqdxvP-KE3GMPXAJTkH-ROn0Y6KhN6LPzuxE8z5tBcppRnqETaOlCnWN5hhaR6JBYTE-vtDZIQKN52Xli_3N85IIgjPROFKk7qGsVrwvGQ_yLRC9lF4BCErthlLhAE_hX1jIqFrXK3naVDs3ZPxhut44MAOY0ZvxGgFBGb1N4zxogixqt9D1swnnxTTOLPam37qQ038uigm5vvt_p3R95AvjjO4IjVilFBWUXGg0XyPAHyKptyUdfYl5iIpU_-y_fReDZZYHJTfmZm31jIHDUyGe7cscwZ_ihN1iwJqHhN13N8vZkocn29EL8k_CNnksNIg0g8mFzOKS_DIEx28-KZhnCrcE1P5SQlwyBfVnSCjE5TihbKI48IrkH_dHQWKsluP-qeXqZHoc3csyEeXK6JAhrtqYsVtVpudz9f5GkVa3KC34dPhx7ABmJ8U-RsVl73QB7MPEqA_KMPhrgPv4KI2cVn2x9yc1ISATBaKPxSQwK&cid=CAQSbQBygQiDbb0BE2_HBgU1R8GMQs9miCI0mQ0HjZWRLXuEA9TBZIjuQwFYoyj4bbXIzTt1k19BevorPpvXMZLcpmNgYHRgNkByfWmFbcjEmA-2mjrSletwAAHmW3Xe8tZzHr7IkEqMpsVkZkkE2AIYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=16964022107142402000&adk=578009112&idt=91&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:19:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78325
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:19:34 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame AE79 30 KB
11 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:21:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78223
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11398
x-xss-protection: 0
server: cafe
etag: 3934322099733601226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:21:16 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame AE79 41 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 357144
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jun 2024 13:52:35 GMT

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 61C7 8 KB
4 KB 72ms
14ms Script
application/javascript 2a02:26f0:1700:6::17d5:a191
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=20309721&cmp=29968277&sid=3288807&plc=367565044&num=&adid=&advid=4309118&adsrv=1&btreg=558488208&btadsrv=doubleclick&crt=191643418&gdpr=&gdpr_consent=&tagtype=&dvtagver=6.1.src
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:6::17d5:a191 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 0746b21cfaae0aeba1fe18ef923cf659a3d82203c4f9368f6c3c10e82eefcffb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 24 Jun 2023 17:04:59 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jun 2023 08:32:27 GMT
Server: UploadServer
ETag: "94707cfe9b8ec381b248dabc78be09a3"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3397
Expires: Wed, 21 Jun 2023 08:47:51 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/10454987525626607892/ Frame A542 14 KB
3 KB 32ms
16ms Document
text/html 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=IfwNYydE11&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d721f1819959bcb4cc8b418e32a69c729add4639335ca673c3b6ce5b8739bfcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2994
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:59 GMT
expires: Sun, 23 Jun 2024 17:04:59 GMT
last-modified: Fri, 12 May 2023 09:19:51 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 61C7 0
0 97ms
57ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsue0V7S8Mj0fAfpE3KP-q9LvxM3QkjOfStljeJrLzEi41Bz0y8_Oie_S2w0hj2bSWFFt87BnEZ-jEAEPB1NHhf3NygEO3XxMP_5kLl4iy_XGU2goWYKSSTuH5BHdUJ1xERZIJudKv6dSMHzRyOQ2lPnwV8Y8SPyaTvsntsKOVzhGiRGEp9dz9FC7wF6FefIRKr-QrMOu95R8RtEJdwMc84GBAXkp24UsiWSS1Tv5coal5a5ZYIWg-AK9iInZX-qar-swVZaRQRAsPFpfqjfkWpEy4qEiA-TzIIv5AxCkbTGcnlK9XJQmZSVnqPBYQggpRJDZ2G6KM9kpnWByoKyTwDHRFzXX4-3SL4nWF--D-ZTrwUCOC_mq16qEXBWSRMj0S3-wSzcwi1opmghv4F_X_jm2EY83vqxSVbxbT8Zb_mEMMno4_W4sOZzKgjI7TR_6cPtvKVtSqO35S5vtfrykyyNfMFnFHBqb9ZliBqvKgR6-06qh9p_F3eK5_HYiEGh9Rs-dyCRmofUWBCp6YByVSJKjksju4owiPn8svTI8nEMgIbNwiAV3X_9rlFwoZE5Y5L3hCLecYVqffhOPd3WHptD8GLUJuLw-z3CxSlyj0LpiKQp2vJ_VPQTK0PI913H09JA55bLsJu5URRvdh8ayQozJNLAsJgmpOWPmdZgHJ0TCkiNFDCXICezBfWg9a4bgjeAForuRxwBaI2WE1Vg8jH7XIQz5hA6xnvKuGXaEJxmifGdaNwLzmiajKCmzUdCcB-lN4tFdnjN4PK7Fhzxa3S7l2LyFJ6M9OjuI_L3oMjulRzgCrpROjwZDs6lpKXJyKV4D_O-Zo1ZflCeNvQykW2C7L-zVBGtZypvDKp-AL-4_KWBkKYX8Uh7aUhUMlwuSGdVvfcZpP0xf87JyXbKofpjuiWhOVcNOjGuMN_uIXUoOEXsrLYxaJTw52uX-6ukMe7L3pkg2I8LMQRknq6kjrXwrFJi67OPrJP2xh5pXtviWFLKTWGIl_jskBWCOigGB12tqq7z6IUb_sSGpMKRmKppap0XBVgdwOPuNi8T9rkx5mUIuoedvoMAMi3uhOpx18K4vU5B-7JvlZmho7KcouWFdxmirCrFGZOQv7Za_XM8YArMk3U7SL4PN4ZB6no-qAqwDd4jCnTUWKUkFfE5nnQVEN4_3d7WMRPvqqEqvlqY6R8bNXaMCBEwVBJagtf3w2os6b49px0uBT6C8MvE-0qkT13Bd6AJbbi_1kCeqNhuXUPQ-vHO9TUJTP-Cy3mh7QWZG4uufJkPleduOEq6HNdcTn0IXevHrqqRW9oujgUhZO2LkGX22EMW-6DwU74E1PUCdqgRkriVwAz6T8A&sai=AMfl-YTtkfPJ3PUeayRgNPU0vA8MwKPOpU0pO_twcuDNel5mTkq3cUdr8tXRxs671zXOxyayCXbVGo6xdpr9kiJuldvP3Hj5d9br9BFRuIpfuDKQSygzCFqmBfREeIkTOIDcBiIUVypXBkTKbLtIpBusvxMMmsIyIDFFMMRoxSBZlirETGhAaDvsj3JEk3SX7oWOlsrbBS2jWTC3Ayw5Jrhkp0gGA_SYV-hJ0usmXg-c5_9kUUfc8IeBwWSh9yD8j9d89pbbTS8dUq_WqUPQR-fmAuwTr7vQ2bucIhgEmckBN3Ul15SXutmdLnx53QSeFcjZX_SK5qOhlkFP5wScVmssRQHNpd3poqgNr1eFPhUHz1Nmt4eTUEsWugwuGI9F&sig=Cg0ArKJSzLRV1T1xuZNwEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=137&cbvp=1&cstd=130&cisv=r20230620.45626&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:04:59 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5293 0
20 B 42ms
41ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6758298812509&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5293 0
20 B 42ms
41ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6758298812509&version=m202301230201&ct=76&x=1&cor=16510775900314660000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5293 76 KB
35 KB 48ms
47ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BUrqGbbjhkxWP4Oz5Xy6In3gg4gMAfwCKH1iru4ie-QVnZ0kvL9vyHV2E0ssdSssf2DJGhstGfliycg3oKL8IqpjeR1A&cry=1&dbm_d=AKAmf-BuYjU-pYFszKE_UgndfCELPx_UWMLJ3nw02uhJWvJMPHQTflQLItJghttzs56VieybrDvAKyPsuCWOjSa5-NE5Ix__YbooCmKF8nGNE_z_mw7RYAlRTknvOKpaB7uXU1X6u-IB8HXSRlydbQBUUJrwxTTEiXWB3iqymu0M4I-2LZRUEm70fa_l6rEU1rTEc1-XhUmmsO9OYQnBeeXbSCCSxAz9MlY45FSL1O3h24rWh7uvgc8dFzI9aDlTCom4GdkYZwCxuo7YcDze5b8sF07i4x6NmldpWeWZg2O9lpUA9YLf0MVPSY-dBA0H5jZ8n3ZN6dEBGn0bt1U5V_sOuIDnKblj5juifqUxbJUGTF_4vy7b17RPxo7xkIAsjtYWz_mYUm-SeT1l0XXt_xErMlr5UrJOcCxg0m9k8zQDD4TlyDPVYUMnjGYgujoWpHmwJlepZaVBF0TDZu9azwb6qslEv9clLXa1lhttjUZPsLQ3TvcPvadIjKZ5eU1ofY6g6q5c_guqnBNpK160O9_7Mpx9poYjXZ1iJFWNRiWL7uiFWP_9-ySCDicKLL3SulVTRuPp9Huhz2X_JMb7X9I0jbg_SGckXRgHHdyRh9MA5XCH7R66bARFUC_GUK8Y1mgrRwzvZqujegrc8sAoBsj2k7k5SbK1b1o-_TMX7j_UmIM1AoKMARK-M0Gk_5nfC4jZIM6uMS3Vy32J3RW8VwZPlqRYPa0qGBZ1zef0d6baFZdOEh_LfKZkyrTmb0vFPu0pLNPNZed0JjHJ9MqPZJ71Sx1qAYQn3aPJ6vJliuEizAOica0yy2KAzRkuB8t4HC7rkgdMGwgtHM1zcmKHgxD0_JstC1BxLv6vQ50snVWZdQ3cRfqAM1zvq7nz2qDXbNHEZ5MlT7mBPeKiuUvyoaEwcJ4pGlW5rhWbETkDDN8zYOAJmJfYJfT6wN9uioaK2uzFte-vifGDqccKPRGJ_XoJk7VNL0jkcylrvCHdhGd27sbM8uYAFcPvSNUuzubgfcWiT7Eis9HQI6J76uocen5DqDss88Xu71NvBn0KOy3wf9aTWwxF9PBuyl578rHW4dUPZS-_WXSibn5LGCsDErt628NB6rfqXlkVPK6QsdH4wxygiqtncsT7cIgZYK2TFcy-vvMKrFsQxtrSmXzg0ZPt2nb4XUHwpUCV3j5vyUPGqG3h5iqIseOxTsoDi-uWcIC3FwkUhkHw4SNc7puSNtS9uztBsdjH-F3-AzruS0zHN-zy1stSWO-m3kOz1P8jvsp2X5wz59Pc6Gfgl871MmAvMhH--j7VZOTxYqgCr1rc1gWM8qaAX5ZmKjjtozP7IarIfkqIiWyuU86VvqwfOekMxBZeedYNx6vvdwvXRBo8EDbIygr4vePSGIpBdRFTFHojTEbq3OvaCLeOhPLXoRjqRnbQfZAC4epAcIe-XeYidq_SqXrbvNeX0xsoMyF_A0ndPobdRncGNr7KG37_DnsnmqlbeIMDg6xdlW1IW75Bn5PZ2qw3qjonKlqvCZj36azl84pXQCtgTxvFr9-0XG2L7sMuoVbHPvyw_JTOb2E96MVNStiNpMBPlSRqIscIhFtKepK39EWeAcNZfQlidO5bvuwD8_ZcB_G2HCdKPKttkZE95-d4cO6MK5RBTiHTC_iz15fnXuQ6usWa4DizhCpDZuuTWbYPLBUUPSvJLhHD-q81w-kyBAfvUSF4f7-w43A383ROZr_n8GTvt04anqIY--7c1PufwEzBePw1Q4XSZ8dYFkZVyKMWL_5jjR6bvIZEJgkrs2iDhjSYe7-sVuzXDZigE2CNdDGWOUv-1KcEhL3kVeU2e74Z5hAf2XRsU2qOoJEJZcYsSSyxkStFA1FS9AaepKa28mVwU3YZSl8FLKKkjQKcG054she4vxnetpdOlwHpqDWchEHQZmKfIIOXOB5DZriP9YjtQiDg1QqW3SnCCyK0QSrlpdh9_oD5lKf7BAcIqO-2MVM1vxSr-Cz7wIV_0xWwWYqFo3AETCE7LZvV8TL2kjX2d3IFXmkpxsmdHuvzruxcab7VciLDXNBOlCIGB_sFxjr6hZJRdRYJAIbdh_937XzOciY1_mix3uMtAx8954wB4u1UCT6zWRqcUSMEBJI_2G1873LijEx2GdVKNVw3objLXzKMkO34E3EkuCQwimPiiq-z7yQm-G9kpeZnmE5kMmqrnAXanH5Vi1Ek5cLTawHeKz0h0WS1fQzjaacOBcCDiDYs8gFPdIaP38zFQA8U6ZUbrbzfch-5Bc7t5jxg5mzH9Ui1dmLzcvYp-zxQXHxqzH92Z_XZ9RjaZRYvM5bAk_GQ0JOaVFZBnhR9oG2DIFLY6Hd-UWMabwv5KmHoe6XmWcWY95bIjlweOGTXu6NNvZL1tXCK_YTn41FsswWiT1cqlmEWeTDxhjmn7M8_jSHn4chSZ0IVkLc0JyPwUELvrVQMyrGbL9xKNj3j76e_ZfNcCrqm8U9rQOXKEn0TgRQfQc3YIb6-CDxZEYgk1l1GJxGkKaELI6RXNSqlHZ7FLK2GbLBib53E-fciS1O-Sy4z87jfTyxMlRYqDrEnQqRx_FPLwB6018YrmZuYcZG4cILvoyjDbc3FhNa1WEegbDSYTvcdIx3xZG2jXO0DPhkSR0zMEUDbwA_flsEaPk3jD_gh1Nx5EtrMQxyAW3iehTYD7foPxOHbV6mvT07rHfpCKdX9vnJPoFapbI9_pXlwsYzoOYSoXTOEoGlK_1cv6ehX7eI6IuQ1QXCU5ad1vi32n7F57LpYJXA7WpqWbvzG_E70VhWM9gPz0VZ19VY9UbYay_Ud4jnN5eWmQRvKMhYcycdshAOZ6_AdVxUlKz3ON-Ya1NtfOWouHrKG1FPaBL4XcK8aaMIYKDH4X6nC21JGlHK2fv_pPUC7PGQ1LLKE3l59AfmOZvM4k7GGvoODn22_qmZLE87ngBC7jBME7bYDAvwd8pZFz_ZUJTV8eo8ejfGiRsZyuUsN2w2OpB0f191Bd0PPsX8scWKzw1Zo2ie7Sa405c0Hb2y5uPGOdkllystDGW5qp8NJz2KrRg3I4IgtSBo4OpXBFuLcd3HxiKueqPzStFjT_mHm2RRSQwXMb8KYyNXb17GxBvGX1IfOw-NliaJZzrlQLFzsCZBUHeNiaprSeQkoxMxoUqblWmNCaSkTvi6nRHWoeJcyDWS5tEQ_VUQA9OA1kp3VX-igko3foLS6JdGSvcK7gCPY_yj9H5fmXvbSHWl33aVSfx9ptZmWauTcznVh8TSD9XvlkpyPTUnoRiSVV6s4JRRRnuhltEtC-wmaDUblA5lgV4MwU5BIPKCCxtvzTwdvntnDrxfAKYeH1s58VPnRij8QkODBB1Kv0kKdRlJFgYqqmzoQkfVPquPXx4UIl2FKo0ifxiUJP_iHcPUNPGnfEBqw4lLpZHJgAFz_ADSPleFqQFugbRWDTxEyI7lyinxVzAbnfoVNDYvLNIKMuvkZf7n3IMQROuem6ERFMxvn0sYd9eTMhuzaYrSsbx4EMbmvih78JpU0uvsCXYaLXk1oLNiW-HienJ4OeVAt8EOe8ihVcUX-z6DTsDkLRjV-sN9NJy_c0-Mq03BkIrtxKcRH3mqfiWVoBzsqBodolDVqH2KiohRxAk8w1zhF99-_54keoIhdGK1jolCBemrOrxJhiEjFGnQJh932OwnW1pa3e0fAmzOsyhc_kRbvu7xpIpXhRYgcHZxtADqb4kKFBitbTxq2I6ikjtZ_VA7E5Wa340VQhT8Pz0znFU35wwRAbn42ZPgPANWGTkKi2txxzJYdP7NmaRPrJYLNIwmBd7D-qBb85XHBPJgWctriVzfUcwOwemp_pcT92U-8WOktIk-e7HVDGFRfpvvh2w8iB_zsExmc8uJsyHSIXW6Pv6XLqgaruFGjiHBVSA&cid=CAQSbQBygQiDShxe8tib0wNgY8Y-Z1sbS-SFk7MWUBvzgwnEQtL5sTFBesyF39XJsCRbl-8t5fCfvsq1sid4XzXtRB81np7zBx0C-xUvt2l24jx7EnynZK7rRa61PzVc3LsWR1_U3imbeWmHMZpHAmQYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=16510775900314660000&adk=3860319555&idt=97&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

608d9392d078f23501d440db8942c109b62b388fa72ec9bf2a3aae60e3a796a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35782
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame B6B6 111 KB
39 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Origin: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 13:52:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11525
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 25 Jun 2023 13:52:54 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/ Frame B6B6 11 KB
4 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DCM9-JuPvB2RtMvzhe9FWFROSqbh8hHC_k-Y_ILMnQe4FQWpms77lkLHuvR3AkBx_9RIpmso7thGScBREwMkf_raESVA&cry=1&dbm_d=AKAmf-AhP4-RRns1CbUb8I2WsPkhcfvL_92zlEj3GkLgbi0kpOE6AgX26fMx1cMSfCD-P_xw45N5Us-xglAh1M2ycdxZnQcyW1uGFlb9eg8hLdw95-sJzWbKOLXNv1ZyynsQjy-ThLiQSb99WeKq9aNhtH0uOeGL9XXMWwVaLBJQyHCzwzDQObJEtS2ORclJdY764ngpdfzVQl6rzNwF4yc-E4gr0jka0TWpaKfN3I_0cTg2S6SBQ2KwGCH1yicamBwre_s13oE_XMh99pDeHBXITE9ihW0sW-WGeiX0dPhqtKwUY2kOtVSVSfMTHSPVAXu_tbR0h-AKLXCD54a3SUVwN10SEwOlPYfcYpIiXrFagwxME_lonB5X6l7sOEaFkRl39NM2ALyCuVYaplNrcAA2uBwu2BLrdDV_paUbcA3zs2MUPsxCQtVAQ2YA9kA3x43gJdSiZTnryqMBR8CHZfILgtAyH5bwSJN7OehlY_ybsCH4ER9pTvRVhJVnWAe68zTTjsHYui6Nb8vr-jC-wItm6urqysvXvPMmFg99fHEboH2ICiI0ieHWOVrkFyzHMB7gmdf256izi5sR6OIz9M9tgRx_2CMyw6R3U_fdJaE_qKrkz9cBGaiKheAL7GM9_Re-i9PYdW5x8l-Es1uegJbMoMoKd8gYcv3Mx0JSYT1lH_2Q452anPBZ0vZO1c6RuPIfBuxVRYsCUNR1qRn7p2qXFO71EXzA9SfN0piB6Q4IYGXgSeDs4D3eq98p_WHpla1-Fy2mE5PqKYRhZeYki7Ei2DyJMqu0FiIaKJYR0PV21qQHIXj9Sv5dkIRAHGBeCIwiJbnLXmdDrBt53MTNVlFlWxzNZV7Pq52ccIqWYNa3_lJm6nBFaDgHs9fQwj26uwBSa0m8kw2anlVSOzHqXiV5GIvXLfhIo7paixZeIToHPgpPRzBQeyjX6-suQ5Q_Sk5vz4zw5uGmVsT3twtfCLMg8msPnFBEdzfQgrbj15BSKW_TRj-QwkU1nnB9lJBOPQqMbLtTKRDpCfavN9L4_cr923DOjkjR7TjCwktz-ZEa-wtCCryBau4Gqu33HnV1YGScBhgeFp-eWS3VwZM0Cd3Kmz68LDtOY56NU-B2fIP5NALHvTEZB-qAPLp5L3axhpggXgBmznhNXbsDdk1K4mCdKJwjCG_ZpW-0b4MT4rrNSt3RcrO87ygP-fkblx7QjykclLPSQUVtApsXQDHL10JLo8TVDwy-GNkHGxapOLzJrFllJZj_5Wf4SfvZmSu6yASxhqqAe-H5NBI9oTf4KaQezc0IEcw4_oY6nmjCE-7zLN51OoOH1wmXJ5uckvLCnQ1jp-gyhdjWa_Jqz0NwqiCTt-hgHSEQKe79jhcj6XWyla-mUdzLLpZ6qFkjW_NjyetMBVGxEWugW79fMDwX0WplKm157oOkHJG6kwulBWBo_CNX3ZQmCI-oix-3M7XGha6-nApI3Ot5S4sflFI0jLU-159uAkajbzVBzRk8bzI81p9haA97dITqxqgQ2taEi7IWEpesFQrKHYTpQwszJVIxe7TNO-X7ik6vlvoVEsmSPXkwz94qeJfhmZUX3yzbweYLGsTM3H6wxN7nlrkErGmpaURrvUr1oWM0-eiN1qf0c4yJW3m0UDvhHjkWACjSfiqePQIXRdIDiKpdie7EfRq_ESJ4wxS5FakogZ-KYDe_vWpkN5qivzFohPwfpG7QdZ9lfQ1mro0xTO3QxWgsblfvjQG8SlGRJ6now52ZSnqQ7yVGA5JR_bUOL8_E0PALug6NXw61M77RM1XS-6Ck8CSSZaJsB7v4_xKn3SoMRfEKbX8MmYkSXYeWehhi_hgj0Ve_lNDidghZmo2vHuEkpjgFBcYxHuORRSK0kjEzRs2IDTpcr1qGKpYKWAR-UQ_aICqTuytkddodD8wncBAVkEr7PPwU1y71akVRsh6VJCQd1RPPVUJqWPJFT9WHqyi9Kr8Tt6_peZ1DuiRY16sFcrC5M6DM9SJ-lNiqReux2ejfojdc72YknUaYgRKHankMkYTWA2LavnQOfkn49mmD5m8ZBeGqHW0yPMR3OD0z-BIGk-D0fQC8N-OgywlxI3p_MSdeaL9w_wf_QxLuW2QsokevGoSMo_sXzXFVxpYMdpZjBDiN2NGMuCG4jGdKoGMSYtpqpktRxbWB6xsSQQrUsV234M87C8HJI4O8tMQm_FpqJKdsAyPgTTth-mUxAqybXtdec9F2abW7LLwttCEj64f7FOe1C2TpJhXUEjWzMOsd1qq6uW7eTrJTQvVj-_9cDjmxySWGNg20np7eC_f7VmemGTqdGNAqxmKwB_OSiJRMKTpR0we_M5rRSUDktnG0GgC4o8bLMn3MWn7RiX4cy8ppiv3xYqUvVAQ39vahxvFtcMVXQV1eq-KcDYwgnX8uerVLAaWQXCm3DzIbhayOiEA1xlPbKr2ppt6IAiIOK5s16d-zVNQG7AFHXnCFfdlZ90Rw1vbeHulGvMt_RqXE4UBDGojwuWwqfS8Eg6B8axm_dv7HzvAaRtgEP-PJhrR5TPI6dgUBOp7KN_zZZjVswiKcsS_XUpxiiW1bR4qjBD5b_6l-gRZzeIasAp-_-1UHgsJo2pWZDqLxdj_tCd6Lqs4anp_gcYW7QCZs23V5j8dCxShC9DLab5f0QOCteO67NDOIVM-eymVADySkisms-6dXvGcqehKjAiqYVCss6odfoOnsT3ujRXafN-3pR7MmT6EDAl82JaKZYrVund4c5Z4TaJqnvax_d5tUial_Jaa3Xo79TAGeaegNW0XyuYLgCeDZO1-a7M3LmYqs1zyN03KiteaNEe7-MLZrhl7flbSwaCSnqmQk4eA-XMkDfdfBmsn2pmnorO7Hg_UDhnIQ6v9bPBOUhZVCma9ogW-cLsxA31WuMxdytTQ4CM0CaPfDAaSYGuRgHj5MvWuw9krB-e_33LVZ5y5eBnYf2h4uUuL60nZoRGJm80yU1pEDeALR27mXTZyK_y2QSO8faVmNqmbqnlZJJkFr4r2kfRdrelo4egRw73vyispKyjsJDSow23mGCFB21qtL8AuijmzuWAk3W6zfiHHpVZwgYI2rBiYnnolUt9CyfTFL8hmsw4zkx9wSjEtcRGymyHDUOY0eydvcIcEBeXugZn36ckjwQn88YjK6zwKVRH3PrCVX3ayhFQS72rJ3Mx1oD4XKKR76w6sWmZ61ximozi6DlJNmJcHKitFe_4dnhA5pm0kqaa_O9xjiKcirEVmFbA3AW8nkrq2gQOTWFVFBanrJnjG5kJknn6_w5ItPHM91N33ODJ6CjAkkXojbbUOtiUtYEBK9L8YhS6diYBlR6FTsrpntnQy08YcM7t3JJ684lX8cKzL1t9fRdBkdmvWyO_0P2avM44IQSqyXjP8ep0CSuYy4LuueVnSQC8vUNLgfZmRqiBWTriuHGBdgLGwccAtBw34R9WcIhqdpDn_NYYCuYnE08kVrMPdSwJYqCeZUEw0WxKT8ORLeIYBmUX5XYbryISArEhXb7wE4ysJdCbTTRFm0TITZPs56I61vEHkKoZj8qVFD1sOwexS_Lb9_0Sk1IJ4DVOHUqueNqV91Og&cid=CAQSbQBygQiDfmYRI3XowZSMvqVXRmK9-17hVvnMCctE6RP9fYloRK_fGtb4ZCXS4Chs1qKxN5MHySKiG6_-QICOKh8hFL2f7x-q1OoQ-hxlu9dp5Mc2qcLwptPZuPB-Kc0B4GS4uZkxGT1iRofbMk8YAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=1242215832749930500&adk=3587751834&idt=108&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:19:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78325
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:19:34 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame B6B6 30 KB
11 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:21:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78223
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11398
x-xss-protection: 0
server: cafe
etag: 3934322099733601226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:21:16 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B6B6 41 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 357144
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jun 2024 13:52:35 GMT

