pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Submission: On June 17 via api (June 17th 2023, 12:49:42 am UTC) from TR — Scanned from DE

Summary HTTP 433 Redirects Behaviour Indicators

Summary

This website contacted 70 IPs in 9 countries across 57 domains to perform 433 HTTP transactions. The main IP is 20.60.220.36, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pcloak.blob.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on March 22nd 2023. Valid for: a year.

This is the only time pcloak.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	20.60.220.36 20.60.220.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NIOBEBILI...) (NIOBEBILISIMHIZMETLERI)
3	94.138.206.83 94.138.206.83	49126 (AS49126) (AS49126)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
40	2a02:6ea0:c70... 2a02:6ea0:c700::17	60068 (CDN77 ^_^) (CDN77 ^_^)
2	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
2	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	23.206.208.114 23.206.208.114	16625 (AKAMAI-AS) (AKAMAI-AS)
18	185.7.176.223 185.7.176.223	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2001:4860:480... 2001:4860:4802:38::178	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
73	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
3	108.138.1.25 108.138.1.25	16509 (AMAZON-02) (AMAZON-02)
25	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
2	185.7.176.221 185.7.176.221	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
1	52.222.253.136 52.222.253.136	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
41	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
6	217.79.188.10 217.79.188.10	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
6	217.79.188.54 217.79.188.54	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2	44.236.199.192 44.236.199.192	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
14 41	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1	184.25.219.161 184.25.219.161	16625 (AKAMAI-AS) (AKAMAI-AS)
1	37.157.6.233 37.157.6.233	198622 (ADFORM) (ADFORM)
3 5	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
3 4	37.252.171.22 37.252.171.22	29990 (ASN-APPNEX) (ASN-APPNEX)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
35	2a00:1450:400... 2a00:1450:4001:82b::2006	15169 (GOOGLE) (GOOGLE)
1 6	2a00:1450:400... 2a00:1450:4001:80e::2004	15169 (GOOGLE) (GOOGLE)
3	23.32.184.192 23.32.184.192	16625 (AKAMAI-AS) (AKAMAI-AS)
3	185.29.132.246 185.29.132.246	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 4	104.111.217.42 104.111.217.42	16625 (AKAMAI-AS) (AKAMAI-AS)
3 4	185.94.180.125 185.94.180.125	35220 (SPOTX-AMS) (SPOTX-AMS)
4 4	54.177.234.125 54.177.234.125	() ()
2	185.86.138.152 185.86.138.152	201081 (SMARTADSE...) (SMARTADSERVER)
2 3	198.47.127.19 198.47.127.19	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
4	144.76.91.199 144.76.91.199	24940 (HETZNER-AS) (HETZNER-AS)
7	34.248.176.243 34.248.176.243	16509 (AMAZON-02) (AMAZON-02)
1	184.30.20.207 184.30.20.207	16625 (AKAMAI-AS) (AKAMAI-AS)
2 4	46.137.93.67 46.137.93.67	16509 (AMAZON-02) (AMAZON-02)
1	18.66.122.114 18.66.122.114	16509 (AMAZON-02) (AMAZON-02)
2 2	151.101.130.49 151.101.130.49	() ()
2 2	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
4 4	3.70.117.93 3.70.117.93	16509 (AMAZON-02) (AMAZON-02)
2 2	52.86.34.19 52.86.34.19	() ()
2 2	74.119.118.138 74.119.118.138	() ()
2	178.250.7.11 178.250.7.11	() ()
3 3	37.157.2.234 37.157.2.234	198622 (ADFORM) (ADFORM)
4 6	51.38.120.206 51.38.120.206	16276 (OVH) (OVH)
6 6	46.228.174.117 46.228.174.117	56396 (AMOBEE) (AMOBEE)
3	138.201.84.245 138.201.84.245	() ()
1 2	46.228.164.11 46.228.164.11	() ()
1 1	85.114.159.93 85.114.159.93	() ()
2 2	213.155.156.181 213.155.156.181	() ()
4	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba19	() ()
6	172.217.16.194 172.217.16.194	() ()
1	2a02:fa8:8806... 2a02:fa8:8806:20::2010	() ()
1	35.227.252.103 35.227.252.103	() ()
1 1	37.252.173.215 37.252.173.215	() ()
6	2600:9000:223... 2600:9000:223f:6200:8:48e:53c0:93a1	() ()
1	2600:1f14:b4f... 2600:1f14:b4f:4b03:d0af:5b:a619:bc2	() ()
2	35.171.128.173 35.171.128.173	() ()
2	145.239.193.130 145.239.193.130	() ()
1	2a0b:4d07:101::1 2a0b:4d07:101::1	() ()
1	13.41.177.135 13.41.177.135	() ()
1 1	94.23.99.218 94.23.99.218	() ()
1 1	107.178.248.10 107.178.248.10	() ()
1	13.224.189.92 13.224.189.92	() ()
9	2600:1f18:1ac... 2600:1f18:1aca:4281:40a6:f5dd:4ba9:a1c7	() ()
2	130.211.44.5 130.211.44.5	() ()
1	2620:116:800d... 2620:116:800d:21:b314:a0ef:ab7c:d546	() ()
1 1	185.29.134.244 185.29.134.244	() ()
2 2	176.34.200.45 176.34.200.45	() ()
1	18.66.147.98 18.66.147.98	() ()
1	99.86.4.94 99.86.4.94	() ()
433	70

4 20.60.220.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pcloak.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NIOBEBILISIMHIZMETLERI, TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 94.138.206.83 (Turkey)

ASN49126 (AS49126, TR)

ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a02:6ea0:c700::17 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

cdn.ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.206.208.114 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-206-208-114.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 185.7.176.223 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

static.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng2.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:38::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

73 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.138.1.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-1-25.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.7.176.221 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

c1.imgiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.253.136 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-253-136.fra60.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

feed.pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

41 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 217.79.188.10 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: imagesrv.adition.com

imagesrv.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 217.79.188.54 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: aa.adfarm1.adition.com

ad13.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.236.199.192 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-236-199-192.us-west-2.compute.amazonaws.com

q.adrta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

41 142.250.186.66 (United States) 14 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.25.219.161 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-25-219-161.deploy.static.akamaitechnologies.com

ad.yieldlab.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.6.233 (Denmark)

ASN198622 (ADFORM, DK)

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.80.39.216 (Canada) 3 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.252.171.22 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2a00:1450:4001:82b::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.32.184.192 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-184-192.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.132.246 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.111.217.42 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-217-42.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.94.180.125 (Amsterdam, Netherlands) 3 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.177.234.125 (None, ) 4 redirects

ASN- ()

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.138.152 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 198.47.127.19 (United States) 2 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 144.76.91.199 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.199.91.76.144.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 34.248.176.243 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-176-243.eu-west-1.compute.amazonaws.com

s.update.mediamathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.20.207 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-20-207.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.137.93.67 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-46-137-93-67.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.122.114 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-114.fra60.r.cloudfront.net

pix.adrta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.130.49 (None, ) 2 redirects

ASN- ()

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.193.173 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.70.117.93 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-70-117-93.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.86.34.19 (None, ) 2 redirects

ASN- ()

ads.avct.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.119.118.138 (None, ) 2 redirects

ASN- ()

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.7.11 (None, )

ASN- ()

widget.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.2.234 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 51.38.120.206 (Hessen, Germany) 4 redirects

ASN16276 (OVH, FR)
PTR: ip206.ip-51-38-120.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 46.228.174.117 (United Kingdom) 6 redirects

ASN56396 (AMOBEE, GB)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 138.201.84.245 (None, )

ASN- ()

hal900025.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 46.228.164.11 (None, ) 1 redirects

ASN- ()

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (None, ) 1 redirects

ASN- ()

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.181 (None, ) 2 redirects

ASN- ()

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:6c00::210:ba19 (None, )

ASN- ()

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.16.194 (None, )

ASN- ()

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:20::2010 (None, )

ASN- ()

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (None, )

ASN- ()

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.173.215 (None, ) 1 redirects

ASN- ()

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:223f:6200:8:48e:53c0:93a1 (None, )

ASN- ()

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f14:b4f:4b03:d0af:5b:a619:bc2 (None, )

ASN- ()

ipv6.adrta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.171.128.173 (None, )

ASN- ()

adrta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 145.239.193.130 (None, )

ASN- ()

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:101::1 (None, )

ASN- ()

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.41.177.135 (None, )

ASN- ()

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.99.218 (None, ) 1 redirects

ASN- ()

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.178.248.10 (None, ) 1 redirects

ASN- ()

impfr.tradedoubler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.189.92 (None, )

ASN- ()

img.tradedoubler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2600:1f18:1aca:4281:40a6:f5dd:4ba9:a1c7 (None, )

ASN- ()

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 130.211.44.5 (None, )

ASN- ()

tps.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:b314:a0ef:ab7c:d546 (None, )

ASN- ()

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.244 (None, ) 1 redirects

ASN- ()

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 176.34.200.45 (None, ) 2 redirects

ASN- ()

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.98 (None, )

ASN- ()

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.94 (None, )

ASN- ()

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
122	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 133 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 155	874 KB
80	doubleclick.net 14 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 219 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 cm.g.doubleclick.net — Cisco Umbrella Rank: 244 googleads4.g.doubleclick.net	457 KB
43	ye-mek.net ye-mek.net — Cisco Umbrella Rank: 858491 cdn.ye-mek.net	637 KB
35	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 338	1 MB
19	adsafeprotected.com 2 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 957 static.adsafeprotected.com dt.adsafeprotected.com	200 KB
18	virgul.com static.virgul.com — Cisco Umbrella Rank: 63446 ng.virgul.com — Cisco Umbrella Rank: 55403 ng2.virgul.com	232 KB
13	adition.com 1 redirects imagesrv.adition.com — Cisco Umbrella Rank: 15145 ad13.adfarm1.adition.com — Cisco Umbrella Rank: 49269 dsp.adfarm1.adition.com	287 KB
10	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 387	218 KB
9	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 207	502 KB
8	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 107 www.google.com — Cisco Umbrella Rank: 3	772 B
7	mediamathtag.com s.update.mediamathtag.com — Cisco Umbrella Rank: 11913	58 KB
7	redintelligence.net hal9000.redintelligence.net — Cisco Umbrella Rank: 39899 hal900025.redintelligence.net	58 KB
6	doubleverify.com cdn.doubleverify.com tps.doubleverify.com	212 KB
6	onetag-sys.com 4 redirects onetag-sys.com — Cisco Umbrella Rank: 874	2 KB
6	pubmatic.com 2 redirects ads.pubmatic.com — Cisco Umbrella Rank: 547 image6.pubmatic.com — Cisco Umbrella Rank: 822	45 KB
6	adrta.com q.adrta.com — Cisco Umbrella Rank: 2828 pix.adrta.com — Cisco Umbrella Rank: 3779 ipv6.adrta.com adrta.com	15 KB
5	mathtag.com 1 redirects tags.mathtag.com — Cisco Umbrella Rank: 4813 pixel.mathtag.com — Cisco Umbrella Rank: 1145 sync.mathtag.com	4 KB
5	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 249 secure.adnxs.com	5 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 621	4 KB
4	1rx.io 4 redirects sync.1rx.io — Cisco Umbrella Rank: 618	3 KB
4	criteo.com 2 redirects dis.criteo.com widget.eu.criteo.com	2 KB
4	bidswitch.net 4 redirects x.bidswitch.net — Cisco Umbrella Rank: 361	2 KB
4	yahoo.com 4 redirects ups.analytics.yahoo.com	2 KB
4	spotxchange.com 3 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 785	2 KB
4	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1404	776 B
4	adform.net 3 redirects cm.adform.net — Cisco Umbrella Rank: 1254 c1.adform.net — Cisco Umbrella Rank: 635	2 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 357 aax.amazon-adsystem.com — Cisco Umbrella Rank: 444	62 KB
4	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 422 imasdk.googleapis.com — Cisco Umbrella Rank: 495 fonts.googleapis.com — Cisco Umbrella Rank: 80	155 KB
4	windows.net pcloak.blob.core.windows.net	3 KB
3	medialead.de 1 redirects pv.medialead.de medialead.de	912 B
3	openx.net us-u.openx.net — Cisco Umbrella Rank: 492 rtb.openx.net	663 B
2	360yield.com 2 redirects match.360yield.com	815 B
2	tradedoubler.com 1 redirects impfr.tradedoubler.com img.tradedoubler.com	1 KB
2	de17a.com 2 redirects d5p.de17a.com	651 B
2	turn.com 1 redirects ad.turn.com r.turn.com	869 B
2	unrulymedia.com 2 redirects sync.targeting.unrulymedia.com	1 KB
2	avct.cloud 2 redirects ads.avct.cloud	1 KB
2	ctnsnet.com 2 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 44520	1 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net	897 B
2	smartadserver.com rtb-csync.smartadserver.com — Cisco Umbrella Rank: 615	326 B
2	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 381 token.rubiconproject.com — Cisco Umbrella Rank: 656	543 B
2	gstatic.com fonts.gstatic.com	31 KB
2	imgiz.com c1.imgiz.com — Cisco Umbrella Rank: 102765	131 KB
2	pghub.io pghub.io — Cisco Umbrella Rank: 1964 feed.pghub.io — Cisco Umbrella Rank: 2174	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 176	88 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 13184	6 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 82	90 KB
2	cloakan.co www.cloakan.co	1 KB
1	webgains.team cdn.track.production.webgains.team	3 KB
1	webgains.io analytics.webgains.io	31 KB
1	quantserve.com cms.quantserve.com	465 B
1	webgains.com track.webgains.com	2 KB
1	office-partner.de adv.office-partner.de	931 B
1	dotomi.com dclk-match.dotomi.com	104 B
1	yieldlab.net ad.yieldlab.net — Cisco Umbrella Rank: 3918	400 B
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 60	21 KB
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2353	361 B
433	57

	Domain	Requested by
73	pagead2.googlesyndication.com	static.virgul.com pagead2.googlesyndication.com 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com ye-mek.net www.googletagservices.com s0.2mdn.net securepubads.g.doubleclick.net
41	cm.g.doubleclick.net	14 redirects googleads.g.doubleclick.net 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com ye-mek.net
41	tpc.googlesyndication.com	ye-mek.net 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com securepubads.g.doubleclick.net pcloak.blob.core.windows.net s0.2mdn.net
40	cdn.ye-mek.net	ye-mek.net cdn.ye-mek.net
35	s0.2mdn.net	ye-mek.net pcloak.blob.core.windows.net s0.2mdn.net
17	securepubads.g.doubleclick.net	static.virgul.com securepubads.g.doubleclick.net ye-mek.net pcloak.blob.core.windows.net
16	googleads.g.doubleclick.net	pagead2.googlesyndication.com 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com ye-mek.net
10	cdn.ampproject.org	securepubads.g.doubleclick.net
9	dt.adsafeprotected.com	464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com ye-mek.net
9	www.googletagservices.com	464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
9	ng.virgul.com	static.virgul.com ye-mek.net
8	464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
7	s.update.mediamathtag.com	tags.mathtag.com s.update.mediamathtag.com
7	static.virgul.com	ye-mek.net static.virgul.com pcloak.blob.core.windows.net
6	static.adsafeprotected.com	fw.adsafeprotected.com 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
6	googleads4.g.doubleclick.net	pcloak.blob.core.windows.net
6	onetag-sys.com	4 redirects 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
6	www.google.com	1 redirects ye-mek.net 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com tpc.googlesyndication.com
6	ad13.adfarm1.adition.com	464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com ad13.adfarm1.adition.com
6	imagesrv.adition.com	464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com ad13.adfarm1.adition.com
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
4	cdn.doubleverify.com	s0.2mdn.net pcloak.blob.core.windows.net
4	sync.1rx.io	4 redirects
4	x.bidswitch.net	4 redirects
4	fw.adsafeprotected.com	2 redirects pcloak.blob.core.windows.net
4	hal9000.redintelligence.net	pcloak.blob.core.windows.net hal900025.redintelligence.net
4	ups.analytics.yahoo.com	4 redirects
4	sync.search.spotxchange.com	3 redirects googleads.g.doubleclick.net
4	sync.teads.tv	1 redirects googleads.g.doubleclick.net 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	pcloak.blob.core.windows.net	pcloak.blob.core.windows.net
3	hal900025.redintelligence.net	hal9000.redintelligence.net hal900025.redintelligence.net
3	c1.adform.net	3 redirects
3	image6.pubmatic.com	2 redirects ads.pubmatic.com
3	tags.mathtag.com	464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com tags.mathtag.com
3	ads.pubmatic.com	464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
3	c.amazon-adsystem.com	static.virgul.com c.amazon-adsystem.com
3	ye-mek.net	www.cloakan.co ye-mek.net
2	match.360yield.com	2 redirects
2	tps.doubleverify.com	cdn.doubleverify.com
2	pv.medialead.de	hal900025.redintelligence.net 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
2	adrta.com	pix.adrta.com
2	ng2.virgul.com	ye-mek.net
2	d5p.de17a.com	2 redirects
2	sync.targeting.unrulymedia.com	2 redirects
2	widget.eu.criteo.com	464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
2	dis.criteo.com	2 redirects
2	ads.avct.cloud	2 redirects
2	gcm.ctnsnet.com	2 redirects
2	sync-tm.everesttech.net	2 redirects
2	rtb-csync.smartadserver.com	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	fonts.gstatic.com	fonts.googleapis.com
2	q.adrta.com	464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com q.adrta.com
2	fonts.googleapis.com	securepubads.g.doubleclick.net hal900025.redintelligence.net
2	adservice.google.com	securepubads.g.doubleclick.net
2	c1.imgiz.com	static.virgul.com c1.imgiz.com
2	connect.facebook.net	ye-mek.net connect.facebook.net
2	images.dmca.com	ye-mek.net
2	www.googletagmanager.com	ye-mek.net adv.office-partner.de
2	www.cloakan.co	pcloak.blob.core.windows.net
1	cdn.track.production.webgains.team	464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
1	analytics.webgains.io	track.webgains.com
1	sync.mathtag.com	1 redirects
1	cms.quantserve.com	464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
1	img.tradedoubler.com	464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
1	impfr.tradedoubler.com	1 redirects
1	medialead.de	1 redirects
1	track.webgains.com	pcloak.blob.core.windows.net
1	adv.office-partner.de	hal900025.redintelligence.net
1	ipv6.adrta.com	pix.adrta.com
1	secure.adnxs.com	1 redirects
1	rtb.openx.net	464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
1	dclk-match.dotomi.com	464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
1	dsp.adfarm1.adition.com	1 redirects
1	r.turn.com	464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
1	ad.turn.com	1 redirects
1	pix.adrta.com	q.adrta.com
1	pixel.mathtag.com	tags.mathtag.com
1	token.rubiconproject.com	1 redirects
1	pixel.rubiconproject.com	googleads.g.doubleclick.net
1	cm.adform.net	googleads.g.doubleclick.net
1	ad.yieldlab.net	googleads.g.doubleclick.net
1	imasdk.googleapis.com	c1.imgiz.com
1	feed.pghub.io	pghub.io
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	pghub.io	static.virgul.com
1	www.google-analytics.com	www.googletagmanager.com
1	s7.addthis.com	ye-mek.net
1	ajax.googleapis.com	ye-mek.net
433	90

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2023-03-22` - `2024-03-22`	a year	crt.sh
cpanel.cloakan.co R3	`2023-05-03` - `2023-08-01`	3 months	crt.sh
www.ye-mek.net RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-11-29` - `2023-07-07`	7 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
1099124734.rsc.cdn77.org R3	`2023-06-13` - `2023-09-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
images.dmca.com R3	`2023-05-13` - `2023-08-11`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
*.virgul.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-24` - `2023-09-28`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-03-26` - `2023-06-24`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
*.imgiz.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-27` - `2023-09-09`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.adition.com AlphaSSL CA - SHA256 - G4	`2023-05-08` - `2024-06-08`	a year	crt.sh
*.adfarm1.adition.com AlphaSSL CA - SHA256 - G4	`2023-05-08` - `2024-06-08`	a year	crt.sh
*.adrta.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-13` - `2023-07-20`	10 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.pubmatic.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-25` - `2024-01-24`	a year	crt.sh
*.mathtag.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-30` - `2024-04-29`	a year	crt.sh
teads.tv R3	`2023-05-11` - `2023-08-09`	3 months	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
redintelligence.net R3	`2023-06-09` - `2023-09-07`	3 months	crt.sh
update.mediamathtag.com R3	`2023-04-20` - `2023-07-19`	3 months	crt.sh
pixel.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-05`	a year	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.doubleverify.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-07`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M01	`2023-02-24` - `2023-09-04`	6 months	crt.sh
pv.medialead.de R3	`2023-06-14` - `2023-09-12`	3 months	crt.sh
adv.office-partner.de R3	`2023-05-01` - `2023-07-30`	3 months	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M02	`2023-05-09` - `2024-06-07`	a year	crt.sh
*.tps.doubleverify.com Go Daddy Secure Certificate Authority - G2	`2022-09-28` - `2023-10-30`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.webgains.io Amazon RSA 2048 M02	`2023-03-02` - `2023-09-21`	7 months	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M01	`2023-02-28` - `2023-10-28`	8 months	crt.sh

This page contains 51 frames:

Primary Page: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Frame ID: 8A22F93A4717CF41FD0F0E51AB7A01F0
Requests: 6 HTTP requests in this frame

Frame: https://ye-mek.net/
Frame ID: 8CDDB08CDA12C81472AC79CAB5169318
Requests: 93 HTTP requests in this frame

Frame: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Frame ID: EDD578BE97D553820DEE1C5367F4DE75
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230614/r20190131/zrt_lookup.html
Frame ID: 3946A79B51A9FFE0B9D1F52F12E3395A
Requests: 1 HTTP requests in this frame

Frame: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: BDD0E692BF8E8DCFBF0614E4B7ADDF93
Requests: 1 HTTP requests in this frame

Frame: https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D
Frame ID: 8E615E8EFED62D768679B26E004CD719
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686962978860&bpp=4&bdt=1062&idt=251&shv=r20230614&mjsv=m202306120101&ptt=9&saldr=aa&nras=1&correlator=1113296724212&frm=24&ife=1&pv=2&ga_vid=1795257493.1686962978&ga_sid=1686962979&ga_hid=1910268385&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C42532277%2C42532279%2C44785295%2C44788442&oid=2&pvsid=3874342003548220&tmod=647139116&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.ixim7t8g1u8s&fsb=1&dtd=263
Frame ID: F09FE457E25C8A3490F3D70D0AC63B40
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012305252018000/amp4ads-v0.mjs
Frame ID: B1E80B8C98C1E14F521D4499739019F8
Requests: 14 HTTP requests in this frame

Frame: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 13DC50CEF608369D06344D7A489698BA
Requests: 27 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiA56_nATAB&v=APEucNWvx6LJ8NqwrK_NZ8y5Elc0y1C3AdekB05aEnSIWH7Vsi30RMFfiJFP3RRJaoO5Pa7XNhq2SHW67skTk0-LUWKhIffzYw5uT2LCo9uSGuhXWpkWtRUDgAQTYrFFPZsfgA2RG4CceXEug6R5bNQr62mkqkQwcCgE0cihleJpUtbU8VEgMeDsAAhqifNLGjcydeiAW5V5
Frame ID: 9655A309004E356EE2485ADC6FC4A173
Requests: 3 HTTP requests in this frame

Frame: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: B9518D84ED0A616C104B650C3D922360
Requests: 22 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiA56_nATAB&v=APEucNVjb5V56duWpD7fBpBvkA2wxrxGpWPQjvwbHR0FUcYBA6YUxpL9jpqkxvnhMYQmh3qcc8ylWoWcSRUY9Eh7xWdtomLX3LhpAIi76hqeOCEHgOa2YkHlxacZoRhPBo1CApwZqfNYEUibJsn3MNyZFGAxt9lwo9QpFT8V-eTkn62dHOLLen59Ab3yX2sRlvyx1NMRouZb
Frame ID: 12749F58F259509E884BDA34F5CA1DE6
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 3403F956723E2C5461D36C84C46FA8AA
Requests: 3 HTTP requests in this frame

Frame: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 020A12B7381F845B714601643327095B
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiA56_nATAB&v=APEucNXTBJMTn9ARNfIFn7hvCF9ePkxvPP-JceJJl2i7VAPLyHSVv2zxcfDtI8-P-y_ZFlenzqpxii_sv30xJ2Pqp3xCDllkz58pl4xr8t4SWgpe4Ecok7e0vWRitr5vkTxFCUiFcFWvHG6Pvev5UxbD7TznvFf6JPc84p6XZK0ANpb5lyBD6f1Cv5nJRDiBaInFq2Dmvte0
Frame ID: C0DDA6634618375208AFE0A062BD2298
Requests: 5 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012305252018000/amp4ads-v0.mjs
Frame ID: 02F4622806753C03417230ABEE351098
Requests: 15 HTTP requests in this frame

Frame: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 1E0013AC719F870EED6C8497FEF96D27
Requests: 26 HTTP requests in this frame

Frame: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 4A57D703F919A2C335C64D20770D5755
Requests: 27 HTTP requests in this frame

Frame: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 9BB4F38B1F9574980F604C9AEF1D6948
Requests: 25 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: A3D264E20133BF7E1F38113C18BED5FE
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 0F56799D64BBFA1EA08A58A3E4E651A6
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNUFGPIHDGzr5OPGS7fh-XrQrutxcBR8k0RG0c34b4sMFIADRJ-3zRPGvDHnZCKRKFoBcT-ELtgF2I7Ha7Jp8uajplPsJfWwhgTCanLVyNpe_iCdzyiXZPylXiM0x_RaPF6Umg8wQNIkO9hg3S-TPJSzQ78ZsaChbqMaYfFJ_7HC-764jOU
Frame ID: 8563FA2F9F7E297624FA33DBED182894
Requests: 5 HTTP requests in this frame

Frame: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: F34735619F786CA9D36EEB5FAAB6B62E
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNWx7VM4t-_SHKyu6qggZz24uC3dvOqayM1Pfp93-dld98FDdHlrgngw1gCC488a3lTv8WK-bdN70ehLtnxW0AfFCry1mI7vuCEZ4jbWNvw1X6l3Gi-gln_yAkRYr9H07LL7UasB9Mjudg8KPtNWiknLVB5LttjNKQip1PEf3sGGLh4RACs
Frame ID: B5649E59ED7F73CD6BFA892A255C4CD7
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARiD27LlATAB&v=APEucNWBKIb1sTxRxcrmoQMSIyxbxC1PXBWO3IHoiYnOAJD4NgcalZyA5Wmfdu1TYUosswKUDmG0KaoGVTfZrxXRcvfhYZ8CY0qCTty0X1PAgMvn70r8p0RHVc6XL89LerstZRnFh9qPQ3aLqv4FyD5a5VY_vHGY6Qg6MwVqiGgBMyuz1QiFPmg
Frame ID: CCE61AC8002DE24DEF43C6FD81DAD89C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 69BDA6A8029603318F68119D05E02B8C
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: A72EB40805292A38F8A412A6993627E9
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: C096BE51EE8265EAE9C3C8EEC20C0227
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 41CC60B5E20EB0D0064B33F8C6A373A5
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 8049985C47D7AC69A4ED9FC2C284EE35
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: ED1C5E93A2C5FE69A07785B6F7D40A97
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 9C31BEBBD1EDD32FB77ECC874DBF7613
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 911ABED5D6F055599856B4ACCF2075D6
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: CB393ABB59082098FC4DE076120F9E27
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=SimwOY70bH&t=1&renderingType=2&ev=01_250
Frame ID: 2966D39823485AC0CD7E8CF785098CB7
Requests: 12 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=1VT5fc9Ca6&t=1&renderingType=2&ev=01_250
Frame ID: 05D1CA792207A863809990045A03E514
Requests: 12 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=N0DsKKGVou&t=1&renderingType=2&ev=01_250
Frame ID: 8D064B8FC5AD28DD7068F517F7611FB7
Requests: 12 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=93483700005664200951389012358025&t=htlp&gdpr=1&consent=1&gdpr_consent=li
Frame ID: 7ED8453E0E9E0197CB37B6AEB9EA359B
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: BA93700545791444B50D1BC7B5274290
Requests: 2 HTTP requests in this frame