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame DC56 172 KB
60 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Origin: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11544
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 25 Jun 2023 13:52:35 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/ Frame DC56 11 KB
4 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DFIsgv9BFwCZEnx2sD7xM9WGDpwlVJFre1V_PD1Xe2AJmMChTwJB-g1a-ZiZbO1SQrWQKQqRdP2jT6YSakiVnInD4AoWHbX_LjP0YG_qwNS8eXsr9UDENGZjMfPoN2CQY4RNxkGibrTJEzDa31GMt5qsqJktq_sauooCxvf5pSGOWWMP4&dbm_d=AKAmf-DtOsQZ1LepjBD64uw_UIkMcm3I3_4ueaNJKYNnb2Rkn-dwZkbeWRWQZiqWau_kXR5BZg3tc9wLPeoMclrp2q9q9Ezcrdn8Y_pButhKyJpT-5R6fAWDni4WSWB1mWf3uQJbcPtld_5U9TV4o6u1kNMCQFRPK9i0kZrRWuZzwa7TPCoWcPoOSeatVAzbYv-i2rPTXX18RQ-OjpfrbJwZx5wF_lH16-EJl0rLxzUjr2YrFrUPh5XjRf-9L82kQQcUUFn-dvYwR2MPsIETYi3itEdw1ljwZRuP6zrXEwoFvZZ98cfbA-l5KGHXbgob4ORFd0j7b5__upyZDv1uqR75JsyvndOAuq8LvnfC9xMXiBF0KkA1ewXVvGe3y3T2LQy4pGM-NCGQNyrUtWyBFcU6oWqui5v-4Z-fNGfn1EmPt7NAHF8Tk4K95Bz6Th240qNTdcu4n3sIR3PTfUyGxsHhZxYoec_K76WpZlujwPx-YwTVbE9HJx8MN2T_p2mKABx_wXEjm_DV4gdhgRUjxxuGpIPubuKH8wmQWGXldpewNx7USBSvMMMegE6GoF82KS80LrIR84liZTgv75fEiMUji370EMMEpAmYWXqBxedZvsEFponkEeDTxyKjsp1LNry53tCqSRCReAnOK2XzKwWi_edAMEI9YbzNYHXvk6p5VqVYyycljwvpZXE5AmD4IaEJO8Y-ebgnER-FFlHYqfbmZvzI_e6t1iIVp3qq-dzNFDMnCM6dk1rJfXI2-xQES1UsXtpGotQMyWZN7WLKSfS_TDJEfq0-9VuitZXgI240ZnNLhE84G-8biWtIAq1hNhCoYZOP2GB0WYAxDvtlwMT7zFNaYMASN9CF_4guV7kuambJ3D8smj2r467-lXXFQoyUNtYpwazb-YvF0umTh0YxtzJKQS_Y911RiQGqrj1xPf0lVs9pFcVump6KTgaNEJ3fYgYVRCtEVrEi-xLPEwY03YGvoxSD5VDdSY2QOs6kuWvJGNwMDYo_vrJ_dwMSakpm2VMWsbzZ3C-IOn1R9Uze0LI-Z4zb-Oznu2zOPJFDdTePpK02Mf8c3U0P3mAE96soX_UAfHdZ_kry788CPH6v8gaZqO0qBV9QOIQsFGB_H_gA5oL0t1eY4GJ8JPTVjsiFh6mTW82q-I74bFnkeSxsakStb5phDiZivkgjwWd9nRUzFZJyGawvl16olmPKUr1A4IAlcfRlcR0Kq-3Mk0dW6z0-s8s7F5N6J9k9jAcXpO-azfDaovXQyJvXlQtxjvGySKLCETIOjjEpUSOGAiId1dLCWjduYH1VpMu24_amwG-yPXf8NLKKSNIjO4LQZwUWQ-Sa-3JS5k0VdmElAS5qrRVIA4ist4uNkwScINWq8TBvmz-0mfiBNL1vGvOVnEvQrB_q0rcD3ArALfSt-6Y-qmMXljhPQT4ls8xoChOQ5ehCQJDrjDNRsGAgTgoMex_d2dwP1KbMrU20R1tfS7p1gfhIIg0wO_yH5iDy44yD8nO39a1jhqzSzXpQsBB67ZRTFOTxr18XxOtWWejeAfi0RlbT33uLMnWqu9diZMRWlleDy9QIhI6gGlFrXvFfit1oxroql_TG3lKd1SzIOCmoiUKQfeTWNO31qIBIAm5gk9btgeg467V3l5fBLWArkIYcL1KaSYFt4JCdLWuhSHqu_Z07W2Uuuj0q29pWN_r95iR71vClSfyVkM019rwttcJ1L4f8EUnItcVbUPHnlUrn1M2NqXKOKmq33x5Lz2QW69vl2Ox4UB-CbxiS27ztRzf6qij8j1b11hPU8fni2IN6myq9uUrG-aEIdvK-L9f7QNOaC_donWy6jboM1s5Vkp8O1IYW4XtfaEF7fIlRACNwO2d2_DVVuG6FdN3DzhJ6TfgVTO60cftW5chKXdt9J66VK1Fb7u2nCgrTb7Nkvx3hRoK19rpSuRjiVGzuw9gUS1tI20bScB9fmW_DTMGJlNFZaIsbDBuZOMpzs0di6et1ziSMnhBbUeW1WMorccB0NWEsceyNF4QCiaP4Lln3hUKZNsa0beuqD_FaKzQWX6UFsZfEonJay1JxSDvrjnQiPAtczrRxDekjSUgb00VwrWfYIVFK1s8mErMl83FrM_6eF0cDJ-pP--Q3FvSBC-MqMJ0E552EtzXZH1fVJKVRg1gARx9D1uph9kGZF-nWgqlCo0GelGxRKpc5Sh_iy-qobscHxU2FFaGvoWpYUdL8hEJKwPdTsO1_osHEsV5RcnvSALqPlPW-2N_g-g6m9OtmiHmIwoc0eRXLqkHHFz4SKKwU7v4J8Z4o0cVSE18zpvZD1ceUQ9YzWIisV8q2Fq6Ck3aIKAMk7s3XcHyzzebEuK0RraMCoPqEKLrFIkWLMZcwadNgmyEeOM8w2ZlovXKf63t8NLQkAEDysq-pWuJhTW3eCcf0gxTGKi2Md2pvTLw6YaAENY5QJX3s9NNlBmk37Ox-zCgxLb3X3495Lqisgfk9b7kfwkyR2ADTk9rxwx7WxSqEwCKWs9GJ2ndCyHPl91XtmRKbDU2k_ZJgHkIv7MpAH3R4OwpyKTAqE9IbgrELerrB2-kknOUMQs4NTATLAA5iy3zRNgTfOBhLcGf4XM3xyzgrjlupzAcsC2jCJjC_3nqTaDdPl6RHiay4asJHWXHwPz3AxQeE2e2apD3On64FUUxeMy1qIsPvqs0hZs8-d17R4q82tqO9GEf8C1sZ8Hs5bMDrYmWJWIWosK0o7uRFtvSiwUUhhND_Fs7xO3yJLv7Mo47tqdURp4_S6BR-mCK_aMj-q4F_K4oh6MZJV_-pJ1_8zOOUzbumR6AJlGkUHx5QMkurUEeIuW0FTplCXgWJeo5M-UZWdng2IXt99Nqa-PtNW1FEJviqNR3Om1JQuW435973H5KERMefFGMbjSJKk4OTDLb9-G66WqyUQBSoCEDhwoIV7h7hc5EVPvPZeXA3h9jmt_k7fhqv5sUQLFjYC4O8grIjHhPiq-BzvvawpIiJvzHGJ1E2AFMpwrFRF5-s5uGNy3oqSgzz-maIZYc51gSYqwtHkDjRgSLCHrkZzYA05WhqIqJKKq-KkHKh00d-ZDBBFRAJWvNVGSUnPJT22j3u0I90DxHIDioDnm5qLfCIE3lK1ynCHTTaqH6dqWPLwSl-XAq0DOL4FQI-TrjThrI4VCK3bC5DK7k_lFPl2mGIC4ibbdDFP80UfhTyXauOsbxp8SEFCYPOWGLozDgNPAjyEMIGb7DWpatzJuI_vYQl6OcyieyEoHPmEZL7bz1ZF2sW_ZovSC-VqB6tsQSLBM6gP3BUAaJd1RlBbqS1RJeyMcUZlk1-bDlmDv1l-hyiqA_5l3EhQQlBarwJRG02A9EdksXBll_6Jn_H8T1k_ITTptMz1YTvHdyXGLreNNRlNtiUI9rU2mjf4TcWYmws-pzPYmV1U_qdcOBtffWMtXlfdjNx86ThNMU36Fm0zrLgsFonWSE4cokGTdNYT0OOjcdUfhngmPXdO-Bl4k3NmMv9preFfJ1Bv9MCglSgQdUfNKdmfTrKoJ3Ta7jGzTSr_-T5QtwKUAmKwwcx0HYCRvOynKvNLAz-Ym7cbJwItfhP6MebtpcX03fJ9cr93ce0BiEOfEi68hSwkgi6-4yTuz2uv24plJOkIxCI-vc25jSEwvOm1BArIwHnTiYYqugnP8jW2G6MLkyRzEBT2w9Ybub-H2_MSbMMRDaqXyC1OIjXQI_JKdDk0gmQ2D7Nh1ski37HGFzkvnQX_xYpDXnzVoMgLEU-IYEelJ_IU29HCHhjSrCqHIq553VbrVyee-8Cn4RFvhw&cid=CAQSbQBygQiDRcho2pdN2-l1oo-cj5JmgCafsCfsiNnCk_yxFjv3Uv4E5h1z-lGKgR3UpOMbdWYw5WhjfTynuNMdqkj_DSkGkm_fLwww8zKftEdPIisZ7sywxh0Qs0i3RGPHo-eMvYo8pSMh6t4EUnEYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=6596198850483686000&adk=212707235&idt=112&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:19:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78325
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:19:34 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame DC56 30 KB
11 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:21:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78223
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11398
x-xss-protection: 0
server: cafe
etag: 3934322099733601226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:21:16 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame DC56 41 KB
15 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 357144
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jun 2024 13:52:35 GMT

GET
H3 200 container.html Show response
b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 72E5 6 KB
3 KB 11ms
10ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306210101/pubads_impl.js?cb=31075547

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:58 GMT
expires: Sun, 23 Jun 2024 17:04:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js Show response
pagead2.googlesyndication.com/bg/ Frame CDCE 37 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c0b531ac93316525ae4b761dd288f6e22c45dc5e36167fc646fe0918125d81d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 17:03:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 172908
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14697
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 21 Jun 2024 17:03:11 GMT

GET
H3 200 728x090.html Show response
s0.2mdn.net/sadbundle/10596822557170597888/ Frame 4EFC 47 KB
12 KB 18ms
17ms Document
text/html 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=xKKNQixwyM&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8fb600b02fc75812932069a9f79b2132dffbca1cd735dd8f8613d0f2850046d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:59 GMT
expires: Sun, 23 Jun 2024 17:04:59 GMT
last-modified: Wed, 15 Feb 2023 15:46:51 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7F38 0
0 54ms
52ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssKIkaqT8-LKs1CTNGyz7gdc2fMBzC1EPcKU1V71D-RtgggmwlrbZT_OC4CQTULYTLk18UtQrIVW6TWYX1F4NpgoxfF_qxBbpE0CbtYIie4JkMrVwO_qhj71PxrmlNf0iBpRr43FeOIvA8fONDlkq_GSSgidgQmmB01IdWwntLpveBbXU3qS4C-eaCRTnzMcRd7xgTJwwPCNcL8-ROgSlgQ13minfWdeqc8lN7nuabb6vO2JYkbMMe3S6p5xGKF3rVJEVutw5_38N6jyTk1Bn-mpJcNiVqcj_dzz3hNNdXnpzkf1Jq-9S0DzfqHsN8KI9DZF-7hC65kAOnFFWk2UnoucKfV4o6pEASEzpvxlxnaXvMTkAZPDAj4Bn4whHckAljg7f7Cr5i82b6ZtJ2HkKbq4PxfBX8VPTuxyjY_PuzpSoRI_wWcKHD2eVjMOAAaFyC13waCC4Mh1uFAlRa-n4_6yklLOfYg4W68yqkh_2gVo3SaxW5bS9HzlOfGQS9aeI2AyDh_AnjxYadv3H1Bu1Q0P3OE15gN41GccPwCVyUzdBN3Fbaq-cYjNfXfxTvysMswfxBiHfPFydBprx3DsDWARV0m1NfTMx8Efnmje4naJhEcWJp8nLhrGRD02RCn7XMV5OQ0lJcJ8bLzOvjmdrbLo4W9e70x0hxCxqAkE9jKlWzhQ4xUycEOiQvB0QvdR7EQ-k37WzBkFw8th4GBUgfrZSPL8hAUHOT2dIm_B-j5bDh5oUhnMhMmKtmQlgQ1statSgI81MxyQh8ZPub-G4Xo2C-Hqssu_6mXOSHePIsicBgUEIPh41uPnXPJq8VWf2UlSWKeaNn1u2c0zIPx1sm11qrxJ_jVznE2pSXBhVBHZeO3RE9AyOeReiZP-1O-NeqJWeNN719M_FWeRDYSe_SymPL4u0SCTERFjphzqqOYNvGBvBAM-UlIBW-d0m5O6hZxPVA3ZXubkn1b8K1e1UOswKxnz_KdzBNa-QAvlhk8Y5kPZ0hA9I_CURrNSL3R6TI7M5BjUdj7xtZyM6LgL-DsCIBhgvBBGqYqd3rsNi1booFFDcBHiSf_jxWaNWZcoIvmq_vvPLEvLlyeKfYnzeXDzFfK1LZ_Dj30-da8mHZeE0b29sATz8wg5OCJ7VcQ9U3S_EOoR-RTbn_74PTUy2zc1_1gpTlTmqnklvF-Zom8ZKwG7sMRB-H1kjv_K_-WmAsdSaiBdJNDkTBEH9V_9hmwZWe2dCG_WMU5w9itaKTVuIQ4yPm_jK04Yu4c1wvP3534dzYjce79hx-y0BCqj1qTc1ATHd9kOCuTrp9NzPUuJ1YRt7x5_cdffQ1yTvITl55zcWAuHQb14IKlX-2KtWmoEyyhf4A_QFFzfaQGhkY-&sai=AMfl-YSf1UjZa59WHZK8OQ2s0c525hT3tZlo1wepWvu_D6-c3V2nCM-s2bm6L9Mj7l02Vzo4XcZ3FPU9sg0KsgW_JwDc4Wk_LN8nO0I5lVkfAED7qpjdysegXyWZAxMCtTdevXy_CSUxHapuUZ8ZFS0pFqY8unJWgzHa1PhsvElYDzwSMebq8AC6Mi_757L_oSQHl9B6AzldCyNHX_41-snMkoJ-CS8jq-SN-t2j0lwmeQOfl_Xj-GLYUtMmAesCOLdlZJfLysROiQ_38rNGPN843PpHs3qBC5yy_bt4ZMRAHjA58r0voZGOU8BoF3TVxb6JUGMokYynmdvcQ-wNUf31ipkgr8YT_mFSffXXCYtf90W_ucux8LrKpkEh1eU&sig=Cg0ArKJSzCr1D7cjBb5tEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=100&cbvp=1&cstd=94&cisv=r20230620.35389&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame B7FB 172 KB
60 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Origin: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11544
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 25 Jun 2023 13:52:35 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/ Frame B7FB 11 KB
4 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ClXTp7KePBnb9e4yRMkIrbr5oaWnjuPrlUCXoAaa9d9HHSgNs5bx-jOxjWYVI8Jxf9qLBeMM4MCZA2U8DllMHXxGDxg7L-vGgjhxi_kRaoh3fXpS97Ojnb01rC3viHSbyDXXSF2IpQs1ysfQJ77uNJIyoU-xz0szXBh9x4qspAeAa8miY&dbm_d=AKAmf-BBZC8I75jSLJ6BIKGyjByFrbUVtP3GyK-JVnCrvgk3qrs8IUgn2IA0Sur4rDwvqkIP1Ck_holinYt6bxkyVGzlXDjj3ir2xWwbDrB8wUOJ6JhNPtrQCzvk_tCdcYDdc5c9ZNVmBQ055zWgVLi2_ZVkXTFFD4VR4ImyVpG7m2Rqqi9n3V0gUEO46-PJS6sTa0MqnMOLbJTH8H7gbJmVzhLWnorkZMPbI6jrNP3AJrLCK8eUBTDqYE_ZMQMIeFpPwm7nZJnNXJTaznk3N9TailRXYy3c0YkQXVudY1CW20jjO_Qfh7ZVI2qc_lndvcey0UCD-niYY5lKv1xo1a5InXTp1qNqdYIrdnzSUoetX5vTMzRH2En8EEDo6HkqKKryU9kH-kn2CCI8wuYjC-jUITPgr9Qm0MgaGhVtHdphtOuzVfcab7kU5BJMglPj_S59CPIrRRug5tJVac9XzgcxWTVHocCkA4VqYI0INUiHOtePgNeUp-1BtvNeTg8t1PGKSLqvS0enbSaPpLtKfEsm4EuPkd6Zr4rnXsacmjXno6bV43eX_JoM8qF6nuNzOGLjG6iKPAUwidza2JA5BWJvCzCobL5dsERwNmH2i19SLx_AIctwJXA7vfQa167FZjxdLuyaqvcyJ_9vyo4PAifRps6toU_1LU5ByIwacXQPvevbtOAq0CNFbrhhKXnfsq_fpv6DNoCf16dBOOBtiATvjl1xkCTUYurUT2al0dg61Vi2A3-TKZi6F19CIpf5TTfyJZGh7RP6RW04MWumabf0DLPxDGIotPxzbvF67llmb-hc8DalXtV3doKQoCOD4HtZHm5-CMNtpET_jwPOSR2o6zYzxrOw0zy0hxyrQJoEBakcJhB1_OEEXHLeHLTziYevoKrD-x_PhJlEO_a4pNgvJPpwYs5YKGuWMrs7eY5_QtTC0An0tSHAhX1ruzYALlhzvwLfOKlEHglw316Hpl1RZSA9wwSfXXCOGKC4iP4p02YQFn8MuTQuswTSgeA29N29HCq_YjqyRmO3YCQbCUDXnZs9kBOvYRcAkJlSaE4wr16xGbe4GALNMAphUA3p73q4AgxBTIpLJb-mewu-2wKXqAL0hmKye-1QBLR4wM2JuHEHrH8jM18LDpvQIFz3Oe3GDle2TldnRQSfw0uvOfkifssZpo-2QlNEHKncARZdIepyTjLrhzVF76MVKT_TzTW-S3qlouRvN6HUUh_AsgAIwclg4xm7vBpPvvJWXxTYMSivQO7Ze2BSfNGwSiQ0mxauZnZpjwDUDqPZLQJZZVH1kGW_VGMUJLJxMc2y-1t_T9WhXzyN-RRHuQb-ignhDHXKE5v45DFMMRh_7M3ubHyT5qwUZGFvcK7XBvtnUHsOzQe_PgIHzshkhoflYFLHLW0mqTECT9o62pzPB5VzLlaccFChdIDfFQAUvJhRFfEJIh30mPRQ_usZlxs4Rg07fD3ZaUwlCVVnlicu6Lj9sJ41OyQ7yN1rBqGL153Jtde0fANLU80JD1CpnLUDhv1lewqjdh1IfDvOaN6bX2AmHn1-2hiP7Ug2L8KICETNfGblEcSfPJ2Umy3k_-7SwxzmXtoKPDzd3-YR5ZiJoAh1bOca3qw8XF4u8VY38gBvbSauNB0NyUWaJON_vhk4JT02yS7mAaH3hLdI6Nvzlu1nHSCAE4s-_3Gcq09FvtyAwF2WJ2Wgjnily-xAS_Ga-9KyKpY7Jd9LIRPQStAkkkRQT-rayO5NOPN2_gkcH7Uu4XO9vJ8oQWUfK4GgFg73cFVF6GE_PuYSfIzDSBL3FR_QNFWVmslNy46aPjtOjdkJGGPZ3mkCXBziUisBCUXBo1ac9kyVRth0e2FZk2wPZ0vlBQjFUqqo_cOolsrO_vyPQfaskrkxoPVc-kZaktMeC5wHd1aHLbUXRi2FIBnssdmGHZS7-RzMy4Et8REXpiErMdJ2D01RB0SNiGzrdVAxDCKRwNxyg78O2jlyGOoxh47id_75Jv3BTmigvmpEblYvawBbl_j-elXUQeDyp69a3HLVYOeHdtWOiIxChqU7vqDFC_iVvz8pSKiOhiO6Ir-RX1BFvxO5_Iq1FSTujZoxW3E2R1CmoU2sa3iOfmRHjv5RLmAr1x093wXC16jX3bmwwbnr1qb2mVs4Is-BJghUVIHTT_SDzWHL2Eys6PkIgAZR20fpj01dJ20gyvtIkXkQsnZldk2e6qDeuv9FnJT1-SEdAAFFsm9R49pKqCgXJsVskFrJplgNHAVYW1dk6M20qmqqJj5NG30G_QRtXxd5oCRgXeIo6y8zOHmvDyC3wZ0VU-aHh-jonN517N-X9NTAPvHLOwHQvDtb8oc1erYNb2sQs7KynPxlJMaI3iXo_o_MHRqBeboRCUPUGSsmpxmypqoRrpM6Od29AFBGWeqtCe9hL8FS-uM0C6v7RZ_tLDsRQiuRwqnp1VL32PtNDAA81OOfdTdRvo04F3yEo0GKM6aCK_GLh8oe0u3ANzf3oQVMWg-kFKVgtBferVs9i2-4JlYXqH4v3s2NMTUYA1lLQnPHZwMMmAYE8T_u_lhb07Aar_ysosIhDO4AUVuJZ44agbfI_VPVQZ9AWx-E16BJe1LrSp0G38lzDX-r5NjXp_ZCMNa7Yd3n1VmvkRnJSLdknRVDn30H9RGX-BvqEtibAJcLuWEu2iHbAldTOcyUpHCmPkX5-_CqrpWIt2ddpA2ChDdtdRwvZr7iY7OkhX8fa4njCfCE3yGpv2dQMWxuM71Y81JzwUyhIVOZIMNZ7GCGBgSKiMa4PacZZ5UhdNdz30UsxU9nDJX9OBOC3TPEht1oBJsmFJj8RlB52sLL6rzCUKklzN-zQEOTgB0ye1LHdz4BvdDWjweVPKBMa58jyVN6nGwA-1WSCA6ihwxcw_tuknxTBQrSiqtZQjkU8KPSzXwJfTgjf_xZjB-bZkAf_L15V3mN0QssKPRINETvje2hAwwOQWy5EYqHzVuMmFFvQpakfuFZwcUY3tvzC4hYcbAxPu-mte3UnKbhz95eKJMPvpiTbMRks7wiF4fJVt2k2c_x1PA5ITlATmsA013r331VD6awcNZcO4YEUYG6MWjz0nAmrWXm_XYqzoRqnXEIFuhKbpVnJ6jJBdpJnINWv_dNSBeruJ3-P8rP_ngXtikfb4-mg3e4sCK1Bc6_kqWXF7t7DZ_1aHKt8Ly9nCsb4aUv8F-HeHn4ZfMgwIbNcr6ydXYcXVxdT7s2yIvwBD1LfsyH9PoYejsR_TAHb46rzebvpUMeWdz3ibudTdpX9y6pPQS_terDVnoyGNufyk7xM-rMcAql3Wulz5znITXaFBiQkBhqg9QPFWsHDIHVA8t9m2DNpqR3aUqMA9AlTFi2gaQNIpHLhIoXR1gTwdwifH1_g2KiK3j65Fdq0Dpgx4Ppbpjzj7thXwLMrydsj0kK63zcMrVKUxKrLXJ4LGpNZmZonIwj0vqwMYT9YYlrTSyU4vsr8Tzux0kpVylGzN9joOfX7hhCMQskOhkounZ-JvfVINVKF32L_Jzpu1XJK11Zr6tNaEt8xw-6hNPpy6T0h3UrJZLTvVZlh8MJcCXsS5GgQ-VVr3L_zSlac330IahW8_hLn3K9xXbo1sY&cid=CAQSbQBygQiDuU7sNnyhhquJ9XY9inGbGgTwOGyEuRImlKe4TC9dXsLyo_w4y2wm-OXKpfOchiTXzPrZvMQMelCgj0wYz5JhlKu0vkJgfFrqr4SgBidcOWHcCIgy2knhY8L-Ebb75e78Ik3qNFzE9GYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=4074796012635077000&adk=2465470143&idt=123&cac=0&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:19:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78325
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:19:34 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame B7FB 30 KB
11 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:21:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78223
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11398
x-xss-protection: 0
server: cafe
etag: 3934322099733601226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:21:16 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B7FB 41 KB
15 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 357144
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jun 2024 13:52:35 GMT

GET
H3 200 styles.css
s0.2mdn.net/sadbundle/10454987525626607892/css/ Frame A542 6 KB
2 KB 12ms
10ms Stylesheet
text/css 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10454987525626607892/css/styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=IfwNYydE11&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

543d48d1e079fcd974d371768fe777a8c842d99d2be67d10d2f0e946f4198ebe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=IfwNYydE11&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 02:34:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 311418
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1560
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 20 Jun 2024 02:34:41 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame A542 120 KB
41 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=IfwNYydE11&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=IfwNYydE11&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 13:53:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11516
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 25 Jun 2023 13:53:03 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/10454987525626607892/img/ Frame A542 5 KB
2 KB 14ms
11ms Image
image/svg+xml 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10454987525626607892/img/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=IfwNYydE11&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

312ea37c961106b2df0601ca18d37f89c74ec7b28932d79c012c0864169a11ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=IfwNYydE11&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 19:24:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 423604
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2331
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 18 Jun 2024 19:24:55 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame A542 60 KB
24 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=IfwNYydE11&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10454987525626607892/index.html?e=69&leftOffset=0&topOffset=0&c=IfwNYydE11&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
DATA 200
OK truncated
/ Frame DC56 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2a270c5c4ee5a6dc4951c3ca8ceab785c27786e3823b1b9a06f96ae6611ee6f4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame B6B6 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1cd071e9d070bce6489af449b89cabdfe9b1851cbfb04b72becfb9ff0509336d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame AE79 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 19bb6d0a6b83ef7339494e17c0c1842b16ff4f51c1daf3ad1e17dfc91d6a586c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 11C9 107 B
122 B 17ms
17ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306160901/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 06AB 0
16 B 226ms
226ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407280060&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687626299170&bpp=3&bdt=179&idt=298&shv=r20230620&mjsv=m202306160901&ptt=9&saldr=aa&nras=1&correlator=3947787696511&frm=8&ife=1&pv=2&ga_vid=105568830.1687626299&ga_sid=1687626299&ga_hid=1652697002&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2836371973&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759837%2C44759926%2C31075412%2C44788441%2C44794789&oid=2&pvsid=4500014196868433&tmod=1285845116&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.iofavtxybwq5&fsb=1&dtd=310

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8CA4 22 KB
8 KB 8ms
8ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 357112
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 13:53:07 GMT
expires: Wed, 19 Jun 2024 13:53:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 4EFC 118 KB
40 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=xKKNQixwyM&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=xKKNQixwyM&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 13:52:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11543
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 25 Jun 2023 13:52:36 GMT

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 4EFC 63 KB
25 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=xKKNQixwyM&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=xKKNQixwyM&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7F1E 36 KB
16 KB 430ms
429ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198791085&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687626299173&bpp=1&bdt=182&idt=325&shv=r20230620&mjsv=m202306160901&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3947787696511&frm=8&ife=1&pv=1&ga_vid=105568830.1687626299&ga_sid=1687626299&ga_hid=1652697002&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2836371973&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759837%2C44759926%2C31075412%2C44788441%2C44794789&oid=2&pvsid=4500014196868433&tmod=1285845116&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.u4j84p8ybqvn&fsb=1&dtd=332

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8577e3f6e493ca770fdbe248cd041882e7d23c7ae4ef110c148c5b2094e9114e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 15866
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame B7FB 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4030c5877b59dd952b14df61d5059dac76d7b3dae4557e30376c0a9a0d7c7e1c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 72E5 8 KB
1 KB 49ms
19ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 24 Jun 2023 15:10:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/ Frame 72E5 15 KB
3 KB 10ms
9ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.css

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d4095ea226f3f80d6d4fc62e3737dd5107fd9d4aa4a443cac11378b102f64b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 05:06:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 388733
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2883
x-xss-protection: 0
last-modified: Wed, 17 May 2023 00:43:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jun 2024 05:06:06 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/ Frame 72E5 371 KB
127 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

464be521d749b2ba1c7e8c1f87223b56a03ee0bd05484baa0e9067ce9eb9d2be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 16:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 346497
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 130330
x-xss-protection: 0
last-modified: Wed, 17 May 2023 00:43:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jun 2024 16:50:02 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 72E5 19 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78321
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:19:38 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 72E5 24 KB
6 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 277328
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 20 Jun 2024 12:02:51 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/16325822350322053850/ Frame 4781 4 KB
1 KB 10ms
10ms Document
text/html 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16325822350322053850/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

259370cf0a380366a96e31df0d482d4d7c5d59f52788c3e4db0119493c8e50cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 357887
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1306
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 13:40:12 GMT
expires: Wed, 19 Jun 2024 13:40:12 GMT
last-modified: Mon, 15 May 2023 15:36:33 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B6B6 0
0 55ms
54ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssRbf7T8CCBWBGif5Of7UPC69d13V3q5o4aMZus_opqvM5MvYzfbk7L6DyzpAR26bN-144ybP051UOUEp0b8eVOx-qtU0MdFsIFOVowAj1QC9GpBRbOtl3K09j_6piE6upSzRrxF9jvTrPGLg4of4FF6u6d3xIVZT4Xej1GtO2hi6ZGmISaSVe4Ah4Qjx5YJU7OE-u8mYdOycGRyhyzkFyM52HQuGXqtwcdC6Vjpl3IiprWHdLD-dpIisD1R6ai_vDRixM1aswX2FcnVgAOKctev_71hd3rrE9LepBXrDfeOWW3mjOycTx6XyefBzPw4TVG8C3fbEqAf8rbzEjuxS9c5Q4LqnsxSvZnGLtXVhwtSYEQzxkLnRV7JMllbQCTjBvXSSGaAFPylQrxFVdJYKSMcBY17kyaolIRtl0B27surTrOUJ8HiZkhTjORu3eMiT_YPufxQrkpHRJFz9HtQ4FfuZnj8_411WzHaBDaxXYDR-JLdbbJkLM7M3KJAo_0eKCFjvt8SwpBO67OrVfE03gMNWWTjqBFqZ5GCfCy522hd4s5ncXtZ4IjixsyCLQd9hCFkWM4LMEVcpr0XLQsWog-jleJUO-tl365CPROZPepqx4ONMUKsHRTx7OtaF6fVUuxC8IprP3kVMOH3AcrUbguH_QluyO7XBGQitq4g22QnvunTQQ_4HGjq4EB-RhoOR4Rfze2ChP610YeOhB25SvFZ7FJDqCPQ5CRW0Z2XiFmCiBB6CA7ih0EE7-btyosRY2Gq5wnuvdkgC0aukLg4ZcJbtOuiXVZEuOtdH8STpl2ycFIXk141yWc7iTael7NwYQyrkZANyGEqDFJf5bVYGmswhHvCkc_V-Qui2XIwPNqqFMBq_byvaoYEJKqaFYGD4ELB87L0YGzlsxnfo3SRP7cTRiBvgQ0qmymRf_3zGBSX-l2IryaawXFaQphMp6vz3_M-OBOF-PjNJ7LIdKomW1E2TtsS72QDksgxHwa7DXdlkildgY4ssyQLDleY3_3A6oe4agjNoiPVYC8fn9cIdlI9XnHnycIkO2nQay-Z_Dd9aRrZe1Cmj5cAwFgPn4qUly90ceEKZMDSK2_MQDxI8gAmQ7vft1uphUjGrUZ6ve3qI0kKqdK1NWc5HqLRaySEk7lOG8LpYOaEQ_8avYPc_0L5gxZDMR_4xCBbOlKRdG-Eqq2KlNUKHGr6eNWF6hNaAlqQHw-Ak6QZsxkMUS2c9HkQ_fBXm62GMz1pTEo7iRUgOLydtmp-FFWkNt0WncO_8Q0Uw&sai=AMfl-YS8agbw7HuXTGlZb-peEdG8_MQGXZyNMYPcMLuVQCdYMwSNuFI9H1cI_g2-HubabTf9n2wJgjcaMc7DlhpddwFzr6iqhrNNTJgzTS1uZs-yhz0tBOkflK3HkRJZbZbt8GySGhZ5QF9haxq-om7VN3DFC6eG2NqPnLzrMo1o8MJJgBlHuOzb3BaE-I9WEHeUJas-gsIi2Ke3vIQwaFA2HQe-DSa8VAVsupQJc29zC7aDEpGzM36S26JgFAuUsIM9ELz-c9qUPM1BLbUknhJqniKPqfxOfd2zCjxo3pzIy_26q7zDnAZNByhFAQTa3blB_MNWMIQAXqaMYOfWzq1lWLWGhA80yTBlnaQ&sig=Cg0ArKJSzNR9o8UaIjdpEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=110&cbvp=1&cstd=108&cisv=r20230620.80028&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
H/1.1 200
OK tag.tr
red.vtracy.de/ Frame B6B6 17 KB
17 KB 71ms
23ms Image
text/javascript 3.75.5.170
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://red.vtracy.de/tag.tr?tr_adid=k29986329_s3021957_p367017832_c191767345&tr_mid=0&tr_sync=true&tr_uid1=DC&t=2323453819&gdpr_consent=&gdpr=
Requested by: Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.75.5.170 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-75-5-170.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 24 Jun 2023 17:04:59 GMT
Server: Apache
Connection: keep-alive
transfer-encoding: chunked
Content-Type: text/javascript;charset=UTF-8

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/4323423352959208367/ Frame DF47 15 KB
2 KB 28ms
19ms Document
text/html 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=hVNm8hCwMa&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0486d620f8c483ed0fa8b56edfef5799ede455138606b4392604174847199be2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2272
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:59 GMT
expires: Sun, 23 Jun 2024 17:04:59 GMT
last-modified: Thu, 16 Feb 2023 15:59:28 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame DC56 0
0 58ms
55ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvXLWi7qoTJRJU-Sz0ZpB-TJgkyFk7cMLGgB2QSk5MY3vfX5B6simcr3mHV4aNt7u-e19AVt0iNIlv0RRdf0uSgXJm7SwZ1gC47m5lA36MQsrfE2QR1vsOMHjPxgcMtO4wbmRffgXoqx21ua8MFSwheb3ZtA8zE9ch0UlIprxTsJggnXdUPulTVnCS72_M2PyH2SLHNzFxEg8bhLL2TFYv0y-Pk9H1rQllgR98AIdVTdp1fijyIMEMJcXjUCdaF98nGCI3o7TnU4FtKhl_Ngv8aNf5aJVH7VdoUTU4JZWFIC7DaJuZdzgA4G3i9qqDeJE16h4cbMRN-thUdsbmvMt7uvU7f5yRbjCt2B9KcMLrFqc0R49Og3g2pYU0Ua5Abu2CgUu-FvmSy7WEDSp2WSlCdgeiXKao7Iy6JoVH2cHZC8CvujjMzaUyqgnkRGCbKMMRg0sRKUgTcSUysjcQAdfWA518OhbasatV63_n22G3tJUqkfLk8RTI0NpLJc8LIFs6tdWLNojtuAnBSHiNWIY7YYbkZo6-3Q1h4Lipa6gYZfq92XXPe17maF9NtiSaRt4QkyrArEqhqjqw6lE2evCLw8OqG9tfqf6gecxCk7Zi-UPjWKpyt4rvydjOfmD8OkRaG7rVVAm4Gdj_ZCfO2dfHOoiJMmJZdJXcVs9-r3SonZ5HGma6sSK58_BUg5le8QCjOevFvQBg86WXgFo40Tdnk87EusQQmyc3fym3YgdMsuPeJfIuUBCgoIilVH2JTSPVH4HZwnXwqRTt1d2geErsJrhXjKkInluOmc4P4Kdbk4lpC9w26Gyx0XPvZnKXpjGtteBMriRC-jLqWnyLGfIO8Ci4CrkX2XX8ksDtu_0PqmZpC1l5nge2g8xZ5aTbd78h1mfxA7D42Qx24C6E72zfs-4u2pYmiA0INbyFFk0oEhF30eeV0lmhYv-EBAdHMCQIjI9LuPwx_lLp0IuIbgECh4SE-m7EFAUbMfUd5ZLLvqAT6izp1AqVkRjaThGzeafjVAbIOXOI6RZuS-ks2gnt-yut8t5IPTxJb_dOwqMTL1rV6nHR4N-6uMEBJ6CS-Zw9E3hY3DH8sxiJa7i3HdQ2x5k9lqBjcvthob7SDyMvVmR_f02bn-kH5_WSkhmBU1yYmPW13mqK8vODMoZ-1rmuj6hYpvrzctM5_13cIKzh_QvHeCmQxCkzQ5CwvsIoyfBmnerhEDKJg8O8aj5ciCzn6T-jIEuq5_2fFVc7m39HD6F0XIcixs48fSQGuqeDwg5sRpXbO7Ibu1ZAJWmWnMXTKI-aVK5JfeMUdeWh6loRfXBsqq11ybfZveKyEyIEuih3Z1DilD0_E2mtc&sai=AMfl-YR-Gl0N5lFYfM1FS-PWmxjWSJaTEwFKm9Fg49BL5FzyG6g2osU2tLqelbR4oaNa-PS2jjUBOALmyE-dSY_IQvCQ1Y2n-VzjU3Lk9N2QJifMguYFclMMgFxqLF62Z21lMKBU_BGJrDCfCXgDpeq_swbJmHe3c6jo4Q_nZ6CyoCm8DbjX88vw3MHFO40o3LYxFy_-o46qyAwIgB9MkoKMZgykmrgFbihAe7eTP2hi7QSQE2DiuqtKn-eT7pFgD6FUycoG-pRjwoo13aEeb5oIpuCXf-OQVekvCYGL8NmRe6fdrWrTQ4XaGiv9NRxJnT0wnMQP7h-FD7c9ehGc-y0ykZfYUqc-QCvIoXw&sig=Cg0ArKJSzJzmsGwkEZm6EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=115&cbvp=1&cstd=108&cisv=r20230620.64353&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
H2

200

4a.js Show response
static.adsafeprotected.com/ Frame 61C7
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1484055/72040526/4.js?ias_dspID=64&adContainerId=brand_safety_OyKXZJryCNaSjuwPzMiA0Ao&cbFunctionName=goog_wrapCb_OyKXZJryCNaSjuwPzMiA0Ao&true_pb=&adsafe_pb=htt...
https://static.adsafeprotected.com/4a.js

2 KB
2 KB

21ms
18ms

Script
application/javascript

2600:9000:2450:c000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4a.js
Requested by: Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2600:9000:2450:c000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 17:21:31 GMT
x-amz-version-id: 6WocTuTK89qveTBkoZ2Yz1Xyh4dBYRY0
content-encoding: gzip
via: 1.1 abdcba0f82eaef3d3aa080fb12ca873c.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P4
age: 344609
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 20 Jun 2023 17:21:29 GMT
server: AmazonS3
etag: W/"589d8955c4906ab1b8e63a2f92d932d3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: iPQqJly_NH7vexHIobCx-PycUvAfxlgYP8hsAjVfl4xrqdvEhioqGw==

Redirect headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: nginx
x-server-name: app19.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4a.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame A772 91 KB
23 KB 70ms
20ms Script
application/javascript 2600:9000:2450:c000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2450:c000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 abdcba0f82eaef3d3aa080fb12ca873c.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P4
age: 23851723
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: L-En4LKR0g_S69tA-txmeuCvreaXybV6t6hPjlR5vueRob5GMPvwZQ==

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame 5293 30 KB
11 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BUrqGbbjhkxWP4Oz5Xy6In3gg4gMAfwCKH1iru4ie-QVnZ0kvL9vyHV2E0ssdSssf2DJGhstGfliycg3oKL8IqpjeR1A&cry=1&dbm_d=AKAmf-BuYjU-pYFszKE_UgndfCELPx_UWMLJ3nw02uhJWvJMPHQTflQLItJghttzs56VieybrDvAKyPsuCWOjSa5-NE5Ix__YbooCmKF8nGNE_z_mw7RYAlRTknvOKpaB7uXU1X6u-IB8HXSRlydbQBUUJrwxTTEiXWB3iqymu0M4I-2LZRUEm70fa_l6rEU1rTEc1-XhUmmsO9OYQnBeeXbSCCSxAz9MlY45FSL1O3h24rWh7uvgc8dFzI9aDlTCom4GdkYZwCxuo7YcDze5b8sF07i4x6NmldpWeWZg2O9lpUA9YLf0MVPSY-dBA0H5jZ8n3ZN6dEBGn0bt1U5V_sOuIDnKblj5juifqUxbJUGTF_4vy7b17RPxo7xkIAsjtYWz_mYUm-SeT1l0XXt_xErMlr5UrJOcCxg0m9k8zQDD4TlyDPVYUMnjGYgujoWpHmwJlepZaVBF0TDZu9azwb6qslEv9clLXa1lhttjUZPsLQ3TvcPvadIjKZ5eU1ofY6g6q5c_guqnBNpK160O9_7Mpx9poYjXZ1iJFWNRiWL7uiFWP_9-ySCDicKLL3SulVTRuPp9Huhz2X_JMb7X9I0jbg_SGckXRgHHdyRh9MA5XCH7R66bARFUC_GUK8Y1mgrRwzvZqujegrc8sAoBsj2k7k5SbK1b1o-_TMX7j_UmIM1AoKMARK-M0Gk_5nfC4jZIM6uMS3Vy32J3RW8VwZPlqRYPa0qGBZ1zef0d6baFZdOEh_LfKZkyrTmb0vFPu0pLNPNZed0JjHJ9MqPZJ71Sx1qAYQn3aPJ6vJliuEizAOica0yy2KAzRkuB8t4HC7rkgdMGwgtHM1zcmKHgxD0_JstC1BxLv6vQ50snVWZdQ3cRfqAM1zvq7nz2qDXbNHEZ5MlT7mBPeKiuUvyoaEwcJ4pGlW5rhWbETkDDN8zYOAJmJfYJfT6wN9uioaK2uzFte-vifGDqccKPRGJ_XoJk7VNL0jkcylrvCHdhGd27sbM8uYAFcPvSNUuzubgfcWiT7Eis9HQI6J76uocen5DqDss88Xu71NvBn0KOy3wf9aTWwxF9PBuyl578rHW4dUPZS-_WXSibn5LGCsDErt628NB6rfqXlkVPK6QsdH4wxygiqtncsT7cIgZYK2TFcy-vvMKrFsQxtrSmXzg0ZPt2nb4XUHwpUCV3j5vyUPGqG3h5iqIseOxTsoDi-uWcIC3FwkUhkHw4SNc7puSNtS9uztBsdjH-F3-AzruS0zHN-zy1stSWO-m3kOz1P8jvsp2X5wz59Pc6Gfgl871MmAvMhH--j7VZOTxYqgCr1rc1gWM8qaAX5ZmKjjtozP7IarIfkqIiWyuU86VvqwfOekMxBZeedYNx6vvdwvXRBo8EDbIygr4vePSGIpBdRFTFHojTEbq3OvaCLeOhPLXoRjqRnbQfZAC4epAcIe-XeYidq_SqXrbvNeX0xsoMyF_A0ndPobdRncGNr7KG37_DnsnmqlbeIMDg6xdlW1IW75Bn5PZ2qw3qjonKlqvCZj36azl84pXQCtgTxvFr9-0XG2L7sMuoVbHPvyw_JTOb2E96MVNStiNpMBPlSRqIscIhFtKepK39EWeAcNZfQlidO5bvuwD8_ZcB_G2HCdKPKttkZE95-d4cO6MK5RBTiHTC_iz15fnXuQ6usWa4DizhCpDZuuTWbYPLBUUPSvJLhHD-q81w-kyBAfvUSF4f7-w43A383ROZr_n8GTvt04anqIY--7c1PufwEzBePw1Q4XSZ8dYFkZVyKMWL_5jjR6bvIZEJgkrs2iDhjSYe7-sVuzXDZigE2CNdDGWOUv-1KcEhL3kVeU2e74Z5hAf2XRsU2qOoJEJZcYsSSyxkStFA1FS9AaepKa28mVwU3YZSl8FLKKkjQKcG054she4vxnetpdOlwHpqDWchEHQZmKfIIOXOB5DZriP9YjtQiDg1QqW3SnCCyK0QSrlpdh9_oD5lKf7BAcIqO-2MVM1vxSr-Cz7wIV_0xWwWYqFo3AETCE7LZvV8TL2kjX2d3IFXmkpxsmdHuvzruxcab7VciLDXNBOlCIGB_sFxjr6hZJRdRYJAIbdh_937XzOciY1_mix3uMtAx8954wB4u1UCT6zWRqcUSMEBJI_2G1873LijEx2GdVKNVw3objLXzKMkO34E3EkuCQwimPiiq-z7yQm-G9kpeZnmE5kMmqrnAXanH5Vi1Ek5cLTawHeKz0h0WS1fQzjaacOBcCDiDYs8gFPdIaP38zFQA8U6ZUbrbzfch-5Bc7t5jxg5mzH9Ui1dmLzcvYp-zxQXHxqzH92Z_XZ9RjaZRYvM5bAk_GQ0JOaVFZBnhR9oG2DIFLY6Hd-UWMabwv5KmHoe6XmWcWY95bIjlweOGTXu6NNvZL1tXCK_YTn41FsswWiT1cqlmEWeTDxhjmn7M8_jSHn4chSZ0IVkLc0JyPwUELvrVQMyrGbL9xKNj3j76e_ZfNcCrqm8U9rQOXKEn0TgRQfQc3YIb6-CDxZEYgk1l1GJxGkKaELI6RXNSqlHZ7FLK2GbLBib53E-fciS1O-Sy4z87jfTyxMlRYqDrEnQqRx_FPLwB6018YrmZuYcZG4cILvoyjDbc3FhNa1WEegbDSYTvcdIx3xZG2jXO0DPhkSR0zMEUDbwA_flsEaPk3jD_gh1Nx5EtrMQxyAW3iehTYD7foPxOHbV6mvT07rHfpCKdX9vnJPoFapbI9_pXlwsYzoOYSoXTOEoGlK_1cv6ehX7eI6IuQ1QXCU5ad1vi32n7F57LpYJXA7WpqWbvzG_E70VhWM9gPz0VZ19VY9UbYay_Ud4jnN5eWmQRvKMhYcycdshAOZ6_AdVxUlKz3ON-Ya1NtfOWouHrKG1FPaBL4XcK8aaMIYKDH4X6nC21JGlHK2fv_pPUC7PGQ1LLKE3l59AfmOZvM4k7GGvoODn22_qmZLE87ngBC7jBME7bYDAvwd8pZFz_ZUJTV8eo8ejfGiRsZyuUsN2w2OpB0f191Bd0PPsX8scWKzw1Zo2ie7Sa405c0Hb2y5uPGOdkllystDGW5qp8NJz2KrRg3I4IgtSBo4OpXBFuLcd3HxiKueqPzStFjT_mHm2RRSQwXMb8KYyNXb17GxBvGX1IfOw-NliaJZzrlQLFzsCZBUHeNiaprSeQkoxMxoUqblWmNCaSkTvi6nRHWoeJcyDWS5tEQ_VUQA9OA1kp3VX-igko3foLS6JdGSvcK7gCPY_yj9H5fmXvbSHWl33aVSfx9ptZmWauTcznVh8TSD9XvlkpyPTUnoRiSVV6s4JRRRnuhltEtC-wmaDUblA5lgV4MwU5BIPKCCxtvzTwdvntnDrxfAKYeH1s58VPnRij8QkODBB1Kv0kKdRlJFgYqqmzoQkfVPquPXx4UIl2FKo0ifxiUJP_iHcPUNPGnfEBqw4lLpZHJgAFz_ADSPleFqQFugbRWDTxEyI7lyinxVzAbnfoVNDYvLNIKMuvkZf7n3IMQROuem6ERFMxvn0sYd9eTMhuzaYrSsbx4EMbmvih78JpU0uvsCXYaLXk1oLNiW-HienJ4OeVAt8EOe8ihVcUX-z6DTsDkLRjV-sN9NJy_c0-Mq03BkIrtxKcRH3mqfiWVoBzsqBodolDVqH2KiohRxAk8w1zhF99-_54keoIhdGK1jolCBemrOrxJhiEjFGnQJh932OwnW1pa3e0fAmzOsyhc_kRbvu7xpIpXhRYgcHZxtADqb4kKFBitbTxq2I6ikjtZ_VA7E5Wa340VQhT8Pz0znFU35wwRAbn42ZPgPANWGTkKi2txxzJYdP7NmaRPrJYLNIwmBd7D-qBb85XHBPJgWctriVzfUcwOwemp_pcT92U-8WOktIk-e7HVDGFRfpvvh2w8iB_zsExmc8uJsyHSIXW6Pv6XLqgaruFGjiHBVSA&cid=CAQSbQBygQiDShxe8tib0wNgY8Y-Z1sbS-SFk7MWUBvzgwnEQtL5sTFBesyF39XJsCRbl-8t5fCfvsq1sid4XzXtRB81np7zBx0C-xUvt2l24jx7EnynZK7rRa61PzVc3LsWR1_U3imbeWmHMZpHAmQYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=16510775900314660000&adk=3860319555&idt=97&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:21:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78223
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11398
x-xss-protection: 0
server: cafe
etag: 3934322099733601226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:21:16 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/ Frame 5293 11 KB
4 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:19:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78325
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:19:34 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5293 0
0 56ms
56ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuvTWqTILT5xxd6_ea36MA1hy-M_75N5mhGCWoGMCLBNqd2xj1ktrUI8FsZD-LWx1jQcjNDM6ZX7pNuTUiG-hmrXMOZPyuFR6oAUi13kqjMzOIO0HsUQSMnPdT0ElGJELKtx7HUWg8gln8cJ0_IfWdxjncLLHx0x1VSAxjD7i9G44e6e2Z3JBYJWX9_FWnCWHYwrQjCuCtcHEtsjCrYxc-vNcSrdjuudKdj6RPz3SM1xU2ACQObalbGQYjPDZPmsofz_90gZrFR91uc9SvPM2ZRLMu2hF9tUB-EVF6CNR9kzFQLaPih20eJiK1r9OBAoEB6JbyUg1lUIaSXuwoLVFmlzH_XdTfZ0ulvcL3KACGLYfXMzHySzAi2GLwabXMnh8mrIeJKTwudLK_baQpq7x9Xuk_lXl4Te7lCR1RF8xnQe4iNRI6Ptu0JlCSdk041zpzzQpYRdDMq8L6KHGoqwT53YrkNVT-aAxwWZiEHse_5ACGLYDaZYYzWWeEdtPcmZ9oM75Ka7Ij7pzJjPA2IuBcNXeA9hMLJSis-6hJKTJ5As5Xxqy5czPO31LhhKR-ju8oaWB_HaUbc6xXrYvBX08dGukroV3sTIG_LDCdviQOGiI9lav2dNUoTsgNVKj5asIM9bKwb5uKZt90Ab7XZxtrIH4Fx3SlOtafxbvt1sp4t0jfyJkWulCk6giWEV7Z-75TP2AcZfBi3JKTK6LUD1EiFh4eACia1aeAbEuoj1pFbqK3J7whMd7HlljRHWllBLEhl7PCjfK2aUpnOaCNhdccOjZeDFajqc-DxrStDW96wdb607QuryJskE8u3mtlCL3j00TlF8oPyvlEZYXWpv58pa5TXS4jtJCqFgDQNI386C3c1QSLpnml2-4DNak0SQ7S2fwQaHerbxejy7Mf9H_RQWBFVI5BYNbQWdGb9d2sI7yKOlpQBwuarUeF1t8r7mmSvp5U467MyzLCHF5SwdRE2M8jtijK6c4bwZjf2N2wiYF-985WyNLTcf4VRU_WbPscngOiFK22Yk4YPbvJhskSTHKZYKyzImFe351Q2lC3-t7cMlb4lZvY1wIep-ezIe6w_VKk1VkYyn1nfWu06zlV51P48BhkRKWTQj8q_RUUIJOsNIlH67FxVwDntpTz5Uhf7_wzmaGI2JIq-okVHDzIQT0DEkXc3dDvPbiH767jX8ASg_ooaf55Usie7iKgdjCe1xWhsDRqLZfqer4ETVZj4OUlhJOIxTtdl_U3CvKcvPa6-551-yusIEJL7f5ER8J4cKV9CTQtqdTkjEdKTr3h8dSXUQw&sai=AMfl-YSvL7XMyde2yO9amreYkiGrp7GVQzaKq6WYNCkS0DxP8eNbm1CG6LECHWGWaBksxXkA17Xd8fQ0pfCzr_SbqChBN6xbljzeEQbr2xpV9-Ov_5ECnk5KMoDo4aqPHKl_a6ygLBc5ANRZaDKdmkbNzif3crf2CIk2w384HY2a_kk-9HgVej7NjLZBLhRyeJJN451LkF80mrUWVUPYRxkcFrNcBMBdHVWHJRQDfPL7Fd4fV80I7JcJlw9Rs6tiVQHsOFWrZz9_eFhlx_u_hMVUFH4SP0dnI9dDFACg-0p2VFDFk2ewsOh_tU14XhFg2NuzxbIDI0nx-v-Fm1RaUALWO6shrCy-pDURNSk&sig=Cg0ArKJSzN4ElVCimlxgEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230620.68313&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 5293 41 KB
15 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 357144
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jun 2024 13:52:35 GMT

GET
H3 200 81007494364468510
s0.2mdn.net/simgad/ Frame 5293 78 KB
78 KB 11ms
11ms Image
image/jpeg 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/81007494364468510

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e835a3856b2925639a1340d09a23655573329788df0917ace937a527cbca8aab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sun, 18 Jun 2023 21:45:22 GMT
x-content-type-options: nosniff
age: 501577
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80055
x-xss-protection: 0
last-modified: Tue, 13 Jun 2023 09:47:52 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 17 Jun 2024 21:45:22 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B1E7 22 KB
8 KB 9ms
8ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 357112
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 13:53:07 GMT
expires: Wed, 19 Jun 2024 13:53:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 style.css
s0.2mdn.net/sadbundle/16325822350322053850/stylesheets/ Frame 4781 1 KB
472 B 10ms
9ms Stylesheet
text/css 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16325822350322053850/stylesheets/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16325822350322053850/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3a62ce28a6b2342ee3b1cb6af4c227da5774fe49d128fbc5f471eb845e10b46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16325822350322053850/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 04:05:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 392373
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 443
x-xss-protection: 0
last-modified: Mon, 15 May 2023 15:36:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 19 Jun 2024 04:05:26 GMT

GET
H3 200 tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 4781 105 KB
35 KB 28ms
23ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16325822350322053850/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16325822350322053850/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35824
x-xss-protection: 0
last-modified: Fri, 09 Oct 2015 14:01:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/sadbundle/16325822350322053850/javascripts/ Frame 4781 1 KB
580 B 12ms
8ms Script
application/x-javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16325822350322053850/javascripts/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16325822350322053850/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db2c529bd81e24285880e7644c808ece637a5e7d2ad1f757e87b131536890bf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16325822350322053850/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 01:51:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54789
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 551
x-xss-protection: 0
last-modified: Mon, 15 May 2023 15:36:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 01:51:50 GMT

GET
H3 200 1676550659977.css
s0.2mdn.net/sadbundle/4323423352959208367/ Frame DF47 9 KB
2 KB 16ms
14ms Stylesheet
text/css 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=hVNm8hCwMa&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac546194565bbef33495adfd3072005ecb03e2563f484d0228435a8c4ac42f51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=hVNm8hCwMa&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 02:05:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53986
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2321
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 15:59:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 02:05:13 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame DF47 118 KB
40 KB 14ms
12ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=hVNm8hCwMa&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=hVNm8hCwMa&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 13:52:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11543
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 25 Jun 2023 13:52:36 GMT

GET
H3 200 1676550659977.js Show response
s0.2mdn.net/sadbundle/4323423352959208367/ Frame DF47 20 KB
5 KB 16ms
14ms Script
application/x-javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=hVNm8hCwMa&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cff8001763a4cb0cb81352e07fb9927790673baaeda29140c072f30c5933cf10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=hVNm8hCwMa&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 15:53:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4277
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5491
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 15:59:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 15:53:42 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 61C7 43 B
216 B 344ms
103ms Image
image/gif 2600:1f18:1aca:4282:2a0a:6ee9:5131:f962

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=b68839bd-4885-7266-b2b0-66babc76c695&tv=%7Bc:gtzuZh,pingTime:-3,time:124,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:36%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:124,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:36,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B114~0%5D,as:%5B114~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tI7pXWH+111%7C112%7C113%7C114%7C115%7C116*.1484055-72040526%7C1161%7C1162%7C1163%7C1171%7C1172%7C1181%7C1182%7C1183%7C1191%7C11a1%7C11a2%7C11b1%7C11b2%7C11c1%7C11d1%7C11e,idMap:116*,rmeas:1,rend:0,renddet:na,siq:37%7D&br=c
Requested by: Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:2a0a:6ee9:5131:f962 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: nginx
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 61C7 43 B
215 B 344ms
105ms Image
image/gif 2600:1f18:1aca:4282:2a0a:6ee9:5131:f962

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=b68839bd-4885-7266-b2b0-66babc76c695&tv=%7Bc:gtzuZi,pingTime:-6,time:125,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:125,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:36,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B115~0%5D,as:%5B115~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tI7pXWH+111%7C112%7C113%7C114%7C115%7C116*.1484055-72040526%7C1161%7C1162%7C1163%7C1171%7C1172%7C1181%7C1182%7C1183%7C1191%7C11a1%7C11a2%7C11b1%7C11b2%7C11c1%7C11d1%7C11e,idMap:116*,rmeas:1,rend:0,renddet:na,siq:37%7D&tpiLookup=ao:pcloak.blob.core.windows.net*%2Cye-mek.net*&br=c
Requested by: Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:2a0a:6ee9:5131:f962 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: nginx
x-server-name: dt05.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame AE79 8 KB
4 KB 21ms
15ms Script
application/javascript 2a02:26f0:1700:6::17d5:a191
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=20309721&cmp=29968277&sid=3288807&plc=367565023&num=&adid=&advid=4309118&adsrv=1&btreg=558488166&btadsrv=doubleclick&crt=192207036&gdpr=&gdpr_consent=&tagtype=&dvtagver=6.1.src
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:6::17d5:a191 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 0746b21cfaae0aeba1fe18ef923cf659a3d82203c4f9368f6c3c10e82eefcffb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 24 Jun 2023 17:04:59 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jun 2023 08:32:27 GMT
Server: UploadServer
ETag: "94707cfe9b8ec381b248dabc78be09a3"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3397
Expires: Wed, 21 Jun 2023 08:47:51 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/16829948873192997814/ Frame B1CD 14 KB
3 KB 21ms
18ms Document
text/html 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=L9mcdMOyTD&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8cd9f7f932e502b97e7ebd1194ba28e4b5a441b6100a07a09a6c02f102c8b55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3050
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:59 GMT
expires: Sun, 23 Jun 2024 17:04:59 GMT
last-modified: Fri, 12 May 2023 09:19:58 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame AE79 0
0 61ms
60ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstPlYyNYRI65oJFMKM3E2su6RQR332_tDxYfEgMiyZu651kcbBIAxNAYRUlCeX9S76VfIEp4r_5D7OLrk0LbL0iOdBHXg9CI0hFF1qfCGj0GvJRUmTRkGN9n63kcBImn1VdYyE7DSljT9w2zcJGboFjTkaMQLLFMglGhcj4tTp5vW5L7U_oicVy6e9tme_GIGILYO0JbN6Ytr-6pc-dfK_UxEUfNVEPw6AuvixhKE9GoYlWHHFjaj6L3P5qpZWyTb57dJaMcxFXCQw8qCDGRyW55sDfYUx0PCLJ56mbFtAeBIJVdTK9oKlGyHU8ExCNDlI4b3vhlHIH5qho6BJPPiYfVKNA-w8D125sExDgU-RkKQRp3jUpKZERN5tIc8TtETMBf9aFNbQuqqfkTrFjbPieZ1bjKpDCe_LnrKXdDp80H9Hj28cM5wKON88ZneQaDBUFw9LPOnahjo3wcmLwxXyuwuYJfiA3Bw5tfExTVFF7chC_dg8OBqwqlDKiBkgW7LdgW-_oFheLEfepP0_KnsRwm8AtMgmG8ITdyX8LvYivxdEIZE_Vk7jgy_z4LxSwXH02zDmD6luq_Ba3LuK-ZuZWEiaTjnXqkjdu7jZtL8JG4yciBIMIkfOebpWrwjPW2bSIbxmkQUEFFy42PshdCxx5NMXqvwCWDm3-SsTOLG3gqcplMJDyPpFJ9xrrw5KcWWosuPmIYiDt6t0foJGeWePmFo8yw8zSOB97objCM9uGEaQHymSUO8OELTZ07TwwId9J_E2CgJzmREpMcl8oKCZVQu3jaeTM-BxJcZz0XW1mN7xM_3jRYq662u8WRjnXT8CfxeMWclK7_nf4A0Cb2afU_PusJzDcf8NqdhTaJNqcdfCM8ALun7ROqvYM0kWO9su_xrfpdiyS-igDJz6ZoBE96w2_TMcCDdlAL5Bd8YqD1PXQXoDEBU_icmAnWE0UtFUqUBEVuvMhwQA3zOHh3wh3cajTmfFFH_zhuYHTXU4ABaDYQcSuKnhdRSXNGE8u1YK3T16IlvZBYonC8sqvj96ffZpIZ2zdwp-L-0JMZHxX-yOS9OMxiqpRxMTjnfFTpq8dTAcFkgBzxtiirJcjmRNGzLrN01T-fl-XdjYuGIOl6uHIQ7LPpfq2M-zluSw4aY7EqcrBi6U_keecLmFGB43CdQFu_vaGLld4SSt-AtChZh_-7wscYrG6w4hwuHL9DUYP2CQJXentcj7wTamsu-ivTvOiRJeFQQMriRklz3IuH24KuSC5_S9hQSFkgMv2MZQjy5Ec47GQOLpVf1yw_A2N2YAbPlwMgTHLRfij5SQleUhF0K3dnCisWl4iqwY9SrWwesuJ-Ur3&sai=AMfl-YT66qIrqxH4IXeO95rhpEpHOKD1R-NYQH9zYsczoGLukZtiMGXam3aNbcexcZQegR1FBWEEFmPqZ6xKWORQZuxLkE0IZNTnb8ZdlkMsncn6Iu6sITE8pqUEgUT3VDBf_b2X1bWMdlDzO1umBmWAg_oyfj6OXAqy3qwDw86q52dc4Zupmf6aiuqIqTIdtRfWWGZFKTYn8sm2c0VecfQuySXlkChPEdt9IIbnezSK5aFQ3PuZZANp3ocVRjhxNC3yH8hJpFQPqvT3r1aNXdLPw5HkM1mKgYIqGSqNiy_GJVYyAk8dhUTkJzoamGwzCqiiKeMZuDR7tCyuD4eL-L13ilDNv-7tpPkBqpIiufYpJOuiMBtiMDgqDT_hcDwd&sig=Cg0ArKJSzFF2Rrq146etEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=290&cbvp=1&cstd=281&cisv=r20230620.92127&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
H2

200

4a.js Show response
static.adsafeprotected.com/ Frame AE79
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1484055/72040524/4.js?ias_dspID=64&adContainerId=brand_safety_OyKXZKm9EuGRjuwPpM2U8AI&cbFunctionName=goog_wrapCb_OyKXZKm9EuGRjuwPpM2U8AI&true_pb=&adsafe_pb=htt...
https://static.adsafeprotected.com/4a.js

2 KB
2 KB

31ms
30ms

Script
application/javascript

2600:9000:2450:c000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4a.js
Requested by: Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2600:9000:2450:c000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 17:21:31 GMT
x-amz-version-id: 6WocTuTK89qveTBkoZ2Yz1Xyh4dBYRY0
content-encoding: gzip
via: 1.1 abdcba0f82eaef3d3aa080fb12ca873c.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P4
age: 344610
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 20 Jun 2023 17:21:29 GMT
server: AmazonS3
etag: W/"589d8955c4906ab1b8e63a2f92d932d3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: O3taapiu8CnYmn69RSIYAiPyxHp1uvvQCFxQIXOH-XrSyAM9ImESaw==

Redirect headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: nginx
x-server-name: app05.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4a.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame E6DC 91 KB
23 KB 22ms
22ms Script
application/javascript 2600:9000:2450:c000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2450:c000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 abdcba0f82eaef3d3aa080fb12ca873c.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P4
age: 23851723
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: Z181DjHFQHRzvB38TLU3PVe0QHgUqJadF1x6RuJ59cSi14CfV2RK6w==