Frame: https://hal900025.redintelligence.net/request_content.php?s=93483700005664200951389012358025&a=abeddfb0
Frame ID: 39133AED85AC38B454D174F46BFDA809
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: D4E768D83C8334141440A69640FBAB16
Requests: 9 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements3886.js
Frame ID: CB638322E03750B8612D17A78883DE77
Requests: 2 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements3886.js
Frame ID: 63CEEE18ABA8F6F4CCF78B83340550FB
Requests: 2 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 20345DE630A14476397AAEE1B76EF653
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 9BC5AEA2362BD3CB57E2AA767B95939A
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
Frame ID: 46C9D6403A80AA9AABAD8EB25B5B813B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
Frame ID: 173EE964F0D19EDF6BF851F8CBC6DB60
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
Frame ID: 1125178E8B8982CC03AABE538B55C623
Requests: 1 HTTP requests in this frame

Frame: blob://https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/f2838f3c-cf94-4c87-a50b-4d31f31f16cc
Frame ID: 9BE2C467F0B2006152F8D4C0AF7ED46A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: F9BC343A72F0BA81A5F9C94D8B27BA54
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CA213202820A5B6FB262DC9C535BD622
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

433
Requests

89 %
HTTPS

28 %
IPv6

57
Domains

90
Subdomains

70
IPs

9
Countries

5687 kB
Transfer

13623 kB
Size

27
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 115

https://cm.g.doubleclick.net/pixel?google_nid=yieldlab&google_cm&google_dbm HTTP 302
https://ad.yieldlab.net/m?dt_id=52&ext_id=CAESEJprUd9ZxIAbWl5vrAAEkYk&google_cver=1

Request Chain 116

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_dbm HTTP 302
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEJvmT5qEBhQuZy3Fp8jnA9I&google_cver=1&adform_v=1

Request Chain 141

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKdEaqFr-XhthrZO2V_xkmQ&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKdEaqFr-XhthrZO2V_xkmQ&google_cver=1&C=1

Request Chain 142

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZI0DI.binG0.Fe9N8QDNBAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKdEaqFr-XhthrZO2V_xkmQ&google_cver=1&google_hm=2

Request Chain 143

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJ89U6sc2lEjqFwmeNeYALs&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJ89U6sc2lEjqFwmeNeYALs%26google_cver%3D1

Request Chain 144

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTA2NTg0Njk0NzU3OTIwOTA2OA%3D%3D

Request Chain 167

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_dbm HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEB0QKss9niTDtVwZYBGHp74&google_cver=1

Request Chain 168

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=

Request Chain 169

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEM5XRT13iXEWTwpDSwcLlcs&google_cver=1

Request Chain 220

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 221

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEK7QyIjco_I7BkeRA6zJIfA&google_cver=1

Request Chain 223

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESED4MFtlAOJ2v-ZIrkq332Nw&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESED4MFtlAOJ2v-ZIrkq332Nw&google_cver=1&__user_check__=1&sync_id=d7824585-0ca8-11ee-acab-1f057aaa0206

Request Chain 224

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=d77e9e99-0ca8-11ee-a348-1bbe6fc50106 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZDc4MjQ1MzQtMGNhOC0xMWVlLWFjYWItMWYwNTdhYWEwMjA2

Request Chain 225

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1pMzI0N1AxRTJ1R2oxUXNHalBnUDhaXzJ6eGJyZjFRNX5B

Request Chain 226

https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_dbm HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEPJq_cjlu0fvJtduNrHcmLA&google_cver=1

Request Chain 285

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEDy5_lryPaWlMm24uAEZLNg&google_cver=1&google_push=ATf1kGOqL4T_CKJidPoxjy2RaJP-khsMh0rLVNB_J13zSAHmVALg6uDXAzLoBcJESCYViqodA0izjhtVYQoqtdxHKUXZMGf3XZ0l HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEDy5_lryPaWlMm24uAEZLNg&google_push=ATf1kGOqL4T_CKJidPoxjy2RaJP-khsMh0rLVNB_J13zSAHmVALg6uDXAzLoBcJESCYViqodA0izjhtVYQoqtdxHKUXZMGf3XZ0l

Request Chain 286

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEALqLpJm7KlpTW1Vq2OimAk&google_cver=1&google_push=ATf1kGPAmMs3r_VfM0yA7St0itXCZvjjsv-whDTti8dwKvAgv4fDMstULg-XuNBc16lhixK3itQjxC8qe1VxkTdo3uN-5cd7tk02 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPAmMs3r_VfM0yA7St0itXCZvjjsv-whDTti8dwKvAgv4fDMstULg-XuNBc16lhixK3itQjxC8qe1VxkTdo3uN-5cd7tk02&google_hm=IqHdgTqyQuCODMEkFgOo6Gc

Request Chain 287

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEFaQncktId6Eb9BjqrN5m88&google_cver=1&google_push=ATf1kGOnJgxLwDCfUXQbirDo_GNLfExO3WBvXf5m5KikxImbYMADbuBeQRC4HaLgDJUAsAn8Q1C8qa_JvcVd9pRzg8hknW1hPNSx HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEFaQncktId6Eb9BjqrN5m88&google_cver=1&google_push=ATf1kGOnJgxLwDCfUXQbirDo_GNLfExO3WBvXf5m5KikxImbYMADbuBeQRC4HaLgDJUAsAn8Q1C8qa_JvcVd9pRzg8hknW1hPNSx HTTP 302
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgoogle HTTP 307
https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgoogle HTTP 302
https://x.bidswitch.net/sync?dsp_id=59&user_id=07f4e4cf-6e5e-41fc-b98d-568f2924cb36&ssp=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGOnJgxLwDCfUXQbirDo_GNLfExO3WBvXf5m5KikxImbYMADbuBeQRC4HaLgDJUAsAn8Q1C8qa_JvcVd9pRzg8hknW1hPNSx&google_hm=l1dbC0KGSf2TQU5uZLOTQA==

Request Chain 288

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEI2-W6EgbwLzEDOc3UTjev4&google_cver=1&google_push=ATf1kGOW9dWy71HGhVMkj3si7WRxd3x1a9vxvyiyyzGfP7QI490jKsX9nAVrLUIEzWDxEfsfLZQaDRi9qJe-zw-3eiqu-xsmp6-N HTTP 302
https://widget.eu.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEI2-W6EgbwLzEDOc3UTjev4&google_cver=1&google_push=ATf1kGOW9dWy71HGhVMkj3si7WRxd3x1a9vxvyiyyzGfP7QI490jKsX9nAVrLUIEzWDxEfsfLZQaDRi9qJe-zw-3eiqu-xsmp6-N

Request Chain 289

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHgtXX0pLR76uolrKFyWthE&google_cver=1&google_push=ATf1kGNaYFPu8eFi5knrzkQBRcbVyJ2t7Q62r2PtFQSTc-Kp_vLOAVLRea3ZhXkrhai9gK2bnnqEL0HMN71cpKrnn2GT13pWN2SH HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEHgtXX0pLR76uolrKFyWthE&google_cver=1&google_push=ATf1kGNaYFPu8eFi5knrzkQBRcbVyJ2t7Q62r2PtFQSTc-Kp_vLOAVLRea3ZhXkrhai9gK2bnnqEL0HMN71cpKrnn2GT13pWN2SH HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzQ2MDg0NTI2NzQxMzgyMTM2MQ&google_push=ATf1kGNaYFPu8eFi5knrzkQBRcbVyJ2t7Q62r2PtFQSTc-Kp_vLOAVLRea3ZhXkrhai9gK2bnnqEL0HMN71cpKrnn2GT13pWN2SH

Request Chain 290

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEEwW6se3E9BzQZ8HrKTxxY8&google_cver=1&google_push=ATf1kGOfoK8Of7FJHOOc3qVxFCWYK34b-CGFBpxoZla75E8o-Vja84w1U-EguHvg6HJT_zuF5jwOT0O8g3b0IUshKaRHa_QBJjfe HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOfoK8Of7FJHOOc3qVxFCWYK34b-CGFBpxoZla75E8o-Vja84w1U-EguHvg6HJT_zuF5jwOT0O8g3b0IUshKaRHa_QBJjfe

Request Chain 291

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESENrntLserK3IE0xpbJbVkew&google_cver=1&google_push=ATf1kGP60jAzDAhiarTSfeKA1f2q6tYsTAuQKudPHYIkGATsdEBz_lCeQu0Or5NUJVSoUg3Luf_KeHJLAPLZE88bPT2s-5AE8Zb7 HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=ATf1kGP60jAzDAhiarTSfeKA1f2q6tYsTAuQKudPHYIkGATsdEBz_lCeQu0Or5NUJVSoUg3Luf_KeHJLAPLZE88bPT2s-5AE8Zb7&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1686962980737 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-dcd2f19b-ee84-495f-8f66-a0f2abeeeffd-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DATf1kGP60jAzDAhiarTSfeKA1f2q6tYsTAuQKudPHYIkGATsdEBz_lCeQu0Or5NUJVSoUg3Luf_KeHJLAPLZE88bPT2s-5AE8Zb7%26google_hm%3DA9zS8ZvuhElfj2ag8qvu7_0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGP60jAzDAhiarTSfeKA1f2q6tYsTAuQKudPHYIkGATsdEBz_lCeQu0Or5NUJVSoUg3Luf_KeHJLAPLZE88bPT2s-5AE8Zb7&google_hm=A9zS8ZvuhElfj2ag8qvu7_0

Request Chain 295

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEHC23SUPlx4KKx8f-7fEfs8&google_cver=1&google_push=ATf1kGPo-q30EBeAOObddw0uqSNPM-f3lo-Td4BH1tn_UH3fw7zeVkYtLPS07nOj5XzGSaxBn6cu7x0IBs-366p_1PTNa5aU0YKXJQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzMzODAxNjIzMjA0OTY5NTA3NQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHC23SUPlx4KKx8f-7fEfs8&google_cver=1

Request Chain 296

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEPz8j5dAmw83ezkbiSZGbr0&google_cver=1&google_push=ATf1kGN9c_RGYrH1Q3j8g2zEq7KMvBO2jIbe4Qs0lMDsjmN8y2zpF7BOZ6NohIDI1LxBokuisTAB12JZitT15WE2rUQyT4PMqoQ0uw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0NTQ1MDgyNDM3MTUzODcwMw%3D%3D&google_push=ATf1kGN9c_RGYrH1Q3j8g2zEq7KMvBO2jIbe4Qs0lMDsjmN8y2zpF7BOZ6NohIDI1LxBokuisTAB12JZitT15WE2rUQyT4PMqoQ0uw

Request Chain 297

https://d5p.de17a.com/cookies/google?google_gid=CAESEIGGmONLieERV1p5jHBOhKM&google_cver=1&google_push=ATf1kGPSGNXMPc-FtYfQXW_WQ7Tw5MP-Auk7xpefCFbOcwN9l7Hx8IDj7phP9EblmsNEtqzJo5i1TMspmRKPVqKGH0NU63dfIOLNqQ HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEIGGmONLieERV1p5jHBOhKM&google_cver=1&google_push=ATf1kGPSGNXMPc-FtYfQXW_WQ7Tw5MP-Auk7xpefCFbOcwN9l7Hx8IDj7phP9EblmsNEtqzJo5i1TMspmRKPVqKGH0NU63dfIOLNqQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGPSGNXMPc-FtYfQXW_WQ7Tw5MP-Auk7xpefCFbOcwN9l7Hx8IDj7phP9EblmsNEtqzJo5i1TMspmRKPVqKGH0NU63dfIOLNqQ

Request Chain 298

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEI2-W6EgbwLzEDOc3UTjev4&google_cver=1&google_push=ATf1kGM23p0jep9SV-oA-k6soFvWXLioNwLimGqNZ56Hi5emMmdR-AHrfauHtIapYxw03exlWbTUVC2sZb0iQ8hwtDL06UbzSc1ZhQ HTTP 302
https://widget.eu.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEI2-W6EgbwLzEDOc3UTjev4&google_cver=1&google_push=ATf1kGM23p0jep9SV-oA-k6soFvWXLioNwLimGqNZ56Hi5emMmdR-AHrfauHtIapYxw03exlWbTUVC2sZb0iQ8hwtDL06UbzSc1ZhQ

Request Chain 299

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENX8eDTBUs4gpbOq4aeOczU&google_cver=1&google_push=ATf1kGNj0KXLNqUwJkKVPEsighV3T-938qB4fHqMKxQX4XJo2fcyFbNrpcTuiwCS1a0r7LzJIESK8jY-0nTdGwhUr812qAH7YHdWkA HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENX8eDTBUs4gpbOq4aeOczU&google_cver=1&google_push=ATf1kGNj0KXLNqUwJkKVPEsighV3T-938qB4fHqMKxQX4XJo2fcyFbNrpcTuiwCS1a0r7LzJIESK8jY-0nTdGwhUr812qAH7YHdWkA&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=0fwtzlkcSXaYNkKOiJ9bPQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGNj0KXLNqUwJkKVPEsighV3T-938qB4fHqMKxQX4XJo2fcyFbNrpcTuiwCS1a0r7LzJIESK8jY-0nTdGwhUr812qAH7YHdWkA

Request Chain 300

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESENrntLserK3IE0xpbJbVkew&google_cver=1&google_push=ATf1kGN0HkKe07l4ofNMAOlgUihQuXS87dJSODTrl5OpEwMeB84ICOhv2Ne5Rh4wHgCpouexVRu_8QRNGi0PrBmGLt_zrPy-ekYMxw HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=ATf1kGN0HkKe07l4ofNMAOlgUihQuXS87dJSODTrl5OpEwMeB84ICOhv2Ne5Rh4wHgCpouexVRu_8QRNGi0PrBmGLt_zrPy-ekYMxw&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1686962980736 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-dcd2f19b-ee84-495f-8f66-a0f2abeeeffd-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DATf1kGN0HkKe07l4ofNMAOlgUihQuXS87dJSODTrl5OpEwMeB84ICOhv2Ne5Rh4wHgCpouexVRu_8QRNGi0PrBmGLt_zrPy-ekYMxw%26google_hm%3DA9zS8ZvuhElfj2ag8qvu7_0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGN0HkKe07l4ofNMAOlgUihQuXS87dJSODTrl5OpEwMeB84ICOhv2Ne5Rh4wHgCpouexVRu_8QRNGi0PrBmGLt_zrPy-ekYMxw&google_hm=A9zS8ZvuhElfj2ag8qvu7_0

Request Chain 301

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEEwW6se3E9BzQZ8HrKTxxY8&google_cver=1&google_push=ATf1kGN6G2yW4GNHbg9FgOpwNCg8EeHJx2H-yE_z8MAqUvfAvuoJCOlWTuby_Q91xecoAmgeRD7-_7SYVJwwb6XCBeCrGWbK3nyo2qc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGN6G2yW4GNHbg9FgOpwNCg8EeHJx2H-yE_z8MAqUvfAvuoJCOlWTuby_Q91xecoAmgeRD7-_7SYVJwwb6XCBeCrGWbK3nyo2qc HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 311

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEDy5_lryPaWlMm24uAEZLNg&google_cver=1&google_push=ATf1kGPnTP87pPxNua0LJcjT8zEuafoRTPR8uxybmVosM_WrhnciX_9hmqT-hj9ZT1AaBw9Hh4cl4BB_aEfa3t9TEZ1swvvI91rF HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEDy5_lryPaWlMm24uAEZLNg&google_push=ATf1kGPnTP87pPxNua0LJcjT8zEuafoRTPR8uxybmVosM_WrhnciX_9hmqT-hj9ZT1AaBw9Hh4cl4BB_aEfa3t9TEZ1swvvI91rF

Request Chain 313

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEEwW6se3E9BzQZ8HrKTxxY8&google_cver=1&google_push=ATf1kGNOaFYwwuxB61gwO_Cu08rhGKyRd8AZdY6cN5qZDVPYBZpuWTd1h9VDwcRhDlM_6-QKoZrjOiMhEGefMglpEZb0bhjpTQBH HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGNOaFYwwuxB61gwO_Cu08rhGKyRd8AZdY6cN5qZDVPYBZpuWTd1h9VDwcRhDlM_6-QKoZrjOiMhEGefMglpEZb0bhjpTQBH

Request Chain 314

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEIA41nkbccDWj4mLiK33IJU&google_cver=1&google_push=ATf1kGNoTkFM46spUAd6O_kknBs4c5jOY8hZnMnDcqumMALIcsk2bKUUp8c4EB0RU-G7we3u2jfee25nqHc854CF7chrkWlRAj-vMA HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEIA41nkbccDWj4mLiK33IJU&google_cver=1&google_push=ATf1kGNoTkFM46spUAd6O_kknBs4c5jOY8hZnMnDcqumMALIcsk2bKUUp8c4EB0RU-G7we3u2jfee25nqHc854CF7chrkWlRAj-vMA&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1jQVhWS3N4RTJ1RWlKSE5CMFp1WGtEWnNPa1JsaVRWZ35B&google_push=ATf1kGNoTkFM46spUAd6O_kknBs4c5jOY8hZnMnDcqumMALIcsk2bKUUp8c4EB0RU-G7we3u2jfee25nqHc854CF7chrkWlRAj-vMA

Request Chain 315

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEKJbk2_FUDJiP3vP6RF8B5k&google_cver=1&google_push=ATf1kGMqUHH8cVWSW89xDwFwz3MoJY7U_e1VTQbrWzdiCf8bBxeaRwPi31USudPIfbcPnWTggmSnaF5ZGEcrmOfiPVWY0WAymVpakw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=ATf1kGMqUHH8cVWSW89xDwFwz3MoJY7U_e1VTQbrWzdiCf8bBxeaRwPi31USudPIfbcPnWTggmSnaF5ZGEcrmOfiPVWY0WAymVpakw HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 316

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESECgwNCA9t3a2mEz99N3UmJE&google_cver=1&google_push=ATf1kGPWIVOmOfK5BoI-OnD4-lO8kBjPXi9eE_S3dhHUWHbE3Q8INqSj1uxlNK-emWYcztMrkenJvNcq2y-fv6t8bDvn2sFw2qBQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTA2NTg0Njk0NzU3OTIwOTA2OA%3D%3D&google_gid=CAESECgwNCA9t3a2mEz99N3UmJE&google_cver=1&google_push=ATf1kGPWIVOmOfK5BoI-OnD4-lO8kBjPXi9eE_S3dhHUWHbE3Q8INqSj1uxlNK-emWYcztMrkenJvNcq2y-fv6t8bDvn2sFw2qBQ

Request Chain 349

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=93483700005664200951389012358025&t=htlp&gdpr=1&consent=1&gdpr_consent=li HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=93483700005664200951389012358025&t=htlp&gdpr=1&consent=1&gdpr_consent=li

Request Chain 350

https://impfr.tradedoubler.com/imp?type(inv)g(24495172)a(1565155)epi(93483700005664200951389012358025)326784600 HTTP 302
https://img.tradedoubler.com/images/inv.gif

Request Chain 370

https://fw.adsafeprotected.com/rfw/st/1484055/72040524/skeleton.js?ias_dspID=64&adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:a67eb679-2e37-90bf-4aad-474d7b09dc4f,c:fKGhx0,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-6c5d9cf586-78kq8,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:343,mot:0,app:0,maw:0,fm:tHowKqv+111%7C112%7C113%7C114%7C115%7C116%7C1171%7C1172%7C1173%7C1181%7C1182%7C1183%7C1191%7C1192%7C1193%7C11a%7C11b*.1484055-72040524%7C11b1%7C11b2%7C11b31%7C11b4%7C11b5%7C11c1%7C11c2%7C11c31%7C11c4%7C11c5%7C11d1%7C11d2%7C11d3%7C11d4%7C11e1%7C11e2%7C11e31%7C11e4,idMap:11b*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:368,oid:d7932e45-0ca8-11ee-b8a0-52fdd4b1a650,v:19.8.417,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

Request Chain 372

https://fw.adsafeprotected.com/rfw/st/1484055/72040524/skeleton.js?ias_dspID=64&adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:5fbed5b9-60b1-c74e-e598-a3873d6e1526,c:fKGhxj,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-6c5d9cf586-jnzkq,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:376,mot:0,app:0,maw:0,fm:tHowKqz+111%7C112%7C113%7C114%7C115%7C116%7C1171%7C1172%7C1173%7C1181%7C1182%7C1183%7C1191%7C1192%7C1193%7C11a%7C11b1%7C11b2%7C11b31%7C11b4%7C11b5%7C11b6%7C11c*.1484055-72040524%7C11c1%7C11c2%7C11c31%7C11c4%7C11c5%7C11d1%7C11d2%7C11d3%7C11d4%7C11e1%7C11e2%7C11e31%7C11e4,idMap:11c*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:382,oid:d7932e5b-0ca8-11ee-adef-6e497afeab82,v:19.8.417,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

Request Chain 398

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEMkeyaNf-RR4Lg6c7K3mn_I&google_cver=1&google_push=ATf1kGMVfEbhHgpZ0_7NQ9WJMKwiUQQCSf8q6G8Ix1H77gnkkesx78TlD8ionTAIYSEwy3n_8ewYrRTp_zKh_58m1Z8t41RIjHatDA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=FQBkjQMkTwGoiV2nIRQSjA&google_push=ATf1kGMVfEbhHgpZ0_7NQ9WJMKwiUQQCSf8q6G8Ix1H77gnkkesx78TlD8ionTAIYSEwy3n_8ewYrRTp_zKh_58m1Z8t41RIjHatDA

Request Chain 399

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEALqLpJm7KlpTW1Vq2OimAk&google_cver=1&google_push=ATf1kGM_F_5TxgvCM1RSaH_0tYvrFu5ZMMDyUYIVBdNaQsj5rQvHbFUh1ITZFUy_1aGLYeHFdCQ3FH24hC2i6BV_dEGrw9fzkpQ2QA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGM_F_5TxgvCM1RSaH_0tYvrFu5ZMMDyUYIVBdNaQsj5rQvHbFUh1ITZFUy_1aGLYeHFdCQ3FH24hC2i6BV_dEGrw9fzkpQ2QA&google_hm=IqHdgTqyQuCODMEkFgOo6Gc

Request Chain 400

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHgtXX0pLR76uolrKFyWthE&google_cver=1&google_push=ATf1kGMFUYQ7F9bT5e6mFFDm9uKTzJfGd2AWWO3tuTL5ACpZH3UvaBHxXDj8p6QOvCdTlyIifUkpM6o0l41sQzmpWbLgcYS43B7hWA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzQ2MDg0NTI2NzQxMzgyMTM2MQ&google_push=ATf1kGMFUYQ7F9bT5e6mFFDm9uKTzJfGd2AWWO3tuTL5ACpZH3UvaBHxXDj8p6QOvCdTlyIifUkpM6o0l41sQzmpWbLgcYS43B7hWA

Request Chain 401

https://match.360yield.com/match/ebda?google_gid=CAESEIBFxfPJuoSEFlv0fK91AkQ&google_cver=1&google_push=ATf1kGPOVSdO3b0Ku6yd4pHyT5XevpB7PZlx8Y7HVT04GuPFa6umsK-Vsr4RRIRjGE2npXBBtAgGbRlyQIQIVaGTBAzk58W01wismA HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEIBFxfPJuoSEFlv0fK91AkQ&google_cver=1&google_push=ATf1kGPOVSdO3b0Ku6yd4pHyT5XevpB7PZlx8Y7HVT04GuPFa6umsK-Vsr4RRIRjGE2npXBBtAgGbRlyQIQIVaGTBAzk58W01wismA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=L9W3c8YaTBGEB-G3OZPolg&google_push=ATf1kGPOVSdO3b0Ku6yd4pHyT5XevpB7PZlx8Y7HVT04GuPFa6umsK-Vsr4RRIRjGE2npXBBtAgGbRlyQIQIVaGTBAzk58W01wismA

Request Chain 402

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEEwW6se3E9BzQZ8HrKTxxY8&google_cver=1&google_push=ATf1kGNsLyy7xJeVjs1N8a7QM3kjfqjGS4jfJ_45QaDuKXVjKvitT3GqIx-CEQ944WY0n4QyxzS6ZpqnwA0nxHbZ5-jRe91aze3ztuw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGNsLyy7xJeVjs1N8a7QM3kjfqjGS4jfJ_45QaDuKXVjKvitT3GqIx-CEQ944WY0n4QyxzS6ZpqnwA0nxHbZ5-jRe91aze3ztuw HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 403

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEP-th7uJpz15Wy83DaAtqSM&google_cver=1&google_push=ATf1kGOfKVCiEg6sFlCCr9xn9O8SiTcKSa0wLfeDeSFgZrWPfAohVp32CMHL5oWKQBFzT2FANacpHAngDYRTwDkP6orI7KtiCvk2SQE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=97575b0b-4286-49fd-9341-4e6e64b39340&%%GOOGLE_PUSH_PAIR%%

433 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 6x69807j0b5.html Show response
pcloak.blob.core.windows.net/web/ 1 KB
2 KB 529ms
129ms Document
text/html 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: d469330093a2cebd898628a339df6abaf5edcb89e85769ff79840371195a7d1f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 1318
Content-MD5: +Dz/d7Mp2GQfilgWrAkqiw==
Content-Type: text/html
Date: Sat, 17 Jun 2023 00:49:35 GMT
ETag: 0x8DB5ED0599CC10C
Last-Modified: Sat, 27 May 2023 16:35:15 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 765aa973-601e-0017-5eb5-a0eb06000000
x-ms-version: 2009-09-19

GET
H/1.1 404
The specified blob does not exist. jquery.min.js
pcloak.blob.core.windows.net/web/ 0
0 123ms
123ms Script
application/xml 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/jquery.min.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-request-id: 765aaa28-601e-0017-03b5-a0eb06000000
Date: Sat, 17 Jun 2023 00:49:35 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 200
OK cloakan.js Show response
pcloak.blob.core.windows.net/web/ 308 B
717 B 375ms
126ms Script
text/javascript 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 17 Jun 2023 00:49:35 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: zPiKctHo6j8i1UGOFPpInw==
ETag: 0x8DA4D4A263C11C2
Content-Type: text/javascript
x-ms-request-id: 765aab37-601e-0017-69b5-a0eb06000000
x-ms-version: 2009-09-19
Content-Length: 308

GET
H/1.1 200
OK style.css
pcloak.blob.core.windows.net/web/ 166 B
568 B 248ms
125ms Stylesheet
text/css 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/style.css
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 17 Jun 2023 00:49:35 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 9ruAIrm4XHnQO3/sM8J0AQ==
ETag: 0x8DA4D4A26527CA0
Content-Type: text/css
x-ms-request-id: 765aaac6-601e-0017-0db5-a0eb06000000
x-ms-version: 2009-09-19
Content-Length: 166