GET
DATA 200
OK truncated
/ Frame 5293 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a1970ad4f97c9ac8b9ea7a2c3378199af88b113a6f4e201256bf8c905554b7a2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK dv-measurements3986.js Show response
cdn.doubleverify.com/ Frame 27B6 536 KB
102 KB 20ms
17ms Script
application/javascript 2a02:26f0:1700:6::17d5:a191
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements3986.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:6::17d5:a191 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: c77b0be9295b67ebc3f1c502c5ac19d16146f6944a589571e3614d001fcd6f66

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 24 Jun 2023 17:04:59 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jun 2023 07:26:37 GMT
Server: UploadServer
ETag: "d1550ccef1bd9a412485e22d13a82577"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 103922
Expires: Thu, 20 Jun 2024 07:26:41 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/9548364509937149214/ Frame 1EB5 15 KB
2 KB 20ms
20ms Document
text/html 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=Y5W2J8r0Ai&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ff067250a334697aa929240baa053c275243c0bbc1a5cf9b1e280ff2eff85aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2270
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 17:04:59 GMT
expires: Sun, 23 Jun 2024 17:04:59 GMT
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B7FB 0
0 58ms
57ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvfY3-YkT-APVTp-uyb-1NiEaOWCUsyTZvXk0Pzavb6DCmsDfVEvV7gqfIDpPAp16wKK6gjSXQaaRNbqEWkjKukoT3Qp7hhjEIMI5suJYUvpXNtHz6610mUnPby7qsuya14MZXGxNSfPEDfDpgjMBBl2OhNduUD3rcCEHC_obTTIgFvspCVo8xi69rdEhgXuXsFCj3PxkYJ18lLOcrSSYBeT9YBeTsphua5CocAMLClplH9aRTDZkABOnVC4a8jM_IdWqzK7EZAfZz3b9B22XAziIiXznBhSln7fR5Ci_1Y_ZEDlV42WfUl2oQ-U40Bz5yHYAYdQiz7CZNsPIzTiFUIwJE4rAW4qh-0aPfCMMhUwaFuAtRQV3MkxzDTnks5ck36A3ZQlr2-b_jFFAMFe8vgGgqilPVpVnxM8GyXwCKyvLDLyu-QQVYxSEU3n4b1MFP_QbUOFKO5_Fuf_6evFSWL6JFsOf0Ih3Fk64kFdy-CqkxdJtqkhj8TI-IiTUbHfEKfblnDNWbHw8CNKAnYAQzeVkmm68PHp86OuxGkF-nuVF-MIx2F5tH7fD6cXccUAnJaeRJtBoH0JRu4uc_50Rmwwz6M1v6qIZn6n0jdwwnlSTdD71KjX84mvj8jXjteMLioOpOmvXj2twfWQyrPvvvIKa-apunRgPV59o3ZS8AeGJIYW5PkAC1krVcOx6oFj724cdY-CxkkAPd7XLBxPYwfKTuQqlnIFmsgbcK_7reZEaI0obFPvlcHuDFhBLkwiVGlxHPVZF-l_AMny3pNUxksmQXQBVDN5KwmI-JvjhPF9rpNhexlmYm_0c8BdMzCke_M54tllTprKK40dL9vMH2cg_tw-_rVH6bfinxwSKF19BI-p8r02w8LsySZGl_SgYxkd8doIf0F5iA4RfcbLKQkwqNo8pSJTbzw5hVBSYj9QTLBER_3PRXLgGR6h3cD29iQELKsglWBTumqlVYciBYg-5vWtrQrQ2fwbPFXpkbIp5mQEZ4p7ks4szeeE9wooy74v947INqP8fid8WyiWFRGvS1SXbijl4YFJuVaiLQ09FalBW6-nHvKo8gD9KMgbn5khFnC775Ndz2jXCr3Ytf6soVm5QvpUKxP_zMuMEBxoVLQ4O_keHmxYxxJjnj4kG8cKY9Bh_BgwsMNjoBmeEL1bz5P8Unl8jeHjOp9aDhfDZZgYmGZDFz5ZG2nJ8H3RGmt_XtgMHlVUA8bzh2oDMtv7c__zXcDh1dw4y5aCA23W-dM60gyQI5eYdh9QpRbxNNZN2OWZGNp673Yp4pQ0ER7w0PdQtTCrUnJzVdkwXnTYJpvRkMux0icbxmvO_Bb26p-1EUO_Q&sai=AMfl-YQO7MQyO7EieL_MrN8nWQ2H9U-SGG2XY7WiCkNRcT0J9efTU7CrhwQ6wc6yNcrWElSkPmfo_-T57YrOp3wOiye7CbThNs9pKLd6XrnfvORh6MrAgdd7pzIUw9GtQQHzs4pC9bcMTbe8t1_13xnI8WbvyFwnVyqJ7E2V69d18yAOsxZt3jesi-HJHM4QyGU9chm-h0TGRCWxbKdcTG0A4bHOdNaCAnN7VAr9V3rOKmci_nfZrCGV-jA6K8Dj-9R_nG7YWoF_7f08JUIX6SFmn3vNLl8DzTPppFptOzJnUHd7SNfe-yps9EUlWGrxfs7GQLz20tCQPt2n5u5jv79hDfp73lWIp-6m_s8&sig=Cg0ArKJSzHk6V_ixkzmREAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=297&cbvp=1&cstd=289&cisv=r20230620.05981&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame BF21 22 KB
8 KB 10ms
8ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 357112
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 13:53:07 GMT
expires: Wed, 19 Jun 2024 13:53:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 42DB 22 KB
8 KB 10ms
9ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 357112
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 13:53:07 GMT
expires: Wed, 19 Jun 2024 13:53:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 FordAntennaCondMedium.subline.woff
s0.2mdn.net/sadbundle/10454987525626607892/fonts/ Frame A542 13 KB
13 KB 23ms
22ms Font
font/woff 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10454987525626607892/fonts/FordAntennaCondMedium.subline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10454987525626607892/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/10454987525626607892/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 19:25:14 GMT
x-content-type-options: nosniff
age: 423585
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13336
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 18 Jun 2024 19:25:14 GMT

GET
H3 200 FordAntennaBlack.headline.woff
s0.2mdn.net/sadbundle/10454987525626607892/fonts/ Frame A542 12 KB
12 KB 26ms
25ms Font
font/woff 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10454987525626607892/fonts/FordAntennaBlack.headline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10454987525626607892/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/10454987525626607892/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 19:25:14 GMT
x-content-type-options: nosniff
age: 423585
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11876
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 18 Jun 2024 19:25:14 GMT

GET
H3 200 FordAntennaRegular.legal.woff
s0.2mdn.net/sadbundle/10454987525626607892/fonts/ Frame A542 14 KB
14 KB 24ms
23ms Font
font/woff 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10454987525626607892/fonts/FordAntennaRegular.legal.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10454987525626607892/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/10454987525626607892/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 19:25:14 GMT
x-content-type-options: nosniff
age: 423585
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14468
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 18 Jun 2024 19:25:14 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 61C7 43 B
215 B 139ms
106ms Image
image/gif 2600:1f18:1aca:4282:2a0a:6ee9:5131:f962

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=b68839bd-4885-7266-b2b0-66babc76c695&tv=%7Bc:gtzv2C,pingTime:-2,time:331,type:a,im:%7Bsf:0,pom:1,prf:%7BmdA:334,mdZ:524,beA:607,beZ:608,mfA:611,cmA:612,inA:612,inZ:618,prA:618,prZ:638,si:644,poA:645,poZ:664,cmZ:664,mfZ:664,loA:731,loZ:734,ltA:937,ltZ:937%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:36%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:331,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:36,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B321~0%5D,as:%5B321~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tI7pXWH+111%7C112%7C113%7C114%7C115%7C116*.1484055-72040526%7C1161%7C1162%7C1163%7C1171%7C1172%7C1181%7C1182%7C1183%7C1191%7C11a1%7C11a2%7C11b1%7C11b2%7C11c1%7C11d1%7C11e,idMap:116*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:na,siq:37,sinceFw:293,readyFired:false%7D&br=c
Requested by: Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:2a0a:6ee9:5131:f962 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: nginx
x-server-name: dt17.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 styles.css
s0.2mdn.net/sadbundle/16829948873192997814/css/ Frame B1CD 6 KB
2 KB 16ms
16ms Stylesheet
text/css 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=L9mcdMOyTD&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce3cf09c371f16e84cd9db5935613c3c8eeb5b5cf14511fa484818c7282cf5fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=L9mcdMOyTD&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 16:37:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 347248
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1606
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 19 Jun 2024 16:37:31 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame B1CD 120 KB
41 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=L9mcdMOyTD&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=L9mcdMOyTD&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 13:53:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11516
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 25 Jun 2023 13:53:03 GMT

GET
H3 200 overlay.png
s0.2mdn.net/sadbundle/16829948873192997814/img/ Frame B1CD 95 B
129 B 10ms
10ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/img/overlay.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=L9mcdMOyTD&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=L9mcdMOyTD&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 19:25:37 GMT
x-content-type-options: nosniff
age: 423563
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 18 Jun 2024 19:25:37 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/16829948873192997814/img/ Frame B1CD 5 KB
2 KB 21ms
21ms Image
image/svg+xml 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/img/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=L9mcdMOyTD&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb8b1178b759a87b00aa44abf1019c82e9df19b6059f1761c4646b3d470a7f01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=L9mcdMOyTD&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 19:25:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 423563
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2339
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 18 Jun 2024 19:25:37 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame B1CD 60 KB
24 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=L9mcdMOyTD&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=L9mcdMOyTD&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame AE79 43 B
215 B 109ms
106ms Image
image/gif 2600:1f18:1aca:4282:2a0a:6ee9:5131:f962

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=e5965e74-6ca4-9b7a-f466-423f5ed01faf&tv=%7Bc:gtzv37,pingTime:-3,time:218,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:23%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:218,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:23,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B212~0%5D,as:%5B212~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tI7pXZ1+111%7C112%7C113%7C114%7C115%7C1161%7C11621%7C1163%7C1164%7C1171%7C1172%7C1181%7C1182%7C1183%7C1191%7C11a1%7C11a2%7C11b1%7C11b2%7C11c*.1484055-72040524%7C11c1%7C11c2%7C11c3%7C11d1%7C11e,idMap:11c*,rmeas:1,rend:0,renddet:DIV,siq:24%7D&br=c
Requested by: Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:2a0a:6ee9:5131:f962 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: nginx
x-server-name: dt04.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame AE79 43 B
215 B 105ms
105ms Image
image/gif 2600:1f18:1aca:4282:2a0a:6ee9:5131:f962

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=e5965e74-6ca4-9b7a-f466-423f5ed01faf&tv=%7Bc:gtzv38,pingTime:-6,time:219,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:219,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:23,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B213~0%5D,as:%5B213~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tI7pXZ1+111%7C112%7C113%7C114%7C115%7C1161%7C11621%7C1163%7C1164%7C1171%7C1172%7C1181%7C1182%7C1183%7C1191%7C11a1%7C11a2%7C11b1%7C11b2%7C11c*.1484055-72040524%7C11c1%7C11c2%7C11c3%7C11d1%7C11e,idMap:11c*,rmeas:1,rend:0,renddet:DIV,siq:24%7D&tpiLookup=ao:pcloak.blob.core.windows.net*%2Cye-mek.net*&br=c
Requested by: Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:2a0a:6ee9:5131:f962 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:04:59 GMT
server: nginx
x-server-name: dt18.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5293 0
0 47ms
46ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuvTWqTILT5xxd6_ea36MA1hy-M_75N5mhGCWoGMCLBNqd2xj1ktrUI8FsZD-LWx1jQcjNDM6ZX7pNuTUiG-hmrXMOZPyuFR6oAUi13kqjMzOIO0HsUQSMnPdT0ElGJELKtx7HUWg8gln8cJ0_IfWdxjncLLHx0x1VSAxjD7i9G44e6e2Z3JBYJWX9_FWnCWHYwrQjCuCtcHEtsjCrYxc-vNcSrdjuudKdj6RPz3SM1xU2ACQObalbGQYjPDZPmsofz_90gZrFR91uc9SvPM2ZRLMu2hF9tUB-EVF6CNR9kzFQLaPih20eJiK1r9OBAoEB6JbyUg1lUIaSXuwoLVFmlzH_XdTfZ0ulvcL3KACGLYfXMzHySzAi2GLwabXMnh8mrIeJKTwudLK_baQpq7x9Xuk_lXl4Te7lCR1RF8xnQe4iNRI6Ptu0JlCSdk041zpzzQpYRdDMq8L6KHGoqwT53YrkNVT-aAxwWZiEHse_5ACGLYDaZYYzWWeEdtPcmZ9oM75Ka7Ij7pzJjPA2IuBcNXeA9hMLJSis-6hJKTJ5As5Xxqy5czPO31LhhKR-ju8oaWB_HaUbc6xXrYvBX08dGukroV3sTIG_LDCdviQOGiI9lav2dNUoTsgNVKj5asIM9bKwb5uKZt90Ab7XZxtrIH4Fx3SlOtafxbvt1sp4t0jfyJkWulCk6giWEV7Z-75TP2AcZfBi3JKTK6LUD1EiFh4eACia1aeAbEuoj1pFbqK3J7whMd7HlljRHWllBLEhl7PCjfK2aUpnOaCNhdccOjZeDFajqc-DxrStDW96wdb607QuryJskE8u3mtlCL3j00TlF8oPyvlEZYXWpv58pa5TXS4jtJCqFgDQNI386C3c1QSLpnml2-4DNak0SQ7S2fwQaHerbxejy7Mf9H_RQWBFVI5BYNbQWdGb9d2sI7yKOlpQBwuarUeF1t8r7mmSvp5U467MyzLCHF5SwdRE2M8jtijK6c4bwZjf2N2wiYF-985WyNLTcf4VRU_WbPscngOiFK22Yk4YPbvJhskSTHKZYKyzImFe351Q2lC3-t7cMlb4lZvY1wIep-ezIe6w_VKk1VkYyn1nfWu06zlV51P48BhkRKWTQj8q_RUUIJOsNIlH67FxVwDntpTz5Uhf7_wzmaGI2JIq-okVHDzIQT0DEkXc3dDvPbiH767jX8ASg_ooaf55Usie7iKgdjCe1xWhsDRqLZfqer4ETVZj4OUlhJOIxTtdl_U3CvKcvPa6-551-yusIEJL7f5ER8J4cKV9CTQtqdTkjEdKTr3h8dSXUQw&sai=AMfl-YSvL7XMyde2yO9amreYkiGrp7GVQzaKq6WYNCkS0DxP8eNbm1CG6LECHWGWaBksxXkA17Xd8fQ0pfCzr_SbqChBN6xbljzeEQbr2xpV9-Ov_5ECnk5KMoDo4aqPHKl_a6ygLBc5ANRZaDKdmkbNzif3crf2CIk2w384HY2a_kk-9HgVej7NjLZBLhRyeJJN451LkF80mrUWVUPYRxkcFrNcBMBdHVWHJRQDfPL7Fd4fV80I7JcJlw9Rs6tiVQHsOFWrZz9_eFhlx_u_hMVUFH4SP0dnI9dDFACg-0p2VFDFk2ewsOh_tU14XhFg2NuzxbIDI0nx-v-Fm1RaUALWO6shrCy-pDURNSk&sig=Cg0ArKJSzN4ElVCimlxgEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=315&vt=11&dtpt=314&dett=2&cstd=0&cisv=r20230620.68313&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
H3 200 1676550659977.css
s0.2mdn.net/sadbundle/9548364509937149214/ Frame 1EB5 9 KB
2 KB 20ms
19ms Stylesheet
text/css 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=Y5W2J8r0Ai&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

232bf950740690a92eb6f4a6110a536fbe24114928c38ebe80f69aa3b2db6709

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=Y5W2J8r0Ai&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 17:33:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 603079
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2341
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jun 2024 17:33:40 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 1EB5 118 KB
40 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=Y5W2J8r0Ai&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=Y5W2J8r0Ai&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 13:52:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11543
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 25 Jun 2023 13:52:36 GMT

GET
H3 200 1676550659977.js Show response
s0.2mdn.net/sadbundle/9548364509937149214/ Frame 1EB5 20 KB
5 KB 21ms
21ms Script
application/x-javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=Y5W2J8r0Ai&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cff8001763a4cb0cb81352e07fb9927790673baaeda29140c072f30c5933cf10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=Y5W2J8r0Ai&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 08:17:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 118061
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5491
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 22 Jun 2024 08:17:18 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame A7CE 22 KB
8 KB 19ms
14ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 357112
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 13:53:07 GMT
expires: Wed, 19 Jun 2024 13:53:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 61C7 0
0 52ms
50ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsue0V7S8Mj0fAfpE3KP-q9LvxM3QkjOfStljeJrLzEi41Bz0y8_Oie_S2w0hj2bSWFFt87BnEZ-jEAEPB1NHhf3NygEO3XxMP_5kLl4iy_XGU2goWYKSSTuH5BHdUJ1xERZIJudKv6dSMHzRyOQ2lPnwV8Y8SPyaTvsntsKOVzhGiRGEp9dz9FC7wF6FefIRKr-QrMOu95R8RtEJdwMc84GBAXkp24UsiWSS1Tv5coal5a5ZYIWg-AK9iInZX-qar-swVZaRQRAsPFpfqjfkWpEy4qEiA-TzIIv5AxCkbTGcnlK9XJQmZSVnqPBYQggpRJDZ2G6KM9kpnWByoKyTwDHRFzXX4-3SL4nWF--D-ZTrwUCOC_mq16qEXBWSRMj0S3-wSzcwi1opmghv4F_X_jm2EY83vqxSVbxbT8Zb_mEMMno4_W4sOZzKgjI7TR_6cPtvKVtSqO35S5vtfrykyyNfMFnFHBqb9ZliBqvKgR6-06qh9p_F3eK5_HYiEGh9Rs-dyCRmofUWBCp6YByVSJKjksju4owiPn8svTI8nEMgIbNwiAV3X_9rlFwoZE5Y5L3hCLecYVqffhOPd3WHptD8GLUJuLw-z3CxSlyj0LpiKQp2vJ_VPQTK0PI913H09JA55bLsJu5URRvdh8ayQozJNLAsJgmpOWPmdZgHJ0TCkiNFDCXICezBfWg9a4bgjeAForuRxwBaI2WE1Vg8jH7XIQz5hA6xnvKuGXaEJxmifGdaNwLzmiajKCmzUdCcB-lN4tFdnjN4PK7Fhzxa3S7l2LyFJ6M9OjuI_L3oMjulRzgCrpROjwZDs6lpKXJyKV4D_O-Zo1ZflCeNvQykW2C7L-zVBGtZypvDKp-AL-4_KWBkKYX8Uh7aUhUMlwuSGdVvfcZpP0xf87JyXbKofpjuiWhOVcNOjGuMN_uIXUoOEXsrLYxaJTw52uX-6ukMe7L3pkg2I8LMQRknq6kjrXwrFJi67OPrJP2xh5pXtviWFLKTWGIl_jskBWCOigGB12tqq7z6IUb_sSGpMKRmKppap0XBVgdwOPuNi8T9rkx5mUIuoedvoMAMi3uhOpx18K4vU5B-7JvlZmho7KcouWFdxmirCrFGZOQv7Za_XM8YArMk3U7SL4PN4ZB6no-qAqwDd4jCnTUWKUkFfE5nnQVEN4_3d7WMRPvqqEqvlqY6R8bNXaMCBEwVBJagtf3w2os6b49px0uBT6C8MvE-0qkT13Bd6AJbbi_1kCeqNhuXUPQ-vHO9TUJTP-Cy3mh7QWZG4uufJkPleduOEq6HNdcTn0IXevHrqqRW9oujgUhZO2LkGX22EMW-6DwU74E1PUCdqgRkriVwAz6T8A&sai=AMfl-YTtkfPJ3PUeayRgNPU0vA8MwKPOpU0pO_twcuDNel5mTkq3cUdr8tXRxs671zXOxyayCXbVGo6xdpr9kiJuldvP3Hj5d9br9BFRuIpfuDKQSygzCFqmBfREeIkTOIDcBiIUVypXBkTKbLtIpBusvxMMmsIyIDFFMMRoxSBZlirETGhAaDvsj3JEk3SX7oWOlsrbBS2jWTC3Ayw5Jrhkp0gGA_SYV-hJ0usmXg-c5_9kUUfc8IeBwWSh9yD8j9d89pbbTS8dUq_WqUPQR-fmAuwTr7vQ2bucIhgEmckBN3Ul15SXutmdLnx53QSeFcjZX_SK5qOhlkFP5wScVmssRQHNpd3poqgNr1eFPhUHz1Nmt4eTUEsWugwuGI9F&sig=Cg0ArKJSzLRV1T1xuZNwEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=690&vt=11&dtpt=553&dett=3&cstd=130&cisv=r20230620.45626&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame AE79 43 B
215 B 106ms
105ms Image
image/gif 2600:1f18:1aca:4282:2a0a:6ee9:5131:f962

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=e5965e74-6ca4-9b7a-f466-423f5ed01faf&tv=%7Bc:gtzv4k,pingTime:-2,time:293,type:a,im:%7Bsf:0,pom:1,prf:%7BmdA:299,mdZ:400,beA:595,beZ:596,mfA:598,cmA:599,inA:599,inZ:603,prA:603,prZ:613,si:619,poA:620,poZ:639,cmZ:639,mfZ:639,loA:814,loZ:817,ltA:888,ltZ:888%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:23%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:293,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:23,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B288~0%5D,as:%5B288~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tI7pXWH+111%7C112%7C113%7C114%7C115%7C116.1484055-72040526%7C1161%7C11621%7C1163%7C1164%7C1171%7C1172%7C1181%7C1182%7C1183%7C1191%7C11a1%7C11a2%7C11b1%7C11b2%7C11c*.1484055-72040524%7C11c1%7C11c2%7C11c3%7C11d1%7C11e,idMap:11c*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:DIV,siq:24,sinceFw:268,readyFired:false%7D&br=c
Requested by: Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:2a0a:6ee9:5131:f962 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:00 GMT
server: nginx
x-server-name: dt13.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js Show response
pagead2.googlesyndication.com/bg/ Frame 8CA4 37 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c0b531ac93316525ae4b761dd288f6e22c45dc5e36167fc646fe0918125d81d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 17:03:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 172908
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14697
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 21 Jun 2024 17:03:11 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7F38 0
0 49ms
48ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssKIkaqT8-LKs1CTNGyz7gdc2fMBzC1EPcKU1V71D-RtgggmwlrbZT_OC4CQTULYTLk18UtQrIVW6TWYX1F4NpgoxfF_qxBbpE0CbtYIie4JkMrVwO_qhj71PxrmlNf0iBpRr43FeOIvA8fONDlkq_GSSgidgQmmB01IdWwntLpveBbXU3qS4C-eaCRTnzMcRd7xgTJwwPCNcL8-ROgSlgQ13minfWdeqc8lN7nuabb6vO2JYkbMMe3S6p5xGKF3rVJEVutw5_38N6jyTk1Bn-mpJcNiVqcj_dzz3hNNdXnpzkf1Jq-9S0DzfqHsN8KI9DZF-7hC65kAOnFFWk2UnoucKfV4o6pEASEzpvxlxnaXvMTkAZPDAj4Bn4whHckAljg7f7Cr5i82b6ZtJ2HkKbq4PxfBX8VPTuxyjY_PuzpSoRI_wWcKHD2eVjMOAAaFyC13waCC4Mh1uFAlRa-n4_6yklLOfYg4W68yqkh_2gVo3SaxW5bS9HzlOfGQS9aeI2AyDh_AnjxYadv3H1Bu1Q0P3OE15gN41GccPwCVyUzdBN3Fbaq-cYjNfXfxTvysMswfxBiHfPFydBprx3DsDWARV0m1NfTMx8Efnmje4naJhEcWJp8nLhrGRD02RCn7XMV5OQ0lJcJ8bLzOvjmdrbLo4W9e70x0hxCxqAkE9jKlWzhQ4xUycEOiQvB0QvdR7EQ-k37WzBkFw8th4GBUgfrZSPL8hAUHOT2dIm_B-j5bDh5oUhnMhMmKtmQlgQ1statSgI81MxyQh8ZPub-G4Xo2C-Hqssu_6mXOSHePIsicBgUEIPh41uPnXPJq8VWf2UlSWKeaNn1u2c0zIPx1sm11qrxJ_jVznE2pSXBhVBHZeO3RE9AyOeReiZP-1O-NeqJWeNN719M_FWeRDYSe_SymPL4u0SCTERFjphzqqOYNvGBvBAM-UlIBW-d0m5O6hZxPVA3ZXubkn1b8K1e1UOswKxnz_KdzBNa-QAvlhk8Y5kPZ0hA9I_CURrNSL3R6TI7M5BjUdj7xtZyM6LgL-DsCIBhgvBBGqYqd3rsNi1booFFDcBHiSf_jxWaNWZcoIvmq_vvPLEvLlyeKfYnzeXDzFfK1LZ_Dj30-da8mHZeE0b29sATz8wg5OCJ7VcQ9U3S_EOoR-RTbn_74PTUy2zc1_1gpTlTmqnklvF-Zom8ZKwG7sMRB-H1kjv_K_-WmAsdSaiBdJNDkTBEH9V_9hmwZWe2dCG_WMU5w9itaKTVuIQ4yPm_jK04Yu4c1wvP3534dzYjce79hx-y0BCqj1qTc1ATHd9kOCuTrp9NzPUuJ1YRt7x5_cdffQ1yTvITl55zcWAuHQb14IKlX-2KtWmoEyyhf4A_QFFzfaQGhkY-&sai=AMfl-YSf1UjZa59WHZK8OQ2s0c525hT3tZlo1wepWvu_D6-c3V2nCM-s2bm6L9Mj7l02Vzo4XcZ3FPU9sg0KsgW_JwDc4Wk_LN8nO0I5lVkfAED7qpjdysegXyWZAxMCtTdevXy_CSUxHapuUZ8ZFS0pFqY8unJWgzHa1PhsvElYDzwSMebq8AC6Mi_757L_oSQHl9B6AzldCyNHX_41-snMkoJ-CS8jq-SN-t2j0lwmeQOfl_Xj-GLYUtMmAesCOLdlZJfLysROiQ_38rNGPN843PpHs3qBC5yy_bt4ZMRAHjA58r0voZGOU8BoF3TVxb6JUGMokYynmdvcQ-wNUf31ipkgr8YT_mFSffXXCYtf90W_ucux8LrKpkEh1eU&sig=Cg0ArKJSzCr1D7cjBb5tEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=642&vt=11&dtpt=542&dett=3&cstd=94&cisv=r20230620.35389&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 24 Jun 2023 17:05:00 GMT

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 7F1E 3 KB
2 KB 1007ms
620ms Script
application/x-javascript 74.121.143.241

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWTJNME9XUmhaV010T0dGaFppMDNNVFJtTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQxMzI1ODgzNzQyNDE5OTA0MDUvNjYyMjMzMi80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1NnI3YUZPWmxZb2VNdlJBSEtwZHN6by8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC80MTMyNTg4Mzc0MjQxOTkwNDA1L2Ftcy8wLzE3MC83OS85OTkvMTYyLzJhMDA6Yzk4OjIwMzA6Oi8wLjAwMC8xNjg3NjI2Mjk5LzE2ODc2Mzg4OTkvNC9wdWItNjU5MzUyMzIxMDAxMDE1NC8/UFVYqguIyZt021ganlhNCpA2cfU&nodeid=3282&group=cdg&auctionid=4132588374241990405&pbs_auctionid=4132588374241990405&shardkey=4132588374241990405&sid=4562306&cid=6622332&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.59&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCV0nHOyKXZNTZJOihtOUP4s0Fz4eOm1zAhtmCxgLAjbcBEAEgAGCVgrSCwAeCARdjYS1wdWItNjU5MzUyMzIxMDAxMDE1NMgBCagDAcgDAqoEsQFP0BNiyRJeK76M1_uZmXeyOtyK8w-2iJB8CMpxFzw6kAdRMX7WeUtMslnwjv-7pildaPOtfLVF8Kp60VwfU4KocuQO4ENaRiRYJvVALxZFj7EW_HrSOJ9RpDzZBqBiAn0omNldz8mDPXFZcui8oLZO9P9yvlmX6KVYr4SSY-9u2Sanyk0bAKZUWvZVHw789f9I2LE0aks9-DTHwBx8Y4VQLr_zFzzUgU9zXHUfe0LeIqGABr7U1vzZmuidqAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1hLOMeAxXRNE5lmoMz-nZW2S-KHA%26client%3Dca-pub-6593523210010154%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198791085&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687626299173&bpp=1&bdt=182&idt=325&shv=r20230620&mjsv=m202306160901&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3947787696511&frm=8&ife=1&pv=1&ga_vid=105568830.1687626299&ga_sid=1687626299&ga_hid=1652697002&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2836371973&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759837%2C44759926%2C31075412%2C44788441%2C44794789&oid=2&pvsid=4500014196868433&tmod=1285845116&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.u4j84p8ybqvn&fsb=1&dtd=332
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.121.143.241 -, , ASN (),
Reverse DNS
Software: MMBD/3.392.6 /
Resource Hash: 48734e3f9e3a4f81bca9533e3173a47e8f20c2ca116566141de4581efae40aa8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 24 Jun 2023 17:05:00 GMT
x-mm-nodeid: 3282
Content-Encoding: gzip
x-mm-bid-request-time: 1687626299
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Connection: close
x-mm-handled-by-owner: true
Last-Modified: Sat, 24 Jun 2023 17:04:59 GMT
Server: MMBD/3.392.6
x-mm-latency: 286 (1)
x-mm-notify-action-done: LD5wfw
Content-Type: application/x-javascript; charset=UTF-8
x-mm-dbg: NotCount
Cache-Control: no-cache
x-mm-host: pao-router-x22, cdg-bidder-x144
x-mm-lag: 1
Expires: Sat, 24 Jun 2023 17:04:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 7F1E 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198791085&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687626299173&bpp=1&bdt=182&idt=325&shv=r20230620&mjsv=m202306160901&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3947787696511&frm=8&ife=1&pv=1&ga_vid=105568830.1687626299&ga_sid=1687626299&ga_hid=1652697002&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=2836371973&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759837%2C44759926%2C31075412%2C44788441%2C44794789&oid=2&pvsid=4500014196868433&tmod=1285845116&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.u4j84p8ybqvn&fsb=1&dtd=332

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:48:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76579
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:48:41 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 7F1E 19 KB
8 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78322
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jul 2023 19:19:38 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7F1E 179 KB
56 KB 1203ms
1202ms Script
text/javascript 2a00:1450:4001:80e::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

13b4bb0bb059eee9a7ddf5b8ae3f395e28e7f81918eeac0ec934f3d050c4d0a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57242
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687383875062185"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 24 Jun 2023 17:05:01 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 72E5 0
234 B 103ms
37ms Ping
image/gif 2001:4860:4802:32::3