GET
H2 200 px.php Show response
www.cloakan.co/ 743 B
681 B 696ms
170ms XHR
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/px.php?id=6x69807j0b5
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:36 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 404

GET
H2 200 nv.php Show response
www.cloakan.co/ 232 B
385 B 353ms
169ms Script
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/nv.php?id=6x69807j0b5-m
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:37 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 112

GET
H2 200 / Show response
ye-mek.net/ Frame 8CDD 77 KB
78 KB 408ms
83ms Document
text/html 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/
Requested by: Host: www.cloakan.co
URL: https://www.cloakan.co/nv.php?id=6x69807j0b5-m
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 37996b46dda2191fba6cab6eada1bc9cf0a5bee4538ac2c1bf3ed8099d7bd701

Request headers

Referer: https://pcloak.blob.core.windows.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-length: 79348
content-type: text/html; charset=utf-8
date: Sat, 17 Jun 2023 00:49:37 GMT
expires: -1
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame 8CDD 90 KB
33 KB 133ms
39ms Script
text/javascript 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:18:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 113444
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33018
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Jun 2024 17:18:53 GMT

GET
H2 200 yemeknet.js Show response
ye-mek.net/js/ Frame 8CDD 10 KB
2 KB 131ms
130ms Script
application/javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/js/yemeknet.js?v=1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Sat, 17 Jun 2023 00:49:37 GMT
content-encoding: br
last-modified: Tue, 20 Aug 2019 13:15:54 GMT
server: Microsoft-IIS/10.0
etag: "0a144655957d51:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=691200
accept-ranges: bytes
content-length: 2179

GET
H2 200 maincss.css
cdn.ye-mek.net/ Frame 8CDD 40 KB
12 KB 138ms
39ms Stylesheet
text/css 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ye-mek.net/maincss.css?v=434
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:37 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 5153535
x-accel-date: 1681809442
x-77-nzt: AZySIYimVgX//6JOAA
x-accel-expires: @1713345442
last-modified: Tue, 24 Nov 2020 00:00:32 GMT
server: CDN77-Turbo
etag: W/"5fbc4d20-9e5b"
x-77-nzt-ray: f6587a1d7b5b89b821038d64778d9636
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 8CDD 120 KB
47 KB 141ms
53ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-38733763-1

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a37215a87bbf7c46df1f98856fb389cd4413398816a0cc417585fb9f9a0cfcbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47519
x-xss-protection: 0
last-modified: Sat, 17 Jun 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 17 Jun 2023 00:49:38 GMT

GET
H2 200 WebResource.axd Show response
ye-mek.net/ Frame 8CDD 23 KB
23 KB 71ms
70ms Script
application/x-javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/WebResource.axd?d=YeedoL8dFzo5gymDuarFXngFaaXpLN8jYlixY-HzMyr_r8lEwXsCQefYQgi2kFzYfrVacpu_9us1eVTBWQamZuI0ynrH9LDfafZF-A5wZF41&t=637811837229275428
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Sat, 17 Jun 2023 00:49:37 GMT
last-modified: Wed, 23 Feb 2022 00:28:42 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: application/x-javascript
cache-control: public
content-length: 23063
expires: Sat, 04 May 2024 23:14:43 GMT

GET
H2 200 searchButton.png
cdn.ye-mek.net/App_UI/Img/ Frame 8CDD 542 B
897 B 39ms
39ms Image
image/png 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/searchButton.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:37 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5153587
x-accel-date: 1681809390
content-length: 542
x-77-nzt: AZySIYgajYL/M6NOAA
x-accel-expires: @1713345390
last-modified: Sat, 22 Oct 2022 20:00:57 GMT
server: CDN77-Turbo
etag: "63544bf9-21e"
x-77-nzt-ray: f6587a1d7b5b89b821038d64bf9b6a3b
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ara.png
cdn.ye-mek.net/App_UI/Img/ Frame 8CDD 2 KB
2 KB 45ms
38ms Image
image/png 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/ara.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5153536
x-accel-date: 1681809442
content-length: 1651
x-77-nzt: AZySIYjr86D/AKNOAA
x-accel-expires: @1713345442
last-modified: Mon, 14 May 2018 22:41:08 GMT
server: CDN77-Turbo
etag: "5afa1084-673"
x-77-nzt-ray: f6587a1d7b5b89b822038d641ebf6f01
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-citir-tavuk-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 8CDD 14 KB
14 KB 60ms
52ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/firinda-citir-tavuk-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 6e517f1f2da440c36103d61ae698974db84ded6b3ac8635a8c24d8ac8652c10d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 8546
x-accel-date: 1686954432
content-length: 14117
x-77-nzt: AZySIYibkGD/YiEAAA
x-accel-expires: @1718490432
last-modified: Fri, 16 Jun 2023 22:14:46 GMT
server: CDN77-Turbo
etag: "648cded6-3725"
x-77-nzt-ray: f6587a1d7b5b89b822038d64af3a9301
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 peynirli-kabak-mezesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 8CDD 14 KB
15 KB 76ms
69ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/peynirli-kabak-mezesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: bead47bb08af73c61c4d920ed428af54cc8582bf2c69e9b8f7ffcc01bac902fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 95206
x-accel-date: 1686867772
content-length: 14723
x-77-nzt: AZySIYjkzcn/5nMBAA
x-accel-expires: @1718403772
last-modified: Thu, 15 Jun 2023 22:08:32 GMT
server: CDN77-Turbo
etag: "648b8be0-3983"
x-77-nzt-ray: f6587a1d7b5b89b822038d640aa99901
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 karadut-peltesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 8CDD 14 KB
14 KB 94ms
86ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/karadut-peltesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 75a654ce513996dc8f544619cc1c99b2361261bb6f38d51c619833d68d0a6a72

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 181435
x-accel-date: 1686781543
content-length: 14137
x-77-nzt: AZySIYh2DNr/u8QCAA
x-accel-expires: @1718317543
last-modified: Wed, 14 Jun 2023 21:56:43 GMT
server: CDN77-Turbo
etag: "648a379b-3739"
x-77-nzt-ray: f6587a1d7b5b89b822038d6465a49d01
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 buzlukta-mantar-saklama-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 8CDD 14 KB
14 KB 96ms
89ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/buzlukta-mantar-saklama-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 605b3f81cae22e511a6b284368d863e9da83d4c50680a9eb4527718e9146fe00

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 225382
x-accel-date: 1686737596
content-length: 14099
x-77-nzt: AZySIYitlOT/ZnADAA
x-accel-expires: @1718273596
last-modified: Wed, 14 Jun 2023 09:52:59 GMT
server: CDN77-Turbo
etag: "64898dfb-3713"
x-77-nzt-ray: f6587a1d7b5b89b822038d649aa5a101
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mantar-soslu-tavuk-bonfile-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/12/ Frame 8CDD 12 KB
13 KB 96ms
89ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/12/mantar-soslu-tavuk-bonfile-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e47fe684eeb5978f6c7437edacdbe8f33a60d89a68403c3e58c0128bfe36a52d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5150394
x-accel-date: 1681812584
content-length: 12780
x-77-nzt: AZySIYifxXD/upZOAA
x-accel-expires: @1713348584
last-modified: Mon, 27 Dec 2021 23:35:26 GMT
server: CDN77-Turbo
etag: "61ca4dbe-31ec"
x-77-nzt-ray: f6587a1d7b5b89b822038d64c690a301
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 bugu-kebabi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/07/ Frame 8CDD 11 KB
12 KB 96ms
89ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/07/bugu-kebabi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7de327885eb13552b4d8343d92108ecd9f34c139b358c2e2e4573227be944949

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5152778
x-accel-date: 1681810200
content-length: 11750
x-77-nzt: AZySIYies+v/CqBOAA
x-accel-expires: @1713346200
last-modified: Wed, 01 May 2019 23:21:23 GMT
server: CDN77-Turbo
etag: "5cca29f3-2de6"
x-77-nzt-ray: f6587a1d7b5b89b822038d6469eba501
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 islim-kebabi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/05/ Frame 8CDD 12 KB
12 KB 96ms
89ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/05/islim-kebabi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 580dad1a7f46af3417b3d06e483f4cfb043ce1d9e443398a4c0d98b47947d6ec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5152968
x-accel-date: 1681810010
content-length: 11900
x-77-nzt: AZySIYjNI0//yKBOAA
x-accel-expires: @1713346010
last-modified: Wed, 01 May 2019 23:34:43 GMT
server: CDN77-Turbo
etag: "5cca2d13-2e7c"
x-77-nzt-ray: f6587a1d7b5b89b822038d642d35a801
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 dalyan-kofte-rosto-kofte-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/02/ Frame 8CDD 11 KB
11 KB 96ms
90ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/02/dalyan-kofte-rosto-kofte-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 22c974ca84d1beebef37b4c95335f8ae6f597563bbb9246eed2f4f647a176128

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5153150
x-accel-date: 1681809828
content-length: 11371
x-77-nzt: AZySIYhXegL/fqFOAA
x-accel-expires: @1713345828
last-modified: Wed, 01 May 2019 22:37:27 GMT
server: CDN77-Turbo
etag: "5cca1fa7-2c6b"
x-77-nzt-ray: f6587a1d7b5b89b822038d64f39a0702
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 hasanpasa-koftesi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/03/ Frame 8CDD 11 KB
11 KB 112ms
106ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/03/hasanpasa-koftesi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: bcd5fa5d7dbca071d56d8dbd96ea4b73018dabd55ba191b2cd111719765f384c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5153150
x-accel-date: 1681809828
content-length: 11290
x-77-nzt: AZySIYgMVbH/fqFOAA
x-accel-expires: @1713345828
last-modified: Wed, 01 May 2019 23:32:07 GMT
server: CDN77-Turbo
etag: "5cca2c77-2c1a"
x-77-nzt-ray: f6587a1d7b5b89b822038d64fa450a02
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 patlican-cigirtma-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/12/ Frame 8CDD 12 KB
12 KB 112ms
106ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/12/patlican-cigirtma-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9ca119586f3ba8e6a4a1dacf83852d3275071d2501de033ba04673b4efde1ac3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5152653
x-accel-date: 1681810325
content-length: 12336
x-77-nzt: AZySIYhz+rv/jZ9OAA
x-accel-expires: @1713346325
last-modified: Sat, 07 Dec 2019 20:51:53 GMT
server: CDN77-Turbo
etag: "5dec10e9-3030"
x-77-nzt-ray: f6587a1d7b5b89b822038d64c84e0c02
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-zeytinyagli-biber-dolmasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/05/ Frame 8CDD 14 KB
14 KB 112ms
106ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/05/firinda-zeytinyagli-biber-dolmasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d69f2b4ba0b3d3c411bb34844d812afa68128a4ad85f62bb62df1b31fcf05b2b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5152874
x-accel-date: 1681810104
content-length: 14323
x-77-nzt: AZySIYjhGgH/aqBOAA
x-accel-expires: @1713346104
last-modified: Wed, 01 May 2019 22:42:33 GMT
server: CDN77-Turbo
etag: "5cca20d9-37f3"
x-77-nzt-ray: f6587a1d7b5b89b822038d64d0d80d02
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cacikli-arap-koftesi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/05/ Frame 8CDD 17 KB
17 KB 112ms
106ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/05/cacikli-arap-koftesi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 391f0374b07f1b2c4eab58066cdee9bbc7c14507b5be3ea7e34e26c9ec575bb4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5153262
x-accel-date: 1681809716
content-length: 17042
x-77-nzt: AZySIYge68//7qFOAA
x-accel-expires: @1713345716
last-modified: Tue, 24 May 2022 21:33:02 GMT
server: CDN77-Turbo
etag: "628d4f0e-4292"
x-77-nzt-ray: f6587a1d7b5b89b822038d64945c0f02
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ev-usulu-firinda-urfa-kebap-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/10/ Frame 8CDD 13 KB
13 KB 113ms
106ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/10/ev-usulu-firinda-urfa-kebap-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: fb9ee137734c9d4933d908d02325dc37c4dd86dd58614a2c7d9d5a01890aefd2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5151373
x-accel-date: 1681811605
content-length: 12802
x-77-nzt: AZySIYg5isn/jZpOAA
x-accel-expires: @1713347605
last-modified: Wed, 01 May 2019 22:49:22 GMT
server: CDN77-Turbo
etag: "5cca2272-3202"
x-77-nzt-ray: f6587a1d7b5b89b822038d64a2a61002
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 elbasan-tava-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/05/ Frame 8CDD 13 KB
14 KB 113ms
107ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/05/elbasan-tava-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3a7cdd2a8d457a3a736abdd116f27948e56ad18163f6f31bc4191240fe28e312

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5152685
x-accel-date: 1681810293
content-length: 13627
x-77-nzt: AZySIYiMnuz/rZ9OAA
x-accel-expires: @1713346293
last-modified: Fri, 22 May 2020 00:07:54 GMT
server: CDN77-Turbo
etag: "5ec717da-353b"
x-77-nzt-ray: f6587a1d7b5b89b822038d642b521202
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 karbonatli-kofte-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/06/ Frame 8CDD 13 KB
13 KB 113ms
107ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/06/karbonatli-kofte-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: f22e44016410fdcef01a56b89401973c22cc1d5fc740e615ed904add45ad7ffe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5152855
x-accel-date: 1681810123
content-length: 13173
x-77-nzt: AZySIYjaM6j/V6BOAA
x-accel-expires: @1713346123
last-modified: Wed, 01 May 2019 23:00:46 GMT
server: CDN77-Turbo
etag: "5cca251e-3375"
x-77-nzt-ray: f6587a1d7b5b89b822038d64a7131402
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kirmizi-et-marinesi-terbiyesi-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/09/ Frame 8CDD 13 KB
14 KB 113ms
107ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/09/kirmizi-et-marinesi-terbiyesi-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: be0c8346ffda26948856770034cf143c5aed0530f870ebfddb218f8e895954c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 1429550
x-accel-date: 1685533428
content-length: 13718
x-77-nzt: AZySIYj9L83/LtAVAA
x-accel-expires: @1717069428
last-modified: Wed, 01 May 2019 23:04:57 GMT
server: CDN77-Turbo
etag: "5cca2619-3596"
x-77-nzt-ray: f6587a1d7b5b89b822038d6457831502
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavada-tavuk-baget-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/07/ Frame 8CDD 16 KB
16 KB 113ms
107ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/07/tavada-tavuk-baget-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 153e16434e35bbd9bbcff26425cd7d24a240b15f44b9e04cd8f9c3efb3d052f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5153337
x-accel-date: 1681809641
content-length: 16274
x-77-nzt: AZySIYg7n6T/OaJOAA
x-accel-expires: @1713345641
last-modified: Sun, 12 Jul 2020 00:28:21 GMT
server: CDN77-Turbo
etag: "5f0a5925-3f92"
x-77-nzt-ray: f6587a1d7b5b89b822038d6460201702
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuklu-sehzade-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/04/ Frame 8CDD 16 KB
16 KB 113ms
107ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/04/tavuklu-sehzade-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7d7862e6fbf2d69229da6a29919581daccb5fda185e6d92171147b42184eb460

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5152800
x-accel-date: 1681810178
content-length: 16490
x-77-nzt: AZySIYgTRS3/IKBOAA
x-accel-expires: @1713346178
last-modified: Thu, 29 Apr 2021 23:52:25 GMT
server: CDN77-Turbo
etag: "608b46b9-406a"
x-77-nzt-ray: f6587a1d7b5b89b822038d6408ba1802
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 citir-tavuk-gogsu-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/06/ Frame 8CDD 12 KB
12 KB 113ms
108ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/06/citir-tavuk-gogsu-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b869a852368eaa119ee4b5b375ad2c86eb2c8eedaceafc3aff741faf14dc48b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3246941
x-accel-date: 1683716037
content-length: 11895
x-77-nzt: AZySIYj5+V7/XYsxAA
x-accel-expires: @1715252037
last-modified: Thu, 20 Jun 2019 22:35:57 GMT
server: CDN77-Turbo
etag: "5d0c0a4d-2e77"
x-77-nzt-ray: f6587a1d7b5b89b822038d64c9f71a02
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuklu-mantar-sote-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/05/ Frame 8CDD 16 KB
17 KB 113ms
108ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/05/tavuklu-mantar-sote-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e5717cc8aa2d5e23ac1adcdfdaff16f8a064f4c759b002fe9b97e6c71c0b810d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5148640
x-accel-date: 1681814338
content-length: 16563
x-77-nzt: AZySIYhWo6//4I9OAA
x-accel-expires: @1713350338
last-modified: Mon, 10 May 2021 01:43:23 GMT
server: CDN77-Turbo
etag: "60988fbb-40b3"
x-77-nzt-ray: f6587a1d7b5b89b822038d649aeb1c02
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kremali-mantarli-firin-makarna-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/08/ Frame 8CDD 12 KB
13 KB 113ms
108ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/08/kremali-mantarli-firin-makarna-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: dadfdfc7b569cd00d0d156e506ab33933374a143c93f073a5ccc1c9feec4def7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5152276
x-accel-date: 1681810702
content-length: 12690
x-77-nzt: AZySIYjhEeP/FJ5OAA
x-accel-expires: @1713346702
last-modified: Tue, 17 Aug 2021 21:56:33 GMT
server: CDN77-Turbo
etag: "611c3091-3192"
x-77-nzt-ray: f6587a1d7b5b89b822038d64a7ad1e02
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 zeytinyagli-kabak-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/08/ Frame 8CDD 12 KB
12 KB 113ms
108ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/08/zeytinyagli-kabak-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4da4b2dbcb075d53b1f00b57f6d48feab4e0b340f3eac0030f3ddb7626b8d732

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5151240
x-accel-date: 1681811738
content-length: 11940
x-77-nzt: AZySIYixLKL/CJpOAA
x-accel-expires: @1713347738
last-modified: Sun, 04 Aug 2019 22:44:22 GMT
server: CDN77-Turbo
etag: "5d475fc6-2ea4"
x-77-nzt-ray: f6587a1d7b5b89b822038d640c042002
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ispanak-borani-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/04/ Frame 8CDD 13 KB
13 KB 113ms
108ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/04/ispanak-borani-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d8b4887a05128d173df033ad7b0ecf00bba347394d67b8800b831a90dfeff00c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5152129
x-accel-date: 1681810849
content-length: 13451
x-77-nzt: AZySIYiesFT/gZ1OAA
x-accel-expires: @1713346849
last-modified: Wed, 01 May 2019 22:57:37 GMT
server: CDN77-Turbo
etag: "5cca2461-348b"
x-77-nzt-ray: f6587a1d7b5b89b822038d6414382202
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 patlican-silkme-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/08/ Frame 8CDD 17 KB
17 KB 113ms
108ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/08/patlican-silkme-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d7ca1cee5940065f9da9986c40d7d20128a7cb8826205f9aa655e992e5bfd94e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5151553
x-accel-date: 1681811425
content-length: 17037
x-77-nzt: AZySIYjJBvf/QZtOAA
x-accel-expires: @1713347425
last-modified: Thu, 06 Aug 2020 23:06:23 GMT
server: CDN77-Turbo
etag: "5f2c8cef-428d"
x-77-nzt-ray: f6587a1d7b5b89b822038d6466332402
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yogurtlu-kuskus-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/10/ Frame 8CDD 12 KB
12 KB 113ms
109ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/10/yogurtlu-kuskus-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8ef632787197eed4d48c94b8bf69add99b244a562f4927b491f8ec1f4d27e8e2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5153450
x-accel-date: 1681809528
content-length: 12366
x-77-nzt: AZySIYhEBcD/qqJOAA
x-accel-expires: @1713345528
last-modified: Wed, 01 May 2019 23:05:42 GMT
server: CDN77-Turbo
etag: "5cca2646-304e"
x-77-nzt-ray: f6587a1d7b5b89b822038d6435b22502
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mengen-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/04/ Frame 8CDD 12 KB
13 KB 114ms
109ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/04/mengen-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 1bb1649700c382552132ddf0dda42a9728d1d27c424cc5f589a71a446e26e8a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5153337
x-accel-date: 1681809641
content-length: 12650
x-77-nzt: AZySIYh70Db/OaJOAA
x-accel-expires: @1713345641
last-modified: Tue, 26 Apr 2022 00:25:36 GMT
server: CDN77-Turbo
etag: "62673c00-316a"
x-77-nzt-ray: f6587a1d7b5b89b822038d64230b2702
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 terbiyeli-tavuk-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/11/ Frame 8CDD 12 KB
13 KB 114ms
109ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/11/terbiyeli-tavuk-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5170aaf57181f13a2619d0e7e75d2973dcd5ce82ae5aca8cd7a9cb8a3a4e5d6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5152672
x-accel-date: 1681810306
content-length: 12488
x-77-nzt: AZySIYgOq5//oJ9OAA
x-accel-expires: @1713346306
last-modified: Wed, 01 May 2019 23:26:07 GMT
server: CDN77-Turbo
etag: "5cca2b0f-30c8"
x-77-nzt-ray: f6587a1d7b5b89b822038d6415062902
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kremasiz-mantar-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/12/ Frame 8CDD 11 KB
11 KB 114ms
109ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/12/kremasiz-mantar-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: c3c8f737c2c30356f2b788246c529049e20b42a6454539265981b00d318536ae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5152550
x-accel-date: 1681810428
content-length: 11203
x-77-nzt: AZySIYgI73P/Jp9OAA
x-accel-expires: @1713346428
last-modified: Fri, 23 Dec 2022 23:04:21 GMT
server: CDN77-Turbo
etag: "63a633f5-2bc3"
x-77-nzt-ray: f6587a1d7b5b89b822038d64b2962a02
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 hashasli-revani-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/07/ Frame 8CDD 13 KB
14 KB 114ms
109ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/07/hashasli-revani-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: bf31521a23de960c1d10dfbef8a4325799cf9f54f007c6130e7bd072a1c3920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5152904
x-accel-date: 1681810074
content-length: 13733
x-77-nzt: AZySIYjWUFX/iKBOAA
x-accel-expires: @1713346074
last-modified: Wed, 01 May 2019 22:45:17 GMT
server: CDN77-Turbo
etag: "5cca217d-35a5"
x-77-nzt-ray: f6587a1d7b5b89b822038d647ffe2b02
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 baklavalik-yufkadan-bulbul-yuvasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/05/ Frame 8CDD 16 KB
16 KB 114ms
110ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/05/baklavalik-yufkadan-bulbul-yuvasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a151cd0ce17efc76f5fe92c0721fa47031a36190c5ac7ee5f6512b9ac734d277

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5153369
x-accel-date: 1681809609
content-length: 16001
x-77-nzt: AZySIYhnwiL/WaJOAA
x-accel-expires: @1713345609
last-modified: Tue, 19 May 2020 13:21:10 GMT
server: CDN77-Turbo
etag: "5ec3dd46-3e81"
x-77-nzt-ray: f6587a1d7b5b89b822038d6445883002
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tencere-tava-keki-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/03/ Frame 8CDD 15 KB
15 KB 114ms
110ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/03/tencere-tava-keki-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 0efbf35bca6b7a0a4a24bec921b735d4a8e16b28ec1452cbf46e3891b64b4bc7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5153135
x-accel-date: 1681809843
content-length: 15495
x-77-nzt: AZySIYjHFhv/b6FOAA
x-accel-expires: @1713345843
last-modified: Wed, 01 May 2019 22:55:27 GMT
server: CDN77-Turbo
etag: "5cca23df-3c87"
x-77-nzt-ray: f6587a1d7b5b89b822038d64f4b73202
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yaban-mersinli-kek-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/01/ Frame 8CDD 16 KB
17 KB 114ms
110ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/01/yaban-mersinli-kek-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7ad21cc90a930524e58c899f79123513618465e3b374c71bf742e42cfcdf5a86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5153058
x-accel-date: 1681809920
content-length: 16719
x-77-nzt: AZySIYjy9bv/IqFOAA
x-accel-expires: @1713345920
last-modified: Sun, 22 Jan 2023 19:35:34 GMT
server: CDN77-Turbo
etag: "63cd9006-414f"
x-77-nzt-ray: f6587a1d7b5b89b822038d6452d13402
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 altin-pankek-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/11/ Frame 8CDD 12 KB
12 KB 114ms
110ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/11/altin-pankek-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d0b51e4d758e7454766165519e4de87c1136f57c11e22042a103c8b17d349a77

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5150649
x-accel-date: 1681812329
content-length: 12028
x-77-nzt: AZySIYhI/zT/uZdOAA
x-accel-expires: @1713348329
last-modified: Tue, 10 Nov 2020 22:43:13 GMT
server: CDN77-Turbo
etag: "5fab1781-2efc"
x-77-nzt-ray: f6587a1d7b5b89b822038d6474ce3602
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yogurtlu-kuru-domates-mezesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/01/ Frame 8CDD 18 KB
19 KB 114ms
110ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/01/yogurtlu-kuru-domates-mezesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5193db47eb9fc06307e77ac5bee288671f3947bcbf69031ad0faa1c41228fc5d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5141835
x-accel-date: 1681821143
content-length: 18784
x-77-nzt: AZySIYhhGuL/S3VOAA
x-accel-expires: @1713357143
last-modified: Tue, 10 Jan 2023 21:02:01 GMT
server: CDN77-Turbo
etag: "63bdd249-4960"
x-77-nzt-ray: f6587a1d7b5b89b822038d6404563802
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sucuklu-kasik-dokmesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/12/ Frame 8CDD 13 KB
14 KB 114ms
111ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/12/sucuklu-kasik-dokmesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9d590c241b2c34260736e08ed8ad94777ab9890478221c31136c399c0ca84da2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5152981
x-accel-date: 1681809997
content-length: 13754
x-77-nzt: AZySIYi/nab/1aBOAA
x-accel-expires: @1713345997
last-modified: Fri, 25 Dec 2020 22:24:40 GMT
server: CDN77-Turbo
etag: "5fe666a8-35ba"
x-77-nzt-ray: f6587a1d7b5b89b822038d64f7053a02
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cevizli-rendelenmis-ayva-receli-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/01/ Frame 8CDD 12 KB
12 KB 114ms
111ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/01/cevizli-rendelenmis-ayva-receli-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5ecd61f5ea38a0e66c87cfc42e04b9459b0535c4f778b9efe31710339b602e25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5151912
x-accel-date: 1681811066
content-length: 11845
x-77-nzt: AZySIYi3khH/qJxOAA
x-accel-expires: @1713347066
last-modified: Wed, 01 May 2019 22:35:52 GMT
server: CDN77-Turbo
etag: "5cca1f48-2e45"
x-77-nzt-ray: f6587a1d7b5b89b822038d64d9a53b02
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 _dmca_premi_badge_5.png
images.dmca.com/Badges/ Frame 8CDD 5 KB
6 KB 134ms
43ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_5.png?ID=da1d399b-5fd3-4da3-b5cd-8af692c19999
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:38 GMT
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: Microsoft-IIS/10.0
etag: "8ae3cdbd420cc1:0"
x-powered-by: ASP.NET
x-hw: 1686962978.cds221.fr8.hn,1686962978.cds153.fr8.c
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/_dmca_premi_badge_5.png>; rel="canonical"
content-length: 5605

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ Frame 8CDD 56 B
361 B 1105ms
42ms Script
text/javascript 23.206.208.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.206.208.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-206-208-114.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 17 Jun 2023 00:49:39 GMT
server: Oracle API Gateway
opc-request-id: /52388E136781CBFD19492F2D7CEF1629/A1A11415524D7FA0D52D0FE9BCFCB9E8
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H2 200 DMCABadgeHelper.min.js Show response
images.dmca.com/Badges/ Frame 8CDD 465 B
585 B 138ms
47ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://images.dmca.com/Badges/DMCABadgeHelper.min.js
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:38 GMT
content-encoding: gzip
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
server: Microsoft-IIS/10.0
etag: "26b181f16d28d51:0"
x-powered-by: ASP.NET
x-hw: 1686962978.cds221.fr8.hn,1686962978.cds057.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/DMCABadgeHelper.min.js>; rel="canonical"
content-length: 395

GET
H2 200 outside.js Show response
static.virgul.com/theme/mockups/adcode/ Frame 8CDD 74 KB
26 KB 549ms
86ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19525
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 6bc3d03f9d36b00c7c9e9480dc420908aaba03af664e60c3e09a12cc530a7436

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:38 GMT
content-encoding: gzip
last-modified: Thu, 15 Jun 2023 19:30:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=43200

GET
H2 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 8CDD 3 KB
2 KB 131ms
41ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c53892d59cd32f8a5def4df38f83ab256563f83c0bad82e68b6d1c3403a955b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 17 Jun 2023 00:49:38 GMT
content-md5: uzgnpGbwADF18uPehwQgwA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
x-fb-debug: vXxJklaf8TeSdbtwpknuleO4NlTsCZ9MI9Ep8bUk2BR/6l/mGk9t0I+MzwfiFJ4o0hVEUQK4B0hiiZpoQpi1Wg==
x-fb-trip-id: 1679558926
x-fb-content-md5: 77ae39c24eb17f16c4bbb8b5ddf294d8
cross-origin-opener-policy: same-origin-allow-popups
etag: "c144463751ee5a33d4ac43e50a67a9d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:58:20 GMT

GET
H2 200 sprite_3.png
cdn.ye-mek.net/grafik/ Frame 8CDD 21 KB
21 KB 112ms
111ms Image
image/png 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/grafik/sprite_3.png
Requested by: Host: cdn.ye-mek.net
URL: https://cdn.ye-mek.net/maincss.css?v=434
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.ye-mek.net/maincss.css?v=434
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 17 Jun 2023 00:49:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5153536
x-accel-date: 1681809442
content-length: 21525
x-77-nzt: AZySIYg5ZxD/AKNOAA
x-accel-expires: @1713345442
last-modified: Mon, 14 May 2018 20:55:05 GMT
server: CDN77-Turbo
etag: "5af9f7a9-5415"
x-77-nzt-ray: f6587a1d7b5b89b822038d64b95a3d02
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H3 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 8CDD 301 KB
85 KB 82ms
40ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js?hash=ae4b9025c0bc0666d24bd13bddecf942

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/tr_TR/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

41dd7e3a06aa3928007f6e365ee9da7c23cb323e0f3383a0f9910a41b2ba5d5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 17 Jun 2023 00:49:38 GMT
content-md5: SX+uuZ5+0Z9RibdnUEydfQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87359
x-fb-debug: d4dmRHR8InVfx701L0vmzKTdDQ20zeWO5rESSeR8UcR9a985VDkrqT3oqPY3+DUB1oNI78RIKo6JRI/+WRPu5Q==
x-fb-content-md5: 6e1b5da265d058b1ef5006d23715ad56
cross-origin-opener-policy: same-origin-allow-popups
etag: "82e6ece1ae8878cb160bffdb29e98e21"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Sun, 16 Jun 2024 00:38:21 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 8CDD 51 KB
21 KB 144ms
39ms Script
text/javascript 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-38733763-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 17 Jun 2023 00:35:22 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 856
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Sat, 17 Jun 2023 02:35:22 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 8CDD 79 KB
26 KB 179ms
56ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19525

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

29b2c61e389e564b3089a12674e8724e2174239c58df6c753e35f6e427517ad5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26461
x-xss-protection: 0
server: cafe
etag: 256 / 19525 / m202306130101 / config-hash: 4553594699066521459
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:49:38 GMT

GET
H2 200 ads.js Show response
static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ Frame 8CDD 120 B
306 B 81ms
81ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ads.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19525
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:38 GMT
last-modified: Wed, 21 Dec 2022 18:47:42 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 120

GET
H2 200 str.html Show response
static.virgul.com/theme/mockups/outside/ Frame EDD5 891 B
1 KB 81ms
81ms Document
text/html 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19525
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
content-length: 891
content-type: text/html
date: Sat, 17 Jun 2023 00:49:38 GMT
last-modified: Wed, 28 Sep 2022 10:07:57 GMT
server: openresty/1.15.8.3

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 8CDD 139 KB
48 KB 147ms
58ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19525

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

da63501825ba120dc0299f39a0597144092890d0444a7803a7cc43541a0c4495

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48226
x-xss-protection: 0
server: cafe
etag: 7396260770842368901
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:49:38 GMT

GET
H2 200 prebid7.38.0.js Show response
static.virgul.com/theme/mockups/outside/ Frame 8CDD 489 KB
182 KB 87ms
87ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19525
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:38 GMT
content-encoding: gzip
last-modified: Mon, 27 Mar 2023 14:56:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 8CDD 236 KB
58 KB 138ms
47ms Script
application/javascript 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19525
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:19:59 GMT
content-encoding: gzip
via: 1.1 c60125e7f3465aceafb0abd071a41a36.cloudfront.net (CloudFront), 1.1 22ec86e3f4ec676e17ef8eea76eefba2.cloudfront.net (CloudFront)
last-modified: Thu, 15 Jun 2023 18:14:56 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA56-P6
age: 1780
x-amz-server-side-encryption: AES256
etag: W/"9352f20e556bff9fea6fd0461aac850d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: V-IHVMJ8ivoKYrzGzZiI5vzQv5hQqhHHVm7RkOqgjOPLpsj5X3iNFQ==

GET
H2 200 pageview Show response
ng.virgul.com/ Frame 8CDD 34 KB
6 KB 249ms
150ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/pageview?c=site_geneli&mt=1686962978644&v=https%3A%2F%2Fye-mek.net%2F&r=yemek_net:site_geneli&userId=&tp=&os=&call=noktaad.ads.vvad&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc0,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.4995552611896892
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19525
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 371113ed72df8c2a615fb1453724d0a1fdd50c2e5a75d95b6b76055eb95b206c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:38 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/fallback/ Frame 8CDD 12 KB
2 KB 81ms
81ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/fallback/yemek_net.js?dts=19525
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19525
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:38 GMT
content-encoding: gzip
last-modified: Wed, 31 May 2023 14:14:23 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 hb Show response
ng.virgul.com/ Frame 8CDD 50 KB
5 KB 245ms
149ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/hb?call=noktaad.setHbParameters&site=yemek_net&dts=468600
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19525
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 43a6b0c697f542f7de9ddff571c0521bff885ef524fceef37f224854b1232844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:38 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
cache-control: max-age=3600
access-control-allow-credentials: true

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 8CDD 0
306 B 40ms
39ms XHR
text/plain 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fye-mek.net&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 21:30:31 GMT
via: 1.1 22ec86e3f4ec676e17ef8eea76eefba2.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
age: 11946
x-cache: Hit from cloudfront
access-control-allow-origin: https://ye-mek.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: f7gr4ymIX4sbCpBntM4PUKg41TAyzqP4fWjyuAAIrCknE1V68txUrg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 8CDD 6 KB
3 KB 119ms
39ms XHR
application/javascript 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id: Zm_tZQQ808JKRizBfXGgSN2OWn8Z6JUU
content-encoding: gzip
via: 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
date: Fri, 16 Jun 2023 05:44:42 GMT
x-amz-cf-pop: FRA56-P6
age: 68698
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 26 May 2023 01:35:48 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: 3fXsChjxMGa7Su8QWrvLDGHp11FEvsJOo6U42qFgGfOYqjrhGGBrTA==

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306120101/ Frame 8CDD 355 KB
119 KB 153ms
71ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306120101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a362a952c292709a71537fec975cef5e5dcac4b976fba407d8cd38fcc8c8ce3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121481
x-xss-protection: 0
server: cafe
etag: 1956364591812953663
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:49:38 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230614/r20190131/ Frame 3946 10 KB
5 KB 137ms
40ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230614/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 24288
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Jun 2023 18:04:50 GMT
etag: 15057649708203361565
expires: Fri, 30 Jun 2023 18:04:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/ Frame 8CDD 408 KB
126 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e190fdf47cb7389e127605fc34bfb1bfc74281d5264501b79f2779008a2ae73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 20:02:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17202
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128933
x-xss-protection: 0
server: cafe
etag: 1396361306703029922
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sat, 15 Jun 2024 20:02:56 GMT

GET
H2 200 empowerwebplayer3.js Show response
static.virgul.com/theme/mockups/outside/ Frame 8CDD 10 KB
3 KB 85ms
84ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:38 GMT
content-encoding: gzip
last-modified: Tue, 13 Jun 2023 13:36:40 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/sites/ Frame 8CDD 11 KB
5 KB 83ms
82ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/sites/yemek_net.js?dts=468600
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19525
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:38 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 09:08:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ Frame 8CDD 17 KB
5 KB 145ms
41ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19525
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:18:31 GMT
content-encoding: gzip
age: 1868
x-guploader-uploadid: ADPycdtqf2ao3mqyYrFC79vU1Ib2q7pCOtMM1Wr8XMHVt4Bxj8uOiFxRkXHcTk0a-dmDH4ZwfwRNw6vWFMp6n_d_c3ozlh8O7rBS
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5009
last-modified: Mon, 05 Jun 2023 16:36:50 GMT
server: UploadServer
etag: "47a886353056caf33a998c6041e20896"
vary: Accept-Encoding
x-goog-generation: 1685983010517890
x-goog-hash: crc32c=aHj4lg==, md5=R6iGNTBWyvM6mYxgQeIIlg==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 5009
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 zoneview
ng.virgul.com/ Frame 8CDD 0
209 B 82ms
82ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1686962978904&v=https%3A%2F%2Fye-mek.net%2F&r=153366@153377@153378@153379@153379@153382@153383:yemek_net&userId=vnetd3f78832-c440-4156-b5e0-4abada343ea3&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.08257665109117918
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Sat, 17 Jun 2023 00:49:38 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ Frame 8CDD 7 KB
3 KB 395ms
81ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19525
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Sat, 24 Jun 2023 00:49:39 GMT

GET
H2 200 zoneview
ng.virgul.com/ Frame 8CDD 0
209 B 82ms
82ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1686962978996&v=https%3A%2F%2Fye-mek.net%2F&r=153394@153493:yemek_net&userId=vnetd3f78832-c440-4156-b5e0-4abada343ea3&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.8991450068731603
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Sat, 17 Jun 2023 00:49:39 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ Frame 8CDD 23 B
459 B 566ms
436ms XHR
text/javascript 52.222.253.136
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pr=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pid=nfmkZAzCSpWUL&cb=0&ws=1600x1200&v=23.612.1758&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338221728129623web_yemeknet_right_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_right_tower%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338321728129623web_yemeknet_left_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_left_tower%22%7D%5D&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.253.136 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-253-136.fra60.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 ca8cb14c76df16342491237cea8cfed6.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA60-P3
x-amz-rid: A7NRRAPX69W58AG3BKCK
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: DxMYryROdLgVT3_5gXNAlQRK6diVmVSlc5fNrAhAB9sZEsb5iDbZBA==

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 8CDD 107 B
456 B 150ms
48ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 8CDD 53 KB
13 KB 347ms
346ms XHR
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3874342003548220&correlator=3745459248681751&output=ldjh&gdfp_req=1&vrg=202306130101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=2&adks=3733009076&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1686962978644%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetd3f78832-c440-4156-b5e0-4abada343ea3%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetd3f78832c4404156b5e04abada343ea3&sc=1&cdm=ye-mek.net&abxe=1&dt=1686962979045&lmt=1686962979&dlt=1686962977798&idt=1210&adxs=436&adys=2665&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=o28lw7ex88x5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1795257493.1686962978&ga_sid=1686962979&ga_hid=1910268385&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0c3f2ad6b95c038d798951d0198ac1bf4161b61d88343cdf9ea4b0e3612a174f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12989
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame BDD0 6 KB
3 KB 175ms
47ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 17 Jun 2023 00:49:39 GMT
expires: Sun, 16 Jun 2024 00:49:39 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 8CDD 44 KB
18 KB 530ms
530ms XHR
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3874342003548220&correlator=3066749340746842&output=ldjh&gdfp_req=1&vrg=202306130101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=3&adks=1404223681&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1686962978644%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetd3f78832-c440-4156-b5e0-4abada343ea3%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D%26amznbid%3D1%26amznp%3D1&ppid=vnetd3f78832c4404156b5e04abada343ea3&sc=1&cdm=ye-mek.net&abxe=1&dt=1686962979068&lmt=1686962979&dlt=1686962977798&idt=1210&adxs=315&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=4m5331du57dl&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=1795257493.1686962978&ga_sid=1686962979&ga_hid=1910268385&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9df6ee9cacae73c1c424e5e181c45ee6158e44f7a54cc535f10b65d3e520ee06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: 545257
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18318
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-mediationtag-id: 889514
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 8CDD 44 KB
18 KB 334ms
334ms XHR
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3874342003548220&correlator=3066749340746842&output=ldjh&gdfp_req=1&vrg=202306130101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=4&adks=1314976528&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1686962978644%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetd3f78832-c440-4156-b5e0-4abada343ea3%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D%26amznbid%3D1%26amznp%3D1&ppid=vnetd3f78832c4404156b5e04abada343ea3&sc=1&cdm=ye-mek.net&abxe=1&dt=1686962979072&lmt=1686962979&dlt=1686962977798&idt=1210&adxs=349&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=94ioohrszdw6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=1795257493.1686962978&ga_sid=1686962979&ga_hid=1910268385&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

574df8652d934830b1e8ca731a0b0638f5fc9ed49b8d2f852fc3ffe2d9b40ffc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: 545257
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18587
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-mediationtag-id: 889514
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 8CDD 43 KB
18 KB 732ms
732ms XHR
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3874342003548220&correlator=3066749340746842&output=ldjh&gdfp_req=1&vrg=202306130101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_3&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=5&adks=1806867393&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1686962978644%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetd3f78832-c440-4156-b5e0-4abada343ea3%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D%26amznbid%3D1%26amznp%3D1&ppid=vnetd3f78832c4404156b5e04abada343ea3&sc=1&cdm=ye-mek.net&abxe=1&dt=1686962979074&lmt=1686962979&dlt=1686962977798&idt=1210&adxs=985&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=n9ir8cdl18mr&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=1795257493.1686962978&ga_sid=1686962979&ga_hid=1910268385&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0fe10d11912351a74a1bf773b10b90fde0c8e156b6a87ed10b9537ac9790a1ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: 545257
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18295
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-mediationtag-id: 889514
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tag Show response
feed.pghub.io/ Frame 8E61 13 B
257 B 140ms
52ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Sat, 17 Jun 2023 00:49:39 GMT
strict-transport-security: max-age=31536000
via: 1.1 google

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F09F 603 B
218 B 90ms
89ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686962978860&bpp=4&bdt=1062&idt=251&shv=r20230614&mjsv=m202306120101&ptt=9&saldr=aa&nras=1&correlator=1113296724212&frm=24&ife=1&pv=2&ga_vid=1795257493.1686962978&ga_sid=1686962979&ga_hid=1910268385&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C42532277%2C42532279%2C44785295%2C44788442&oid=2&pvsid=3874342003548220&tmod=647139116&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.ixim7t8g1u8s&fsb=1&dtd=263

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306120101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 17 Jun 2023 00:49:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 8CDD 361 KB
121 KB 143ms
48ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19525

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123120
x-xss-protection: 0
expires: Sat, 17 Jun 2023 00:49:39 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ Frame 8CDD 398 KB
128 KB 90ms
90ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=6/17/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19525
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: gzip
last-modified: Mon, 29 May 2023 18:51:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Sat, 24 Jun 2023 00:49:39 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012305252018000/ Frame B1E8 222 KB
61 KB 143ms
41ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012305252018000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a4135cd61dfa379bb61b0718f3a20dc8b25d0b8f4e3f2e52ef4d0e5be736136c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 14 Jun 2023 21:11:23 GMT
age: 185896
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61795
x-xss-protection: 0
server: sffe
etag: "7347aa4c83612bf7"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Jun 2024 21:11:23 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012305252018000/v0/ Frame B1E8 15 KB
5 KB 235ms
134ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012305252018000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e2ac756b7d18a0715d66cff4a48f4ba89882b3bcec6cd4fda5455387eaff84d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 14 Jun 2023 21:11:23 GMT
age: 185896
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5238
x-xss-protection: 0
server: sffe
etag: "6efdfbd3c81d03c9"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Jun 2024 21:11:23 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012305252018000/v0/ Frame B1E8 94 KB
28 KB 211ms
110ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012305252018000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a9344144d755ac52f3d8405003feb8eab3b79aebc78e330537ea10861d6f32e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 15 Jun 2023 20:51:54 GMT
age: 100665
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28864
x-xss-protection: 0
server: sffe
etag: "51fe97ef57b83921"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 14 Jun 2024 20:51:54 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012305252018000/v0/ Frame B1E8 5 KB
2 KB 233ms
133ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012305252018000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a28b55f41413d16c71a76b7af3ff9f707323bb3906096b85f7a581415aaeff55

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 16 Jun 2023 03:58:48 GMT
age: 75051
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1896
x-xss-protection: 0
server: sffe
etag: "fbb7a7837efaff21"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 15 Jun 2024 03:58:48 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012305252018000/v0/ Frame B1E8 40 KB
13 KB 228ms
128ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012305252018000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45352935afb3119009abbfa8ed5bf7b67fc4edf64e8b718a134975410823ace9

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 14 Jun 2023 21:11:23 GMT
age: 185896
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12956
x-xss-protection: 0
server: sffe
etag: "bd37dd4c3b7b688b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Jun 2024 21:11:23 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame B1E8 4 KB
1 KB 136ms
48ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3d2b34675fd418a1b23c652fa791f4875ccc12860d9b4b6ec8ae4aa09d51ec1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 17 Jun 2023 00:27:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 17 Jun 2023 00:49:39 GMT

GET
H2 200 tr.png
tpc.googlesyndication.com/pagead/images/abg/ Frame B1E8 3 KB
3 KB 140ms
41ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 19:04:08 GMT
x-content-type-options: nosniff
server: cafe
age: 20731
etag: 9957912877679239782
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3057
x-xss-protection: 0
expires: Sat, 17 Jun 2023 19:04:08 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame B1E8 344 B
714 B 139ms
40ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 13:35:10 GMT
x-content-type-options: nosniff
server: cafe
age: 40469
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Sat, 17 Jun 2023 13:35:10 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame B1E8 0
0 88ms
87ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C0_Z9IwONZOi7B9ebgQfJtYIooeDsjnH9-8froBGzt-Or0zsQASDAsoJrYJXaiIKYB6AByIyk_APIAQmpAsitmDqOYrI-4AIAqAMByAMKqgTaAU_Q6yJOn4PuKffbYcqukGhB822A6mgsMaccIsT1zrSBkgmduE0UMTph69FnIb1TiI98dncCm5esHO4zqSd7_YdIejMoganxnHajZm7WCB7MGVTueCiXjqWaujz0Lxs9Rybp_hgJxoxxUDK1ANHNMdqVw6Lo6n4xLSTdN3PbgkkrJQcLZo9Akmnao8AfPG5BHCP6D6dSjIe87e_gGmPjcZVcrBExK6XwsNH0_GOroWeDEnP8s9LBS7w49QBMJkyK0oH7gF4ep3MpxQLz-Zk7gpup41rvV039IT44wATjprDNqwTgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHoPPbA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEOqzAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgPICwG4E-QD2BMOiBQD0BUBmBYBgBcBshceChwIABIUcHViLTY1OTM1MjMyMTAwMTAxNTQY6sFt&sigh=QGi6Pp6ZecE&uach_m=[UACH]&cid=CAQSLQBygQiDDxrkx9ocbbjr7FRIwE1ru5lI1KnCCsLfWel1hKNZht1TuSkliN0UnhgB&template_id=484
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H2 200 6592766407814317453
tpc.googlesyndication.com/simgad/15526145321348145647/ Frame B1E8 14 KB
14 KB 142ms
44ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15526145321348145647/6592766407814317453

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fcd8e19a77d1b6fbb11a09bcb64e448e98547746eca2149b5aee5f85307d9f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 03:29:38 GMT
x-content-type-options: nosniff
age: 76801
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14525
x-xss-protection: 0
last-modified: Wed, 10 May 2023 11:43:57 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 15 Jun 2024 03:29:38 GMT

GET
H2 200 5419364535165716031
tpc.googlesyndication.com/simgad/ Frame B1E8 2 KB
2 KB 141ms
43ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5419364535165716031?w=100&h=100

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15fa713cec97e8efafc1c53ccc987f702a28e6518f6ddcbd4c175e5452466571

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:47:49 GMT
x-content-type-options: nosniff
age: 273710
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1909
x-xss-protection: 0
last-modified: Mon, 21 Feb 2022 13:25:02 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 12 Jun 2024 20:47:49 GMT

GET
DATA 200
OK truncated
/ Frame B1E8 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b3c98bcd8998a4f3f04cea70c93809eaba6b8cb41a7853ef9a6a43bf09a14d76

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 container.html Show response
464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 13DC 6 KB
3 KB 41ms
40ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 17 Jun 2023 00:49:39 GMT
expires: Sun, 16 Jun 2024 00:49:39 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 13DC 0
0 85ms
85ms Fetch
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C72y6IwONZMWpCcjh-gbn872gCLiZ86Jc6bXuu_oCwI23ARABIABglYKHgpgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBPMBT9Cqxfi2kfkTI2GbtgQKuFTztMYGgAo61zVv_bicp0GYXxvXgLxXzc3m55Up64aqqLAvMYbzbT6_f7Oqgo6mY0GW7n_JnQQUYCacNfDpxvIxoDCyIWNk5QE5cBdUDrR7Hss7-saClUELmJi7R0vAA6y1OxPRgVfa5f5e50tkQJqRAdhyybJ3al4Bme4fEmnUcxisRBKar_m7Aiqss7auUZZHIiaLBgYRtm6Ttj1zZrTau0e0xfWkZ0jnY3Y_B1UT6MWrBUDH1W9_-t-Ufs3HkuunIVK1uYdIRB-yC632QLnSrFyvUH4XflYwSGPlXGseXmVt4AQBgAax0fGvjtqVuYsBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOYAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi03OTgzNjUxMjU3ODM4MjgyGOrBbQ&sigh=V57aHRSSbUo&uach_m=[UACH]&cid=CAQSbQBygQiDM-WFC3OsvpCmbg5UoXVG68qseezBmoHtrGMsA9e2iM5Seneyk2x9ZoMKyWEt-1yQ48w9wcmKW1UqP71GUDFu2gRKwl8uavfQXt0w7-B7wULAhwRFqDWybV6TsZpkgracri-oiB4HIdEYAQ&tpd=AGWhJmti-0S1OQxvnU55_2TLg5_UmfS1cXCptIV8RVnIK6nv4f69wLtzoEXm_H1FyeYRSXl1eF02ikVAxVpRT40Sr0uQkzX27d_tfjThNIlOSLEnnmBuniigQZcflOcHPdOyEZnNLetVYl4pFB7moc5yKpI6-fpiWFkDqb2iy7fkxloDCik_GgYMEw0Q-L99Z2SwiVeuNZOOg6wcZxYmVYWGyWkmUoHD2cT6F2Pr5fhS-cSrxde9iRB6-MXKw9ZZRACJOcopx8KyGbaMhtPaRO1GTKN2NwIF8jmnhF-hObD-sbsudcb9IbeaLPBjxUVnMYXNJUvkHEwORy8fUf_v4BKc092-p-5qOO17hpXY2HxXk76h1r4ipuQ9C_9DG_n9OZAHXXYxTQd1klBhU5IdOlHbPdWwRTIijfBFxtxhzGALAob7MIy9PvXZx91l2-mtM3pTCfzmxGLzzPAcXp4UuqNwJB9PDY51ftYnDv6qvw5YAenvhfFlrdS_m5Eu5SuAl4CrxQwLY7AytcpWthSmt2C9kkgLs8SzjAl4tGDF1j_DpyQ4mDOWTcXG9yof4if4bW3uu5xGsgZHQtNA6KiCzk3hPs_Jnu6DBQNyM8QpTDQpKy0iaBSYv-u_sGb_64Y17iNVk6mM9C4bnUyIkO65SG4Fisx6CK5lYHkAf2wLGV-0qZoODmGWFkB_UEYNGjk92yNwh7VH1OWBAxP1j4sNd1WYNmSXM1lqiKEPmzAJUvxCYG1nvtuLD5AEhprPqW7902S407S3eL3Y94oGvgy8RYnRd9Yy-28fdh_8ce-Eg-J12TOTbj5QRXxQaLh4cF2TtZcgwIrGy1pbrbwa9U0BWptB9V3EnBs0JM_jlshQ6nYnc_Gqb5iCMq01MWmOUSL0cHKp-8LusFO5FiMi2s9Xfcr_L5pHjIhtsPmB5WR75rxbBx2DC64aBnUrjqPPoKLn2F9t-ioO84shhJTmHpNxNn-Av8LPE_6_WurqQgeYz3x5ZVJGTR5T50o52aGRQj7IddKrQrclshpoVp064EHgNn-q3UsOg_JmjglABccJ_wqHIKG2kO_oGj0rsQUETJBQzYcFLMLtLoM7b-2UbQxVyMS3XvZjvuuhLReQovXNuSkTxspMKHWQR1XSoGolPYZFJ9-hi0oQA72GZZfDn57o1hFD2d3uEKJnbuX7tRMFemgk9D9cBcqmYeX8juiRr8DHnsrK3vgqc1LgB82gZ7GGSVDu-aiILXytU5pnWerSNwNbxmJhSW7GiW-ucm_mi0FqxajwQKUcfG7MvU9jJFMEgO5Tlv_OuZ9jBl9sVswyXb1vBo42G252Oltbrci5VOpA5mM602wFYS7aZsK5oHQ0q1etQ5ZohIGL-lCQBA-3Du99FAHvrLzv2WB4U0fR7cxAUZOEc4ZJhonU-RTDXgLhzvku41wabhyo0iCn525uPCP1KPDpSNCjONk5Tbd92zFxQ0Pug6RiQCh9oYe6eBX9X_JI3PnNaQ5a1ztwTAyB3Nz3zJU5QjlGgR2BJByXSVDAydMq4n4v3GISMtFyu_kG5VsA2Gcmf-yzI7pQtuKNWKjBX3ujHvuRK8bPJmiteanSdLcTV-bt_7WXOcLYvGQOFYniHw
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9655 261 B
122 B 54ms
52ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiA56_nATAB&v=APEucNWvx6LJ8NqwrK_NZ8y5Elc0y1C3AdekB05aEnSIWH7Vsi30RMFfiJFP3RRJaoO5Pa7XNhq2SHW67skTk0-LUWKhIffzYw5uT2LCo9uSGuhXWpkWtRUDgAQTYrFFPZsfgA2RG4CceXEug6R5bNQr62mkqkQwcCgE0cihleJpUtbU8VEgMeDsAAhqifNLGjcydeiAW5V5