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~lja94izr&c=7919070020208&slotId=3959535010104&qqid=COP-zPCx3P8CFQCTJwIdyQYGJg&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C44752538%2C75259414%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::3 -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:00 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 72E5 15 KB
16 KB 68ms
22ms Font
font/woff2 2a00:1450:4001:809::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:15 GMT
x-content-type-options: nosniff
age: 45
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Jun 2024 17:04:15 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 72E5 15 KB
15 KB 67ms
25ms Font
font/woff2 2a00:1450:4001:809::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 03:30:27 GMT
x-content-type-options: nosniff
age: 48873
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Jun 2024 03:30:27 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 72E5 0
20 B 59ms
57ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CqcloOyKXZKP1CYCmnsEPyY2YsALJntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQWpAjbE8JEfR7I-4AIAqAMByAMCqgT3AU_QTx9olYzlFS1j6p4glu-7r_CzRfTQIhFUpLwS30hh2u1GsIC2J1A-TFbIV1aGtkZawKMCvEjntS-9I8Jr9bAJPqLrRYJdeEkbrIZjv1OpFzZswWP4ruQpCr4uV_2nYcQwDWhs5ZQhgoZBm2-Hdk9KrHplWcF9rY0ZFoC3rsMll-CeaIjvyb20kjeWT532aHP5XzlBOejJQavqo2ZXWJjFuDzexuSR1nICCv1zabY6ppvZ45qssBR8zj_-BVFZA9uEH3ih-oi3YxH-2KO28AWzRuogL0GgRxMKrQBJ286hDDQsSJ1VzL6-SsP4AlmwEX4ZP7k1-rrgBAGABuXQrvCavLuIUKAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ&eventType=clickstring&clientTime=1687626300037&ai=CqcloOyKXZKP1CYCmnsEPyY2YsALJntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQWpAjbE8JEfR7I-4AIAqAMByAMCqgT3AU_QTx9olYzlFS1j6p4glu-7r_CzRfTQIhFUpLwS30hh2u1GsIC2J1A-TFbIV1aGtkZawKMCvEjntS-9I8Jr9bAJPqLrRYJdeEkbrIZjv1OpFzZswWP4ruQpCr4uV_2nYcQwDWhs5ZQhgoZBm2-Hdk9KrHplWcF9rY0ZFoC3rsMll-CeaIjvyb20kjeWT532aHP5XzlBOejJQavqo2ZXWJjFuDzexuSR1nICCv1zabY6ppvZ45qssBR8zj_-BVFZA9uEH3ih-oi3YxH-2KO28AWzRuogL0GgRxMKrQBJ286hDDQsSJ1VzL6-SsP4AlmwEX4ZP7k1-rrgBAGABuXQrvCavLuIUKAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 72E5 0
54 B 79ms
38ms Ping
image/gif 2001:4860:4802:32::3

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~lja94j2e&c=7919070020208&slotId=3959535010104&qqid=COP-zPCx3P8CFQCTJwIdyQYGJg&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.156&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::3 -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:00 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast.php Show response
ads.eu.criteo.com/delivery/r/0.1/ Frame 72E5 11 KB
7 KB 74ms
42ms XHR
text/xml 2a02:2638:3::12

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/0.1/vast.php?z=ZJciOwACeqMCJ5MAAAYGyaFxKf_yd1AC0M7rpg&u=%7CZ35AGVesBSCHKcnNdMoZLIboenOK0e9pqg6iRD1q0II%3D%7C&c1=s9Ouqadr9PNjmdWEvnIhCeON5eq0Yfy817nyR0B5GwZXgYWXwbmDe9kpYSMilCDwZHTqTSHU28qPS699-x6-pdPmHC8ESfc6jWDFBEINRxVFWXLtQft7xikDu2-fx8kHUyj2sehGXD0OD5T2DiVRlc7dT0vDdauZytSbIE6w_XbAWZ_Hu6L-J2dv0GO6dJanAuwib2GQEIGDhBDrIaTtkYLSKc1wzV6gs0StfFthX-O0Z4M_GInQ1cctge6DTWl3YkNzcQx1tdGb26EHRTz2T1U9QrtwVlrV9NcE7ujpsjYkAAoL5z_nNHlVvBdXgsPR9_8nld1zJs1mDLG3iCWzT5fCkCelWQG9TLk-UJre-Djnd1dj0IKHIaotRz86NpOd5sBvXZgrTDF7D79KnFDbkREMeSZ6nbzUGo2VhmxvCOWoXbmqqaUbqfu4s12QjDJszKkvRdiAT1wWo3pKgGfWb6RblsascK4z6Tnej_NvfhhI2Bq1nSIKBPXUphqCx-ssbuDLGIoYh0Rz7Jy_C0ZRvssuYyrj57SspwMLkbiAZCpSkr08Z9AIpYonvdoM33KLtJTXTWiqDUmGAksz9VjmLfcj6mgPWocJYSAcywEedBK4X46VFRkTz4GOOSIVxpuU&ct0=https://googleads.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqcloOyKXZKP1CYCmnsEPyY2YsALJntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQWpAjbE8JEfR7I-4AIAqAMByAMCqgT3AU_QTx9olYzlFS1j6p4glu-7r_CzRfTQIhFUpLwS30hh2u1GsIC2J1A-TFbIV1aGtkZawKMCvEjntS-9I8Jr9bAJPqLrRYJdeEkbrIZjv1OpFzZswWP4ruQpCr4uV_2nYcQwDWhs5ZQhgoZBm2-Hdk9KrHplWcF9rY0ZFoC3rsMll-CeaIjvyb20kjeWT532aHP5XzlBOejJQavqo2ZXWJjFuDzexuSR1nICCv1zabY6ppvZ45qssBR8zj_-BVFZA9uEH3ih-oi3YxH-2KO28AWzRuogL0GgRxMKrQBJ286hDDQsSJ1VzL6-SsP4AlmwEX4ZP7k1-rrgBAGABuXQrvCavLuIUKAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2Ce5b5Sbcp-E-8dUtR2F6IAMvhNA%26client%3Dca-pub-7983651257838282%26adurl%3D

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

26a8c20f5406f57a7e6516064f3197b6a2745241dc3fe0d6a827fc75e613fc89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:59 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
p3p: CP='CUR ADM OUR NOR STA NID'
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3474951
pragma: no-cache
server: Kestrel
access-control-max-age: 1000
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/xml
access-control-allow-origin: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 bg3.jpg
s0.2mdn.net/sadbundle/16325822350322053850/images/ Frame 4781 25 KB
25 KB 11ms
9ms Image
image/jpeg 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16325822350322053850/images/bg3.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16325822350322053850/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d845af1f0c23a4d6e415a829ee32ecd3b051e1b9539970687046dd38ae78c98d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16325822350322053850/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:36:11 GMT
x-content-type-options: nosniff
age: 358129
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25316
x-xss-protection: 0
last-modified: Mon, 15 May 2023 15:36:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 19 Jun 2024 13:36:11 GMT

GET
H3 200 bg2.jpg
s0.2mdn.net/sadbundle/16325822350322053850/images/ Frame 4781 50 KB
50 KB 18ms
15ms Image
image/jpeg 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16325822350322053850/images/bg2.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16325822350322053850/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

861ac263132d0b6dff10b6b5a7c51c290e45f257bb628c92016f5a0790543516

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16325822350322053850/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 12:00:04 GMT
x-content-type-options: nosniff
age: 363896
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51515
x-xss-protection: 0
last-modified: Mon, 15 May 2023 15:36:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 19 Jun 2024 12:00:04 GMT

GET
H3 200 bg1.jpg
s0.2mdn.net/sadbundle/16325822350322053850/images/ Frame 4781 46 KB
46 KB 17ms
14ms Image
image/jpeg 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16325822350322053850/images/bg1.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16325822350322053850/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc6edb8c4cd1b734aa8792ff58881ffe0ef9c71ebea0ce2434febd071224b707

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16325822350322053850/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:36:11 GMT
x-content-type-options: nosniff
age: 358129
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47375
x-xss-protection: 0
last-modified: Mon, 15 May 2023 15:36:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 19 Jun 2024 13:36:11 GMT

GET
H3 200 logos.png
s0.2mdn.net/sadbundle/16325822350322053850/images/ Frame 4781 5 KB
5 KB 21ms
19ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16325822350322053850/images/logos.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16325822350322053850/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44eeb4568b704c0f0a9909aed03ad7458799c0face22b0b8d1333ce5cbd5cfed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16325822350322053850/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 03:34:20 GMT
x-content-type-options: nosniff
age: 394240
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5232
x-xss-protection: 0
last-modified: Mon, 15 May 2023 15:36:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 19 Jun 2024 03:34:20 GMT

GET
H3 200 push01.png
s0.2mdn.net/sadbundle/16325822350322053850/images/ Frame 4781 6 KB
6 KB 19ms
16ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16325822350322053850/images/push01.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16325822350322053850/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c877d16fba023f3bd02c5a3a27a9e70886fab643d424a2e5ff2707f6b545f78b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16325822350322053850/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 17:28:31 GMT
x-content-type-options: nosniff
age: 171389
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6031
x-xss-protection: 0
last-modified: Mon, 15 May 2023 15:36:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 21 Jun 2024 17:28:31 GMT

GET
H3 200 push01b.png
s0.2mdn.net/sadbundle/16325822350322053850/images/ Frame 4781 8 KB
8 KB 41ms
38ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16325822350322053850/images/push01b.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16325822350322053850/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9966325185672707cb236f7080ded8154b0d073f9fb42b90f4e39009f2973e88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16325822350322053850/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 04:04:29 GMT
x-content-type-options: nosniff
age: 306031
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7762
x-xss-protection: 0
last-modified: Mon, 15 May 2023 15:36:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 20 Jun 2024 04:04:29 GMT

GET
H3 200 push02.png
s0.2mdn.net/sadbundle/16325822350322053850/images/ Frame 4781 6 KB
6 KB 39ms
36ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16325822350322053850/images/push02.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16325822350322053850/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b83f885e4b5c5702a89c7ab944f16e40f1a59b33157baa872196124d128e68cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16325822350322053850/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 11:59:14 GMT
x-content-type-options: nosniff
age: 363946
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6513
x-xss-protection: 0
last-modified: Mon, 15 May 2023 15:36:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 19 Jun 2024 11:59:14 GMT

GET
H3 200 push02b.png
s0.2mdn.net/sadbundle/16325822350322053850/images/ Frame 4781 7 KB
7 KB 40ms
38ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16325822350322053850/images/push02b.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16325822350322053850/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ac4d31233baa94433f305d393674f22af5cca5e2f4c7b555c06d602135bcd13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16325822350322053850/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 13:36:11 GMT
x-content-type-options: nosniff
age: 358129
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7256
x-xss-protection: 0
last-modified: Mon, 15 May 2023 15:36:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 19 Jun 2024 13:36:11 GMT

GET
H3 200 cta.png
s0.2mdn.net/sadbundle/16325822350322053850/images/ Frame 4781 6 KB
7 KB 42ms
39ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16325822350322053850/images/cta.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16325822350322053850/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46d23daa0a57a967ac07f516491d96b833bf2b56152dd035e85cb8ba89716bf0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16325822350322053850/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Jun 2023 17:29:38 GMT
x-content-type-options: nosniff
age: 257722
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6642
x-xss-protection: 0
last-modified: Mon, 15 May 2023 15:36:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 20 Jun 2024 17:29:38 GMT

GET
H/1.1 200
OK dv-measurements3986.js Show response
cdn.doubleverify.com/ Frame F415 536 KB
102 KB 16ms
16ms Script
application/javascript 2a02:26f0:1700:6::17d5:a191
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements3986.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:6::17d5:a191 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: c77b0be9295b67ebc3f1c502c5ac19d16146f6944a589571e3614d001fcd6f66

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 24 Jun 2023 17:05:00 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jun 2023 07:26:37 GMT
Server: UploadServer
ETag: "d1550ccef1bd9a412485e22d13a82577"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 103922
Expires: Thu, 20 Jun 2024 07:26:41 GMT

GET sodar
pagead2.googlesyndication.com/getconfig/ Frame A542 0
0

GET
H3 200 fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js Show response
pagead2.googlesyndication.com/bg/ Frame B1E7 37 KB
14 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c0b531ac93316525ae4b761dd288f6e22c45dc5e36167fc646fe0918125d81d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 17:03:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 172909
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14697
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 21 Jun 2024 17:03:11 GMT

GET visit.js
tps.doubleverify.com/ Frame 27B6 0
0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 61C7 0
26 B 80ms
51ms Ping
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssYViQIHaMqIcHuOEE9peHTOYSDhcfz0GyS9VII83dUVc2KWNSPivTxviuxWjmlrwWgR8rVCt-xPSliVDWmmgNV8pMEKp5J8fjuPt8kx_6eVyLhFJBNnBkUohvdfFVk1Q1cgUtIgW-mCGCqUyrPO2hbJexeChyBI2_bvdsKX3VYuMjvtUeP6e7ySntZq6iMsqFtxPH_nmULnwSFpw&sai=AMfl-YSwK-LVaaSTklyjFFA8jeTbRQNsdzKJEl6PzezcZo0EvVRdI1tufSE5nQUOAjwNZfW3Qh2E4ckalGWifmMPeB_8tMjWDcFbkzBWRzJ1QKL0m69G6JKnXL7Lex_LKzuoWUmwTATPDNPExLT_MsSVWcCIEw&sig=Cg0ArKJSzFH79MHx-kJ3EAE&uach_m=[UACH]&urlfix=1&vt=13&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 72E5 0
0 50ms
49ms Fetch
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Csxx2OyKXZKP1CYCmnsEPyY2YsALJntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQWpAjbE8JEfR7I-4AIAqAMBqgT0AU_QTx9olYzlFS1j6p4glu-7r_CzRfTQIhFUpLwS30hh2u1GsIC2J1A-TFbIV1aGtkZawKMCvEjntS-9I8Jr9bAJPqLrRYJdeEkbrIZjv1OpFzZswWP4ruQpCr4uV_2nYcQwDWhs5ZQhgoZBm2-Hdk9KrHplWcF9rY0ZFoC3rsMll-CeaIjvyb20kjeWT532aHP5XzlBOejJQavqo2ZXWJjFuDzexuSR1nICCv1zabY6ppvZ45qssBR8zj_-BVFZA9uEH3ih-oi3YxH-2KO2sgeS1G2vs1If2wepfT3vI8e1BoImZoXXeHaD7DFHHHWolNSdLAbgBAGABuXQrvCavLuIUKAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNzk4MzY1MTI1NzgzODI4MhjqwW0&sigh=i48x6-9xFBc&uach_m=[UACH]&cid=CAQSbQBygQiDdyi-785llBdPiy0KQ5jwFOw_SrsZ4jccTfnnhsXfo0AMlnZyRryizD3lqFWLK0wkrwJWL_3yyI0DhhkrejI9CkLmc-O_leTHozJNfnkePcyBGsbYcfGCbffNsW654Jz-RMmGKBbTcEMYAQ&vt=10
Requested by: Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame BDC6 22 KB
8 KB 9ms
8ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 357113
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 13:53:07 GMT
expires: Wed, 19 Jun 2024 13:53:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5293 0
20 B 52ms
52ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodarir&v=30&d=1&s=1&f=0.01&bgai=B-sUpOyKXZOLqGa-QjuwPhv6W2AoAAAAAOAHgBAI

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/4323423352959208367/ Frame DF47 3 KB
1 KB 9ms
9ms Image
image/svg+xml 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4323423352959208367/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 22:21:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 326620
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1365
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 15:59:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 19 Jun 2024 22:21:20 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B6B6 0
0 64ms
63ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssRbf7T8CCBWBGif5Of7UPC69d13V3q5o4aMZus_opqvM5MvYzfbk7L6DyzpAR26bN-144ybP051UOUEp0b8eVOx-qtU0MdFsIFOVowAj1QC9GpBRbOtl3K09j_6piE6upSzRrxF9jvTrPGLg4of4FF6u6d3xIVZT4Xej1GtO2hi6ZGmISaSVe4Ah4Qjx5YJU7OE-u8mYdOycGRyhyzkFyM52HQuGXqtwcdC6Vjpl3IiprWHdLD-dpIisD1R6ai_vDRixM1aswX2FcnVgAOKctev_71hd3rrE9LepBXrDfeOWW3mjOycTx6XyefBzPw4TVG8C3fbEqAf8rbzEjuxS9c5Q4LqnsxSvZnGLtXVhwtSYEQzxkLnRV7JMllbQCTjBvXSSGaAFPylQrxFVdJYKSMcBY17kyaolIRtl0B27surTrOUJ8HiZkhTjORu3eMiT_YPufxQrkpHRJFz9HtQ4FfuZnj8_411WzHaBDaxXYDR-JLdbbJkLM7M3KJAo_0eKCFjvt8SwpBO67OrVfE03gMNWWTjqBFqZ5GCfCy522hd4s5ncXtZ4IjixsyCLQd9hCFkWM4LMEVcpr0XLQsWog-jleJUO-tl365CPROZPepqx4ONMUKsHRTx7OtaF6fVUuxC8IprP3kVMOH3AcrUbguH_QluyO7XBGQitq4g22QnvunTQQ_4HGjq4EB-RhoOR4Rfze2ChP610YeOhB25SvFZ7FJDqCPQ5CRW0Z2XiFmCiBB6CA7ih0EE7-btyosRY2Gq5wnuvdkgC0aukLg4ZcJbtOuiXVZEuOtdH8STpl2ycFIXk141yWc7iTael7NwYQyrkZANyGEqDFJf5bVYGmswhHvCkc_V-Qui2XIwPNqqFMBq_byvaoYEJKqaFYGD4ELB87L0YGzlsxnfo3SRP7cTRiBvgQ0qmymRf_3zGBSX-l2IryaawXFaQphMp6vz3_M-OBOF-PjNJ7LIdKomW1E2TtsS72QDksgxHwa7DXdlkildgY4ssyQLDleY3_3A6oe4agjNoiPVYC8fn9cIdlI9XnHnycIkO2nQay-Z_Dd9aRrZe1Cmj5cAwFgPn4qUly90ceEKZMDSK2_MQDxI8gAmQ7vft1uphUjGrUZ6ve3qI0kKqdK1NWc5HqLRaySEk7lOG8LpYOaEQ_8avYPc_0L5gxZDMR_4xCBbOlKRdG-Eqq2KlNUKHGr6eNWF6hNaAlqQHw-Ak6QZsxkMUS2c9HkQ_fBXm62GMz1pTEo7iRUgOLydtmp-FFWkNt0WncO_8Q0Uw&sai=AMfl-YS8agbw7HuXTGlZb-peEdG8_MQGXZyNMYPcMLuVQCdYMwSNuFI9H1cI_g2-HubabTf9n2wJgjcaMc7DlhpddwFzr6iqhrNNTJgzTS1uZs-yhz0tBOkflK3HkRJZbZbt8GySGhZ5QF9haxq-om7VN3DFC6eG2NqPnLzrMo1o8MJJgBlHuOzb3BaE-I9WEHeUJas-gsIi2Ke3vIQwaFA2HQe-DSa8VAVsupQJc29zC7aDEpGzM36S26JgFAuUsIM9ELz-c9qUPM1BLbUknhJqniKPqfxOfd2zCjxo3pzIy_26q7zDnAZNByhFAQTa3blB_MNWMIQAXqaMYOfWzq1lWLWGhA80yTBlnaQ&sig=Cg0ArKJSzNR9o8UaIjdpEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1002&vt=11&dtpt=892&dett=3&cstd=108&cisv=r20230620.80028&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 24 Jun 2023 17:05:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 72E5 0
54 B 24ms
23ms Ping
image/gif 2001:4860:4802:32::3

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~lja94j33&c=7919070020208&slotId=3959535010104&qqid=COP-zPCx3P8CFQCTJwIdyQYGJg&fb=outstream-lima&vast_v=3.0&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=AdChoices&icdi=15x19&vmfc=1&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::3 -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:00 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 72E5 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a1b3954c90ca1cb7765ebc7936ee2891056bf0a5efb095631fb46a08dfeea584

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 72E5 2 KB
1 KB 88ms
18ms Image
image/svg+xml 2a02:2638:d::2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:00 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 18 Jun 2024 17:05:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4EFC 7 KB
6 KB 61ms
58ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6355ee280c9c2c684a4c890a76edf6f82790bbaff1cb85a9bea932c5a392855d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5770
x-xss-protection: 0

GET
H3 200 fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js Show response
pagead2.googlesyndication.com/bg/ Frame BF21 37 KB
14 KB 19ms
17ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c0b531ac93316525ae4b761dd288f6e22c45dc5e36167fc646fe0918125d81d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 17:03:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 172909
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14697
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 21 Jun 2024 17:03:11 GMT

GET
H3 200 fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js Show response
pagead2.googlesyndication.com/bg/ Frame 42DB 37 KB
14 KB 20ms
18ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c0b531ac93316525ae4b761dd288f6e22c45dc5e36167fc646fe0918125d81d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 17:03:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 172909
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14697
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 21 Jun 2024 17:03:11 GMT

GET
H2 200 5ed76f76e4b07a92411bc03a
ng2.virgul.com/tck/imp/ Frame 2E7E 0
209 B 172ms
50ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed76f76e4b07a92411bc03a?g=1&t=gb&r=153377@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687626298218&userId=vnet882f387d-b009-4a3a-a2fb-177357578087
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Sat, 24 Jun 2023 17:05:00 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame DC56 0
0 50ms
49ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvXLWi7qoTJRJU-Sz0ZpB-TJgkyFk7cMLGgB2QSk5MY3vfX5B6simcr3mHV4aNt7u-e19AVt0iNIlv0RRdf0uSgXJm7SwZ1gC47m5lA36MQsrfE2QR1vsOMHjPxgcMtO4wbmRffgXoqx21ua8MFSwheb3ZtA8zE9ch0UlIprxTsJggnXdUPulTVnCS72_M2PyH2SLHNzFxEg8bhLL2TFYv0y-Pk9H1rQllgR98AIdVTdp1fijyIMEMJcXjUCdaF98nGCI3o7TnU4FtKhl_Ngv8aNf5aJVH7VdoUTU4JZWFIC7DaJuZdzgA4G3i9qqDeJE16h4cbMRN-thUdsbmvMt7uvU7f5yRbjCt2B9KcMLrFqc0R49Og3g2pYU0Ua5Abu2CgUu-FvmSy7WEDSp2WSlCdgeiXKao7Iy6JoVH2cHZC8CvujjMzaUyqgnkRGCbKMMRg0sRKUgTcSUysjcQAdfWA518OhbasatV63_n22G3tJUqkfLk8RTI0NpLJc8LIFs6tdWLNojtuAnBSHiNWIY7YYbkZo6-3Q1h4Lipa6gYZfq92XXPe17maF9NtiSaRt4QkyrArEqhqjqw6lE2evCLw8OqG9tfqf6gecxCk7Zi-UPjWKpyt4rvydjOfmD8OkRaG7rVVAm4Gdj_ZCfO2dfHOoiJMmJZdJXcVs9-r3SonZ5HGma6sSK58_BUg5le8QCjOevFvQBg86WXgFo40Tdnk87EusQQmyc3fym3YgdMsuPeJfIuUBCgoIilVH2JTSPVH4HZwnXwqRTt1d2geErsJrhXjKkInluOmc4P4Kdbk4lpC9w26Gyx0XPvZnKXpjGtteBMriRC-jLqWnyLGfIO8Ci4CrkX2XX8ksDtu_0PqmZpC1l5nge2g8xZ5aTbd78h1mfxA7D42Qx24C6E72zfs-4u2pYmiA0INbyFFk0oEhF30eeV0lmhYv-EBAdHMCQIjI9LuPwx_lLp0IuIbgECh4SE-m7EFAUbMfUd5ZLLvqAT6izp1AqVkRjaThGzeafjVAbIOXOI6RZuS-ks2gnt-yut8t5IPTxJb_dOwqMTL1rV6nHR4N-6uMEBJ6CS-Zw9E3hY3DH8sxiJa7i3HdQ2x5k9lqBjcvthob7SDyMvVmR_f02bn-kH5_WSkhmBU1yYmPW13mqK8vODMoZ-1rmuj6hYpvrzctM5_13cIKzh_QvHeCmQxCkzQ5CwvsIoyfBmnerhEDKJg8O8aj5ciCzn6T-jIEuq5_2fFVc7m39HD6F0XIcixs48fSQGuqeDwg5sRpXbO7Ibu1ZAJWmWnMXTKI-aVK5JfeMUdeWh6loRfXBsqq11ybfZveKyEyIEuih3Z1DilD0_E2mtc&sai=AMfl-YR-Gl0N5lFYfM1FS-PWmxjWSJaTEwFKm9Fg49BL5FzyG6g2osU2tLqelbR4oaNa-PS2jjUBOALmyE-dSY_IQvCQ1Y2n-VzjU3Lk9N2QJifMguYFclMMgFxqLF62Z21lMKBU_BGJrDCfCXgDpeq_swbJmHe3c6jo4Q_nZ6CyoCm8DbjX88vw3MHFO40o3LYxFy_-o46qyAwIgB9MkoKMZgykmrgFbihAe7eTP2hi7QSQE2DiuqtKn-eT7pFgD6FUycoG-pRjwoo13aEeb5oIpuCXf-OQVekvCYGL8NmRe6fdrWrTQ4XaGiv9NRxJnT0wnMQP7h-FD7c9ehGc-y0ykZfYUqc-QCvIoXw&sig=Cg0ArKJSzJzmsGwkEZm6EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1091&vt=11&dtpt=976&dett=3&cstd=108&cisv=r20230620.64353&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 24 Jun 2023 17:05:00 GMT

GET
H2 206 ed2ce3f30f62411a8d88b33f6114edaa_k6_1080x1080_15sec_cta_social_paid_de.mp4
static.criteo.net/design/dt/10758/4758893/ Frame 72E5 18 MB
0 30ms
29ms Media
video/mp4 2a02:2638:d::2

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/10758/4758893/ed2ce3f30f62411a8d88b33f6114edaa_k6_1080x1080_15sec_cta_social_paid_de.mp4

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Range: bytes=0-

Response headers

date: Sat, 24 Jun 2023 17:05:00 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 01 Jun 2023 13:46:50 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6478a14a-11c7062"
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-18640993/18640994
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
Content-Length: 18640994
expires: Tue, 18 Jun 2024 17:05:00 GMT

GET FordAntennaCondMedium.subline.woff
s0.2mdn.net/sadbundle/16829948873192997814/fonts/ Frame B1CD 0
0

GET FordAntennaBlack.headline.woff
s0.2mdn.net/sadbundle/16829948873192997814/fonts/ Frame B1CD 0
0

GET FordAntennaRegular.legal.woff
s0.2mdn.net/sadbundle/16829948873192997814/fonts/ Frame B1CD 0
0

POST
H3 204 csi
csi.gstatic.com/ Frame 72E5 0
17 B 16ms
15ms Ping
image/gif 2001:4860:4802:32::3

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~lja94jcz&c=7919070020208&slotId=3959535010104&qqid=COP-zPCx3P8CFQCTJwIdyQYGJg&fb=outstream-lima&gpm_i=1&gpm_c=1&gpm_a=1&smb=1000&mt=video%2Fmp4&vs=1080x1080&msm=1&aits=0&webm=0&vp9=0&vamt=video%2Fmp4&hvmf=false&vms=1&bit=0&hcn=0&met.4=arp_a_e.1fc~videopreviewvisible.1ic&umsem=0&ape=1&ple=1
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::3 -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:00 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/9548364509937149214/ Frame 1EB5 3 KB
1 KB 14ms
13ms Image
image/svg+xml 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f88ad1b185e443ce4a39c76c65fa4b6f199c1521398535cc5452b19304d5f17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 15:05:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 93598
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1359
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 22 Jun 2024 15:05:02 GMT

GET
H3 200 fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js Show response
pagead2.googlesyndication.com/bg/ Frame A7CE 37 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c0b531ac93316525ae4b761dd288f6e22c45dc5e36167fc646fe0918125d81d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 17:03:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 172909
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14697
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 21 Jun 2024 17:03:11 GMT

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1/ Frame DF47 13 KB
5 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 06:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 123726
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 22 Jun 2024 06:42:54 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame DF47 7 KB
5 KB 67ms
66ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

12ea875e15dcd2a99106b808f5669a61bbf021fbe694235f632f9c36ef85bb06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5522
x-xss-protection: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame AE79 0
26 B 55ms
54ms Ping
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssdTiiu67wcOtLSfEzxjifdKjw6fPmUB8VKkmoPDxhUBkDq0v6Q3mbxS-sQWUumup7f2PkerzaWWwZWBflqm261GYNAo88irEnBZp4RqqBRgbzMONS6g8s_n-Zm1Kll1UDb2wVTyfC6ygcGmZ8vszT_xmgnD5zKa99VLD7azccob0ziTkeceqtLjfP4CzIO4hHwCQlXyc3oYrd38A&sai=AMfl-YSWdu-NkW0oLB_yT5_D4BOWa-gFInPYdTcACeg3IwCgwAgmeAFULiOzGYy9g4F0t61vsiVXJGhUbtP8Tf7ptPJmkczHSv2TN2Uy5dcx9II0HgfN46HqIMfvTU24QC6-yIQVxn2p9RiPpxfKmtlS7n1tFA&sig=Cg0ArKJSzC-uTIIO-PQkEAE&uach_m=[UACH]&urlfix=1&vt=13&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4EFC 17 KB
6 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 24 Jun 2023 17:05:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 72E5 0
17 B 32ms
23ms Ping
image/gif 2001:4860:4802:32::3