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8e7c0b0b1c36228ba736e564a00405f72bf3b6bcfe6ac826cde2b6b9c14e55ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 102
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 17 Jun 2023 00:49:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 13DC 78 KB
27 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:49:39 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 13DC 42 B
63 B 75ms
74ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A1K1ZE7Gr2AGNBCyR66CUrCoMVgGaYyGNpbxg1fy0OxYI83f1gRluFgSbQJbw4yi4JTht8rNfRV2UEA8XGp8pc9ZpBMfbn7obLIm-g5e_NRndj3gs

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 13DC 0
20 B 74ms
73ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=17299878733017941070&x=6&ct=77

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adition.js Show response
imagesrv.adition.com/js/ Frame 13DC 32 KB
8 KB 182ms
85ms Script
application/javascript 217.79.188.10
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://imagesrv.adition.com/js/adition.js
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.79.188.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: 70e0a3b2c82384039a2e4b31c305c9ef1f72a59b585acad421c54a6101a25237

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: br
last-modified: Thu, 21 Oct 2021 06:32:42 GMT
etag: "4043560335-br"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 8355

GET
H2 200 js Show response
ad13.adfarm1.adition.com/ Frame 13DC 3 KB
3 KB 148ms
46ms Script
application/x-javascript 217.79.188.54
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad13.adfarm1.adition.com/js?wp_id=4813093&gdpr=&gdpr_consent=&kid=5872531&clickurl=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE2MDg1MCZzaXRlSWQ9ODQyNjE5JmFkSWQ9Mzc0OTkyNSZrYWRzaXplaWQ9OSZ0bGRJZD0wJmNhbXBhaWduSWQ9MjI5ODcmY3JlYXRpdmVJZD0wJnVjcmlkPTgxNzU1MjI4NDIzODUyNzI2NjYmYWRTZXJ2ZXJJZD0yNDMmaW1waWQ9REQwMUM1REQtMDgyRS00RDI2LUE3MzgtQzc1Njk0OTg5RkI2JnBhc3NiYWNrPTA%3D_url%3Dhttps://googleads.g.doubleclick.net/dbm/clk%253Fsa%253DL%2526ai%253DC7rN0IwONZMP8EILR3gOewbL4B9yo-JJx_-fm58QR9C4QASDLidYjYJXaiIKYB8gBCakCyK2YOo5isj6oAwGqBNYBT9CDDJtYpJWX_vIHwOuutAQ19mumOdm7833xKWNgUGZ6q2QYVY3ehg-giMKxXp-mx2DO3nuaw7hUmMAP-JFOe6VrX3EVdGZ4A-kZ0INItKtrtCMpHd-4QeFsrPyGX6FO-lPP5ui7y9ihWy6XnXklHxlyfqWaQEE8FRpSaZgexvoyv5KGrRViB5xiVoOwD2Up4f0crh_909ld8L8y39n-4Kb9yqn3eIq0h9Sku4RHRdP5ZTtYkEOb8lOitaUl_z2gKYp24I8NTnvDL5bjwhaBc5VG2mR_DcAEgNjpkr4E4AQDkAYBoAZNgAfXu7TEAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGF8yAqoCOgKAQEi9_cE68ggNYmlkZGVyLTg0MjYxOYAKBJgLAcgLAYAMAbATp_reE9ATANgTA9gUAdAVAfgWAYAXAQ%2526ae%253D1%2526num%253D1%2526cid%253DCAQSGwBygQiDf7aTSGsmJ_NpmM_qizJn6Z9RSic-5RgB%2526sig%253DAOD64_0SgL4BC-Si74T3nRPO6GcrHe1-Ag%2526client%253Dca-pub-6362111942204036%2526dbm_c%253DAKAmf-C3yTTqN0JDBxEvP1qoyWYUY-gGyDf1qfna4tIfmA1lNFt3D9ZRy-ftCmkiMJVbm7HXeltoytI42pFZoBXvCQnX07EZwiyYxncFkMa2skgCSM3NQ3lqJpR9Ubbc0MqHjMauBcqiIk4ELQW9HfqrbJqnU0SvpZcq0GVAPhmVIgMKlYgPrSE%2526cry%253D1%2526dbm_d%253DAKAmf-Dr0BfKxlbRUI9uAdcHL_VI_hWZx_oksD_MajBhXfS-KF8ulGd6Ewq6SrnDHkY3l8IysT5_oxiML6t58hzdYy_Bt5o4SpIRV4KBkc0MClWs9V1lvf5I1PK1CHneuplMKKHhzQVN2kd7NuUi6dUZ1JOtA_yY7-kEXIZdnP9zNqD1KpckOtg-njV2coDoPIp7BjZkRneEbrswsospB1_dE4hHDjF5uniCDY0fr3DlvS86-bbIQUQ_WsdUPD2RlKFjkyDusmq7qIPZ1EEI8DpueIWLSml1JhAY-G1ZMTIIePNms00O7_bmPjoG9kHWuMSrzwFQNS68vmblLIAMcjLDj1ESkHOlMl3PZQVBfbX-gkyOs4WZMWqr4u-P2-L5HSImKVvgW8D9XHgTrTd-qmFV2JC5TexVx1bZUSNhxB6FBlSl7Qv45eVD1fq7-0X0_SlmbxLM7VI6l-TUk25cpJJZBJ8feCXlNWfg9Wi7xYk0lzCbRQmnSR-Tk-3lUlO7CDcs-Jp0t_Ns_Bpsh35jGW66XaiR6invsQ%2526adurl%253D
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.54 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: aa.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: 9ebdfd3be382aa105dd46aec5d42eb54b4138e89ba7fd8dbd559741e9519cefc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
date: Sat, 17 Jun 2023 02:49:39 +0200
cache-control: max-age=600
content-encoding: gzip
content-type: application/x-javascript
server: ADITIONSERVER v1.0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 aa.js Show response
q.adrta.com/s/pbm/ Frame 13DC 6 KB
3 KB 635ms
208ms Script
application/javascript 44.236.199.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://q.adrta.com/s/pbm/aa.js?cb=1015140641_1686962979_259802
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.236.199.192 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-236-199-192.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 95544e762173b33dfcecb7c09008b5edd6cd2f35ef8f9bc575fe34e0c8792d29

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: gzip
server: nginx
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame 13DC 3 KB
1 KB 80ms
78ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/window_focus_fy2021.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 08:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58154
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 08:40:25 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame 13DC 19 KB
8 KB 72ms
71ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 17:36:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25974
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8120
x-xss-protection: 0
server: cafe
etag: 8171891181101138299
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 17:36:45 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 13DC 24 KB
7 KB 80ms
79ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 13:25:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 127443
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 14 Jun 2024 13:25:36 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 13DC 178 KB
56 KB 63ms
55ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:49:39 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame B1E8 15 KB
16 KB 128ms
39ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 17:04:15 GMT
x-content-type-options: nosniff
age: 546324
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 09 Jun 2024 17:04:15 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame B1E8 15 KB
15 KB 137ms
49ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 03:30:27 GMT
x-content-type-options: nosniff
age: 595152
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 09 Jun 2024 03:30:27 GMT

GET
H/1.1

204
No Content

m
ad.yieldlab.net/ Frame 9655
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=yieldlab&google_cm&google_dbm
https://ad.yieldlab.net/m?dt_id=52&ext_id=CAESEJprUd9ZxIAbWl5vrAAEkYk&google_cver=1

0
400 B

142ms
50ms

Image
text/plain

184.25.219.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.yieldlab.net/m?dt_id=52&ext_id=CAESEJprUd9ZxIAbWl5vrAAEkYk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiA56_nATAB&v=APEucNWvx6LJ8NqwrK_NZ8y5Elc0y1C3AdekB05aEnSIWH7Vsi30RMFfiJFP3RRJaoO5Pa7XNhq2SHW67skTk0-LUWKhIffzYw5uT2LCo9uSGuhXWpkWtRUDgAQTYrFFPZsfgA2RG4CceXEug6R5bNQr62mkqkQwcCgE0cihleJpUtbU8VEgMeDsAAhqifNLGjcydeiAW5V5
Protocol: HTTP/1.1
Server: 184.25.219.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-25-219-161.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 17 Jun 2023 00:49:39 GMT
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection: keep-alive
Expires: Fri, 16 Jun 2023 00:49:39 GMT

Redirect headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ad.yieldlab.net/m?dt_id=52&ext_id=CAESEJprUd9ZxIAbWl5vrAAEkYk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame 9655
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_dbm
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEJvmT5qEBhQuZy3Fp8jnA9I&google_cver=1&adform_v=1

43 B
163 B

139ms
39ms

Image
image/gif

37.157.6.233
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEJvmT5qEBhQuZy3Fp8jnA9I&google_cver=1&adform_v=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiA56_nATAB&v=APEucNWvx6LJ8NqwrK_NZ8y5Elc0y1C3AdekB05aEnSIWH7Vsi30RMFfiJFP3RRJaoO5Pa7XNhq2SHW67skTk0-LUWKhIffzYw5uT2LCo9uSGuhXWpkWtRUDgAQTYrFFPZsfgA2RG4CceXEug6R5bNQr62mkqkQwcCgE0cihleJpUtbU8VEgMeDsAAhqifNLGjcydeiAW5V5
Protocol: H2
Server: 37.157.6.233 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
last-modified: Mon, 14 Nov 2022 09:52:50 GMT
server: nginx
accept-ranges: bytes
etag: "63720ff2-2b"
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEJvmT5qEBhQuZy3Fp8jnA9I&google_cver=1&adform_v=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 312
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 13DC 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2671991470875&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 13DC 0
20 B 74ms
73ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2671991470875&version=m202301230201&ct=77&x=6&cor=17299878733017942000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 13DC 30 KB
17 KB 79ms
75ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DVPnrnTxPB4H1geG4DgjTSJj24yGQWNH3J-0Ax7pl7igiN7Ju_aUQ3NTZmev-zVgT1cqrM1IW-RqJy0SfOyMPkWPid4jmWvDX0sGpOOTRsBF3WOMFpvWgM43rQmMSDvxRF1VHl0POwRMtiJipkMObvcehTaAWGS53sUBMbQ9TA0J9IGR8&cry=1&dbm_d=AKAmf-BWZ9ADSpgjc1_nwB0hTag0Thy9DZ1hp2yZhdhaXZHBKVRvBc27t4a2w_BlBQq0gwtboLpmcQVVFDLV-mEI_8QGC_GShMXTfHmuxZwRA06pLFSfqUUovxHp6H-8vPgp0PEhcW72OTRqPX3ztCjh0gnBeo2HuFj5do3j8mDuuleatQlS3Bvu1kGazU-ytYMQbLHXuix4FpIgt77Ovctol2SkaXvZ6E9JnjHsU56f6ZZYKzcvGGFqFL4ADHj1tGheftU-HiYiZrTNULrSuTiFnSW_Dy04UJwAggZO2Fc6FRFIkl1G174cdZQzHVwkfxLJBBZrZKdP13OIIHyl5rCoM9zi24Iqo_04sMof8RPKM541zrhRj6HKjW6DEg8t3Lqk59S4my0-AiEliRDuYhd8dMW2_gC84AoVUO7CKLuomfD2tZAMtJfEzXjFLAF_xNzaepiCRytH5XgsE8ZnvF15dYBFH8NlIA4vk6mRu7ZphRCBeIJzFzmIxh0kV42ClVyjUluvWTnE9E2QrV5o4uEalG2hte5uHtr-d3SZLPqNE2B72DWAAXL0uagaqnNcGesl5jHDakAzv9M9tv6F-Y39IG6ccVsrZjZMFQhVsBnRAOT5z9Mc9vi-_eAxiCxMHeirxLRk_m7WP_1Gwkzvi1E9KVUJ41TwbhXzgE5UvT3ZE4mpXmxLhFgLrftrvnFokzWs4XYsYtmfRrvPalwPwNB5yyg8e3OdsJNxLOpWPX-5D_NLnuBRcty5rtvTe1mX7oKMV2kutUPXL-pNm7kV-nRUPQx3c0t6EmOtXBjpJiCg7Cx-OTQus1C8_PeSWu8AuIhyFuoPJ_ToXI0nNJ2nE5d4wLXRfloS1tyL7s-SAJm1Ev0hkd6JMUw5EjXflIzuckA_ZkyVGxs6XNIaEzXZWkK4ZdxCnTAEvkO921cpOPS-fyDAntqj_rm-w70DYsTm8B5qg18Glybrx9zAxwjJyEQaXaSGmM5nRrL3glfCXRp5Ee1l0HIgovgxPiox502AjnI1Vhn_xb1qaXZQXt3BrB-L2jrAyJk8O1bEVWM10H_J2C0w1KmYPCNPp4knUUpKJEpmUo6KXqIGbhspIF7KIZsGIYrye4O7e-2yCQor3YT_90EejYDi-Wlm_YU6X8kDtDCv6kDeGFZe68WNXNjcsIhtHOJLuPqD6t3oc3odztKNgKdjgHM8PFTxSBEU0VvbDx0MhXUAXNdTW6QMNVViY4Q0kKvnZhjELXjJxIgAT-OtXJCe4PedLbG563C57wfkzE8w_XTzC0ct3bGUkzLxNUm8QCeXoWn24lwBGIaThpuZGHxwTqSth3UlK4temo-GfbJXZtHf8ejDerRpMuCqOVvp-JR2PhlAecdO7EhXlGqYgwosVA25XaDb_r6h9x0dQe2smOgjYXmaMxGW9W7cd_-Ml27WztU_tGjN3BOedceKadHvgZ_4Syh_0QsH-8OUxwrEhcQA_WLLJ69HgAVch-641ryWcXqV1qB0x3M4EOhsLC8bBMoixO2S25ZJm9vGN4c5qKuQtX968k9wd1Lp15eVR5ZsaqPCS0jKjSH9HhDH0vY_4JM7fzOiHu1Zumhq49_NTyKM0oHiwnQBYBFreGtFPLSF8jF8p3L4K3brYi_Sme5eJcA4O_jLbWaKetIiSDTbMl1zv4lFLa2ohLW-Deyva2RaKCe-ibNvJ2qdSqLPY1K5okilApa8Sm9qf91TM3Vt6rcbcCLMQAycZ9IyHMf3bOAe60-VMLuDNMsfY8qnJj-pqH_sSxTSrxJkuDHC3iXIJ4kT4j2wybP1T-JuXd-CbZZOzNnEjFucrQEDZBDE_naeuWRIPD5It1jQz7VwhRImp3rI6CVYD-htjnrWfENZkJeV0zE5WB_CTyIkyx51Q9oZyirJBh5OQGiC9AYURklUeWBbp3C_tmkH9AZPMdFAJCtY4pq2AQI4QwCC2PHG82wZricD-E92uZXvvnoD5_hAF7-3qKg26fkT8NTrOXYm7T73Fjo-PR2DQVV1kAUnLGzMP6gS6Vs8IvWqHyXvYe7uq7LLYryM4Iob1WJeYx5ow2kT2_mOUeqSZgXLUW_uOFZUYhJi41LcOdNcaKuyWmDcz1268KK0_S_x2zwKV6_pR_VSQqTndRV-KNq_qQb2YhP-PRi-VYHIuxX0TcNrPxcwONuiR2sFB690pQ8SL509Ab2Y0A6orQ0xjhmukhGfschopphrTWzucYxRujN4wJ4SobUVpgDhXMB3L8pOlMwfshQqZ0NkJnAoSAuL-xd5rIrdngwH72PMn2bh6Vu3tBUHcicBdv2WogFjcIJwoMmL5KcbpZrSqfYFVgE27QuiUmadNAmycA9LaLbbmkmaArvXFfBmjBwaRzMRoM0fzvQsVYAzm8Z5eQuj_iyUIZV6vQgTB3tQb9URf5QkAA296lHUzDtUCuv72g7LuOuENaqK43EME9t4HuaqJq84Vg72hIbVWmCuRalKVHo9Wj1JQIN1UI_6WXsUkuurgMEI6gBfgfDbE3SJNyDi_Woak-noMQDY0vXNzdQtc5fxwPDEqnP-ChP3IhKFmJsGkJapxL17hg9go0SZdPcBSiDD7QV2lcRvFSGTfpOKmlSTwcQ3YkxPEV3NuaZYqW8sQ3kUUX9pXM1b1ZULCsC607XphokzLUYEc12fZKVg7I5IanwCYBbZMnjmr1UWNEAqacoNmbHJ42leWi9aFUQ8JvlAqMICprWZqH_5Y1MJ7-RrnbsXgYzbSDDEbLbb9jiBF6NVDWcenrA7QfrOD5Un9QwlF6-VC-35l_6UDTmzQbOwSc3nUMFLU5m5SYtqkz2G0_k9n6JMaoqZqyhxoWE-wWwSEYmocLVjoUSLKzXDUm813plZ08knF5AqR6MmJyidiDGJfJuR7Dpqlpv6jR9w0vJjF3EdaLmC4q_aKi8zqbE7HcRYX18kFqITLbOXkHEHtRjOht14EHLYCdxBdJFqGFzl6_8_9wyQF4ZGq50UoP-TNQ5eEM9XgUpBqkfyylAI90fhOJhzDIp7TRWpoaHsxs08Zok_tfIMUdcZZp2Chl8gfpwygBqeIEkiJx70wf78u4CeagwDhyb2J1RYY4pCHxLg8A43-GtJDBg8UVfUQNiOJ7iJEUYoAFC1x5B5Z6BqSDKLA8my604ylr5A9Lym0wdVnEZ3aNvCOK7T3Mj2CvI3KRmUMUyzWwSEjpK328m1SbMp8QiZDG7f36xJlBYP93SUe6-CNXnoovuLjPasVUkAQ_kRAaLriGXiQeVZts9r-xG6xGcbx49xBx2D5xZ8EOCAb-rQ05hzzJBbvU9HtHJzy7yvOW52fIHmaNcuNU58wPXPyMDp1qHiJ0pcB64DVQUFmBxurLgBPYItT5QvuFZ3sPwZFEn3H-yJoELy0cB_KMXuKBLjG_2kAiwtMINKI-Pg-3xkTvm0qxBn__jCCSjxhV6pJhXUeO5rBLDlQpgDdarJcTuT4xob59Ulxg&pr=6%3A0.115964&cid=CAQSGwBygQiDf7aTSGsmJ_NpmM_qizJn6Z9RSic-5RgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=17299878733017942000&adk=8722919&idt=64&cac=0&dtd=16

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2fd260c45b979ff64bd96a88fdac7f35416413d9b59ad9902370c2a912e6c777

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17541
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 8CDD 107 B
165 B 50ms
49ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 8CDD 23 KB
11 KB 453ms
452ms XHR
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3874342003548220&correlator=2748496158886291&output=ldjh&gdfp_req=1&vrg=202306130101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_right_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=6&adks=3203893797&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1686962978644%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetd3f78832-c440-4156-b5e0-4abada343ea3%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetd3f78832c4404156b5e04abada343ea3&sc=1&cdm=ye-mek.net&abxe=1&dt=1686962979633&lmt=1686962979&dlt=1686962977798&idt=1210&adxs=1318&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=icw6cww05lih&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=1795257493.1686962978&ga_sid=1686962979&ga_hid=1910268385&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

81dcdb89a5eeaf53d4f6dcea3ce572c43bad3386e620dccc88c5cf269ea5b2e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11233
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 8CDD 23 KB
11 KB 349ms
348ms XHR
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3874342003548220&correlator=2575666108148879&output=ldjh&gdfp_req=1&vrg=202306130101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=7&adks=345722362&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1686962978644%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetd3f78832-c440-4156-b5e0-4abada343ea3%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetd3f78832c4404156b5e04abada343ea3&sc=1&cdm=ye-mek.net&abxe=1&dt=1686962979635&lmt=1686962979&dlt=1686962977798&idt=1210&adxs=436&adys=1389&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=qcl1v1jqcb33&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1795257493.1686962978&ga_sid=1686962979&ga_hid=1910268385&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

245ff7a388435601d41642dcbf834d7b99ff063486fcabea192f497909a067ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11011
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 8CDD 65 KB
14 KB 336ms
335ms XHR
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3874342003548220&correlator=4065183276785959&output=ldjh&gdfp_req=1&vrg=202306130101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_left_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=8&adks=3299242717&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1686962978644%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetd3f78832-c440-4156-b5e0-4abada343ea3%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetd3f78832c4404156b5e04abada343ea3&sc=1&cdm=ye-mek.net&abxe=1&dt=1686962979638&lmt=1686962979&dlt=1686962977798&idt=1210&adxs=122&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=mzipr89hmilk&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=1795257493.1686962978&ga_sid=1686962979&ga_hid=1910268385&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05452d9ffabcafe96540871c6ca81f557958ddaee370546ef488fcc62f86cd27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14756
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 8CDD 33 KB
14 KB 367ms
366ms XHR
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3874342003548220&correlator=3400468793847929&output=ldjh&gdfp_req=1&vrg=202306130101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_ust_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=9&adks=456810305&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1686962978644%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetd3f78832-c440-4156-b5e0-4abada343ea3%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetd3f78832c4404156b5e04abada343ea3&sc=1&cdm=ye-mek.net&abxe=1&dt=1686962979641&lmt=1686962979&dlt=1686962977798&idt=1210&adxs=436&adys=751&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=gz3njdgl7qml&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1795257493.1686962978&ga_sid=1686962979&ga_hid=1910268385&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

13874511ccf5085d18036021b424ce21c9b50d42f15531f626a7a29c6aada8be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14395
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 8CDD 23 KB
11 KB 349ms
348ms XHR
text/plain 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3874342003548220&correlator=2174850302994723&output=ldjh&gdfp_req=1&vrg=202306130101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=10&adks=2157304621&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1686962978644%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetd3f78832-c440-4156-b5e0-4abada343ea3%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetd3f78832c4404156b5e04abada343ea3&sc=1&cdm=ye-mek.net&abxe=1&dt=1686962979646&lmt=1686962979&dlt=1686962977798&idt=1210&adxs=436&adys=2027&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=shi9iqsgrgl3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1795257493.1686962978&ga_sid=1686962979&ga_hid=1910268385&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