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=5~lja94jg2&c=7919070020208&slotId=3959535010104&qqid=COP-zPCx3P8CFQCTJwIdyQYGJg&fb=outstream-lima&gpm_i=1&gpm_c=1&gpm_a=1&smb=1000&mt=video%2Fmp4&vs=1080x1080&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fads.eu.criteo.com%252Fdelivery%252Fr%252F0.1%252Fvast.php%253Fz%253DZJciOwACeqMCJ5MAAAYGyaFxKf_yd1AC0M7rpg%2526u%253D%25257CZ35AGVesBSCHKcnNdMoZLIboenOK0e9pqg6iRD1q0II%25253D%25257C%2526c1%253Ds9Ouqadr9PNjmdWEvnIhCeON5eq0Yfy817nyR0B5GwZXgYWXwbmDe9kpYSMilCDwZHTqTSHU28qPS699-x6-pdPmHC8ESfc6jWDFBEINRxVFWXLtQft7xikDu2-fx8kHUyj2sehGXD0OD5T2DiVRlc7dT0vDdauZytSbIE6w_XbAWZ_Hu6L-J2dv0GO6dJanAuwib2GQEIGDhBDrIaTtkYLSKc1wzV6gs0StfFthX-O0Z4M_GInQ1cctge6DTWl3YkNzcQx1tdGb26EHRTz2T1U9QrtwVlrV9NcE7ujpsjYkAAoL5z_nNHlVvBdXgsPR9_8nld1zJs1mDLG3iCWzT5fCkCelWQG9TLk-UJre-Djnd1dj0IKHIaotRz86NpOd5sBvXZgrTDF7D79KnFDbkREMeSZ6nbzUGo2VhmxvCOWoXbmqqaUbqfu4s12QjDJszKkvRdiAT1wWo3pKgGfWb6RblsascK4z6Tnej_NvfhhI2Bq1nSIKBPXUphqCx-ssbuDLGIoYh0Rz7Jy_C0ZRvssuYyrj57SspwMLkbiAZCpSkr08Z9AIpYonvdoM33KLtJTXTWiqDUmGAksz9VjmLfcj6mgPWocJYSAcywEedBK4X46VFRkTz4GOOSIVxpuU%2526ct0%253Dhttps%253A%252F%252Fgoogleads.g.doubleclick.net%252Faclk%25253Fsa%25253DL%252526ai%25253DCqcloOyKXZKP1CYCmnsEPyY2YsALJntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQWpAjbE8JEfR7I-4AIAqAMByAMCqgT3AU_QTx9olYzlFS1j6p4glu-7r_CzRfTQIhFUpLwS30hh2u1GsIC2J1A-TFbIV1aGtkZawKMCvEjntS-9I8Jr9bAJPqLrRYJdeEkbrIZjv1OpFzZswWP4ruQpCr4uV_2nYcQwDWhs5ZQhgoZBm2-Hdk9KrHplWcF9rY0ZFoC3rsMll-CeaIjvyb20kjeWT532aHP5XzlBOejJQavqo2ZXWJjFuDzexuSR1nICCv1zabY6ppvZ45qssBR8zj_-BVFZA9uEH3ih-oi3YxH-2KO28AWzRuogL0GgRxMKrQBJ286hDDQsSJ1VzL6-SsP4AlmwEX4ZP7k1-rrgBAGABuXQrvCavLuIUKAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_2Ce5b5Sbcp-E-8dUtR2F6IAMvhNA%252526client%25253Dca-pub-7983651257838282%252526adurl%25253D&encoded_body_size=0&transfer_size=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::3 -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:00 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 61C7 43 B
215 B 104ms
104ms Image
image/gif 2600:1f18:1aca:4282:2a0a:6ee9:5131:f962

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=b68839bd-4885-7266-b2b0-66babc76c695&tv=%7Bc:gtzvg2,pingTime:-10,time:1163,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE0LjAuNTczNS4xMzMgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1687626300694%7C%7Cea86f93449d59d46bf6d239047ac5927%7C%7C8623b242deb4313525321dba17b62725%7C%7Cc8d0c155f225eda42a5d78b43a4eb9eb%7C%7C3574cfdc8aa4ce85c600ea56c88ed2b5%7C%7Cd015b57a4fda737194f147f07727fb85%7C%7Cb065b747d0e9f35c738bb69aa0a14eb8%7C%7C20bda95a19341d62d10cee73d10def38%7C%7C1663701684,im:%7Bpci:%7Btdr:391%7D,imprf:%7Bttecl:1083,ecd:245,tsecr:528%7D%7D%7D
Requested by: Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:2a0a:6ee9:5131:f962 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:00 GMT
server: nginx
x-server-name: dt26.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B7FB 0
0 55ms
54ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvfY3-YkT-APVTp-uyb-1NiEaOWCUsyTZvXk0Pzavb6DCmsDfVEvV7gqfIDpPAp16wKK6gjSXQaaRNbqEWkjKukoT3Qp7hhjEIMI5suJYUvpXNtHz6610mUnPby7qsuya14MZXGxNSfPEDfDpgjMBBl2OhNduUD3rcCEHC_obTTIgFvspCVo8xi69rdEhgXuXsFCj3PxkYJ18lLOcrSSYBeT9YBeTsphua5CocAMLClplH9aRTDZkABOnVC4a8jM_IdWqzK7EZAfZz3b9B22XAziIiXznBhSln7fR5Ci_1Y_ZEDlV42WfUl2oQ-U40Bz5yHYAYdQiz7CZNsPIzTiFUIwJE4rAW4qh-0aPfCMMhUwaFuAtRQV3MkxzDTnks5ck36A3ZQlr2-b_jFFAMFe8vgGgqilPVpVnxM8GyXwCKyvLDLyu-QQVYxSEU3n4b1MFP_QbUOFKO5_Fuf_6evFSWL6JFsOf0Ih3Fk64kFdy-CqkxdJtqkhj8TI-IiTUbHfEKfblnDNWbHw8CNKAnYAQzeVkmm68PHp86OuxGkF-nuVF-MIx2F5tH7fD6cXccUAnJaeRJtBoH0JRu4uc_50Rmwwz6M1v6qIZn6n0jdwwnlSTdD71KjX84mvj8jXjteMLioOpOmvXj2twfWQyrPvvvIKa-apunRgPV59o3ZS8AeGJIYW5PkAC1krVcOx6oFj724cdY-CxkkAPd7XLBxPYwfKTuQqlnIFmsgbcK_7reZEaI0obFPvlcHuDFhBLkwiVGlxHPVZF-l_AMny3pNUxksmQXQBVDN5KwmI-JvjhPF9rpNhexlmYm_0c8BdMzCke_M54tllTprKK40dL9vMH2cg_tw-_rVH6bfinxwSKF19BI-p8r02w8LsySZGl_SgYxkd8doIf0F5iA4RfcbLKQkwqNo8pSJTbzw5hVBSYj9QTLBER_3PRXLgGR6h3cD29iQELKsglWBTumqlVYciBYg-5vWtrQrQ2fwbPFXpkbIp5mQEZ4p7ks4szeeE9wooy74v947INqP8fid8WyiWFRGvS1SXbijl4YFJuVaiLQ09FalBW6-nHvKo8gD9KMgbn5khFnC775Ndz2jXCr3Ytf6soVm5QvpUKxP_zMuMEBxoVLQ4O_keHmxYxxJjnj4kG8cKY9Bh_BgwsMNjoBmeEL1bz5P8Unl8jeHjOp9aDhfDZZgYmGZDFz5ZG2nJ8H3RGmt_XtgMHlVUA8bzh2oDMtv7c__zXcDh1dw4y5aCA23W-dM60gyQI5eYdh9QpRbxNNZN2OWZGNp673Yp4pQ0ER7w0PdQtTCrUnJzVdkwXnTYJpvRkMux0icbxmvO_Bb26p-1EUO_Q&sai=AMfl-YQO7MQyO7EieL_MrN8nWQ2H9U-SGG2XY7WiCkNRcT0J9efTU7CrhwQ6wc6yNcrWElSkPmfo_-T57YrOp3wOiye7CbThNs9pKLd6XrnfvORh6MrAgdd7pzIUw9GtQQHzs4pC9bcMTbe8t1_13xnI8WbvyFwnVyqJ7E2V69d18yAOsxZt3jesi-HJHM4QyGU9chm-h0TGRCWxbKdcTG0A4bHOdNaCAnN7VAr9V3rOKmci_nfZrCGV-jA6K8Dj-9R_nG7YWoF_7f08JUIX6SFmn3vNLl8DzTPppFptOzJnUHd7SNfe-yps9EUlWGrxfs7GQLz20tCQPt2n5u5jv79hDfp73lWIp-6m_s8&sig=Cg0ArKJSzHk6V_ixkzmREAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1254&vt=11&dtpt=957&dett=3&cstd=289&cisv=r20230620.05981&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 24 Jun 2023 17:05:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame AE79 43 B
215 B 111ms
111ms Image
image/gif 2600:1f18:1aca:4282:2a0a:6ee9:5131:f962

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=e5965e74-6ca4-9b7a-f466-423f5ed01faf&tv=%7Bc:gtzvgw,pingTime:-10,time:1049,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE0LjAuNTczNS4xMzMgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1687626300723%7C%7Cef0b0130f453f21ef7d2548f295abd71%7C%7C8623b242deb4313525321dba17b62725%7C%7C2cd0c26c4a3620f8a8ccf8a54c26b001%7C%7C2a941129bca2089575faf25a3225e5f3%7C%7Cb10c056a61eb9ca2c6bfe628fa6ad142%7C%7Cccc937ea1d36cfe62d2fd2c70f0dac13%7C%7C7a381cf7f08d88ccecaedbcba270aea6%7C%7C1663701684,im:%7Bimprf:%7Bttecl:1250,ecd:417,tsecr:513%7D%7D%7D
Requested by: Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:2a0a:6ee9:5131:f962 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:00 GMT
server: nginx
x-server-name: dt16.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1/ Frame 1EB5 13 KB
5 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 06:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 123726
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 22 Jun 2024 06:42:54 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1EB5 7 KB
6 KB 51ms
50ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16df13bf757d1ea1db3b74b0a42013a8a392aa56a81b4517874ce59e820f1510

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5662
x-xss-protection: 0

GET
H3 200 fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js Show response
pagead2.googlesyndication.com/bg/ Frame BDC6 37 KB
14 KB 32ms
30ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c0b531ac93316525ae4b761dd288f6e22c45dc5e36167fc646fe0918125d81d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 17:03:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 172909
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14697
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 21 Jun 2024 17:03:11 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame DF47 17 KB
6 KB 48ms
47ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 24 Jun 2023 17:05:00 GMT

GET
H3 200 fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js Show response
pagead2.googlesyndication.com/bg/ Frame 7749 37 KB
14 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c0b531ac93316525ae4b761dd288f6e22c45dc5e36167fc646fe0918125d81d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 17:03:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 172909
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14697
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 21 Jun 2024 17:03:11 GMT

GET
H3 200 congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame DF47 98 KB
98 KB 28ms
28ms Font
font/woff2 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 16:58:14 GMT
x-content-type-options: nosniff
age: 406
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100772
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 09:13:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 24 Jun 2023 17:13:14 GMT

GET
H3 200 86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame DF47 57 KB
57 KB 30ms
29ms Font
font/woff 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:48 GMT
x-content-type-options: nosniff
age: 12
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58447
x-xss-protection: 0
last-modified: Wed, 15 Feb 2017 10:23:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 24 Jun 2023 17:19:48 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1EB5 17 KB
6 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 24 Jun 2023 17:05:01 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CDCE 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bm4E2OyKXZJryCNaSjuwPzMiA0AoAAAAAOAHgBAI&bg=!4-Cl4LTNAAYQ3eRoMN07ADkAdvg8Wq81ZzHyvVr0BdS-_sU6mT_ppWOLBxn9Se_u9e7viXYfJ2pGIjHsS5t8J2W5iqmsC3EO1rICAAAFF1IAAAADaAEHCgABp5kDFE1nAcDzYz2t5N_TU9F955NIK1d8c7vJyFzi2yMNpwj34ESK1Zx-pj-TDlvaWVe8PXrcXdpMkCVE15HMHejD3BUtNuMsm3t8v_oim8OR0RtmfUFQML8noivmgkVC_oggzptfiWvd-qcO_pXMEZT8eoq3lN3wNG5F6mGgj_bWhy-FZi5LKkoYharls_8SndxAZu246WqF4kvloFb8Tsjo1rbByP6etqao_k-dKuTq6p01BSCOg-Kw8hdGkRSi5-avK7qCkPaldJYNQaFmCjHGAGNGHFoSYlEw_Gd7yU0kE2_C9caO3sPR8X5mqZBtSEBP4aehRzhFvNx0kcZQ_m3DfiqAPGJyMfCSKNgvYa_0FHzf20OAVuckQXwaJ8Rg7zWNU9hgZUNuoOS6XtLjNbiNtJWbpbIvKS3qvwRCI5DFiWWi643fOAQpLwaPaSkLuzK5CIoBg2LzqKEcYYJOl85w4r2kOsJ2UuAonG_63qs4vApuVF8dUqaiZfTSlsuEthtwl98lvcof9LFX9wOE_947dRKTeNdj9NzVh1cwilNlr-Uo4Fwl2S0rclE33vX7trJON3kuCqw72jrMPrsB5TvcxjBQe02BnU3yktxc2Hkz3Sh7xqRmhPOJH46t6W3FDqZ4A5ja685eJLo6mgf5osRTVPte3QfSeF8twfJmen2hLT8J6g8JMcjOL7okYnsxcMtoOlJIMTXv94o3Fl_9qSqwyXXMMGm58mEQn4TZwMM7BIlT798ISB81Qgm-hDFKRyTl-cUNZNoonDsWmoix2LP8N1zop-iyr8lRERAhjK6V8ktJWyt-Bin5f7rj-TfRzoeb2cE8_To5ZvUB2GQgLYiMENteXC224KbPOl8mVq9msqrL1glwlkvwtEPCXfNSbzMc_xCdQXGRgHlonTP3zBBtfXdC8QbEcvT3vh2ie3SgDfJHZzMzxkOn_bnjn9fd2vfPS4xu-tP_U00Ql7xyC1oG2VIK-PhwFxWG_3-aJzaU4h23SASKSmjjD6rZifTUjz3mVF0enYgeGeZ85RIQ7KwkBncGPP1g

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js Show response
pagead2.googlesyndication.com/bg/ Frame 995C 37 KB
14 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c0b531ac93316525ae4b761dd288f6e22c45dc5e36167fc646fe0918125d81d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 17:03:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 172910
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14697
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 21 Jun 2024 17:03:11 GMT

GET
H2 200 vt.php
cat.nl3.eu.criteo.com/delivery/ Frame 72E5 43 B
347 B 343ms
13ms Image
image/gif 178.250.1.6

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/vt.php?cppv=3&cpp=jbvxAjstvjkjq-r3AxFwqTcpYkLgK6Bcc1dwiYCfm7p8DhJ4oXVH05IKfQkuDmEG7WMeSNPaKL2--yds5vPWlN4kZ-15YJjAh-SF73pGwoM5X7AYRf_Gmp_22XaJKW7wIURUYsZiCS1aO_aJlfSvzeU9-4SnAHzY4ajA_xG1ukCqypCw8hSJkpvc6DtDLxBSCAJKAll9kyGxuiZXSKDeOuFE5mL70b9ybO27rT4MpML7adYt&err=[ERRORCODE]

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:01 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 103944
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 72E5 42 B
64 B 51ms
49ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CqcloOyKXZKP1CYCmnsEPyY2YsALJntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQWpAjbE8JEfR7I-4AIAqAMByAMCqgT3AU_QTx9olYzlFS1j6p4glu-7r_CzRfTQIhFUpLwS30hh2u1GsIC2J1A-TFbIV1aGtkZawKMCvEjntS-9I8Jr9bAJPqLrRYJdeEkbrIZjv1OpFzZswWP4ruQpCr4uV_2nYcQwDWhs5ZQhgoZBm2-Hdk9KrHplWcF9rY0ZFoC3rsMll-CeaIjvyb20kjeWT532aHP5XzlBOejJQavqo2ZXWJjFuDzexuSR1nICCv1zabY6ppvZ45qssBR8zj_-BVFZA9uEH3ih-oi3YxH-2KO28AWzRuogL0GgRxMKrQBJ286hDDQsSJ1VzL6-SsP4AlmwEX4ZP7k1-rrgBAGABuXQrvCavLuIUKAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ&sigh=Rj8cembbt70&label=part2viewed&ad_mt=97&acvw=sv%3D953%26v%3D20230516%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D15082%26vmtime%3D97%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26i0%3D33554450%26ic%3D0%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D195590349%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A1,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1687626301148

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 72E5 43 B
347 B 348ms
19ms Image
image/gif 178.250.1.6

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=HPUTAqNkAR5fibcLpTBtIthljDUH1PHkDgX8PfDTe2_b_2SNNlc7KQjUBnz4NTUyWYJ0fCp3mblvhehbI9o3xzcyg5euefyO9rVz33ZNo2jVujEaBZTs5-WSEFonU64uyEDdj5oFbppu8zYUK1anGiPFvZ7uvAI2ymqTfposFcQJ0XniBuQLC_cgVQD_W2s5qMBCxVtVQv85c-kd4w9R0G2DISKij1EEy2sII_I5rgY74Rq3M_t8LDsowXGsYoOUOx2UZDydRFXlL0RQkYLWhYK8v0bSuev2dtFglXv2YrMYRM_UyImYpKwl2GXNl9kycPiMf7vREa6kVlQ9WfH_4J5_SNkLgaNPtsh9kvJRc2iIuNoGGTQF1Omvxy88MRrngKn51k6-CC-eQJzW686B2FHyV3yfwjHkOoBQdVO5TMNK1KMNoVr91MDjp0dHfOw-_Trajg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:00 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2086567
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 72E5 0
0 57ms
55ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CUoavOyKXZKP1CYCmnsEPyY2YsALJntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQWpAjbE8JEfR7I-4AIAqAMByAMCqgT0AU_QTx9olYzlFS1j6p4glu-7r_CzRfTQIhFUpLwS30hh2u1GsIC2J1A-TFbIV1aGtkZawKMCvEjntS-9I8Jr9bAJPqLrRYJdeEkbrIZjv1OpFzZswWP4ruQpCr4uV_2nYcQwDWhs5ZQhgoZBm2-Hdk9KrHplWcF9rY0ZFoC3rsMll-CeaIjvyb20kjeWT532aHP5XzlBOejJQavqo2ZXWJjFuDzexuSR1nICCv1zabY6ppvZ45qssBR8zj_-BVFZA9uEH3ih-oi3YxH-2KO2sgeS1G2vs1If2wepfT3vI8e1BoImZoXXeHaD7DFHHHWolNSdLAbgBAGABuXQrvCavLuIUKAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNzk4MzY1MTI1NzgzODI4MhjqwW0&sigh=Y4kScArIh2w&uach_m=[UACH]&cid=CAQSbQBygQiDdyi-785llBdPiy0KQ5jwFOw_SrsZ4jccTfnnhsXfo0AMlnZyRryizD3lqFWLK0wkrwJWL_3yyI0DhhkrejI9CkLmc-O_leTHozJNfnkePcyBGsbYcfGCbffNsW654Jz-RMmGKBbTcEMYAQ
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H2 200 google-vast-measurability
csm.eu.criteo.net/ Frame 72E5 43 B
246 B 347ms
18ms Image
image/gif 2a02:2638:d::11

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://csm.eu.criteo.net/google-vast-measurability?cppv=3&cpp=KlfuILM9J5cLV0kQ0gbfJrDoQwoTJjUj8FsOSfWGStbVbpuNb2I0ig3vaLpOHP0ODCXnr4SNJttkVF_6Sat2xcGlL2XSbiteX15Iuc2empyiaXDyeGC6azKlK-pQaxwt7IcW_cYrIIrFEvWY8s8-g_ToIIQJibu0gRpui-_SmvD_MAIa327gkW1BwwiI0u2XRZ0CRzPRUucjxSpuyR-R3XockZaxoho52woAICA7s9g1aRk50I9go7lPFuI

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 -, , ASN (),

Reverse DNS

Software

Finatra /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:01 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-length: 43
expires: 0

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 72E5 42 B
64 B 48ms
47ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvVGdaFvawBZSfulPcpJSAMaiY6p9e4pWKUAlTSadBJmdKLqxGw2VPtOP6_RW1ALSeNWhF4YH1z8ML-CfQedwv2XVE&sig=Cg0ArKJSzPcQrInb2aaPEAE&id=lidarv&acvw=sv%3D953%26v%3D20230516%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D15082%26vmtime%3D97%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26ic%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D195590349%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15%26veid%3Dumt%3A1,xdi%3A1,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1687626301148&avm=1

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 72E5 42 B
64 B 49ms
47ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CqcloOyKXZKP1CYCmnsEPyY2YsALJntKxXNWdkfdwwI23ARABIABglYKAgJgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQWpAjbE8JEfR7I-4AIAqAMByAMCqgT3AU_QTx9olYzlFS1j6p4glu-7r_CzRfTQIhFUpLwS30hh2u1GsIC2J1A-TFbIV1aGtkZawKMCvEjntS-9I8Jr9bAJPqLrRYJdeEkbrIZjv1OpFzZswWP4ruQpCr4uV_2nYcQwDWhs5ZQhgoZBm2-Hdk9KrHplWcF9rY0ZFoC3rsMll-CeaIjvyb20kjeWT532aHP5XzlBOejJQavqo2ZXWJjFuDzexuSR1nICCv1zabY6ppvZ45qssBR8zj_-BVFZA9uEH3ih-oi3YxH-2KO28AWzRuogL0GgRxMKrQBJ286hDDQsSJ1VzL6-SsP4AlmwEX4ZP7k1-rrgBAGABuXQrvCavLuIUKAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ&sigh=Rj8cembbt70&label=vast_creativeview&ad_mt=97&acvw=sv%3D953%26v%3D20230516%26cb%3Dout%26e%3D19%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D15082%26vmtime%3D97%26is%3D33554450%26i0%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D195590349%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A1,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1687626301148

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 72E5 0
17 B 16ms
15ms Ping
image/gif 2001:4860:4802:32::3

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=6~lja94jja&c=7919070020208&slotId=3959535010104&qqid=COP-zPCx3P8CFQCTJwIdyQYGJg&fb=outstream-lima&gpm_i=1&gpm_c=1&gpm_a=1&smb=1000&mt=video%2Fmp4&vs=1080x1080&dm=15000&event_name=first_play&asset_bytes=151215&video_bytes=0&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=7&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=1&video_played_seconds=0.00&video_muted=true&video_seconds_loaded=0.00&met.4=ff.1zs~videopreviewstarted.1zt
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::3 -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:01 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame 1EB5 98 KB
98 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 16:58:14 GMT
x-content-type-options: nosniff
age: 407
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100772
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 09:13:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 24 Jun 2023 17:13:14 GMT

GET
H3 200 86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame 1EB5 57 KB
57 KB 12ms
12ms Font
font/woff 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:48 GMT
x-content-type-options: nosniff
age: 13
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58447
x-xss-protection: 0
last-modified: Wed, 15 Feb 2017 10:23:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 24 Jun 2023 17:19:48 GMT

GET
H3 200 03032023-031528919-320_1200_vertikal-1800px_congstar-xe5f6717b-d289-43b7-9f11-4220895e9c44.png
s0.2mdn.net/4528404/ Frame DF47 314 KB
314 KB 10ms
8ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03032023-031528919-320_1200_vertikal-1800px_congstar-xe5f6717b-d289-43b7-9f11-4220895e9c44.png

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

072f9ada3dbd90a670f75e51092ab23ba99fde1322fc2800b3ffc5de91712964

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=hVNm8hCwMa&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 07:13:11 GMT
x-content-type-options: nosniff
age: 35510
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 321786
x-xss-protection: 0
last-modified: Fri, 03 Mar 2023 11:15:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 25 Jun 2023 07:13:11 GMT

GET
H3 200 03032023-031531561-320_1200_vertikal-1055px_congstar-x_ohnex86c22c50-44dc-4f6d-8fc0-b5efb8174ea7.png
s0.2mdn.net/4528404/ Frame DF47 220 KB
220 KB 13ms
11ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03032023-031531561-320_1200_vertikal-1055px_congstar-x_ohnex86c22c50-44dc-4f6d-8fc0-b5efb8174ea7.png

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dbe69d85fee1f6c4a0ae57e830ade12777ace8b9cd366946e17626b9a1af3bc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=hVNm8hCwMa&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 14:06:47 GMT
x-content-type-options: nosniff
age: 10694
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 225173
x-xss-protection: 0
last-modified: Fri, 03 Mar 2023 11:15:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 25 Jun 2023 14:06:47 GMT

GET
H/1.1 200
OK ajk4xlebn4mw
hal9000.redintelligence.net/zone/ Frame 7F1E 10 KB
3 KB 327ms
13ms Script
text/html 138.201.63.117

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/ajk4xlebn4mw?subid=&gdpr=1&gdpr_consent=li&rnd=4132588374241990405&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DOh89QPJHP4PDV38WBkiVhQ%26exch_seat%3D20035004448%26mt_aid%3D4132588374241990405%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3De6fb6497-223c-4f01-8709-105359ac44e9%26mt_cid%3De6fb6497-223c-4f01-8709-105359ac44e9%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCV0nHOyKXZNTZJOihtOUP4s0Fz4eOm1zAhtmCxgLAjbcBEAEgAGCVgrSCwAeCARdjYS1wdWItNjU5MzUyMzIxMDAxMDE1NMgBCagDAcgDAqoEsQFP0BNiyRJeK76M1_uZmXeyOtyK8w-2iJB8CMpxFzw6kAdRMX7WeUtMslnwjv-7pildaPOtfLVF8Kp60VwfU4KocuQO4ENaRiRYJvVALxZFj7EW_HrSOJ9RpDzZBqBiAn0omNldz8mDPXFZcui8oLZO9P9yvlmX6KVYr4SSY-9u2Sanyk0bAKZUWvZVHw789f9I2LE0aks9-DTHwBx8Y4VQLr_zFzzUgU9zXHUfe0LeIqGABr7U1vzZmuidqAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1hLOMeAxXRNE5lmoMz-nZW2S-KHA%2526client%253Dca-pub-6593523210010154%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 24 Jun 2023 17:05:01 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3333
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame 7F1E 49 B
330 B 749ms
435ms Image
image/gif 74.121.143.241

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=4132588374241990405&node_id=3282&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWTJNME9XUmhaV010T0dGaFppMDNNVFJtTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQxMzI1ODgzNzQyNDE5OTA0MDUvNjYyMjMzMi80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1NnI3YUZPWmxZb2VNdlJBSEtwZHN6by8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC80MTMyNTg4Mzc0MjQxOTkwNDA1L2Ftcy8wLzE3MC83OS85OTkvMTYyLzJhMDA6Yzk4OjIwMzA6Oi8wLjAwMC8xNjg3NjI2Mjk5LzE2ODc2Mzg4OTkvNC9wdWItNjU5MzUyMzIxMDAxMDE1NC8/UFVYqguIyZt021ganlhNCpA2cfU&nodeid=3282&group=cdg&auctionid=4132588374241990405&pbs_auctionid=4132588374241990405&shardkey=4132588374241990405&sid=4562306&cid=6622332&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.59&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCV0nHOyKXZNTZJOihtOUP4s0Fz4eOm1zAhtmCxgLAjbcBEAEgAGCVgrSCwAeCARdjYS1wdWItNjU5MzUyMzIxMDAxMDE1NMgBCagDAcgDAqoEsQFP0BNiyRJeK76M1_uZmXeyOtyK8w-2iJB8CMpxFzw6kAdRMX7WeUtMslnwjv-7pildaPOtfLVF8Kp60VwfU4KocuQO4ENaRiRYJvVALxZFj7EW_HrSOJ9RpDzZBqBiAn0omNldz8mDPXFZcui8oLZO9P9yvlmX6KVYr4SSY-9u2Sanyk0bAKZUWvZVHw789f9I2LE0aks9-DTHwBx8Y4VQLr_zFzzUgU9zXHUfe0LeIqGABr7U1vzZmuidqAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1hLOMeAxXRNE5lmoMz-nZW2S-KHA%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.121.143.241 -, , ASN (),
Reverse DNS
Software: MMBD/3.392.6 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 24 Jun 2023 17:05:01 GMT
Server: MMBD/3.392.6
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: pao-router-x41, cdg-bidder-x144
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Sat, 24 Jun 2023 17:05:00 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 7F1E 43 B
418 B 346ms
33ms Image
image/gif 95.101.148.198

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=4132588374241990405&v3=651871&v4=4562306&v5=6622332&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWTJNME9XUmhaV010T0dGaFppMDNNVFJtTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQxMzI1ODgzNzQyNDE5OTA0MDUvNjYyMjMzMi80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1NnI3YUZPWmxZb2VNdlJBSEtwZHN6by8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC80MTMyNTg4Mzc0MjQxOTkwNDA1L2Ftcy8wLzE3MC83OS85OTkvMTYyLzJhMDA6Yzk4OjIwMzA6Oi8wLjAwMC8xNjg3NjI2Mjk5LzE2ODc2Mzg4OTkvNC9wdWItNjU5MzUyMzIxMDAxMDE1NC8/UFVYqguIyZt021ganlhNCpA2cfU&nodeid=3282&group=cdg&auctionid=4132588374241990405&pbs_auctionid=4132588374241990405&shardkey=4132588374241990405&sid=4562306&cid=6622332&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.59&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCV0nHOyKXZNTZJOihtOUP4s0Fz4eOm1zAhtmCxgLAjbcBEAEgAGCVgrSCwAeCARdjYS1wdWItNjU5MzUyMzIxMDAxMDE1NMgBCagDAcgDAqoEsQFP0BNiyRJeK76M1_uZmXeyOtyK8w-2iJB8CMpxFzw6kAdRMX7WeUtMslnwjv-7pildaPOtfLVF8Kp60VwfU4KocuQO4ENaRiRYJvVALxZFj7EW_HrSOJ9RpDzZBqBiAn0omNldz8mDPXFZcui8oLZO9P9yvlmX6KVYr4SSY-9u2Sanyk0bAKZUWvZVHw789f9I2LE0aks9-DTHwBx8Y4VQLr_zFzzUgU9zXHUfe0LeIqGABr7U1vzZmuidqAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1hLOMeAxXRNE5lmoMz-nZW2S-KHA%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.148.198 -, , ASN (),
Reverse DNS
Software: MT3 1031 59fd23a master cdg cdg-pixel-x27 config_version:"1438" /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 24 Jun 2023 17:05:01 GMT
Server: MT3 1031 59fd23a master cdg cdg-pixel-x27 config_version:"1438"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Sat, 24 Jun 2023 17:05:00 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 7F1E 49 B
330 B 749ms
436ms Image
image/gif 74.121.143.241