91ba9e463564da5fd6172206e4ae43b74de8f12efb8865aade1bc3c11a5b6ed6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11219
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B951 6 KB
3 KB 42ms
40ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 17 Jun 2023 00:49:39 GMT
expires: Sun, 16 Jun 2024 00:49:39 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/ Frame 13DC 29 KB
11 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DVPnrnTxPB4H1geG4DgjTSJj24yGQWNH3J-0Ax7pl7igiN7Ju_aUQ3NTZmev-zVgT1cqrM1IW-RqJy0SfOyMPkWPid4jmWvDX0sGpOOTRsBF3WOMFpvWgM43rQmMSDvxRF1VHl0POwRMtiJipkMObvcehTaAWGS53sUBMbQ9TA0J9IGR8&cry=1&dbm_d=AKAmf-BWZ9ADSpgjc1_nwB0hTag0Thy9DZ1hp2yZhdhaXZHBKVRvBc27t4a2w_BlBQq0gwtboLpmcQVVFDLV-mEI_8QGC_GShMXTfHmuxZwRA06pLFSfqUUovxHp6H-8vPgp0PEhcW72OTRqPX3ztCjh0gnBeo2HuFj5do3j8mDuuleatQlS3Bvu1kGazU-ytYMQbLHXuix4FpIgt77Ovctol2SkaXvZ6E9JnjHsU56f6ZZYKzcvGGFqFL4ADHj1tGheftU-HiYiZrTNULrSuTiFnSW_Dy04UJwAggZO2Fc6FRFIkl1G174cdZQzHVwkfxLJBBZrZKdP13OIIHyl5rCoM9zi24Iqo_04sMof8RPKM541zrhRj6HKjW6DEg8t3Lqk59S4my0-AiEliRDuYhd8dMW2_gC84AoVUO7CKLuomfD2tZAMtJfEzXjFLAF_xNzaepiCRytH5XgsE8ZnvF15dYBFH8NlIA4vk6mRu7ZphRCBeIJzFzmIxh0kV42ClVyjUluvWTnE9E2QrV5o4uEalG2hte5uHtr-d3SZLPqNE2B72DWAAXL0uagaqnNcGesl5jHDakAzv9M9tv6F-Y39IG6ccVsrZjZMFQhVsBnRAOT5z9Mc9vi-_eAxiCxMHeirxLRk_m7WP_1Gwkzvi1E9KVUJ41TwbhXzgE5UvT3ZE4mpXmxLhFgLrftrvnFokzWs4XYsYtmfRrvPalwPwNB5yyg8e3OdsJNxLOpWPX-5D_NLnuBRcty5rtvTe1mX7oKMV2kutUPXL-pNm7kV-nRUPQx3c0t6EmOtXBjpJiCg7Cx-OTQus1C8_PeSWu8AuIhyFuoPJ_ToXI0nNJ2nE5d4wLXRfloS1tyL7s-SAJm1Ev0hkd6JMUw5EjXflIzuckA_ZkyVGxs6XNIaEzXZWkK4ZdxCnTAEvkO921cpOPS-fyDAntqj_rm-w70DYsTm8B5qg18Glybrx9zAxwjJyEQaXaSGmM5nRrL3glfCXRp5Ee1l0HIgovgxPiox502AjnI1Vhn_xb1qaXZQXt3BrB-L2jrAyJk8O1bEVWM10H_J2C0w1KmYPCNPp4knUUpKJEpmUo6KXqIGbhspIF7KIZsGIYrye4O7e-2yCQor3YT_90EejYDi-Wlm_YU6X8kDtDCv6kDeGFZe68WNXNjcsIhtHOJLuPqD6t3oc3odztKNgKdjgHM8PFTxSBEU0VvbDx0MhXUAXNdTW6QMNVViY4Q0kKvnZhjELXjJxIgAT-OtXJCe4PedLbG563C57wfkzE8w_XTzC0ct3bGUkzLxNUm8QCeXoWn24lwBGIaThpuZGHxwTqSth3UlK4temo-GfbJXZtHf8ejDerRpMuCqOVvp-JR2PhlAecdO7EhXlGqYgwosVA25XaDb_r6h9x0dQe2smOgjYXmaMxGW9W7cd_-Ml27WztU_tGjN3BOedceKadHvgZ_4Syh_0QsH-8OUxwrEhcQA_WLLJ69HgAVch-641ryWcXqV1qB0x3M4EOhsLC8bBMoixO2S25ZJm9vGN4c5qKuQtX968k9wd1Lp15eVR5ZsaqPCS0jKjSH9HhDH0vY_4JM7fzOiHu1Zumhq49_NTyKM0oHiwnQBYBFreGtFPLSF8jF8p3L4K3brYi_Sme5eJcA4O_jLbWaKetIiSDTbMl1zv4lFLa2ohLW-Deyva2RaKCe-ibNvJ2qdSqLPY1K5okilApa8Sm9qf91TM3Vt6rcbcCLMQAycZ9IyHMf3bOAe60-VMLuDNMsfY8qnJj-pqH_sSxTSrxJkuDHC3iXIJ4kT4j2wybP1T-JuXd-CbZZOzNnEjFucrQEDZBDE_naeuWRIPD5It1jQz7VwhRImp3rI6CVYD-htjnrWfENZkJeV0zE5WB_CTyIkyx51Q9oZyirJBh5OQGiC9AYURklUeWBbp3C_tmkH9AZPMdFAJCtY4pq2AQI4QwCC2PHG82wZricD-E92uZXvvnoD5_hAF7-3qKg26fkT8NTrOXYm7T73Fjo-PR2DQVV1kAUnLGzMP6gS6Vs8IvWqHyXvYe7uq7LLYryM4Iob1WJeYx5ow2kT2_mOUeqSZgXLUW_uOFZUYhJi41LcOdNcaKuyWmDcz1268KK0_S_x2zwKV6_pR_VSQqTndRV-KNq_qQb2YhP-PRi-VYHIuxX0TcNrPxcwONuiR2sFB690pQ8SL509Ab2Y0A6orQ0xjhmukhGfschopphrTWzucYxRujN4wJ4SobUVpgDhXMB3L8pOlMwfshQqZ0NkJnAoSAuL-xd5rIrdngwH72PMn2bh6Vu3tBUHcicBdv2WogFjcIJwoMmL5KcbpZrSqfYFVgE27QuiUmadNAmycA9LaLbbmkmaArvXFfBmjBwaRzMRoM0fzvQsVYAzm8Z5eQuj_iyUIZV6vQgTB3tQb9URf5QkAA296lHUzDtUCuv72g7LuOuENaqK43EME9t4HuaqJq84Vg72hIbVWmCuRalKVHo9Wj1JQIN1UI_6WXsUkuurgMEI6gBfgfDbE3SJNyDi_Woak-noMQDY0vXNzdQtc5fxwPDEqnP-ChP3IhKFmJsGkJapxL17hg9go0SZdPcBSiDD7QV2lcRvFSGTfpOKmlSTwcQ3YkxPEV3NuaZYqW8sQ3kUUX9pXM1b1ZULCsC607XphokzLUYEc12fZKVg7I5IanwCYBbZMnjmr1UWNEAqacoNmbHJ42leWi9aFUQ8JvlAqMICprWZqH_5Y1MJ7-RrnbsXgYzbSDDEbLbb9jiBF6NVDWcenrA7QfrOD5Un9QwlF6-VC-35l_6UDTmzQbOwSc3nUMFLU5m5SYtqkz2G0_k9n6JMaoqZqyhxoWE-wWwSEYmocLVjoUSLKzXDUm813plZ08knF5AqR6MmJyidiDGJfJuR7Dpqlpv6jR9w0vJjF3EdaLmC4q_aKi8zqbE7HcRYX18kFqITLbOXkHEHtRjOht14EHLYCdxBdJFqGFzl6_8_9wyQF4ZGq50UoP-TNQ5eEM9XgUpBqkfyylAI90fhOJhzDIp7TRWpoaHsxs08Zok_tfIMUdcZZp2Chl8gfpwygBqeIEkiJx70wf78u4CeagwDhyb2J1RYY4pCHxLg8A43-GtJDBg8UVfUQNiOJ7iJEUYoAFC1x5B5Z6BqSDKLA8my604ylr5A9Lym0wdVnEZ3aNvCOK7T3Mj2CvI3KRmUMUyzWwSEjpK328m1SbMp8QiZDG7f36xJlBYP93SUe6-CNXnoovuLjPasVUkAQ_kRAaLriGXiQeVZts9r-xG6xGcbx49xBx2D5xZ8EOCAb-rQ05hzzJBbvU9HtHJzy7yvOW52fIHmaNcuNU58wPXPyMDp1qHiJ0pcB64DVQUFmBxurLgBPYItT5QvuFZ3sPwZFEn3H-yJoELy0cB_KMXuKBLjG_2kAiwtMINKI-Pg-3xkTvm0qxBn__jCCSjxhV6pJhXUeO5rBLDlQpgDdarJcTuT4xob59Ulxg&pr=6%3A0.115964&cid=CAQSGwBygQiDf7aTSGsmJ_NpmM_qizJn6Z9RSic-5RgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=17299878733017942000&adk=8722919&idt=64&cac=0&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 17:36:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26019
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11316
x-xss-protection: 0
server: cafe
etag: 309758756414748794
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 17:36:00 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 13DC 41 KB
15 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 13:19:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127829
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Jun 2024 13:19:10 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame B951 0
0 88ms
87ms Fetch
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CzFjvIwONZOXlF5H_gAf8zr3wBLiZ86Jc6bXuu_oCwI23ARABIABgldqIgpgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBPMBT9CzA-HI6h2b31Mk1m9A6MAA7LzP2tN1LlIHBIEWP_vcmOPXP-S24qZo3oEBYXOBZ0iyWgBPLLx2As-oGlsF9Gxhnz9U3f9iCif3KTlMhkEGBThyodCcrkmKUUB1w1qb7th4Vzh1vCkOIyi__1_dCQkH70QhEbLHXpmXeOr8TTedr-niB0rdGkvhXkye-JV4qtMhr2kOehvN6by_CwNSLSIYFdBSCZVoIQ6V73Q7qbH9o719DJse84VNGHKa9dD1rh20uyItm75FfrdaCrioNJhss4EOS63nVtn9UWTLl6cpxIwyvhxVmsGHiuDCYAx_YB3x4AQBgAax0fGvjtqVuYsBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOYAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi03OTgzNjUxMjU3ODM4MjgyGOrBbQ&sigh=kb5ZltM_kME&uach_m=[UACH]&cid=CAQSbQBygQiDvulACOVxx_LKxce-RrWrIkXG8jW4s2m5e8iciD3Of7klQMsEHaybSaxt7fAhXVpUv-8AXSkGX5atQJro8nOzwr_Mmo7zEf1cEq0RvfUC0TczXDlBSE226K8BCsiwMmCwAJ2joq9hN1gYAQ&tpd=AGWhJmsEj0Y22HdJU3nJxJAcNx8hyF6E3eCgttV4en7du3GeZXKpioagZkF29nFPCAb5PyjhVobrfqyd9Ue8ibjzxavDHxrA-EHb7veU6XMJL0IA41u3uMc9sFTnA3H80J38P7Z5vqKxTjSBabVzCscrlSzCc3RAWKwiOxLQqNl6bmqXcksR4IM5NwL_Uc7tLtKE6Wn0CzGsE758MP9zfe1Zq57dKkQYHvjqsvBLLaoXZv7YuD3Ek-qMsWelOKo9NoASZFL72SYYM-RColhp15JYfmcLn5q-RfY-ChN4YTHr2b2mVlQbSvRuSBCXSnkBj4g-59FoQ2STSXchME_ElDLAH5xn3YhfzBxz8F27BPddysNx61QPSFPy0pDs2Amr_VCpurhktcB3LCz8A2BnEX7NyfbwBJlq5dxGDFMznTxibTs9UXRVZiD3DsmXTAaSSGKpkiekERY-U22aPXlHQF9jjZPelQXbksLqWsSwb7cXLEaHhbmogUs_kM-juF4P8DiaRAVeFNibCs4QbWwq7zYzf67MLtgYXkaGqBXRCnzm4Cx1qg64tYViCJjWbAEjzE0ebduKY9R44A7FthXZv4Zv9qFFegZ07fh2amFUyK3Jo9Pmb-R8v_BG1bE1BO5IX1e6KIAVf4QmqVfiwTnonebaSSaDSoiY5Ca2aAXZz2AesIz0DCTY09GzBPEkLSU8rCQj2-DALbA3EaikMrudAEERPbPG8jyqGF06D7SLGna81G39T1L07EOVYrdrzSlWzlwLbnF1dXoJNqO5SJU4qbyxEasgbxohzHcFtiHhVmSBuhehFYH9F5aUoEAia-U7rGEkukpfi3FAIpsDpf48Dm3sdqQWV41uGq5gvTCH8-vsZDNLIWUK5-z1xj7aWXLkeCuXt2qdVX-3XVah9w531Smav1_ABiF-19hJbAY9KF1K-UbQ_vZapnk5tvmdPI_37biXLcP2Gfl9459l3kQ8cngl9h3SdGWNNUchDEAfZAURPbE2xr2fWYVJdaqopG6jYLDsrPiS0QW2uPxALiVvZj28C7jVfYjjtmEJLpa2yoypWGOUlZCRqT9yU8HrUozuYOMrxfKHviMzLr9-CwUyEttS3z3AZkLj10ckynIXzJXSJky5LaI7gIj0qWpVAuuEw6vQjGHlm7LSbZf42-wV0HuXVjCI_Cr4JUs3tFv20eQjbQulvutPz1tFFDuuf_DKse1HQJ7l5taEuwN_nDZfrz1B2x8okCKu-3eBaghjxQv0NRVC4pudiVEjKmCM0oGtM7iDROqyjhD_IJzM2yV5Yq_D8l3ir2WMASLKgRghQyh1ykTRo6v2cPUmKvO8OqcgYk-wloCrxoO_0mSWdG6YXQ90BaYweT5tQD4xt8dwXkPm1wefjC0pDYr4UP9Xu4Oexe-xv-caM1i1ePBKHIv4wtg0zyP2nmy7ecQEKu3jWka0F07KmWcM94DLTybxeNueopkwCYmn4fUSmxtyoYSMQ0vSeq8FaRxnU2Dpx9Jk4byVXAHa6dML2UAIdvfMPUuAOtKzQTWcrkmVWBzBbdIzHPS7BZM1qAogE2zTGe42sumId1ZKGPjn7NX7kNb0r3J4Tcs8RXuRUoq0WgnDEg
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1274 624 B
245 B 58ms
54ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiA56_nATAB&v=APEucNVjb5V56duWpD7fBpBvkA2wxrxGpWPQjvwbHR0FUcYBA6YUxpL9jpqkxvnhMYQmh3qcc8ylWoWcSRUY9Eh7xWdtomLX3LhpAIi76hqeOCEHgOa2YkHlxacZoRhPBo1CApwZqfNYEUibJsn3MNyZFGAxt9lwo9QpFT8V-eTkn62dHOLLen59Ab3yX2sRlvyx1NMRouZb

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 17 Jun 2023 00:49:39 GMT
expires: Sat, 17 Jun 2023 00:49:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame B951 78 KB
27 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:49:39 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B951 42 B
63 B 78ms
73ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CNMpBqDlzC8qx6PmP_eqfUUsorVNuZC2r9fMjcsQ52KG3HI2gtrcshAHgHuP8W_tnu3Aj5bS8QERc2N5FltIDLsJj9Ek-ywvaU5ptvGXRlHmcCZ1M

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B951 0
20 B 77ms
73ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1434405284800818529&x=6&ct=77

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adition.js Show response
imagesrv.adition.com/js/ Frame B951 32 KB
8 KB 50ms
45ms Script
application/javascript 217.79.188.10
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://imagesrv.adition.com/js/adition.js
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.79.188.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: 70e0a3b2c82384039a2e4b31c305c9ef1f72a59b585acad421c54a6101a25237

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: br
last-modified: Thu, 21 Oct 2021 06:32:42 GMT
etag: "4043560335-br"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 8355

GET
H2 200 js Show response
ad13.adfarm1.adition.com/ Frame B951 3 KB
3 KB 50ms
45ms Script
application/x-javascript 217.79.188.54
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad13.adfarm1.adition.com/js?wp_id=4813093&gdpr=&gdpr_consent=&kid=5872531&clickurl=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE2MDg1MCZzaXRlSWQ9ODQyNjE5JmFkSWQ9Mzc0OTkyNSZrYWRzaXplaWQ9OSZ0bGRJZD0wJmNhbXBhaWduSWQ9MjI5ODcmY3JlYXRpdmVJZD0wJnVjcmlkPTgxNzU1MjI4NDIzODUyNzI2NjYmYWRTZXJ2ZXJJZD0yNDMmaW1waWQ9NUYzREMwNzQtNUM5RS00QjI3LTg0MEMtNjIyNEJFQTI2ODE0JnBhc3NiYWNrPTA%3D_url%3Dhttps://googleads.g.doubleclick.net/dbm/clk%253Fsa%253DL%2526ai%253DCK5GFIwONZPLcHYXe7gP5iKqIC9yo-JJx_-fm58QR9C4QASDLidYjYJXaiIKYB8gBCakCyK2YOo5isj6oAwGqBNkBT9AYgv6I2XNr8A8KE-EfmobrIM3KxFqMSeF-y7oGBVxtR5QM5jE-BhHIMLjA4ISm0bYYr55eo6SMQQGRBbZcYvPa6qVZWZvupTgjqkC6weuUysxi27d8hYwBm67GGemw6EmXTUI736ltXO9kMcBukPlJ8DnRN5pUPQmkPxyZHGZf4TduC4qs-_61OQLOMJ53KLuZWaLnlhrJTeCsx_KhjHabZmJH5TX-OPOiptAY8BRxKVLhvgNCN2KqKNo6-IRnLpyklQANaomgPfPfyLCCaYLc-h_3ZEBWE8AEgNjpkr4E4AQDkAYBoAZNgAfXu7TEAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGF8yAqoCOgKAQEi9_cE68ggNYmlkZGVyLTg0MjYxOYAKBJgLAcgLAYAMAbATp_reE9ATANgTA9gUAdAVAfgWAYAXAQ%2526ae%253D1%2526num%253D1%2526cid%253DCAQSGwBygQiDboqLXsG3jhs1o4HPJOZMBjHCQVbdGxgB%2526sig%253DAOD64_0iyJgF151tpA7wAaS5hJLTPzcVoA%2526client%253Dca-pub-6362111942204036%2526dbm_c%253DAKAmf-AQrWnrxWdeyG3IUjFrHKtQpnaiIk1P58KQo3-JPCHUt5fE0VExgClNavjmTlok-tsXH2wU7bH1UNkH9MOMi48ArVe2Xrx7mJffgbIyTw6XInRLPETbv2SPE_zYFI1JsNjDPk3k2JQAjiPGp9yI3bgr8hRy0v-TFUpDhf5wPZUlm6srKdQ%2526cry%253D1%2526dbm_d%253DAKAmf-AdZ00HIz2DM8IAP8kc1IEq8FDkSdpMGjTp4ztlGgWpZnRy-Xi6IrsH1-BhTI58W3VXkLbObKmMvF2ONVcFhGhgMchpXUPYSQXkaoa0V7FyGRcif4XXW3fbFPzhGyj3HygO7DLkshR4-uwmonM3moapmFzlmzY596o4SYAEMWb5NqUQQ6tcSnBrSJLfZl9nKmpXoYgsvm---5atn-NU6xGBH-YSzsoPHrhBQUQXDo-DsIhqDM_Mgez8j5DoglL3NrW2BPwhg2Z8NlAej0FXSzmEa_UdPP7FZ5dtG0jeXOJfWivAitMoN1pFKoqWMiMZtFpbSnQUXBaC-y4HKoBgPsDxx2WHAY_J_HuVnjX-rRV-DfQbxM1Im5da3N74JrhtojwwlGlA39dCT2inyFofcRW4NRme-nmAMXN-BP4xxLCU1h_htevZwY48QQHlyP-jPr_qjDiHSJ6hXCwvkCn3Kgi4S0aMzlPyOCj6XdkT3TpYQWlay4zEq3eMFm0dwlhd5UDvd_FZUVlV8B8xG0vfPr8iCDVw2Q%2526adurl%253D
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.54 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: aa.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: c831368e6c1e3d134dec9d3498becba4c62456d17da204d5fb812ca14c7fca5e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
date: Sat, 17 Jun 2023 02:49:39 +0200
cache-control: max-age=600
content-encoding: gzip
content-type: application/x-javascript
server: ADITIONSERVER v1.0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame B951 3 KB
1 KB 53ms
48ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/window_focus_fy2021.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 08:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58154
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 08:40:25 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame B951 19 KB
8 KB 44ms
39ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 17:36:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25974
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8120
x-xss-protection: 0
server: cafe
etag: 8171891181101138299
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 17:36:45 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame B951 24 KB
6 KB 49ms
44ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 13:25:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 127443
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 14 Jun 2024 13:25:36 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B951 178 KB
56 KB 55ms
51ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:49:39 GMT

GET
H2 200 banner Show response
ad13.adfarm1.adition.com/ Frame 13DC 4 KB
3 KB 57ms
51ms Script
text/javascript 217.79.188.54
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad13.adfarm1.adition.com/banner?sid=4813093&adjsver=3&fvers=&iframe=1&ref=https%3A//ye-mek.net/&ro=https%3A//464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html%3Fn%3D1&uao=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/114.0.5735.133%20Safari/537.36&os=17&browser=11&userid=0&kid=5872531&screen_res=6&wpt=J&clickurl=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE2MDg1MCZzaXRlSWQ9ODQyNjE5JmFkSWQ9Mzc0OTkyNSZrYWRzaXplaWQ9OSZ0bGRJZD0wJmNhbXBhaWduSWQ9MjI5ODcmY3JlYXRpdmVJZD0wJnVjcmlkPTgxNzU1MjI4NDIzODUyNzI2NjYmYWRTZXJ2ZXJJZD0yNDMmaW1waWQ9REQwMUM1REQtMDgyRS00RDI2LUE3MzgtQzc1Njk0OTg5RkI2JnBhc3NiYWNrPTA%3D%5Furl%3Dhttps%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DC7rN0IwONZMP8EILR3gOewbL4B9yo%2DJJx%5F%2Dfm58QR9C4QASDLidYjYJXaiIKYB8gBCakCyK2YOo5isj6oAwGqBNYBT9CDDJtYpJWX%5FvIHwOuutAQ19mumOdm7833xKWNgUGZ6q2QYVY3ehg%2DgiMKxXp%2Dmx2DO3nuaw7hUmMAP%2DJFOe6VrX3EVdGZ4A%2DkZ0INItKtrtCMpHd%2D4QeFsrPyGX6FO%2DlPP5ui7y9ihWy6XnXklHxlyfqWaQEE8FRpSaZgexvoyv5KGrRViB5xiVoOwD2Up4f0crh%5F909ld8L8y39n%2D4Kb9yqn3eIq0h9Sku4RHRdP5ZTtYkEOb8lOitaUl%5Fz2gKYp24I8NTnvDL5bjwhaBc5VG2mR%5FDcAEgNjpkr4E4AQDkAYBoAZNgAfXu7TEAagHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB%5F%2DesQKoB9%2DfsQLYBwDSCBYIgOGAEBABGF8yAqoCOgKAQEi9%5FcE68ggNYmlkZGVyLTg0MjYxOYAKBJgLAcgLAYAMAbATp%5FreE9ATANgTA9gUAdAVAfgWAYAXAQ%2526ae%253D1%2526num%253D1%2526cid%253DCAQSGwBygQiDf7aTSGsmJ%5FNpmM%5FqizJn6Z9RSic%2D5RgB%2526sig%253DAOD64%5F0SgL4BC%2DSi74T3nRPO6GcrHe1%2DAg%2526client%253Dca%2Dpub%2D6362111942204036%2526dbm%5Fc%253DAKAmf%2DC3yTTqN0JDBxEvP1qoyWYUY%2DgGyDf1qfna4tIfmA1lNFt3D9ZRy%2DftCmkiMJVbm7HXeltoytI42pFZoBXvCQnX07EZwiyYxncFkMa2skgCSM3NQ3lqJpR9Ubbc0MqHjMauBcqiIk4ELQW9HfqrbJqnU0SvpZcq0GVAPhmVIgMKlYgPrSE%2526cry%253D1%2526dbm%5Fd%253DAKAmf%2DDr0BfKxlbRUI9uAdcHL%5FVI%5FhWZx%5FoksD%5FMajBhXfS%2DKF8ulGd6Ewq6SrnDHkY3l8IysT5%5FoxiML6t58hzdYy%5FBt5o4SpIRV4KBkc0MClWs9V1lvf5I1PK1CHneuplMKKHhzQVN2kd7NuUi6dUZ1JOtA%5FyY7%2DkEXIZdnP9zNqD1KpckOtg%2DnjV2coDoPIp7BjZkRneEbrswsospB1%5FdE4hHDjF5uniCDY0fr3DlvS86%2DbbIQUQ%5FWsdUPD2RlKFjkyDusmq7qIPZ1EEI8DpueIWLSml1JhAY%2DG1ZMTIIePNms00O7%5FbmPjoG9kHWuMSrzwFQNS68vmblLIAMcjLDj1ESkHOlMl3PZQVBfbX%2DgkyOs4WZMWqr4u%2DP2%2DL5HSImKVvgW8D9XHgTrTd%2DqmFV2JC5TexVx1bZUSNhxB6FBlSl7Qv45eVD1fq7%2D0X0%5FSlmbxLM7VI6l%2DTUk25cpJJZBJ8feCXlNWfg9Wi7xYk0lzCbRQmnSR%2DTk%2D3lUlO7CDcs%2DJp0t%5FNs%5FBpsh35jGW66XaiR6invsQ%2526adurl%253D
Requested by: Host: ad13.adfarm1.adition.com
URL: https://ad13.adfarm1.adition.com/js?wp_id=4813093&gdpr=&gdpr_consent=&kid=5872531&clickurl=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE2MDg1MCZzaXRlSWQ9ODQyNjE5JmFkSWQ9Mzc0OTkyNSZrYWRzaXplaWQ9OSZ0bGRJZD0wJmNhbXBhaWduSWQ9MjI5ODcmY3JlYXRpdmVJZD0wJnVjcmlkPTgxNzU1MjI4NDIzODUyNzI2NjYmYWRTZXJ2ZXJJZD0yNDMmaW1waWQ9REQwMUM1REQtMDgyRS00RDI2LUE3MzgtQzc1Njk0OTg5RkI2JnBhc3NiYWNrPTA%3D_url%3Dhttps://googleads.g.doubleclick.net/dbm/clk%253Fsa%253DL%2526ai%253DC7rN0IwONZMP8EILR3gOewbL4B9yo-JJx_-fm58QR9C4QASDLidYjYJXaiIKYB8gBCakCyK2YOo5isj6oAwGqBNYBT9CDDJtYpJWX_vIHwOuutAQ19mumOdm7833xKWNgUGZ6q2QYVY3ehg-giMKxXp-mx2DO3nuaw7hUmMAP-JFOe6VrX3EVdGZ4A-kZ0INItKtrtCMpHd-4QeFsrPyGX6FO-lPP5ui7y9ihWy6XnXklHxlyfqWaQEE8FRpSaZgexvoyv5KGrRViB5xiVoOwD2Up4f0crh_909ld8L8y39n-4Kb9yqn3eIq0h9Sku4RHRdP5ZTtYkEOb8lOitaUl_z2gKYp24I8NTnvDL5bjwhaBc5VG2mR_DcAEgNjpkr4E4AQDkAYBoAZNgAfXu7TEAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGF8yAqoCOgKAQEi9_cE68ggNYmlkZGVyLTg0MjYxOYAKBJgLAcgLAYAMAbATp_reE9ATANgTA9gUAdAVAfgWAYAXAQ%2526ae%253D1%2526num%253D1%2526cid%253DCAQSGwBygQiDf7aTSGsmJ_NpmM_qizJn6Z9RSic-5RgB%2526sig%253DAOD64_0SgL4BC-Si74T3nRPO6GcrHe1-Ag%2526client%253Dca-pub-6362111942204036%2526dbm_c%253DAKAmf-C3yTTqN0JDBxEvP1qoyWYUY-gGyDf1qfna4tIfmA1lNFt3D9ZRy-ftCmkiMJVbm7HXeltoytI42pFZoBXvCQnX07EZwiyYxncFkMa2skgCSM3NQ3lqJpR9Ubbc0MqHjMauBcqiIk4ELQW9HfqrbJqnU0SvpZcq0GVAPhmVIgMKlYgPrSE%2526cry%253D1%2526dbm_d%253DAKAmf-Dr0BfKxlbRUI9uAdcHL_VI_hWZx_oksD_MajBhXfS-KF8ulGd6Ewq6SrnDHkY3l8IysT5_oxiML6t58hzdYy_Bt5o4SpIRV4KBkc0MClWs9V1lvf5I1PK1CHneuplMKKHhzQVN2kd7NuUi6dUZ1JOtA_yY7-kEXIZdnP9zNqD1KpckOtg-njV2coDoPIp7BjZkRneEbrswsospB1_dE4hHDjF5uniCDY0fr3DlvS86-bbIQUQ_WsdUPD2RlKFjkyDusmq7qIPZ1EEI8DpueIWLSml1JhAY-G1ZMTIIePNms00O7_bmPjoG9kHWuMSrzwFQNS68vmblLIAMcjLDj1ESkHOlMl3PZQVBfbX-gkyOs4WZMWqr4u-P2-L5HSImKVvgW8D9XHgTrTd-qmFV2JC5TexVx1bZUSNhxB6FBlSl7Qv45eVD1fq7-0X0_SlmbxLM7VI6l-TUk25cpJJZBJ8feCXlNWfg9Wi7xYk0lzCbRQmnSR-Tk-3lUlO7CDcs-Jp0t_Ns_Bpsh35jGW66XaiR6invsQ%2526adurl%253D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.54 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: aa.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: ce85c82c424389a3beb68bad84ffab90014e32a0b9111efc582373fc0f7ff22e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 02:49:39 +0200
content-encoding: gzip
server: ADITIONSERVER v1.0
p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
content-type: text/javascript
cache-control: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1274
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKdEaqFr-XhthrZO2V_xkmQ&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKdEaqFr-XhthrZO2V_xkmQ&google_cver=1&C=1

43 B
632 B

41ms
41ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKdEaqFr-XhthrZO2V_xkmQ&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiA56_nATAB&v=APEucNVjb5V56duWpD7fBpBvkA2wxrxGpWPQjvwbHR0FUcYBA6YUxpL9jpqkxvnhMYQmh3qcc8ylWoWcSRUY9Eh7xWdtomLX3LhpAIi76hqeOCEHgOa2YkHlxacZoRhPBo1CApwZqfNYEUibJsn3MNyZFGAxt9lwo9QpFT8V-eTkn62dHOLLen59Ab3yX2sRlvyx1NMRouZb
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 17 Jun 2023 00:49:40 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Sat, 17 Jun 2023 00:49:39 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEKdEaqFr-XhthrZO2V_xkmQ&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1274
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZI0DI.binG0.Fe9N8QDNBAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKdEaqFr-XhthrZO2V_xkmQ&google_cver=1&google_hm=2

43 B
632 B

43ms
43ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKdEaqFr-XhthrZO2V_xkmQ&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiA56_nATAB&v=APEucNVjb5V56duWpD7fBpBvkA2wxrxGpWPQjvwbHR0FUcYBA6YUxpL9jpqkxvnhMYQmh3qcc8ylWoWcSRUY9Eh7xWdtomLX3LhpAIi76hqeOCEHgOa2YkHlxacZoRhPBo1CApwZqfNYEUibJsn3MNyZFGAxt9lwo9QpFT8V-eTkn62dHOLLen59Ab3yX2sRlvyx1NMRouZb
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 17 Jun 2023 00:49:40 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKdEaqFr-XhthrZO2V_xkmQ&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 1274
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJ89U6sc2lEjqFwmeNeYALs&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJ89U6sc2lEjqFwmeNeYALs%26google_cver%3D1

43 B
1 KB

40ms
39ms

Image
image/gif

37.252.171.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJ89U6sc2lEjqFwmeNeYALs%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiA56_nATAB&v=APEucNVjb5V56duWpD7fBpBvkA2wxrxGpWPQjvwbHR0FUcYBA6YUxpL9jpqkxvnhMYQmh3qcc8ylWoWcSRUY9Eh7xWdtomLX3LhpAIi76hqeOCEHgOa2YkHlxacZoRhPBo1CApwZqfNYEUibJsn3MNyZFGAxt9lwo9QpFT8V-eTkn62dHOLLen59Ab3yX2sRlvyx1NMRouZb