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=4132588374241990405&st=4562306&time=1687626300&nodeid=3282
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWTJNME9XUmhaV010T0dGaFppMDNNVFJtTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQxMzI1ODgzNzQyNDE5OTA0MDUvNjYyMjMzMi80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1NnI3YUZPWmxZb2VNdlJBSEtwZHN6by8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC80MTMyNTg4Mzc0MjQxOTkwNDA1L2Ftcy8wLzE3MC83OS85OTkvMTYyLzJhMDA6Yzk4OjIwMzA6Oi8wLjAwMC8xNjg3NjI2Mjk5LzE2ODc2Mzg4OTkvNC9wdWItNjU5MzUyMzIxMDAxMDE1NC8/UFVYqguIyZt021ganlhNCpA2cfU&nodeid=3282&group=cdg&auctionid=4132588374241990405&pbs_auctionid=4132588374241990405&shardkey=4132588374241990405&sid=4562306&cid=6622332&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.59&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCV0nHOyKXZNTZJOihtOUP4s0Fz4eOm1zAhtmCxgLAjbcBEAEgAGCVgrSCwAeCARdjYS1wdWItNjU5MzUyMzIxMDAxMDE1NMgBCagDAcgDAqoEsQFP0BNiyRJeK76M1_uZmXeyOtyK8w-2iJB8CMpxFzw6kAdRMX7WeUtMslnwjv-7pildaPOtfLVF8Kp60VwfU4KocuQO4ENaRiRYJvVALxZFj7EW_HrSOJ9RpDzZBqBiAn0omNldz8mDPXFZcui8oLZO9P9yvlmX6KVYr4SSY-9u2Sanyk0bAKZUWvZVHw789f9I2LE0aks9-DTHwBx8Y4VQLr_zFzzUgU9zXHUfe0LeIqGABr7U1vzZmuidqAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1hLOMeAxXRNE5lmoMz-nZW2S-KHA%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.121.143.241 -, , ASN (),
Reverse DNS
Software: MMBD/3.392.6 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 24 Jun 2023 17:05:01 GMT
Server: MMBD/3.392.6
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: pao-router-x91, cdg-bidder-x144
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Sat, 24 Jun 2023 17:05:00 GMT

GET
H2 200 5ed7702fe4b07a92411bc03e
ng2.virgul.com/tck/imp/ Frame 2E7E 0
209 B 46ms
44ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7702fe4b07a92411bc03e?g=1&t=gb&r=153378@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687626298218&userId=vnet882f387d-b009-4a3a-a2fb-177357578087
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Sat, 24 Jun 2023 17:05:01 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js
pagead2.googlesyndication.com/bg/ Frame A730 37 KB
14 KB 85ms
83ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/fAtTGskzFlJa5Ldh3SiPbiLEXcXjYWf8ZG_gkYEl2B0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 17:03:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 172910
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14697
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 21 Jun 2024 17:03:11 GMT

GET
H3 200 03032023-031528919-320_1200_vertikal-1800px_congstar-xe5f6717b-d289-43b7-9f11-4220895e9c44.png
s0.2mdn.net/4528404/ Frame DF47 314 KB
314 KB 18ms
18ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03032023-031528919-320_1200_vertikal-1800px_congstar-xe5f6717b-d289-43b7-9f11-4220895e9c44.png

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

072f9ada3dbd90a670f75e51092ab23ba99fde1322fc2800b3ffc5de91712964

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=hVNm8hCwMa&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 07:13:11 GMT
x-content-type-options: nosniff
age: 35510
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 321786
x-xss-protection: 0
last-modified: Fri, 03 Mar 2023 11:15:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 25 Jun 2023 07:13:11 GMT

GET
H3 200 03032023-031222266-1456_180_v_1450x2355_2207-anf-m-icons_2b830ab0d-2b2e-4fea-8533-c74d629dc44c.png
s0.2mdn.net/4528404/ Frame 1EB5 27 KB
27 KB 17ms
16ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03032023-031222266-1456_180_v_1450x2355_2207-anf-m-icons_2b830ab0d-2b2e-4fea-8533-c74d629dc44c.png

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=Y5W2J8r0Ai&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 14:00:35 GMT
x-content-type-options: nosniff
age: 11066
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27795
x-xss-protection: 0
last-modified: Fri, 03 Mar 2023 11:12:22 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 25 Jun 2023 14:00:35 GMT

GET
H3 200 03032023-031527201-1456_180_720x610_stoerer-gbplusdd45da6a-b9ac-4a7c-9506-d902c6e1e866.png
s0.2mdn.net/4528404/ Frame 1EB5 31 KB
31 KB 17ms
17ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03032023-031527201-1456_180_720x610_stoerer-gbplusdd45da6a-b9ac-4a7c-9506-d902c6e1e866.png

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=Y5W2J8r0Ai&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 14:46:54 GMT
x-content-type-options: nosniff
age: 8287
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32039
x-xss-protection: 0
last-modified: Fri, 03 Mar 2023 11:15:27 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 25 Jun 2023 14:46:54 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 11C9 0
0 63ms
44ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvA9yslGdpbhH4or8i9lqA_ewWfmQizTxEH-k11wulJpC2rVtgDcfMGCqMBpQH4Q1_nRYyijc9TXvK1VHJKsFU6O42zzkRMn2jOPXMelXVXCZ0X69M3V5QgBYob46FZFSfRvmko1HSYtLyLbgmWMJetchddiyLnk4wfGV5SrFOTHlhTTDedg4gtLDhfYw__hOPa7UPU2GMRMelelQWnk6oIZikEEu6gtaD5TsGaUQzIh-97uyUMVael9YQq8tKVwhKINZzWTLIW70mQBCGclVFdkL6-FTAB1kOANqq_AfLGkBLfjYUbPaQJY4vyZON1V9uLy87Mm0ct5FP9Sy2f5GF6gb3sqz8j_AI_umBCJtcvXJhehehH-kuizCOi&sai=AMfl-YTwGSX5yvAgeXTwb_yCerZFTjTBE6X15c0MqXQ7EGH4YeLv1k9LHNriKf0RaP2bx3fowL-Z1_6DQC664-Yh3HJCZctns5r_sPRPeJM34Xk&sig=Cg0ArKJSzK6sOK1wpdPhEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 24 Jun 2023 17:05:01 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B1E7 0
20 B 71ms
70ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BuKuCOyKXZKm9EuGRjuwPpM2U8AIAAAAAOAHgBAI&bg=!-Pul-6_NAAYQ3eRoMN07ADkAdvg8WupNKsIKkGeQ2k_Sg1IxoVVyDaIc78HuESGynfyO1bMdSmU1-vjSjCcVozE3g73hCcWBkW8CAAACblIAAAADaAEHmQMcHKbI8kyWMDGeoAs2ryEpts1R42PgTZmHP70lwshXfket1jvpd1f8yJetrJaE-Obck62h0qjTWSXmTIg6VMX4tExuSPTnzOlmV5zDqXddd7HAm1xdwwPZRHApnyyr6qQ5AFYA-KWc1eqhP081fEBRGWNzLbt2h9Xumz3698gR8F6C4mgaODRLCY3ZbCYYdDZMyiLtCDN3fW1efeBrs5FwwuMEWC2Cq4LrWgQ2x6CXhPrshu3J6cYV8I0R7uWSnJsuujoVd-j7o9Q4OpchRb0Ijz1m9brhiuc0XvGeodssqYJqpASojQdaVQr8huOix-xcKGBXu4-XNh7XdllPyz5aWXj61zF3HjT9NA0a9eRs5bEglgTwA2oNdkqWl-HBdoRohHkZohGnX8g1hxlXPC4Qd1xoYnnhE8lAIyBK9YQCxFOcXi375M6jzh_c9uLYryVULlARG8ULINVCwGNstJr8RqAH8JpDmzCZw1rGG8yMC78XHMp9jFnRa0rNOs_JytpqgJqZFGV-zcm6k7pDT_C56qjdeDM-WPapraef1aaUrc5JTqnvUm2To6NEvXTAKFAw3WtK5DFAwWlIUGCVdNyV7pCMoWXytQhiQjbDphRpqVs2zvBcblDNCphEaTxwzHEMxcOsMM7B9ZcVoOjcl-phRiPUu6sI5-_SsNIXv8ydh0I-7pt85NcbZrJePHH5nEFHP4rEOJfNkphlBza-ikwjKCsOHnzkitJN6LDFouDSClwu6oMip1dfTAbIL0PhcPG24JyYlFwYCuwI6FSwT-JXs52Fw8myLbkuJ3xxdjjFTnmsyCiYO1uNsIj-CE3sI7oZDIcm0txCdq62D2aVk-aaVTV33qgAnmYAhqmzDT8AtBIONMCfYA7JAEa5pSKY8DAXTevfk2nAqE69F-AsMuHLgyXws-7EPRPAUwXYal9regFZFO8JX8PpcZn59Veth8gJRdKSky0NBje0OGUwVswfnD7y_XGzPpCyFwYtxSDfLPXyG3tW2qBSiMJ_2I5C0nYSDCY8BchcLEfETDsFkKXmB1L-AAo5LvEap4RgoA

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6363a944e4b0125bde9e6739
ng.virgul.com/tck/i_vb2/ Frame 2E7E 0
209 B 96ms
95ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/6363a944e4b0125bde9e6739?l=&r=153366@site_geneli@yemek_net:site_geneli&cs=1687626301781&userId=vnet882f387d-b009-4a3a-a2fb-177357578087
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Sat, 24 Jun 2023 17:05:01 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed76f76e4b07a92411bc03a
ng.virgul.com/tck/i_vb2/ Frame 2E7E 0
209 B 95ms
94ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed76f76e4b07a92411bc03a?l=&r=153377@site_geneli@yemek_net:site_geneli&cs=1687626301781&userId=vnet882f387d-b009-4a3a-a2fb-177357578087
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Sat, 24 Jun 2023 17:05:01 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771bae4b07a92411bc04c
ng.virgul.com/tck/i_vb2/ Frame 2E7E 0
209 B 96ms
96ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771bae4b07a92411bc04c?l=&r=153382@site_geneli@yemek_net:site_geneli&cs=1687626301782&userId=vnet882f387d-b009-4a3a-a2fb-177357578087
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Sat, 24 Jun 2023 17:05:01 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771e3e4b07a92411bc04e
ng.virgul.com/tck/i_vb2/ Frame 2E7E 0
209 B 96ms
95ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771e3e4b07a92411bc04e?l=&r=153383@site_geneli@yemek_net:site_geneli&cs=1687626301782&userId=vnet882f387d-b009-4a3a-a2fb-177357578087
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Sat, 24 Jun 2023 17:05:01 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 03032023-031222266-1456_180_v_1450x2355_2207-anf-m-icons_2b830ab0d-2b2e-4fea-8533-c74d629dc44c.png
s0.2mdn.net/4528404/ Frame 1EB5 27 KB
27 KB 15ms
15ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03032023-031222266-1456_180_v_1450x2355_2207-anf-m-icons_2b830ab0d-2b2e-4fea-8533-c74d629dc44c.png

Requested by

Host: b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
URL: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=Y5W2J8r0Ai&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 14:00:35 GMT
x-content-type-options: nosniff
age: 11066
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27795
x-xss-protection: 0
last-modified: Fri, 03 Mar 2023 11:12:22 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 25 Jun 2023 14:00:35 GMT

GET
DATA 200
OK truncated
/ Frame 11C9 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK request.php
hal900022.redintelligence.net/ Frame 7F1E 3 KB
2 KB 152ms
102ms Script
application/x-javascript 144.76.104.53

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900022.redintelligence.net/request.php?zone=ajk4xlebn4mw&nw=20&renderingType=javascript&namespace=7c87209d16&subid=&uid=fe155c30c56cc90c&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DOh89QPJHP4PDV38WBkiVhQ%26exch_seat%3D20035004448%26mt_aid%3D4132588374241990405%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3De6fb6497-223c-4f01-8709-105359ac44e9%26mt_cid%3De6fb6497-223c-4f01-8709-105359ac44e9%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCV0nHOyKXZNTZJOihtOUP4s0Fz4eOm1zAhtmCxgLAjbcBEAEgAGCVgrSCwAeCARdjYS1wdWItNjU5MzUyMzIxMDAxMDE1NMgBCagDAcgDAqoEsQFP0BNiyRJeK76M1_uZmXeyOtyK8w-2iJB8CMpxFzw6kAdRMX7WeUtMslnwjv-7pildaPOtfLVF8Kp60VwfU4KocuQO4ENaRiRYJvVALxZFj7EW_HrSOJ9RpDzZBqBiAn0omNldz8mDPXFZcui8oLZO9P9yvlmX6KVYr4SSY-9u2Sanyk0bAKZUWvZVHw789f9I2LE0aks9-DTHwBx8Y4VQLr_zFzzUgU9zXHUfe0LeIqGABr7U1vzZmuidqAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1hLOMeAxXRNE5lmoMz-nZW2S-KHA%2526client%253Dca-pub-6593523210010154%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-6593523210010154%26output%3Dhtml%26h%3D90%26slotname%3D9586219513%26adk%3D1165138949%26adf%3D4198791085%26pi%3Dt.ma~as.9586219513%26w%3D728%26format%3D728x90%26url%3Dhttps%253A%252F%252Fye-mek.net%252F%26ea%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..%26dt%3D1687626299173%26bpp%3D1%26bdt%3D182%26idt%3D325%26shv%3Dr20230620%26mjsv%3Dm202306160901%26ptt%3D9%26saldr%3Daa%26prev_fmts%3D0x0%26nras%3D1%26correlator%3D3947787696511%26frm%3D8%26ife%3D1%26pv%3D1%26ga_vid%3D105568830.1687626299%26ga_sid%3D1687626299%26ga_hid%3D1652697002%26ga_fc%3D0%26nhd%3D2%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D-12245933%26ady%3D-12245933%26biw%3D-12245933%26bih%3D-12245933%26isw%3D728%26ish%3D90%26ifk%3D2836371973%26scr_x%3D-12245933%26scr_y%3D-12245933%26eid%3D44759875%252C44759837%252C44759926%252C31075412%252C44788441%252C44794789%26oid%3D2%26pvsid%3D4500014196868433%26tmod%3D1285845116%26uas%3D0%26nvt%3D1%26top%3Dhttps%253A%252F%252Fpcloak.blob.core.windows.net%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C728%252C90%26vis%3D1%26rsz%3D%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D0%26bc%3D31%26ifi%3D2%26uci%3D2.u4j84p8ybqvn%26fsb%3D1%26dtd%3D332&ancestorOrigins=null&random=3083376347987&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/ajk4xlebn4mw?subid=&gdpr=1&gdpr_consent=li&rnd=4132588374241990405&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DOh89QPJHP4PDV38WBkiVhQ%26exch_seat%3D20035004448%26mt_aid%3D4132588374241990405%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3De6fb6497-223c-4f01-8709-105359ac44e9%26mt_cid%3De6fb6497-223c-4f01-8709-105359ac44e9%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCV0nHOyKXZNTZJOihtOUP4s0Fz4eOm1zAhtmCxgLAjbcBEAEgAGCVgrSCwAeCARdjYS1wdWItNjU5MzUyMzIxMDAxMDE1NMgBCagDAcgDAqoEsQFP0BNiyRJeK76M1_uZmXeyOtyK8w-2iJB8CMpxFzw6kAdRMX7WeUtMslnwjv-7pildaPOtfLVF8Kp60VwfU4KocuQO4ENaRiRYJvVALxZFj7EW_HrSOJ9RpDzZBqBiAn0omNldz8mDPXFZcui8oLZO9P9yvlmX6KVYr4SSY-9u2Sanyk0bAKZUWvZVHw789f9I2LE0aks9-DTHwBx8Y4VQLr_zFzzUgU9zXHUfe0LeIqGABr7U1vzZmuidqAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1hLOMeAxXRNE5lmoMz-nZW2S-KHA%2526client%253Dca-pub-6593523210010154%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.104.53 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 24 Jun 2023 17:05:01 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 32529800079007700951389012365022
Connection: close
Content-Length: 1115
Expires: Sat, 24 Jun 2023 18:05:01 +0200

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame AE79 0
0 49ms
47ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstPlYyNYRI65oJFMKM3E2su6RQR332_tDxYfEgMiyZu651kcbBIAxNAYRUlCeX9S76VfIEp4r_5D7OLrk0LbL0iOdBHXg9CI0hFF1qfCGj0GvJRUmTRkGN9n63kcBImn1VdYyE7DSljT9w2zcJGboFjTkaMQLLFMglGhcj4tTp5vW5L7U_oicVy6e9tme_GIGILYO0JbN6Ytr-6pc-dfK_UxEUfNVEPw6AuvixhKE9GoYlWHHFjaj6L3P5qpZWyTb57dJaMcxFXCQw8qCDGRyW55sDfYUx0PCLJ56mbFtAeBIJVdTK9oKlGyHU8ExCNDlI4b3vhlHIH5qho6BJPPiYfVKNA-w8D125sExDgU-RkKQRp3jUpKZERN5tIc8TtETMBf9aFNbQuqqfkTrFjbPieZ1bjKpDCe_LnrKXdDp80H9Hj28cM5wKON88ZneQaDBUFw9LPOnahjo3wcmLwxXyuwuYJfiA3Bw5tfExTVFF7chC_dg8OBqwqlDKiBkgW7LdgW-_oFheLEfepP0_KnsRwm8AtMgmG8ITdyX8LvYivxdEIZE_Vk7jgy_z4LxSwXH02zDmD6luq_Ba3LuK-ZuZWEiaTjnXqkjdu7jZtL8JG4yciBIMIkfOebpWrwjPW2bSIbxmkQUEFFy42PshdCxx5NMXqvwCWDm3-SsTOLG3gqcplMJDyPpFJ9xrrw5KcWWosuPmIYiDt6t0foJGeWePmFo8yw8zSOB97objCM9uGEaQHymSUO8OELTZ07TwwId9J_E2CgJzmREpMcl8oKCZVQu3jaeTM-BxJcZz0XW1mN7xM_3jRYq662u8WRjnXT8CfxeMWclK7_nf4A0Cb2afU_PusJzDcf8NqdhTaJNqcdfCM8ALun7ROqvYM0kWO9su_xrfpdiyS-igDJz6ZoBE96w2_TMcCDdlAL5Bd8YqD1PXQXoDEBU_icmAnWE0UtFUqUBEVuvMhwQA3zOHh3wh3cajTmfFFH_zhuYHTXU4ABaDYQcSuKnhdRSXNGE8u1YK3T16IlvZBYonC8sqvj96ffZpIZ2zdwp-L-0JMZHxX-yOS9OMxiqpRxMTjnfFTpq8dTAcFkgBzxtiirJcjmRNGzLrN01T-fl-XdjYuGIOl6uHIQ7LPpfq2M-zluSw4aY7EqcrBi6U_keecLmFGB43CdQFu_vaGLld4SSt-AtChZh_-7wscYrG6w4hwuHL9DUYP2CQJXentcj7wTamsu-ivTvOiRJeFQQMriRklz3IuH24KuSC5_S9hQSFkgMv2MZQjy5Ec47GQOLpVf1yw_A2N2YAbPlwMgTHLRfij5SQleUhF0K3dnCisWl4iqwY9SrWwesuJ-Ur3&sai=AMfl-YT66qIrqxH4IXeO95rhpEpHOKD1R-NYQH9zYsczoGLukZtiMGXam3aNbcexcZQegR1FBWEEFmPqZ6xKWORQZuxLkE0IZNTnb8ZdlkMsncn6Iu6sITE8pqUEgUT3VDBf_b2X1bWMdlDzO1umBmWAg_oyfj6OXAqy3qwDw86q52dc4Zupmf6aiuqIqTIdtRfWWGZFKTYn8sm2c0VecfQuySXlkChPEdt9IIbnezSK5aFQ3PuZZANp3ocVRjhxNC3yH8hJpFQPqvT3r1aNXdLPw5HkM1mKgYIqGSqNiy_GJVYyAk8dhUTkJzoamGwzCqiiKeMZuDR7tCyuD4eL-L13ilDNv-7tpPkBqpIiufYpJOuiMBtiMDgqDT_hcDwd&sig=Cg0ArKJSzFF2Rrq146etEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2539&vt=11&dtpt=2249&dett=4&cstd=281&cisv=r20230620.92127&vwbs=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:05:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 24 Jun 2023 17:05:01 GMT

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 4EFC 47 KB
47 KB 10ms
9ms Font
font/woff2 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=xKKNQixwyM&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 16:50:48 GMT
x-content-type-options: nosniff
age: 853
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 24 Jun 2023 17:05:48 GMT

GET
H3 200 OnAir-Light.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 4EFC 46 KB
46 KB 11ms
11ms Font
font/woff2 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Light.woff2

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=xKKNQixwyM&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:00:46 GMT
x-content-type-options: nosniff
age: 255
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46936
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 24 Jun 2023 17:15:46 GMT

GET
H3 200 60005582_20230403054618305_APP_iPhone_14_Airpods_Pro.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 4EFC 160 KB
160 KB 13ms
8ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230403054618305_APP_iPhone_14_Airpods_Pro.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=xKKNQixwyM&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 08:41:09 GMT
x-content-type-options: nosniff
age: 30232
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 163495
x-xss-protection: 0
last-modified: Mon, 03 Apr 2023 12:46:18 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 25 Jun 2023 08:41:09 GMT

GET
H3 200 60005582_20220825085202338_728x090_BG.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 4EFC 30 KB
30 KB 20ms
14ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20220825085202338_728x090_BG.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=xKKNQixwyM&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 19:13:01 GMT
x-content-type-options: nosniff
age: 78720
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30980
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 15:52:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 24 Jun 2023 19:13:01 GMT

GET
H3 200 60005582_20230428072231499_728x090_LOOK-INTRO.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 4EFC 42 KB
42 KB 16ms
15ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230428072231499_728x090_LOOK-INTRO.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=xKKNQixwyM&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 09:15:50 GMT
x-content-type-options: nosniff
age: 28151
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42501
x-xss-protection: 0
last-modified: Fri, 28 Apr 2023 14:22:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 25 Jun 2023 09:15:50 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame 4EFC 43 B
608 B 90ms
29ms Image
image/gif 141.101.90.96

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=29072291_4307561_354470172_170181287_PO2503A20230405&ref=29072291_4307561_354470172_170181287_PO2503A20230405
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 141.101.90.96 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 24 Jun 2023 17:05:02 GMT
via: 1.1 varnish-live-2-0
CF-Cache-Status: HIT
age: 6290736
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 43
last-modified: Wed, 22 Mar 2023 08:05:14 GMT
Server: cloudflare
etag: "2b-5f7789eafa280"
Vary: Accept-Encoding
Content-Type: image/gif
x-varnish: 20915251
cache-control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 7dc68da39d6939f1-FRA
Expires: Sun, 23 Jun 2024 17:05:02 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8CA4 0
20 B 45ms
45ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=By-3SOyKXZOGAEJmUjuwPqO6H2AkAAAAAOAHgBAI&bg=!9Pel96PNAAYQ3eRoMN07ADkAdvg8Wqu-lzWzNS1Q-aiiTEH52R34HCJp1axau4oda_H3KRMGGiXAcQ3btx0pbmJVTvdPESKclz8CAAAFC1IAAAAEaAEHCgBcCY7gg3wiJyLhaZG2zMZZUSYwGAwFdUKBDi_ED303HU1xSbFl12z8VDySBuPMMqvTHeN3PyPHnIBaC9eVKjzMrNFyKB-Nn08o0OYmbESuhHGFETtA6pZ9j_JO1XWZAwLvdbfFEkC9LIOSyDBaHdCFcs5f9ceqI1GLmDD3Yd4N_hWqDrfT-_FQXMK3-6i4r2CPjyPmwKZmGANWa--AI3PQoIhuL2mKlspZg_uKhDHUE9WT5lHH7OK_MqL2dqVFm6JkoWsVmI2JTZZfmdQe5Rys3MkyPfhrTv6cHqEJxjuU1utM8RckszyKwcNZ-dKj70K_psKWBEo2-3KfkRd0SVC9orzI7nL7opfUzAcswTnPq0PwV5_Y3HetSn72KCj_lYgM8er74evkeCqGK6xNK9U7GS-CT2LCfKk_UUtZudp8W8AfUhAVfNUkK6tJEEOqzAo8KkymV9ym3fbGiq4iG5o_z-HUgCDe83BajTjHomc3JZOpwA_jT3KAxM-Nrc_xY1zdHYB0DGnYvKQo6yWgRdo7ErOK-EzloCs9H37jXmtOoshlkGwHk2z1M6ZgShN00xaHaQfgVh8gf-McuBkdDN-4yKOhROAHBqFWapC_u9CmQ_REjnaL7RNXHw08Ez2ZrLuZhbvNa2mi2lGVc0p7Xj9q8osbK1cqGHPmu2ivWt5wzz9Hmgj6UhO44cOY4-pW8XDLhdR7-2aU-LWrkC80F_jO_s72Cj2d40wSxb2LuczZCj7AHQ7itKj_ZYv2Ow9lmSz77fzjareqeb1sDZU0rk5Orq_QV-mFBr53RMeL1xdDmiWyzE_doxNmpbZpvYb2m_vUYdXcUqlni1-Bba5gFU94FSsbA_5QpL8afdZ4wtDj1EpbUpwYZYa_bfCHwaf9YrwqtAFSpRMACqIdUZ53sNXr8OudUNFMD9AsuPUEHPYDQw9FOIOxBSjjnqwLE6D5Xbfnz5WuEad8rnhqmF0xcBcLvy_1GCa7ZEzq9D3-s0wMFneFxZpJXf10bwVpH1IDTivyPSpVkRHM0gUc1C1HpRWUvRaazZwRShZECnv4EsyNvERzRAozFqvJC5GUWiO2U8kAB3n3VJYyxZE4rCY5CFLUVJ93lxYy2eIX2W6onuvp8EB4rt3hJJD649BzjbQNSVtVBQ

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BF21 0
20 B 47ms
46ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BOC4kOyKXZLvHEoOOjuwP2NSW4AYAAAAAOAHgBAI&bg=!wMOlw5fNAAYQ3eRoMN07ADkAdvg8WmxUOxlmsCrkqjk3IOrHCC7BXZ4aGxtwoUdZQINiTqDOj5da3ZirCsbNnCQw6DmJfvb79I4CAAAEQVIAAAADaAEHCgArk27KbkWTUQ48I-jcCo11at1NBI3VlnUvJxk7ywh8NR7Lk3FLWQClZd0AO5kDHrnoziv90j1gC3EQ62WW1LWLnExASDTQSa0PpltquGFCUqDc0bQDyYPyr3Y7UzQCi2Q9x0f1TIl1GrrxRqThuxqh-E4v-XdmzhUe8X5du8DzvSztbc16vdHta_pBvoCPEogTYmJa1En47JsbiiAG8izCt_3kQ_9klEPOjF2U_2j6u8t5-GpaFbbG2yJmdu4XB9esdnPZgRHabUPKWtAmmgcAlSvyEr1CjjOWCPaX6Obr6onGb-P8EZ3MutPuHscoe1C8ypT4Cdhor8vTAmDqfSyNsIzIFLKXZ9G6ihtqt_9RZHCMLupT1T4wawySMxGIqFzeQYzn609wW_S0LRardDqAjf6-m77zFJgfCPrmb0cZAHviaL2u5D7e_cLze9KYDzFV-RkbLMKst1lKoe-MWopOQVLKLU9tyQJXxxlje6y8hf6vCjWcSXi6A0iu6lQyatyUjegzOCg8KzBfHsuXprsFRrFhcOzE7T9izPz8H4gNQUGWk9TrEo7SYcsIncd3D8x3LgtxQWjSiV6gDK7JM2tXc1QZiqm7n61rYiayYZClBWCHF22wIOcgUZ2wE8cOJpciEP7fPrTFnzAettY2fjGKcQI2v2yoEDSNQgGahhwal1l6wKAAuhUoi25pvKHeCYzZLVRP-6hnZTCYytIa3MmbVJNU21U6WSIUjp2BIt8144E_im3iINCvORO4v7SO82AkL5Uo6aj0i_3hR_Ga6BCM9yUs-wLNUWhhR0IsnnaLAJkTBnZkET46bTX1TqYBNAC0Yph6_HNQ7l8JDpYwOkTFAUq8uxEz_leRPpFjpQrWzGotUijkmC9MdFCwZm3tyiQA5TM-U85LrJFqgKvO_DZmukacs4BpS5EcLR3e5U2hZdCImwG7RA6ywtBGppxbGEohFNMWl7HiNdfeSGoffIyw_m8-yxnjLXDa-JabG_nI6b3T4VkkY0PT3GtmZRAiZ-utDDfJ_6f4TjsmrmGrKvUDJ3jOK4S8R6H6QLbESCLXdgHI4zsfNtmMAVkNYXrRpjjtl5zJQIs7afFNvr8ZBj_hkOiDXwP61AgsE03O0A

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5ed7706de4b07a92411bc042
ng2.virgul.com/tck/imp/ Frame 2E7E 0
209 B 44ms
44ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7706de4b07a92411bc042?g=1&t=gb&r=153379@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687626298218&userId=vnet882f387d-b009-4a3a-a2fb-177357578087
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Sat, 24 Jun 2023 17:05:02 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 bubblespritesheettiny.png
s0.2mdn.net/creatives/assets/4085730/ Frame 4EFC 26 KB
26 KB 10ms
10ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4085730/bubblespritesheettiny.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10596822557170597888/728x090.html?e=69&leftOffset=0&topOffset=0&c=xKKNQixwyM&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 16:52:55 GMT
x-content-type-options: nosniff
age: 727
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27068
x-xss-protection: 0
last-modified: Fri, 12 Mar 2021 15:44:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 24 Jun 2023 17:07:55 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 42DB 0
20 B 46ms
45ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BBJluOyKXZPbNEvOYjuwP1peY6AMAAAAAOAHgBAI&bg=!z8ylzJjNAAYQ3eRoMN07ADkAdvg8WrQFWH3Y78hPOhIB7PhUnIA4Q80o0OgkgIQcF3_1_PP29DGTq4y0LkL3GlSbgKGlIdysXyUCAAAEkFIAAABtaAEHCgASgLZVZcswOOo2MAKeOXdaPXm4mQML9ySu-ZObTnv_1Ooaj-OtFPzyQbfGM9eCevEvuerR7NvljKOm81DKcQUjFkwBEcT_0eUPj1PdSAhRhu1o2CCAHmc3TrPIztFC1Gm87XPqATG_hoCCIF0ntbUk5DbjB3b8WBl8LBtLHygkZLZdRSrT_vD9AEgMO2bb7XEDPxY6nofhIkCaBS-9OtIABHNyExQffsCGrRqspzUh156Ek7rbX2qDJVlpiXC9S39DcFUHVYOw4dFxadohuuZ83q6OTqrT7KlkMJz0X0aa0vepJ3cVe4-ctoCtiT38wtGxugP4VWhKbc4uJJw-S_m_7g2Kz_LqUMq8R6dEvCN_KnzHmWg3IqFmvdTzPqdwFHb2ZhX0hl2vjvZ0ME1QNrXSUC0OB0VofB2FxUxX9bpgqHA7pGlX3E_bX2Km1DGKiIXs4-ERqstN4rGHvnZ12ljGSO9G4uvbAU_oGhBZDuAlQiGceASsu7tcvUlinJ9Uz1BFHcIx9hT03ANPJIOn7PT-dZrx2v5NsEr2di_TOOLsSQhGLtsAr3FX80k1Wu1eaVGIi7gbJ7qskzFhZcwRnyRON8V-xNBgHG1J9BOaUOq3VNQpq-opMOTfWUYOzVeMvZ4nWL8dDWHsHgK2u9htnN3V8T5mr2DzPGxO4EjEElO6aTJ2zXY0nahy7Pqr_oy7znic1FfoCtNHDGNRf4KxK4U_WEhjLiCI06ZDhOUWiUQFbFnkG1ZpUh7IL3bNFXYMytV_UJBy11KJoy9Y9kCLOBgKSYvnkzgi9s_nb38lYQ_OEy7DvuWADxWxZu9SJsnClhpBBLi4_Ab8wB7J-Gm3eKOnaAbS52ylMmkbvZPxiGzjsu7wcnxoGv-qIIVDuwk8D7yGL7LIEUPibNA1XdsR7qiMRQR22j40baHKDgBMMtComcNxp1L9zD3GDpoAnjCrahjZQr6JAgl76ohqb3LE_ERZLkjfE9FoXzE-Z-9Xfx5n_hdGXiXECOyUstdofslJV6ffpR_tJQKZVszoQuo6FmXZPY_0g6QAflOaG2yDUhTbp0Y

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 24 Jun 2023 17:05:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET gen_204
pagead2.googlesyndication.com/pagead/ Frame A7CE 0
0

GET e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/epv/ Frame 10BB 0
0

GET
H2 200 /
adv.office-partner.de/ Frame E431 0
0 63ms
11ms Document
text/html 2a0b:4d07:102::1

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900022.redintelligence.net
URL: https://hal900022.redintelligence.net/request.php?zone=ajk4xlebn4mw&nw=20&renderingType=javascript&namespace=7c87209d16&subid=&uid=fe155c30c56cc90c&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DOh89QPJHP4PDV38WBkiVhQ%26exch_seat%3D20035004448%26mt_aid%3D4132588374241990405%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3De6fb6497-223c-4f01-8709-105359ac44e9%26mt_cid%3De6fb6497-223c-4f01-8709-105359ac44e9%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCV0nHOyKXZNTZJOihtOUP4s0Fz4eOm1zAhtmCxgLAjbcBEAEgAGCVgrSCwAeCARdjYS1wdWItNjU5MzUyMzIxMDAxMDE1NMgBCagDAcgDAqoEsQFP0BNiyRJeK76M1_uZmXeyOtyK8w-2iJB8CMpxFzw6kAdRMX7WeUtMslnwjv-7pildaPOtfLVF8Kp60VwfU4KocuQO4ENaRiRYJvVALxZFj7EW_HrSOJ9RpDzZBqBiAn0omNldz8mDPXFZcui8oLZO9P9yvlmX6KVYr4SSY-9u2Sanyk0bAKZUWvZVHw789f9I2LE0aks9-DTHwBx8Y4VQLr_zFzzUgU9zXHUfe0LeIqGABr7U1vzZmuidqAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1hLOMeAxXRNE5lmoMz-nZW2S-KHA%2526client%253Dca-pub-6593523210010154%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-6593523210010154%26output%3Dhtml%26h%3D90%26slotname%3D9586219513%26adk%3D1165138949%26adf%3D4198791085%26pi%3Dt.ma~as.9586219513%26w%3D728%26format%3D728x90%26url%3Dhttps%253A%252F%252Fye-mek.net%252F%26ea%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..%26dt%3D1687626299173%26bpp%3D1%26bdt%3D182%26idt%3D325%26shv%3Dr20230620%26mjsv%3Dm202306160901%26ptt%3D9%26saldr%3Daa%26prev_fmts%3D0x0%26nras%3D1%26correlator%3D3947787696511%26frm%3D8%26ife%3D1%26pv%3D1%26ga_vid%3D105568830.1687626299%26ga_sid%3D1687626299%26ga_hid%3D1652697002%26ga_fc%3D0%26nhd%3D2%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D-12245933%26ady%3D-12245933%26biw%3D-12245933%26bih%3D-12245933%26isw%3D728%26ish%3D90%26ifk%3D2836371973%26scr_x%3D-12245933%26scr_y%3D-12245933%26eid%3D44759875%252C44759837%252C44759926%252C31075412%252C44788441%252C44794789%26oid%3D2%26pvsid%3D4500014196868433%26tmod%3D1285845116%26uas%3D0%26nvt%3D1%26top%3Dhttps%253A%252F%252Fpcloak.blob.core.windows.net%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C728%252C90%26vis%3D1%26rsz%3D%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D0%26bc%3D31%26ifi%3D2%26uci%3D2.u4j84p8ybqvn%26fsb%3D1%26dtd%3D332&ancestorOrigins=null&random=3083376347987&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 -, , ASN (),
Reverse DNS
Software: keycdn-engine /
Resource Hash

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Sat, 24 Jun 2023 17:05:02 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Sat, 01 Jul 2023 17:05:02 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET link.html
track.webgains.com/ Frame 7F1E 0
0

GET
H/1.1 200
OK request_content.php
hal900022.redintelligence.net/ Frame FFAA 0
0 36ms
12ms Document
text/html 144.76.104.53

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900022.redintelligence.net/request_content.php?s=32529800079007700951389012365022&a=85ef9c5d
Requested by: Host: hal900022.redintelligence.net
URL: https://hal900022.redintelligence.net/request.php?zone=ajk4xlebn4mw&nw=20&renderingType=javascript&namespace=7c87209d16&subid=&uid=fe155c30c56cc90c&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DOh89QPJHP4PDV38WBkiVhQ%26exch_seat%3D20035004448%26mt_aid%3D4132588374241990405%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3De6fb6497-223c-4f01-8709-105359ac44e9%26mt_cid%3De6fb6497-223c-4f01-8709-105359ac44e9%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCV0nHOyKXZNTZJOihtOUP4s0Fz4eOm1zAhtmCxgLAjbcBEAEgAGCVgrSCwAeCARdjYS1wdWItNjU5MzUyMzIxMDAxMDE1NMgBCagDAcgDAqoEsQFP0BNiyRJeK76M1_uZmXeyOtyK8w-2iJB8CMpxFzw6kAdRMX7WeUtMslnwjv-7pildaPOtfLVF8Kp60VwfU4KocuQO4ENaRiRYJvVALxZFj7EW_HrSOJ9RpDzZBqBiAn0omNldz8mDPXFZcui8oLZO9P9yvlmX6KVYr4SSY-9u2Sanyk0bAKZUWvZVHw789f9I2LE0aks9-DTHwBx8Y4VQLr_zFzzUgU9zXHUfe0LeIqGABr7U1vzZmuidqAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1hLOMeAxXRNE5lmoMz-nZW2S-KHA%2526client%253Dca-pub-6593523210010154%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-6593523210010154%26output%3Dhtml%26h%3D90%26slotname%3D9586219513%26adk%3D1165138949%26adf%3D4198791085%26pi%3Dt.ma~as.9586219513%26w%3D728%26format%3D728x90%26url%3Dhttps%253A%252F%252Fye-mek.net%252F%26ea%3D0%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..%26dt%3D1687626299173%26bpp%3D1%26bdt%3D182%26idt%3D325%26shv%3Dr20230620%26mjsv%3Dm202306160901%26ptt%3D9%26saldr%3Daa%26prev_fmts%3D0x0%26nras%3D1%26correlator%3D3947787696511%26frm%3D8%26ife%3D1%26pv%3D1%26ga_vid%3D105568830.1687626299%26ga_sid%3D1687626299%26ga_hid%3D1652697002%26ga_fc%3D0%26nhd%3D2%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D-12245933%26ady%3D-12245933%26biw%3D-12245933%26bih%3D-12245933%26isw%3D728%26ish%3D90%26ifk%3D2836371973%26scr_x%3D-12245933%26scr_y%3D-12245933%26eid%3D44759875%252C44759837%252C44759926%252C31075412%252C44788441%252C44794789%26oid%3D2%26pvsid%3D4500014196868433%26tmod%3D1285845116%26uas%3D0%26nvt%3D1%26top%3Dhttps%253A%252F%252Fpcloak.blob.core.windows.net%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C728%252C90%26vis%3D1%26rsz%3D%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D0%26bc%3D31%26ifi%3D2%26uci%3D2.u4j84p8ybqvn%26fsb%3D1%26dtd%3D332&ancestorOrigins=null&random=3083376347987&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.104.53 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2064
Content-Type: text/html; charset=utf-8
Date: Sat, 24 Jun 2023 17:05:02 GMT
Expires: Sat, 24 Jun 2023 18:05:02 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET e99aace94e6e5873881d3400993e1e7e
medialead.de/trck/eview/ Frame 7F1E 0
0

GET cshow.php
www.awin1.com/ Frame 7F1E 0
0

GET
H3 200 cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame A696 0
0 8ms
7ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 13552
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 24 Jun 2023 13:19:10 GMT
etag: 48472445140208031
expires: Sun, 25 Jun 2023 13:19:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 7F1E 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Domain: tps.doubleverify.com
URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=439&ttfrms=40&brid=3&brver=114.0.5735.133&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauJ6%5C%3E6%3C%5D%3F6ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauA4%3D%402%3C%5D3%3D%403%5D4%40C6%5DH%3A%3F5%40HD%5D%3F6ETar9EEADTbpTauTauJ6%5C%3E6%3C%5D%3F6ETar9EEADTbpTauTau3gc24e_6he5fbgh4h2f46f6d5a34agg6%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&srcurlD=1&aUrlD=0&ssl=https:&dfs=468&ddur=73&uid=1687626300198881&jsCallback=dvCallback_1687626300198284&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F114.0.5735.133%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=250&winw=300&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=3986&tgjsver=3986&lvvn=28&m1=13&refD=2&referrer=https%3A%2F%2Fb84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&fcifrms=1&brh=2&sdf=2&dvp_epl=278&noc=4&nav_pltfrm=Win32&ctx=20309721&cmp=29968277&sid=3288807&plc=367565044&crt=191643418&btreg=558488208&btadsrv=doubleclick&adsrv=1&advid=4309118&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=1392271.750074879&dvp_tukv=4338812459.158889&dvp_strhd=0.40000152587890625&dvpx_strhd=0.40000152587890625&dvp_tuid=22773635350&jurtd=3366293143

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/fonts/FordAntennaCondMedium.subline.woff

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/fonts/FordAntennaBlack.headline.woff

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/fonts/FordAntennaRegular.legal.woff

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BbMBJOyKXZKnzEa-QjuwPhv6W2AoAAAAAOAHgBAI&bg=!CQqlCl7NAAYQ3eRoMN07ADkAdvg8Wv8qiI5CEzSubaZHy43LIjiSjbkbApO6kgRAouiNGUD8b_10sw-5JUg1zLMJUyXTQdMTMd8CAAAEi1IAAAAKaAEHmQMGUWf6UZPVbEkj_bkn6p1nRpBkVNCK_DhtG8XC3Sg_ziiJBar0RPhdZLrL-Yg7UHBe7V6MMfeco8-esI32AxW8-h3QC5otWv46P-3DPPDkGHonYCXphAhAiZDrKAg5eRMV6Q9Eiwv5tA-uNmiMisc6x4FfevgbRiaKmSTpBE_7LqN_PC9NPtfiejrIqD07xi__lC2hW5Ktn8RatfwaoPgMBHZOb4XILRZ7Dvx5ign2P2DqnTw0F9Szt9wee0ypmd7EegZNPp_MheWdxOahsiXSOsPoZ1eol_drlwbXF17lCFE8okIAnSdQr2yTQnEkzKo2-Nl1yF3nbL3Z135dvrbCmAjNA6hM0URwS8NPJ7gdEh9WQcuHESkSNWyw7-xIAZLTBB3_YMXDM3lfDf20nEP5Ok8DmEYR_c5Q6BjqTKmeY5CFjmcp8EoFvtuAeXdNbSvE6ZxClj9PQdXL7D_CS8jZW4IhMCdpnmvknPD_SOApCiPg5Sm4VKvoXbcy10ehAIg6g1ft8p5KlBZoIFQTGlTPNLEeoRGBzb3Uj5RfFF16Tg4oU6DguTjb22gwcoeuClfcRRdmb0XHzw6JIfxj8STsTvFz0ook4pDsPng6BYaVQUFhbQlM5U8rHe5_cpCVVZHnVn6jg9gjmoeTm7F6NQkOdyz08hZWZroin9e1fYdmgLTbW2UiKeG1s-svdtn_JE7Zpt15ri4XMvgZL9POoRrGzAXUDNBMiRp87S6KhTWEsDAQex4Rdu-nqcaBEykBqwOpMr_wSeX_CmwHA1pE_wFkC7IaCUKLyH7GHwEDZr3y4YcOsDRNQZhPgWmRQ1G9Nzo0qCn3HJDNwsFPs1RC-zOyX95zxncx9JwEu7Jjb13ln9HTyfN8zVz48IW5nughQpB-zcD7fHlwC2FPrjTpDMmdkIDZbeCehopbDNlTfP6Pt8P6sVkZR9UZT1h-ROXVLLkHdTQ7xSqw1RgFFz9bLkWDxdtfg_IDL5hAJLAa0QBfJsWxTzJJTeOOwMd9Ota8h_hJEryPMFjK

Domain: pv.medialead.de
URL: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=32529800079007700951389012365022&t=htlp&gdpr=1&consent=1&gdpr_consent=li

Domain: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=32529800079007700951389012365022&nw=1

Domain: medialead.de
URL: https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=32529800079007700951389012365022&t=htlp&gdpr=1&consent=1&gdpr_consent=li

Domain: www.awin1.com
URL: https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=32529800079007700951389012365022&pv=1

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 22:08:42	Name: IDE Value: AHWqTUluXPmvD1ExPMbOktsoDu0zKfoshdtOfPD90tWk5sOL9OzwsX1gt8Cp90TG
.casalemedia.com/	1970-01-20 14:56:42	Name: CMPS Value: 3238
.casalemedia.com/	1970-01-20 14:56:42	Name: CMPRO Value: 3238
.casalemedia.com/	1970-01-20 21:32:42	Name: CMID Value: ZJciO0tQf1.U.AEHcl1p2gAA
.adnxs.com/	1970-01-20 14:56:42	Name: uuid2 Value: 757917526743411831
.adnxs.com/	1970-01-20 14:56:42	Name: anj Value: dTM7k!M41.D>6NRF']wIg2ImTE-9I+!@wnfH8K6pQK`!5=E<L5?%M%eEb9le(7V0dXYfp3P'OLf7`]^C#!Hm7's6SbpRzqF1`b`4/*>oNK
.doubleclick.net/	1970-01-20 12:47:07	Name: test_cookie Value: CheckForPermission
.vtracy.de/	1970-01-20 14:56:42	Name: tr_id Value: vi-7382fc5b-b8fa-469d-8768-0d4f8b561a23
.vtracy.de/	1970-01-20 14:56:42	Name: tr_dt Value: 2023-06-24+19%3A04%3A59

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pcloak.blob.core.windows.net/web/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
javascript	error	URL: https://ye-mek.net/(Line 39) Message: Unsafe attempt to initiate navigation for frame with URL 'https://pcloak.blob.core.windows.net/web/6x69807j0b5.html' from frame with URL 'https://ye-mek.net/'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/feature/5851021045661696.
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687626298340&bpp=3&bdt=629&idt=295&shv=r20230620&mjsv=m202306200101&ptt=9&saldr=aa&nras=1&correlator=1088079189640&frm=24&ife=1&pv=2&ga_vid=960498460.1687626298&ga_sid=1687626299&ga_hid=1486286444&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31071755%2C31075511%2C44788442&oid=2&pvsid=373190335099830&tmod=13974008&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.b5r03pbileis&fsb=1&dtd=307 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aax.amazon-adsystem.com
ads.eu.criteo.com
adservice.google.com
adv.office-partner.de
ajax.googleapis.com
b84ac60e96d7389c9a7ce7e5d2bc288e.safeframe.googlesyndication.com
c.amazon-adsystem.com
c1.imgiz.com
cat.nl3.eu.criteo.com
cdn.doubleverify.com
cdn.ye-mek.net
cm.g.doubleclick.net
connect.facebook.net
csi.gstatic.com
csm.eu.criteo.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
feed.pghub.io
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900022.redintelligence.net
ib.adnxs.com
images.dmca.com
imasdk.googleapis.com
medialead.de
ng.virgul.com
ng2.virgul.com
pagead2.googlesyndication.com
pcloak.blob.core.windows.net
pghub.io
pixel.mathtag.com
portal.o2online.de
pv.medialead.de
red.vtracy.de
s0.2mdn.net
s7.addthis.com
securepubads.g.doubleclick.net
static.adsafeprotected.com
static.criteo.net
static.virgul.com
sync.teads.tv
tags.mathtag.com
tpc.googlesyndication.com
tps.doubleverify.com
track.webgains.com
us-u.openx.net
www.awin1.com
www.cloakan.co
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
ye-mek.net
medialead.de
pagead2.googlesyndication.com
pv.medialead.de
s0.2mdn.net
tps.doubleverify.com
track.webgains.com
www.awin1.com
104.75.89.75
13.224.192.181
138.201.63.117
141.101.90.96
142.250.184.226
144.76.104.53
151.139.128.10
172.217.18.2
178.250.1.6
18.66.138.185
185.7.176.222
185.80.39.216
185.89.211.116
20.60.220.36
2001:4860:4802:32::3
23.213.164.100
2600:1f18:1aca:4282:2a0a:6ee9:5131:f962
2600:9000:2450:c000:8:48e:53c0:93a1
2a00:1450:4001:806::200e
2a00:1450:4001:808::200a
2a00:1450:4001:809::2003
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2002
2a00:1450:4001:813::200a
2a00:1450:4001:827::2006
2a00:1450:4001:829::2008
2a00:1450:4001:82b::2001
2a00:1450:4001:830::2002
2a00:1450:4001:830::200a
2a00:1450:4001:831::2001
2a00:1450:4001:831::2002
2a02:2638:3::12
2a02:2638:d::11
2a02:2638:d::2
2a02:26f0:1700:6::17d5:a191
2a02:6ea0:c700::19
2a03:2880:f080:9:face:b00c:0:3
2a0b:4d07:102::1
3.75.5.170
34.102.243.38
34.250.56.160
34.98.64.218
35.241.45.217
74.121.143.241
77.245.159.14
94.138.206.83
95.101.148.198
001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
01fa226664394f42315f127309e22db4105760d53b5fdfb3a6210942ccc4b3f4
0486d620f8c483ed0fa8b56edfef5799ede455138606b4392604174847199be2
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
072f9ada3dbd90a670f75e51092ab23ba99fde1322fc2800b3ffc5de91712964
0746b21cfaae0aeba1fe18ef923cf659a3d82203c4f9368f6c3c10e82eefcffb
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0ac8dc957a0bd33bfd1038973cb3a70e611baa3ef7d44f92d8eda47866ef8acc
0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ddb6297b4c0fb187165a864cbecf7db510c5e12ee6e662754f1f960c201b5c8
0fb87da221f6bd6ca2145dbfdc42e0d7d4a73fe418fb409cc2b019ce0a3506d6
1171c8807b128697ca1150b8a948d3e263e1aeb53f7eedc43b2d489e9cf33e22
120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12ea875e15dcd2a99106b808f5669a61bbf021fbe694235f632f9c36ef85bb06
13b4bb0bb059eee9a7ddf5b8ae3f395e28e7f81918eeac0ec934f3d050c4d0a2
15638b005a1ce6ef2b92d3495a8290ecf4d748bb2dd2524d886286e7dbac6a8f
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
16df13bf757d1ea1db3b74b0a42013a8a392aa56a81b4517874ce59e820f1510
17fb6396682c034e75e55c2ca06f182c40b971281b0c219b049ea2d60f3e34de
19bb6d0a6b83ef7339494e17c0c1842b16ff4f51c1daf3ad1e17dfc91d6a586c
1c850554971fd0815ab530813c41947b41fd5485122fcc6ddad7e52554ca4c5f
1cd071e9d070bce6489af449b89cabdfe9b1851cbfb04b72becfb9ff0509336d
1cea80ffc30d80158c46d24a373c07f3fd1f12b0964ec0960d54cc7476dbe5ae
1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122
1e066beb1036ff4d1c6237858048930493e92415f9d6441b956c1133c6eafeef
1ff067250a334697aa929240baa053c275243c0bbc1a5cf9b1e280ff2eff85aa
22b5277b17bcc9f682004e6c7dc1e41ffd42c83a3476f14c7e3324c291cc86e8
232bf950740690a92eb6f4a6110a536fbe24114928c38ebe80f69aa3b2db6709
259370cf0a380366a96e31df0d482d4d7c5d59f52788c3e4db0119493c8e50cb
26a8c20f5406f57a7e6516064f3197b6a2745241dc3fe0d6a827fc75e613fc89
27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea
2a270c5c4ee5a6dc4951c3ca8ceab785c27786e3823b1b9a06f96ae6611ee6f4
2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f
2b682cb846d14bb05298861383969201f50f3334cd261828d904b198b21a81c3
2cf6ba91e0fd2d7ae476ccb034c9c3febd07006491f3868fd87d5d9a05497733
2eb2914e0253d3d949c2aad28f6f109c7b3a67ef37696a4496592837c0f9d7a4
312ea37c961106b2df0601ca18d37f89c74ec7b28932d79c012c0864169a11ed
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
34a9787ac484284d5f427da581c93144c33ab5afcf6cb8b0193bd9f068b00ae5
3785a64ea212b675fabed56a2d69b001dde3a875471a6bb395493bc2321103d8
3c49765312e00e45feb2f6b420b62c5ea0b8e047c5e92cdb2588223a167b7886
3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980
4030c5877b59dd952b14df61d5059dac76d7b3dae4557e30376c0a9a0d7c7e1c
44eeb4568b704c0f0a9909aed03ad7458799c0face22b0b8d1333ce5cbd5cfed
4595241cedd0561ea7df5dae27079da65aff6eea25ca9a06869c82524835bd44
464be521d749b2ba1c7e8c1f87223b56a03ee0bd05484baa0e9067ce9eb9d2be
4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a
466d84e17dc7459ae25cb60d72f1fddf8e574b1b0affd560332250b0ef75f41e
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46d23daa0a57a967ac07f516491d96b833bf2b56152dd035e85cb8ba89716bf0
48734e3f9e3a4f81bca9533e3173a47e8f20c2ca116566141de4581efae40aa8
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c138a2c89869b1e60bf8941147e2e2c21378af8ffeb407392091c688a76f392
4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f1949e21d597e282a24f9a971964cc38fea30c795c1b02d864f8e22988d4571
4fdc5391bf7f26b8640e050ae3e95ff1ea315746f0062053a894101b910f4049
50282fee83281adfa1bd8aa7771950d435a2799ca90959ae8f3a483ff4fb0be0
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
505c82241812470854d47dbfda8144e5326b3264363a233e75efced811a1a3e1
5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184
543d48d1e079fcd974d371768fe777a8c842d99d2be67d10d2f0e946f4198ebe
54898e3d3f6c366bcf27a7c00189b9095d79188fd8f3b688951975b989cc4063
5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92
580dad1a7f46af3417b3d06e483f4cfb043ce1d9e443398a4c0d98b47947d6ec
5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8
5f08dba2eb86f4f9356c53535440d69561700ca4b2fba167e923e5f70041abf1
608d9392d078f23501d440db8942c109b62b388fa72ec9bf2a3aae60e3a796a6
613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6355ee280c9c2c684a4c890a76edf6f82790bbaff1cb85a9bea932c5a392855d
66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492
680026f318b1fd16bc8e7b24ba4e32073bc98978f5bd67f19c1b30019a6decf0
6978dedf12d2dc2d1ce72b2ccca398e1c09e7acdedff0ad3ee9b7b009e6f1647
6a3184831806c6d057113cc853f0b95a8150143fbe8a29c00a671d5814ac2431
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
6e517f1f2da440c36103d61ae698974db84ded6b3ac8635a8c24d8ac8652c10d
6f88ad1b185e443ce4a39c76c65fa4b6f199c1521398535cc5452b19304d5f17
704250744b0a9fd93ff4fb87761b3d04800ddf626bb2c624e3e7c5e2e76dba22
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
75f2b3e1739c7ed8ee367a6990d7f5abdb0fd1040724273ee5a5f87489a41228
775ae37bbdaac699490e13908703f9fa724ad405a583c4d964c3a2705e25199a
7b74b15c0e0224974c8f830453f4141254e43fc02d4d95a8bce9c1a27a893079
7c0b531ac93316525ae4b761dd288f6e22c45dc5e36167fc646fe0918125d81d
7d4095ea226f3f80d6d4fc62e3737dd5107fd9d4aa4a443cac11378b102f64b6
7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
82ef6d77d41231210adf1d19724884bfc3cb6da85b1d011cb77d4586dc380774
837d63620657b055c980948022e01ba5c63c986d3d08ca7db80558411eab45d6
853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb
8577e3f6e493ca770fdbe248cd041882e7d23c7ae4ef110c148c5b2094e9114e
861ac263132d0b6dff10b6b5a7c51c290e45f257bb628c92016f5a0790543516
870c6dba95d95d6be10a7bc73f718c786dd35c619864cd9b3754b30c0e377c58
89529d02905772e8146d7e1ff9addc92072c23e60bb3dc84b8d61c4e898e93d6
8ac4d31233baa94433f305d393674f22af5cca5e2f4c7b555c06d602135bcd13
8b824c71d1dc1892740b0e8f40cbe24c021d799113bba8fbb71d7b4109450e6f
8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b
8fb600b02fc75812932069a9f79b2132dffbca1cd735dd8f8613d0f2850046d2
90bbc71f5c932fd82f6557834c468dd96219e535f4128c0838669f56cb35f1ab
951e603e21d6a04762e7712ece4db18412a25c2d3ad1196080add1df68597f26
98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955
990889e9ed9332f77e31d1c92c63487d5333dc907946989bb977c33df515c32e
9966325185672707cb236f7080ded8154b0d073f9fb42b90f4e39009f2973e88
9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86
9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da
9fe178b3a246dfa8391758b6964ea91fa324fc0942c9d3fb8e7c652a47ab23da
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a093402225ac56a46e1ec1c3ab2a2f7d6607f15c562143fe8c64de4f51e81706
a1970ad4f97c9ac8b9ea7a2c3378199af88b113a6f4e201256bf8c905554b7a2
a1a1863860f40862a7df0b5316bc3805f213fa1c9fb01060bbd994d91dc140ee
a1b3954c90ca1cb7765ebc7936ee2891056bf0a5efb095631fb46a08dfeea584
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1
a9813636d064a6c030d55ade3e86f5de6475ea07aa4bb75d2197f653bd8f60d9
ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9
ac546194565bbef33495adfd3072005ecb03e2563f484d0228435a8c4ac42f51
ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1701639174cb872a535071c10f17980f509ef1588d3a06bc7f8aad5ef0d25aa
b28212f4baadf3c72472e06c83eeb9f674659bc3390f8279644cc35c2b3cca60
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b83f885e4b5c5702a89c7ab944f16e40f1a59b33157baa872196124d128e68cd
ba09d9e6a5ceaf234dad260b0a93f357137f70d0dce30b3abc8d9966bf8766f0
bb8b1178b759a87b00aa44abf1019c82e9df19b6059f1761c4646b3d470a7f01
bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f
bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c2096c7f8c43a3751ad70e80d6a23fd56cb255665a2c089ca8929eec2fbc45e6
c2b14f3faab1ff78bc25ec1143035f67f3653c08c243adfa3772e33e52502a1a
c6a1a76527915c6ae9a97a59528a1c0ac871a858be8cca711a763109ef06e1a4
c6b18981cf714e585f539a908be7ec3edf6ea2fb86c507204a6e47d56a771eb2
c77b0be9295b67ebc3f1c502c5ac19d16146f6944a589571e3614d001fcd6f66
c877d16fba023f3bd02c5a3a27a9e70886fab643d424a2e5ff2707f6b545f78b
c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d
cc6edb8c4cd1b734aa8792ff58881ffe0ef9c71ebea0ce2434febd071224b707
ce3cf09c371f16e84cd9db5935613c3c8eeb5b5cf14511fa484818c7282cf5fb
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5
cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101
cff8001763a4cb0cb81352e07fb9927790673baaeda29140c072f30c5933cf10
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d20ac6f13cb794ee50fbe9df25666afe860c28230185fe219ceac6a32617dec5
d469330093a2cebd898628a339df6abaf5edcb89e85769ff79840371195a7d1f
d721f1819959bcb4cc8b418e32a69c729add4639335ca673c3b6ce5b8739bfcd
d845af1f0c23a4d6e415a829ee32ecd3b051e1b9539970687046dd38ae78c98d
d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60
da90c264ecd4396397dc073f546f0bf6fcee4d1b33c3445622d799a3a4ff577b
db2c529bd81e24285880e7644c808ece637a5e7d2ad1f757e87b131536890bf7
db57b06a6b88efaf8f7e7c4e7e8f252e5b2e53378734e84c3a5b220ae2209dbb
dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc
dbe69d85fee1f6c4a0ae57e830ade12777ace8b9cd366946e17626b9a1af3bc6
de1f5d1b2a64b34a33a3981dbd472b724437aad046625207654e4d2759c30d0e
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de6441ae50359b25da5ad72bd6f467066df9a220390eefc3a4d87ac076cab85d
de828c1de3b057a2132f7e790523411695d4c0189b0eaeb5f0f4f3d92462a540
e0524c7c780f39ce783aa0ea6de90f35f622e2625086841e2608405db807f1bf
e1952a4ce15a2d6bd329c3f512222346d2bf9babbed49c8d2f25faef086fc95c
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3a62ce28a6b2342ee3b1cb6af4c227da5774fe49d128fbc5f471eb845e10b46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0
e835a3856b2925639a1340d09a23655573329788df0917ace937a527cbca8aab
e8cd9f7f932e502b97e7ebd1194ba28e4b5a441b6100a07a09a6c02f102c8b55
eb5bff425311a4b245089f68cd39715e1c7d802e2ce30fd8c3d8caf90bc9a62c
eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d
ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361
ee444638576caade6517ecf8d6051bc1b9abe41c6e34b2bce54a2027af454dda
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f46406d6862aac4d30a26d7339785a1632165f75387f98093d366d514fc3b640
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6842377b16ee09324c96db8ffdb678dbafcef35ccb49fbf5c740fa046935604
fcc58cc9d4be09fdd40a74ca3a453622a269f2bdd1c598a863f54d2bd07a2126
ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884

pcloak.blob.core.windows.net Open in urlscan Pro 20.60.220.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

416 Requests

93 %HTTPS

49 %IPv6

35 Domains

56 Subdomains

48 IPs

6 Countries

6694 kBTransfer

33159 kBSize

9 Cookies

0 Outgoing links

Redirected requests

416 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Screenshot
Live screenshot

Full Image

416
Requests

93 %
HTTPS

49 %
IPv6

35
Domains

56
Subdomains

48
IPs

6
Countries

6694 kB
Transfer

33159 kB
Size

9
Cookies

416 HTTP transactions
10 data transactions