Protocol

HTTP/1.1

Server

37.252.171.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 17 Jun 2023 00:49:40 GMT
AN-X-Request-Uuid: 0803fb15-80d7-42a9-9903-b5cdd8f026f1
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 80.255.7.103; 80.255.7.103; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 17 Jun 2023 00:49:39 GMT
AN-X-Request-Uuid: b68e0d6e-e335-4d12-a322-89740bdbb34b
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJ89U6sc2lEjqFwmeNeYALs%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.7.103; 80.255.7.103; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1274
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTA2NTg0Njk0NzU3OTIwOTA2OA%3D%3D

170 B
188 B

52ms
51ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTA2NTg0Njk0NzU3OTIwOTA2OA%3D%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 17 Jun 2023 00:49:39 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.7.103; 80.255.7.103; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: a0fbe550-a4bb-4c6c-a9f8-4f8edc7adf72
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTA2NTg0Njk0NzU3OTIwOTA2OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 6363a944e4b0125bde9e6739
ng.virgul.com/tck/imp/ Frame 8CDD 0
209 B 83ms
82ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/imp/6363a944e4b0125bde9e6739?g=1&t=cpc_annotation&r=153366@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1686962978644&userId=vnetd3f78832-c440-4156-b5e0-4abada343ea3
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Sat, 17 Jun 2023 00:49:39 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3403 22 KB
8 KB 49ms
47ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 126174
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 13:46:45 GMT
expires: Fri, 14 Jun 2024 13:46:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 020A 6 KB
3 KB 45ms
45ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 17 Jun 2023 00:49:39 GMT
expires: Sun, 16 Jun 2024 00:49:39 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B951 0
20 B 75ms
74ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6860175041383&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B951 0
20 B 74ms
73ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6860175041383&version=m202301230201&ct=77&x=6&cor=1434405284800818400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B951 30 KB
17 KB 84ms
83ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AYTrSeGptkia2bUJSmNK6kSpb7YuL3wGhvMWMiBn-o36rvjG9uLWxeZBWgA7sdZa5wbFlGgybLANB0Ii8f7g1k_E473dkIgfOwNoEPIH6MUkcrVQBulkUHXoQ_eKMWT_0GLqH7e-eOkmVCTIlFIbkCL9PYVMH-uEUNAkixS9S93ZvmTPI&cry=1&dbm_d=AKAmf-DyYGhqD40l2qyJg9YoBhWN0jOd3GC3TBjdmliIQhIJmO0V_K1CZqx1JWjrsAejlfFuyGQgpCnrN2l4qjUfYTD93-MvftDdkMen6vJOBjpMNtSDxgHfGAoqc2bQh4P_DqAkJ_-snNcVBU0ZPRDtLtRvKtYMf0AjjgPOERLja4UbtCbwEBk8arhk3RR3qqCumsiYg3_GYBCt2HZ4CJjyoxixn3Ew29IEuoWLkLcf241tEsrHfWY5tH4h_kx0KW2Hhq3dD2JZFV4XMv_LdCh-LCS5V54xKfso4iGgvx2BPXXrQisdRoymR-UKTODqJ082CUt5ntLVlw2D9calWHLX14QzO9QeO7yh_gdbhpS43qTLw7sm18bZBhO5RFOcjuDE6Ut5QkJmtLN1uzTBjPL3gIdWZBDlxFEPXi1xrif3pRfNizXTjNQ8vedzi1A3w6H_ZH6PdWjxLDMPdG39Qc-9pvDW28W3UUca4cy6vvhSoJJRAfSUWDBtuXjLuFAoZrMuo_OtFhcsA3biyQbWRq9YpGruk2mSIIYFU4KdH49qic44u16_Fx96gY7GJzfVKU5XV3RG-qbIZm6aW2XoCR1wvy0IJTa4UtayJmGlLI45wvwfImzByNFviq0iO7QRd8Fc616RWlxQwZw682G9GHr3qvh8hSzRdR62xSXPLCxnWo3oKjj-gSyhZwlzZXGOf6aG7Mkpcp1UzWAvsWmqdz9abbIq8om416Wlgd2wXs8SfQmOOtfRiA5ufsxyphzfrabrQWoKtrHBQTswZfS0DN9ljFYUQFYKIP2MoF8h-UE-T0pOgu2OfsfgWjc1y7_SJidMkEhmKLu5rszIYM5eJfk5dNSIYiqsmNRlOP0LMdVZP6CivFViNGhi02D4aCifo9YnjirGc8eIVaQ09jzgSrw8VcSwKP5vn4oBdc7uMF_KzAOadS9FaQV8Ah8DygzRvuwr8NdhafcgCxzbhMHa0O1-v0DWxVIh0D3mW9tO13Qm3sd8aPEP87revohJE3a9avxroQLVeUwQkj3IDZ3oVD2HX5eHXhwSHarIX4POWQabFYlLddM1DWJ2jOrKtiXplSJGD97F9XlTRCOURFC8JW_y7RYWxVGqxMV7yDmxLV0ng4N1AsCf6LDpDUXXIdsp8iUBAj-BEYKg5UxZX4Cn6-YIl5dNJRd7i8lrgnoPA2dirp_teLikYbOI_LEV1-ZOyJxDjbkPSBYceye32NsLQtkWvePG7M1Z__kt0Xtu7M8YjdJHnW0CUQdzHxZb4OaXTBpJNiGZltEeH-PYvqsX8rl9b59g4jzkK90SaNRlnZxsxeno6zpTBv7S1w4WwFIhOiGgYBYhaxxMPJb3g-7qdwod_3_Ns82yDa31yBnIPIDjuCsSfKNfEMihUjZKCnW92Gws5Tt8aMzb5eAFkaHXrp76pxKytssNyEhdckC62vd8d-eHXgw-Xm7HgX_ykARdNMxw3azL98Skv-is_FIbtyOqn3nmaIO9Y6dHqxJEXKpALKynCDHKwqmpzBki7ppHuKYj1mAI9g9F2t6rJFim8EmOrjDvm4C8qowysQQ-gQx_5DILL6BDPkjDab8aAu4FQmZ1zIr_k8wENYoFbOkmVf2gkFPxFXzoaamjyMrDY1uah8Y-ly5l6jw3t2i_a2M_efuAEzAMaOaLoNjcuuG3MZhVs130DgzZVoSTNqUD3rIYSC0vbxMGSf_cfKchPaydpBremRDhY9veZb1lxb_0o4ijTwkTsFNNLDpCTzKXATDZ7NvPh7kyifWfNiDJw4zXTbUbtIWxaU9lZ9F0XGKUSRFyYsT_krL3ehocS281MCnQhtmow5cp85CWicjF_qT_2dq38wW8JyvCycZYEYFoH3y1SwKN5XhrEmaYtPr-MyuhY_ssokMf7Ba-oOCeDlaia8lErvpfoJUAXetFIuD64jZ6B3zF76a9E9l6wqjYm01gw9he-6GT7EbS3Z__64EErKHr2mkR85znaN99K5uAkmDU1tQGnTR-mIaRn891Uw2JOQosHbnbY7J9ediqNept_DEJ0ipxooH4_1ru8aPR0I3IW7YVzeSPlMipkQoMOmTUIH43Xh3jhdlCcBBFhWAMd8oD7iVcAs-nuJC_fI0eCyxkHxoqAwBodMVqYC9aep3JgFsGf34BaLXhOBK13RsZ8IMZRSMwjNywup5N_g9Nzlq0cT-ijiwrwvTM0ilpZs4W01b5dt1m67IwkxhjVxms6FQDJtGDWa0V1dmYLBTtHCncbATmxkBIL2iObj3gwNKBbHb3Ncai-3udRQSv2YPSZ1mdRdmz1KolqCWnGRWQFwXAlxulRFrx4tnpKEiODcnNKqBwJpPxHbUG6q_eNkL5QV-7oGwzF7VV4e2Z9BcehB4XuSd6h63vWXeQaq0WEb4R9diXzZD4CQaFh8wCaFiJRNp95tDq7ilkJcoTT1RFykw_Nadq4VY_s4PZULVbYAsCtaK_bDfiEzd7ghaw0z9Ft8w01vanVNr3CdXEzwSxtJlKP77jL8Zf4gZElSciwP3V0JqmayL3irsFvDtiVjxEVPDzGwSQH6oGeiN0ns5lSHnlZ32ZnHmI-5U9ZF4_fW-jcT4-5p-N5u521sb_WfhZd7JK0P52mT--7NUakHNshL_5a5PAbA-ZQqjH4XwFy229z7i8-ytq1wPR1mqAtXGW6XWap5SZrAnwrUkhv3cAHx0eYuXg8ApRZz_eTc6gFuJb5FTlzMxcvVinf_p1efebVjyFsb3cUkoQdt4lGEHpYMNjpwlc4cTSkfEJK9OH1s7yQYzOEgd4x5KOT_Wh4xwYi7vxd2MMRQXHNXWrx0weAYOwYBbNf7AoRQ8jIM0oHo-4l9FDn0QJNkIQRcCGwXOFMvpfl6-Zf6EyUhgQpiXnadGNNZmJh7vfcUMXWJaD6Fqg7_vGJTu4hQu3McM2rDOPNfByofUAfvSMoXOCq8b3gjEqk4yUnW0gtU5MlEu8MBgyL04o3HrbCHpFIiBoFKKgbYXraJ42KzW3GHCUtWkPJrlKpDeJGuRlNf68_CnGJlDyOGnmw9zUzufqR2yiFBuzJrR26bwg6gjMaxqsfOe7MUvS9cJYHR6vzYpjvv5c-hhNFQfBS574VMRJ651Naj1vGeeuu1dRY2S1qW0caJkgfuBGAINp4LIkf1vXRezmCl_YmGIYxhwl92zqU9zW7DhgEKuW0rlffCZ0g4mWbnWzk8oeUKzEdJz30UEUYA7Hw7m6jf7yRdkJnGMO99Y-2C1xD4LiQNCFQzFmR_IBzoW37zq_BMLssgYHfnrBVnp5zIxNEpMfcMkEctwps37sLtwGo1xRiY5wbt8_pjalAtTM2PvO_U0t7i_qPBONBXzHHp_C8rbUwJGoB69_xvdc0e9my4CN9QeoFgUMB1BegaHsz2kY66ed9Rty_ocXtYqU9LBjopLoVyrS9iYVWbOI_IwsBxul0_NZHIV4pwhif-AziD0GhOU3n-Y0Sg&pr=6%3A0.115964&cid=CAQSGwBygQiDboqLXsG3jhs1o4HPJOZMBjHCQVbdGxgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=1434405284800818400&adk=1558675593&idt=63&cac=0&dtd=8

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04296b932c7ae1db59dadac93b18fcd4e46ab991308ea78a4d1c682be8733dcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17686
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 000002642977.jpg
imagesrv.adition.com/banners/3326/files/00/28/54/21/ Frame 13DC 82 KB
82 KB 45ms
45ms Image
image/jpeg 217.79.188.10
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagesrv.adition.com/banners/3326/files/00/28/54/21/000002642977.jpg
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.79.188.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: cf0ebd338dece7cddfe2f599cfd297de1f503355591b43de942c34b20a2148b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 17 Jun 2023 00:49:39 GMT
last-modified: Thu, 15 Jun 2023 04:11:23 GMT
accept-ranges: bytes
etag: "2401418494"
content-length: 83922
content-type: image/jpeg

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 020A 0
0 85ms
84ms Fetch
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CSss5IwONZNTBI67Z-gaqg7BwuJnzolzpte67-gLAjbcBEAEgAGCVgoeCmAeCARdjYS1wdWItNzk4MzY1MTI1NzgzODI4MsgBCeACAKgDAaoE8wFP0Gli8DIDWxD3MiGpzr8E0eFwf5VHWIUdACF1IobKOQirfZhRLntlMHwQuoxmh55oRKGz28C6t289mB9kEw3ZMa63VMtA6VENFCNQOr-MSQ_gGd33sMcOlHR5VIcTbJWTIF-Ya5i0jDoZbNlFFlnFlDZFvsqEHQPjD_735UJp9t9TC5HKBbrSpRI6gwVp5suWnnl8oHbSGnwWxaaOmkc581S56AYWNYoRLBDL61jLjsmOPauF3IGJtYr6Dr0jIqljhAN9xi4BO7cCLFOvQA65hBJcsGN3bRbQuJobtqplDaHHkLO65Un4e8p0-WipA8ZM0FfgBAGABrHR8a-O2pW5iwGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA8ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTc5ODM2NTEyNTc4MzgyODIY6sFt&sigh=ud8l132i65o&uach_m=[UACH]&cid=CAQSbQBygQiDSaFaBJl8hdfhNbdyytXMprCXStX5-_P9_IavosVLYOD_CIRm6sCBSE-7ug-iHH3zSSbH9FxKhPwOdUe5lzYl2ub0UJoBgCW1nZlEiIlewTubXJmm8Mb3LHVOSJetoTUAHPh5ldsc7JwYAQ&tpd=AGWhJmsfzcGr80LWL3Ia3CaX7PgxpRDhIVi2VsgiLTPq3xKZxwXJTuRzl9gxRdpigJpc6FNGX_Zc1RfGDkOvOWFG5xQL-7ae9jKAiu-LtVvpoUKm6pc8hfinwpOasXqjt4NVVu32ULQWdLgULSj9cUFVfNmBpSMjcycKg1K9sPzlLy_O_jFc7f0Kc2HYyPhD_4d6MbfR_Hj4DfgtvYQgsKAuY6U6oPtpDCi3nSzye1mryZhBfpuf2FCjzKvEouI5xGShc8oUGsmJvlMaP_xB2ohw0t_zEc0QdWuUHL6hjlHsy4fXwuf3JDT97Ee5H3KOX68OE-HHfMjfdjCvlQxOe65W_Z1XD5RfAZfjAXVpEcY0DZWlseOMtZloZBzbBx5Cro15d1GH9QXoGGU9feBd76M7X-bzw1bW9vkvYDo4I2T8yJRbfJpvKiDXtrv9Pn-mLJCMuL_VYTXaqR8WV60-_LQ_j7ORd_qi5qJTurNi5uSbItkqoa73lvpEz8niHyyiY15DZf-H4nTfPnCIQDNofaYq3LM_kfRWSIm3s0ZGVRvTjD35ml7xtBWZdmrF4i1fnCq3cL7kMCoBGGLnulfR8dwLMpn8MBIpFAa5wVB3ST2XTg0WF0caFfYKy9ZZAAepsOu7UeOM9cyfRXGbBwIphY016BrWisLnmnQe0w-WILXZNwHnGlFqnERVDZiaiDf7-XNQeFRY7KfH0eRsqKBnUUUWSEnZPevCERgY3INo8VMLXraRD1_xuE4Q5QjJEufOHMUGQDIY4PSOqy2BEN-Gv0oySm_-gWeuCS9rJYU7EeOwUFD9TMHOZ7PsqNK8BxIs9tT4eiYPi0HUXxGv77rMTjCjVu6x9s--wgG4RxrI24emhSU6ag6RvWh2NaTeckrrWhzBMQ4hQHnuaL8_h_zBRlHpwNftLQo-FOBtKC4mDNovHHntnP9B9W_xyMWyS23vSTe4ThwwnwmU95HggMw1xblnlopKCk9W7518z8HVQ19gZbOB9WkiLmputyFviwIjyu7s3Jz0oo0nPWaveSqJ3yCO3on6QO3hPnpIXaLXQ_BhlAezigIgnOWudwa4ZTgxBbAlkcW0zLeasgMS8sPH4DEyZ52LYqmxu3IdIlI6k-Pcwbrd1yjc9QBqEvk4RlGjOhLlNzHcQUDjDCkcCRKE3CoDHzRp9DenMw4D8MZmij86aCx4N4HCZphNh7XpRokTfj67Yc42FaTLXQfgcr-OznO3Wt2c0RUGs__ZniOjXASjMLLwqRfNuGnbtujyaw70opzKHkbvvgdaDTJ_XpnFu6tPm4ZPrRbNJf3kgnhwrNkOonOjpWiJKfwpE3bKZoNcoZvux5mmwWyumdYXKbiK1pV-IMpk5rp6zK2EP2ZvnAx5RX0kxCSDQlFBJh3xUV61bxoIQjs0-mxQwTnkwUil6835MlhMouzvHeR7C5mqV40ZXPvtySmKd7QGRSbBibEkQKHxg6qUJmDKyepJ8GFNikzWboWgJtlK5VDvx4g5BZH6hXUywGrI4GWD0HghmetMQEufISZqnlnEhM_fXkCML46hzvf8rwv2s6-O48xRIe3nf_PIo7r0yFAeks-wNxXkTpk4-ug_vQdFr-ZUUQ
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C0DD 552 B
245 B 57ms
54ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiA56_nATAB&v=APEucNXTBJMTn9ARNfIFn7hvCF9ePkxvPP-JceJJl2i7VAPLyHSVv2zxcfDtI8-P-y_ZFlenzqpxii_sv30xJ2Pqp3xCDllkz58pl4xr8t4SWgpe4Ecok7e0vWRitr5vkTxFCUiFcFWvHG6Pvev5UxbD7TznvFf6JPc84p6XZK0ANpb5lyBD6f1Cv5nJRDiBaInFq2Dmvte0

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3dad89bd01783443195a892365b91096da2f6ebb36b2169ab32af37344c82f1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 17 Jun 2023 00:49:39 GMT
expires: Sat, 17 Jun 2023 00:49:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 020A 78 KB
27 KB 58ms
55ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:49:39 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 020A 42 B
63 B 77ms
74ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C4rOYsxRgyOjyJxlaeB5Fj5bKtqEk53bemBIsvo0ALzg3Dm-pPSLDV1zfAXQPEqotMYdMf4eNd51oJxjGtMED8QJmnp0l_8uKBN5oFdEmVLccbUIo

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 020A 0
20 B 77ms
74ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=9491841747300271177&x=6&ct=77

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adition.js Show response
imagesrv.adition.com/js/ Frame 020A 32 KB
8 KB 91ms
88ms Script
application/javascript 217.79.188.10
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://imagesrv.adition.com/js/adition.js
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.79.188.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: 70e0a3b2c82384039a2e4b31c305c9ef1f72a59b585acad421c54a6101a25237

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: br
last-modified: Thu, 21 Oct 2021 06:32:42 GMT
etag: "4043560335-br"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 8355

GET
H2 200 js Show response
ad13.adfarm1.adition.com/ Frame 020A 3 KB
3 KB 49ms
46ms Script
application/x-javascript 217.79.188.54
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad13.adfarm1.adition.com/js?wp_id=4813093&gdpr=&gdpr_consent=&kid=5872531&clickurl=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE2MDg1MCZzaXRlSWQ9ODQyNjE5JmFkSWQ9Mzc0OTkyNSZrYWRzaXplaWQ9OSZ0bGRJZD0wJmNhbXBhaWduSWQ9MjI5ODcmY3JlYXRpdmVJZD0wJnVjcmlkPTgxNzU1MjI4NDIzODUyNzI2NjYmYWRTZXJ2ZXJJZD0yNDMmaW1waWQ9NkM1ODZERDgtRURFMC00NDQ2LTg3NzQtRTYxOUZCNjIzM0QwJnBhc3NiYWNrPTA%3D_url%3Dhttps://googleads.g.doubleclick.net/dbm/clk%253Fsa%253DL%2526ai%253DCrVSpIwONZMGNKYXC3wPlqraoC9yo-JJx_-fm58QR9C4QASDLidYjYJXaiIKYB8gBCakCyK2YOo5isj6oAwGqBNMBT9Da_K7Z22ih1kgk8qWXtgD8CjoSnyioU6ZJIjR4ahN7pQGyy1fihQdWxA2j1ew62chu7puTmRo6eretzet2rjnHeW3Q6TlRKDRipmIblgKFrasqGYvqSyG1G4AhMZ3g3pi-K-Lm2A81tBN2ZjpJvTE_X46xAX7EcdcJtlE_dYgIMmk-RyQ9ASX8iZbH0tQkOsQphveN97LsOUK_7FXg4L4skzvVXHPRBs3-vugupZv3YIOhbRMgCDXg1HZwO368n8putJHlD5jxnO_YnRTb7kU04sAEgNjpkr4E4AQDkAYBoAZNgAfXu7TEAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGF8yAqoCOgKAQEi9_cE68ggNYmlkZGVyLTg0MjYxOYAKBJgLAcgLAYAMAbATp_reE9ATANgTA9gUAdAVAfgWAYAXAQ%2526ae%253D1%2526num%253D1%2526cid%253DCAQSGwBygQiDp5U9SEfyPaRE4yqZBq6HMWu0Mmlr7hgB%2526sig%253DAOD64_1hpULDyfhosm0ioZXJzJbAjGv5Sg%2526client%253Dca-pub-6362111942204036%2526dbm_c%253DAKAmf-AP8NpKlZxFClgi7W1BDu-tAn9t0dayvWq6gVe153ED6B3_Fe-0PEc-4FhjBDG2taZI1BYu2a_3or7yxrm1Z_JDet87iFORbE-a4Xj9cONTP-6abeaNswJGZAeAxdc2cUXeBJ6cX-0BOTGdG1v3zde4RYIlVhuNC9O6102Fkk33pcRNkoQ%2526cry%253D1%2526dbm_d%253DAKAmf-ApVCtAqPcPH1nFSIqUQPUF4N40a0oesIJX1lDjWW4olFWYe3tJ2_rj0r1YgMsSIwnN3RFnkYfns5IrpFnGbS0-WF2UnNKsmOKoyQhJIF2D6INxeaurnH2aLvfjmjC7xrUKIhhrsw1XTavMyNl6auWOxCvkrLE4mfSxs-knHA6wY0xsLzvhfCOyLfuynRwvnJ3Rn1gdV5ax6M4IYIaJNtg-X5H9JmW78gnOi-dG-PVwv5RHlGtOIhUdo-Ffu07gU_7VbU7HoIrETs-80i3W9vxL7upLR0an4wN0gBTFss02oiyD_CPVeSZodYR_r_VeL36TBHVBylUtKjzFAJT0CLbYZAs64Po5954KjZom09hwlUhO7sO17WcOO8_bDWyxokXZKKJ6tZRxwLphkEp7RuO6NBO3DJnuxyZUttFV8qeBvtm5YRstlRynsRwH7Sid6cb3wEfoE0Q2k00-Rm_wPXDh_J_TvGzlvJOV7fXZckNrR03P4uj9g8N7DiHuctatwygH_RS7SRGZ8PDl_lsSiPayC0eWJA%2526adurl%253D
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.54 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: aa.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: 1292bd053d94b1f863330ac542e26da501795dc2285fe1f00046f659cdf074c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
date: Sat, 17 Jun 2023 02:49:39 +0200
cache-control: max-age=600
content-encoding: gzip
content-type: application/x-javascript
server: ADITIONSERVER v1.0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame 020A 3 KB
1 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/window_focus_fy2021.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 08:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58154
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 08:40:25 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame 020A 19 KB
8 KB 43ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 17:36:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25974
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8120
x-xss-protection: 0
server: cafe
etag: 8171891181101138299
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 17:36:45 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 020A 24 KB
6 KB 44ms
41ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 13:25:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 127443
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 14 Jun 2024 13:25:36 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 020A 178 KB
56 KB 51ms
48ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:49:39 GMT

GET
H3 200 F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js Show response
pagead2.googlesyndication.com/bg/ Frame 3403 37 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

176df1038f84f14d1d2ec33b51af8cef8034b6ebf27106f9b716f714d560e882

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 09:31:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141467
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14698
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 14 Jun 2024 09:31:52 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/ Frame B951 29 KB
11 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AYTrSeGptkia2bUJSmNK6kSpb7YuL3wGhvMWMiBn-o36rvjG9uLWxeZBWgA7sdZa5wbFlGgybLANB0Ii8f7g1k_E473dkIgfOwNoEPIH6MUkcrVQBulkUHXoQ_eKMWT_0GLqH7e-eOkmVCTIlFIbkCL9PYVMH-uEUNAkixS9S93ZvmTPI&cry=1&dbm_d=AKAmf-DyYGhqD40l2qyJg9YoBhWN0jOd3GC3TBjdmliIQhIJmO0V_K1CZqx1JWjrsAejlfFuyGQgpCnrN2l4qjUfYTD93-MvftDdkMen6vJOBjpMNtSDxgHfGAoqc2bQh4P_DqAkJ_-snNcVBU0ZPRDtLtRvKtYMf0AjjgPOERLja4UbtCbwEBk8arhk3RR3qqCumsiYg3_GYBCt2HZ4CJjyoxixn3Ew29IEuoWLkLcf241tEsrHfWY5tH4h_kx0KW2Hhq3dD2JZFV4XMv_LdCh-LCS5V54xKfso4iGgvx2BPXXrQisdRoymR-UKTODqJ082CUt5ntLVlw2D9calWHLX14QzO9QeO7yh_gdbhpS43qTLw7sm18bZBhO5RFOcjuDE6Ut5QkJmtLN1uzTBjPL3gIdWZBDlxFEPXi1xrif3pRfNizXTjNQ8vedzi1A3w6H_ZH6PdWjxLDMPdG39Qc-9pvDW28W3UUca4cy6vvhSoJJRAfSUWDBtuXjLuFAoZrMuo_OtFhcsA3biyQbWRq9YpGruk2mSIIYFU4KdH49qic44u16_Fx96gY7GJzfVKU5XV3RG-qbIZm6aW2XoCR1wvy0IJTa4UtayJmGlLI45wvwfImzByNFviq0iO7QRd8Fc616RWlxQwZw682G9GHr3qvh8hSzRdR62xSXPLCxnWo3oKjj-gSyhZwlzZXGOf6aG7Mkpcp1UzWAvsWmqdz9abbIq8om416Wlgd2wXs8SfQmOOtfRiA5ufsxyphzfrabrQWoKtrHBQTswZfS0DN9ljFYUQFYKIP2MoF8h-UE-T0pOgu2OfsfgWjc1y7_SJidMkEhmKLu5rszIYM5eJfk5dNSIYiqsmNRlOP0LMdVZP6CivFViNGhi02D4aCifo9YnjirGc8eIVaQ09jzgSrw8VcSwKP5vn4oBdc7uMF_KzAOadS9FaQV8Ah8DygzRvuwr8NdhafcgCxzbhMHa0O1-v0DWxVIh0D3mW9tO13Qm3sd8aPEP87revohJE3a9avxroQLVeUwQkj3IDZ3oVD2HX5eHXhwSHarIX4POWQabFYlLddM1DWJ2jOrKtiXplSJGD97F9XlTRCOURFC8JW_y7RYWxVGqxMV7yDmxLV0ng4N1AsCf6LDpDUXXIdsp8iUBAj-BEYKg5UxZX4Cn6-YIl5dNJRd7i8lrgnoPA2dirp_teLikYbOI_LEV1-ZOyJxDjbkPSBYceye32NsLQtkWvePG7M1Z__kt0Xtu7M8YjdJHnW0CUQdzHxZb4OaXTBpJNiGZltEeH-PYvqsX8rl9b59g4jzkK90SaNRlnZxsxeno6zpTBv7S1w4WwFIhOiGgYBYhaxxMPJb3g-7qdwod_3_Ns82yDa31yBnIPIDjuCsSfKNfEMihUjZKCnW92Gws5Tt8aMzb5eAFkaHXrp76pxKytssNyEhdckC62vd8d-eHXgw-Xm7HgX_ykARdNMxw3azL98Skv-is_FIbtyOqn3nmaIO9Y6dHqxJEXKpALKynCDHKwqmpzBki7ppHuKYj1mAI9g9F2t6rJFim8EmOrjDvm4C8qowysQQ-gQx_5DILL6BDPkjDab8aAu4FQmZ1zIr_k8wENYoFbOkmVf2gkFPxFXzoaamjyMrDY1uah8Y-ly5l6jw3t2i_a2M_efuAEzAMaOaLoNjcuuG3MZhVs130DgzZVoSTNqUD3rIYSC0vbxMGSf_cfKchPaydpBremRDhY9veZb1lxb_0o4ijTwkTsFNNLDpCTzKXATDZ7NvPh7kyifWfNiDJw4zXTbUbtIWxaU9lZ9F0XGKUSRFyYsT_krL3ehocS281MCnQhtmow5cp85CWicjF_qT_2dq38wW8JyvCycZYEYFoH3y1SwKN5XhrEmaYtPr-MyuhY_ssokMf7Ba-oOCeDlaia8lErvpfoJUAXetFIuD64jZ6B3zF76a9E9l6wqjYm01gw9he-6GT7EbS3Z__64EErKHr2mkR85znaN99K5uAkmDU1tQGnTR-mIaRn891Uw2JOQosHbnbY7J9ediqNept_DEJ0ipxooH4_1ru8aPR0I3IW7YVzeSPlMipkQoMOmTUIH43Xh3jhdlCcBBFhWAMd8oD7iVcAs-nuJC_fI0eCyxkHxoqAwBodMVqYC9aep3JgFsGf34BaLXhOBK13RsZ8IMZRSMwjNywup5N_g9Nzlq0cT-ijiwrwvTM0ilpZs4W01b5dt1m67IwkxhjVxms6FQDJtGDWa0V1dmYLBTtHCncbATmxkBIL2iObj3gwNKBbHb3Ncai-3udRQSv2YPSZ1mdRdmz1KolqCWnGRWQFwXAlxulRFrx4tnpKEiODcnNKqBwJpPxHbUG6q_eNkL5QV-7oGwzF7VV4e2Z9BcehB4XuSd6h63vWXeQaq0WEb4R9diXzZD4CQaFh8wCaFiJRNp95tDq7ilkJcoTT1RFykw_Nadq4VY_s4PZULVbYAsCtaK_bDfiEzd7ghaw0z9Ft8w01vanVNr3CdXEzwSxtJlKP77jL8Zf4gZElSciwP3V0JqmayL3irsFvDtiVjxEVPDzGwSQH6oGeiN0ns5lSHnlZ32ZnHmI-5U9ZF4_fW-jcT4-5p-N5u521sb_WfhZd7JK0P52mT--7NUakHNshL_5a5PAbA-ZQqjH4XwFy229z7i8-ytq1wPR1mqAtXGW6XWap5SZrAnwrUkhv3cAHx0eYuXg8ApRZz_eTc6gFuJb5FTlzMxcvVinf_p1efebVjyFsb3cUkoQdt4lGEHpYMNjpwlc4cTSkfEJK9OH1s7yQYzOEgd4x5KOT_Wh4xwYi7vxd2MMRQXHNXWrx0weAYOwYBbNf7AoRQ8jIM0oHo-4l9FDn0QJNkIQRcCGwXOFMvpfl6-Zf6EyUhgQpiXnadGNNZmJh7vfcUMXWJaD6Fqg7_vGJTu4hQu3McM2rDOPNfByofUAfvSMoXOCq8b3gjEqk4yUnW0gtU5MlEu8MBgyL04o3HrbCHpFIiBoFKKgbYXraJ42KzW3GHCUtWkPJrlKpDeJGuRlNf68_CnGJlDyOGnmw9zUzufqR2yiFBuzJrR26bwg6gjMaxqsfOe7MUvS9cJYHR6vzYpjvv5c-hhNFQfBS574VMRJ651Naj1vGeeuu1dRY2S1qW0caJkgfuBGAINp4LIkf1vXRezmCl_YmGIYxhwl92zqU9zW7DhgEKuW0rlffCZ0g4mWbnWzk8oeUKzEdJz30UEUYA7Hw7m6jf7yRdkJnGMO99Y-2C1xD4LiQNCFQzFmR_IBzoW37zq_BMLssgYHfnrBVnp5zIxNEpMfcMkEctwps37sLtwGo1xRiY5wbt8_pjalAtTM2PvO_U0t7i_qPBONBXzHHp_C8rbUwJGoB69_xvdc0e9my4CN9QeoFgUMB1BegaHsz2kY66ed9Rty_ocXtYqU9LBjopLoVyrS9iYVWbOI_IwsBxul0_NZHIV4pwhif-AziD0GhOU3n-Y0Sg&pr=6%3A0.115964&cid=CAQSGwBygQiDboqLXsG3jhs1o4HPJOZMBjHCQVbdGxgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=1434405284800818400&adk=1558675593&idt=63&cac=0&dtd=8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 17:36:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26019
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11316
x-xss-protection: 0
server: cafe
etag: 309758756414748794
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 17:36:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B951 41 KB
15 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 13:19:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127829
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Jun 2024 13:19:10 GMT

GET
H2 200 banner Show response
ad13.adfarm1.adition.com/ Frame B951 4 KB
3 KB 46ms
46ms Script
text/javascript 217.79.188.54
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad13.adfarm1.adition.com/banner?sid=4813093&adjsver=3&fvers=&iframe=1&ref=https%3A//ye-mek.net/&ro=https%3A//464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html%3Fn%3D1&uao=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/114.0.5735.133%20Safari/537.36&os=17&browser=11&userid=7245450824371538703&kid=5872531&screen_res=6&wpt=J&clickurl=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE2MDg1MCZzaXRlSWQ9ODQyNjE5JmFkSWQ9Mzc0OTkyNSZrYWRzaXplaWQ9OSZ0bGRJZD0wJmNhbXBhaWduSWQ9MjI5ODcmY3JlYXRpdmVJZD0wJnVjcmlkPTgxNzU1MjI4NDIzODUyNzI2NjYmYWRTZXJ2ZXJJZD0yNDMmaW1waWQ9NUYzREMwNzQtNUM5RS00QjI3LTg0MEMtNjIyNEJFQTI2ODE0JnBhc3NiYWNrPTA%3D%5Furl%3Dhttps%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCK5GFIwONZPLcHYXe7gP5iKqIC9yo%2DJJx%5F%2Dfm58QR9C4QASDLidYjYJXaiIKYB8gBCakCyK2YOo5isj6oAwGqBNkBT9AYgv6I2XNr8A8KE%2DEfmobrIM3KxFqMSeF%2Dy7oGBVxtR5QM5jE%2DBhHIMLjA4ISm0bYYr55eo6SMQQGRBbZcYvPa6qVZWZvupTgjqkC6weuUysxi27d8hYwBm67GGemw6EmXTUI736ltXO9kMcBukPlJ8DnRN5pUPQmkPxyZHGZf4TduC4qs%2D%5F61OQLOMJ53KLuZWaLnlhrJTeCsx%5FKhjHabZmJH5TX%2DOPOiptAY8BRxKVLhvgNCN2KqKNo6%2DIRnLpyklQANaomgPfPfyLCCaYLc%2Dh%5F3ZEBWE8AEgNjpkr4E4AQDkAYBoAZNgAfXu7TEAagHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB%5F%2DesQKoB9%2DfsQLYBwDSCBYIgOGAEBABGF8yAqoCOgKAQEi9%5FcE68ggNYmlkZGVyLTg0MjYxOYAKBJgLAcgLAYAMAbATp%5FreE9ATANgTA9gUAdAVAfgWAYAXAQ%2526ae%253D1%2526num%253D1%2526cid%253DCAQSGwBygQiDboqLXsG3jhs1o4HPJOZMBjHCQVbdGxgB%2526sig%253DAOD64%5F0iyJgF151tpA7wAaS5hJLTPzcVoA%2526client%253Dca%2Dpub%2D6362111942204036%2526dbm%5Fc%253DAKAmf%2DAQrWnrxWdeyG3IUjFrHKtQpnaiIk1P58KQo3%2DJPCHUt5fE0VExgClNavjmTlok%2DtsXH2wU7bH1UNkH9MOMi48ArVe2Xrx7mJffgbIyTw6XInRLPETbv2SPE%5FzYFI1JsNjDPk3k2JQAjiPGp9yI3bgr8hRy0v%2DTFUpDhf5wPZUlm6srKdQ%2526cry%253D1%2526dbm%5Fd%253DAKAmf%2DAdZ00HIz2DM8IAP8kc1IEq8FDkSdpMGjTp4ztlGgWpZnRy%2DXi6IrsH1%2DBhTI58W3VXkLbObKmMvF2ONVcFhGhgMchpXUPYSQXkaoa0V7FyGRcif4XXW3fbFPzhGyj3HygO7DLkshR4%2DuwmonM3moapmFzlmzY596o4SYAEMWb5NqUQQ6tcSnBrSJLfZl9nKmpXoYgsvm%2D%2D%2D5atn%2DNU6xGBH%2DYSzsoPHrhBQUQXDo%2DDsIhqDM%5FMgez8j5DoglL3NrW2BPwhg2Z8NlAej0FXSzmEa%5FUdPP7FZ5dtG0jeXOJfWivAitMoN1pFKoqWMiMZtFpbSnQUXBaC%2Dy4HKoBgPsDxx2WHAY%5FJ%5FHuVnjX%2DrRV%2DDfQbxM1Im5da3N74JrhtojwwlGlA39dCT2inyFofcRW4NRme%2DnmAMXN%2DBP4xxLCU1h%5FhtevZwY48QQHlyP%2DjPr%5FqjDiHSJ6hXCwvkCn3Kgi4S0aMzlPyOCj6XdkT3TpYQWlay4zEq3eMFm0dwlhd5UDvd%5FFZUVlV8B8xG0vfPr8iCDVw2Q%2526adurl%253D
Requested by: Host: ad13.adfarm1.adition.com
URL: https://ad13.adfarm1.adition.com/js?wp_id=4813093&gdpr=&gdpr_consent=&kid=5872531&clickurl=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE2MDg1MCZzaXRlSWQ9ODQyNjE5JmFkSWQ9Mzc0OTkyNSZrYWRzaXplaWQ9OSZ0bGRJZD0wJmNhbXBhaWduSWQ9MjI5ODcmY3JlYXRpdmVJZD0wJnVjcmlkPTgxNzU1MjI4NDIzODUyNzI2NjYmYWRTZXJ2ZXJJZD0yNDMmaW1waWQ9NUYzREMwNzQtNUM5RS00QjI3LTg0MEMtNjIyNEJFQTI2ODE0JnBhc3NiYWNrPTA%3D_url%3Dhttps://googleads.g.doubleclick.net/dbm/clk%253Fsa%253DL%2526ai%253DCK5GFIwONZPLcHYXe7gP5iKqIC9yo-JJx_-fm58QR9C4QASDLidYjYJXaiIKYB8gBCakCyK2YOo5isj6oAwGqBNkBT9AYgv6I2XNr8A8KE-EfmobrIM3KxFqMSeF-y7oGBVxtR5QM5jE-BhHIMLjA4ISm0bYYr55eo6SMQQGRBbZcYvPa6qVZWZvupTgjqkC6weuUysxi27d8hYwBm67GGemw6EmXTUI736ltXO9kMcBukPlJ8DnRN5pUPQmkPxyZHGZf4TduC4qs-_61OQLOMJ53KLuZWaLnlhrJTeCsx_KhjHabZmJH5TX-OPOiptAY8BRxKVLhvgNCN2KqKNo6-IRnLpyklQANaomgPfPfyLCCaYLc-h_3ZEBWE8AEgNjpkr4E4AQDkAYBoAZNgAfXu7TEAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGF8yAqoCOgKAQEi9_cE68ggNYmlkZGVyLTg0MjYxOYAKBJgLAcgLAYAMAbATp_reE9ATANgTA9gUAdAVAfgWAYAXAQ%2526ae%253D1%2526num%253D1%2526cid%253DCAQSGwBygQiDboqLXsG3jhs1o4HPJOZMBjHCQVbdGxgB%2526sig%253DAOD64_0iyJgF151tpA7wAaS5hJLTPzcVoA%2526client%253Dca-pub-6362111942204036%2526dbm_c%253DAKAmf-AQrWnrxWdeyG3IUjFrHKtQpnaiIk1P58KQo3-JPCHUt5fE0VExgClNavjmTlok-tsXH2wU7bH1UNkH9MOMi48ArVe2Xrx7mJffgbIyTw6XInRLPETbv2SPE_zYFI1JsNjDPk3k2JQAjiPGp9yI3bgr8hRy0v-TFUpDhf5wPZUlm6srKdQ%2526cry%253D1%2526dbm_d%253DAKAmf-AdZ00HIz2DM8IAP8kc1IEq8FDkSdpMGjTp4ztlGgWpZnRy-Xi6IrsH1-BhTI58W3VXkLbObKmMvF2ONVcFhGhgMchpXUPYSQXkaoa0V7FyGRcif4XXW3fbFPzhGyj3HygO7DLkshR4-uwmonM3moapmFzlmzY596o4SYAEMWb5NqUQQ6tcSnBrSJLfZl9nKmpXoYgsvm---5atn-NU6xGBH-YSzsoPHrhBQUQXDo-DsIhqDM_Mgez8j5DoglL3NrW2BPwhg2Z8NlAej0FXSzmEa_UdPP7FZ5dtG0jeXOJfWivAitMoN1pFKoqWMiMZtFpbSnQUXBaC-y4HKoBgPsDxx2WHAY_J_HuVnjX-rRV-DfQbxM1Im5da3N74JrhtojwwlGlA39dCT2inyFofcRW4NRme-nmAMXN-BP4xxLCU1h_htevZwY48QQHlyP-jPr_qjDiHSJ6hXCwvkCn3Kgi4S0aMzlPyOCj6XdkT3TpYQWlay4zEq3eMFm0dwlhd5UDvd_FZUVlV8B8xG0vfPr8iCDVw2Q%2526adurl%253D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.54 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: aa.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: 66e3d45a33f8bf62ac2e6447d4350aeb5d2392b76c1ebefe2143f6f5d4738a28

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 02:49:39 +0200
content-encoding: gzip
server: ADITIONSERVER v1.0
p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
content-type: text/javascript
cache-control: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame C0DD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_dbm
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEB0QKss9niTDtVwZYBGHp74&google_cver=1

0
239 B

168ms
42ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEB0QKss9niTDtVwZYBGHp74&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiA56_nATAB&v=APEucNXTBJMTn9ARNfIFn7hvCF9ePkxvPP-JceJJl2i7VAPLyHSVv2zxcfDtI8-P-y_ZFlenzqpxii_sv30xJ2Pqp3xCDllkz58pl4xr8t4SWgpe4Ecok7e0vWRitr5vkTxFCUiFcFWvHG6Pvev5UxbD7TznvFf6JPc84p6XZK0ANpb5lyBD6f1Cv5nJRDiBaInFq2Dmvte0
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: f5982f4f9cc79eb2b489dda8b92e3144
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEB0QKss9niTDtVwZYBGHp74&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C0DD
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=

170 B
188 B

51ms
50ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiA56_nATAB&v=APEucNXTBJMTn9ARNfIFn7hvCF9ePkxvPP-JceJJl2i7VAPLyHSVv2zxcfDtI8-P-y_ZFlenzqpxii_sv30xJ2Pqp3xCDllkz58pl4xr8t4SWgpe4Ecok7e0vWRitr5vkTxFCUiFcFWvHG6Pvev5UxbD7TznvFf6JPc84p6XZK0ANpb5lyBD6f1Cv5nJRDiBaInFq2Dmvte0

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame C0DD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEM5XRT13iXEWTwpDSwcLlcs&google_cver=1

43 B
273 B

49ms
48ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEM5XRT13iXEWTwpDSwcLlcs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiA56_nATAB&v=APEucNXTBJMTn9ARNfIFn7hvCF9ePkxvPP-JceJJl2i7VAPLyHSVv2zxcfDtI8-P-y_ZFlenzqpxii_sv30xJ2Pqp3xCDllkz58pl4xr8t4SWgpe4Ecok7e0vWRitr5vkTxFCUiFcFWvHG6Pvev5UxbD7TznvFf6JPc84p6XZK0ANpb5lyBD6f1Cv5nJRDiBaInFq2Dmvte0
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEM5XRT13iXEWTwpDSwcLlcs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame C0DD 43 B
145 B 139ms
49ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiA56_nATAB&v=APEucNXTBJMTn9ARNfIFn7hvCF9ePkxvPP-JceJJl2i7VAPLyHSVv2zxcfDtI8-P-y_ZFlenzqpxii_sv30xJ2Pqp3xCDllkz58pl4xr8t4SWgpe4Ecok7e0vWRitr5vkTxFCUiFcFWvHG6Pvev5UxbD7TznvFf6JPc84p6XZK0ANpb5lyBD6f1Cv5nJRDiBaInFq2Dmvte0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 020A 0
20 B 74ms
73ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2862690275287&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 020A 0
20 B 74ms
74ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2862690275287&version=m202301230201&ct=77&x=6&cor=9491841747300272000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 020A 30 KB
17 KB 80ms
79ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DheUxhBjJ2V9cKaiktK2hrIySurfo66Bd06x-QZR1Eabwcw2iYT9Sp-mwLjcWye2ftujvqVc-tB3sB06u1BZ3l5QRuhoCU2id55jIG-PnwEibyrhKps0-9CzHeSwg3VDFG7Upgmg6SCzkX9KQ-Z934-ydHE3E1le2ZEOMbC_qFon4gsrU&cry=1&dbm_d=AKAmf-BnH7e5PSIjYWbP8EdYevTeWL60kuetDuORZT6dJKArFgYyS1J_W94vEaRE9KfBhH21XLfxpFm3TBfThmUbLyqj-u8xBdLywMpb_TCJcV8QZkkcDxoUhpBC4kpBwTfJ3a3bzenYi8nxMxyzG_mmh5B1Jl5ZD7GndWYtMItfnMkxARHhBuHvN1jo2bO0HzLLNPX8xfGZHCNpxiYAYgSd61-X1shNIRjGsufsP1eGPk5aLWKeiHxWzm2aCcMYJsEmo-iJB0YGf4KhHhGq7dfgTdiYcRb5pfcHHXmzci8fiMmIocRbCpF0lqsPpsXTHZTTR_sJwFM1O-o7lZl00m1xFrSWJs0mgz9k_x_wXmfMlfppKOfWUgAT_vCoUjVS-1w0l5Ihwo7qTzpyIiaM8PysQnvms8AL29p_7G1zn7qz0yApQlxC02mhzc_8XdRlApA1AQkJkFmEujo_9RzFGRwxDtf__9wxMFkcJUmWLpFubM90rpQzmjgjs_VF_QYCgIzckzmgvuE5Tx-hmd6WlBeS9WM8ywFWl75sOU77FTZIKDeEoOJPFQx3QSJgbtx910wKfggNp93kTDCLKw1-MTloY2pRuuupchPlMFC3kylNqNWPJWrhLL39kHAeRWjBZULCQXVX0SqgaxsmqW5O_Vl2AkEXivm05zrwW9mzfLLwE56vOW56sGJfHFX5K_8cIuAETwCIagYpI-JniwWZzUnAf0o5RwI4SSMi7XN7aYFq88ZIDk6PeFCYUv9XSWhFm40Nyn30_uKjR0F0vZdzbhN1CszDAws9KJvS4wLgk9QbiaL-HnC0X2odrqVa9vsUr8e3w9EjsUg0nfsGkLR9fQWwQbGuzTzDcH0HZGS4yQtK1V5T3Og_-qdJRW3bo7UG-eioBzlaTYmcNAUsLOjAGFMM9dMz45sr7UZlaIBtYh4EVWIAGBhtGHEXZmzjMPkDQre0sdOqX2i3aygj60Xa5R4yCYT0X73sKZN6Eg2bhvr6rUVYVxK0O9IPXRv_pUtH7SXSWLLY5vzZ1hhLA95qFit9Ys-GzknJuh1gKxP8e4svNLgB2b6INTpPNyYaTXBY9ATaTdNdn3AvoFM_mDeUI7sh6hTT5DxUTE6CFGQxqE0rpUZ2eVHiv5Ok7QuTWb5pjc0ptCTp8jmFYE0Sv6BiQD-HzfDOnPxP8QY6NmPY0E0rMw07X3Qkvv5mntdpEx66nQN-MnSDnDHp4UPcxEkRRaCWbA_fKc5RgVs8t7KuUnu78FkayGpBqKH0NCWqjstQ2d1lQTFRM69X76Zd6w2-BOl3MoulsXQk2O7mhsdOftAt2nlZMZsIus-tkh__dQq64TYEGUIoeb5B840J6n6sXyubopbiemoQ1e62uzSwQTVb0GiEok0vY3-TTgICAF9jvcIHfMYGJY9T-ZjYx_XMD84MUydyg_EB2ZdwDA-zAyek7h6C4R_N1BTx7qZS8r_6FPXoRSyRd69REoeyqGKDIPMMFA6FwhhRaxnVhvRjAThRRftSrq_BudAQ5ausfFoX2tHONBXv_zWTvXjXYbU9xzMl9-T60vFum6ng72GghuExUrXKRQoh0iwKyQbAiiiP4LA2wEnMJV2TKqZdihSjh4l-JovOla67byP6yztAyAvL5r12mW1pwCluUKA6REs9SmaFR7eEzQEHwvg9OgYRVuEHpJ-0pliDjldbzyTrpCU-6nctqmrSGyZ_d_YIkKlvwkRF5qRfGEBctbpEkOSL8nAc98X2G3uu2xxyWip1iWzPHxzUIh_9ybJurX3yErvf-q4phXIXoDPVDogoms3hPpajGf5iCLXa7M1O-1sJen88G-tl5KwzbpnfG-GNHiAceMFqYHBpFHBT8kxUtg36PWjj_PDp2iCIiDpsQiheIojCI0AA5VVqIhHXta9E9Lmz_8CaP4_qlq5mQIwfYN6a0MWIuNRVcUsrRE44QrMrGgcpJDWOvLu1o3xK3tOZj50wlZ1GA7S5yjPBzoiOUk3d7Ca41BLK-wkXIkXgZS5Pks2cLiWv7emndUteATz6iZuBQSvZHavFB4a4lHYqxQHu9zwdxqI2ywQcvI9v30vBvakHfM5QXR2sBcW3ln40SOW0JP8tJWjJgCsc--Dy9JEY-slqYsbzWEo5MKjbzRRe6RphaRR5KkXeKmc9uHNKC-XFHuWZQmhqFhsUw870EwvMjtgey4vTbH0C6vP9A0Z824xQFlE9j-D2m6H6U-7rfaO9HG8gnxqtGEkKLOtJS1gBHeH0sOvdwsK_dK_-Dku56CYUb17NBXAS3pXKPtG7cubIqFvECD2hWgY05Qzln8kkZsquSiDl_HWgjA8jDLmsCdKdtDhptm1JiCY4byZ4EffYmJEf2QmfOdXUeg6kRRDz-ifeTWEv-7WK3X70ioejYrfzNRpVMM8c1cm9nHbFOsBYiUK_CfTzlh51FcRVhaRAuvIosZyv1WDDFuzUi0UxMW1arUQA___SwPtvk6XXN0ny0khl1Wr9VL3zBGAhb2I1H5bIeyJJdoK1KAcmED_XHqKJZDjWAVLUEUnW2P2Kg5tUvQhVIb3QGupChZMK93SSktYOKU61AIafXtNnekgIu1zbJNQqMUOuKBJa7X905M1B5FwNQtPowH_BjIozBPirTzsdjZ9VsK67PbkPIROqw3IxGxmWCZ0rRZzrEAJeC6g292LwoSJIm2poCV9dcotZXRSzZq4GUjS1LdcVUiZ5M9DLs5Kcchb0ngvKufcrmxXV6_HkMcILfuxm_NKjkg2HN4TinFgDcx1NwDFf7WFvnlsrxSC2n6cy_ND7_chAl1qtTdKTK8MTqzO4W9Lz0UVKImjLmZeiZ5A9ND-ffYeTHZ-M4L93K-YXd8n9Vf-goyoMdlegqn1_eBL2ppETR3Zkl6hl71HVF29FiGVeoDzB9D2s2T8IWN-dkgOUPhJNLkRgpbdh-TMjHFCf1xxS1QSWIJ-zQSXPVPvTtiiDKfT9fmFDxsDcFJRhKI_lHRTapU1BH28EB7H4OXhubAUz1LO2cR9srJBDx0_VnRhU0ugcuHjw4YsJvLz0D9Do9cuRMAmyoy6vUIjpPmM2ww3WPr8ny3U_En-ogET0Th2pkW91IDbfmPZjjdAOojRdXufWG8a2j37nxDiFPpcNVLp0N1CHZlnNLlSGSeNkGTMi9fCd30Rl7HdNcCRatfaC8p4s1f4LLUnWt9ZBkWRhRSeNMuzp8-gpa0C9f3wwOE3wXzYEilz1JJccUcxHLxrfsNw9Wvj9gENttZeY0PG_gEiq2bLkwgKhsHfvd712OGTgwQH7DIw5TEmlDp4CMlRVOWYmB43zAKGQuLIHRuZQUtuneUNuQc9fQBAEIPy9K4iOJhdnUvCkBPFCurL1xZqzcDtfgxYt30ht_NqwMy-bsv70T_VS4m7QQzDFPqj1Bl2QQYhTbuIl-fxx-d2sZRsQrFfzWAaK2YmnUh8tu0Me&pr=6%3A0.115964&cid=CAQSGwBygQiDp5U9SEfyPaRE4yqZBq6HMWu0Mmlr7hgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=9491841747300272000&adk=207133284&idt=63&cac=0&dtd=19

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

985a210375670fb5c41b9c3239d382e96d3ae29a1a3f409a71757df339ec817c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17820
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012305252018000/ Frame 02F4 222 KB
60 KB 42ms
38ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012305252018000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a4135cd61dfa379bb61b0718f3a20dc8b25d0b8f4e3f2e52ef4d0e5be736136c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 14 Jun 2023 21:11:23 GMT
age: 185897
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61795
x-xss-protection: 0
server: sffe
etag: "7347aa4c83612bf7"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Jun 2024 21:11:23 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012305252018000/v0/ Frame 02F4 15 KB
5 KB 56ms
52ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012305252018000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e2ac756b7d18a0715d66cff4a48f4ba89882b3bcec6cd4fda5455387eaff84d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 14 Jun 2023 21:11:23 GMT
age: 185897
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5238
x-xss-protection: 0
server: sffe
etag: "6efdfbd3c81d03c9"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Jun 2024 21:11:23 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012305252018000/v0/ Frame 02F4 94 KB
28 KB 56ms
53ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012305252018000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a9344144d755ac52f3d8405003feb8eab3b79aebc78e330537ea10861d6f32e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 15 Jun 2023 20:51:54 GMT
age: 100666
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28864
x-xss-protection: 0
server: sffe
etag: "51fe97ef57b83921"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 14 Jun 2024 20:51:54 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012305252018000/v0/ Frame 02F4 5 KB
2 KB 63ms
59ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012305252018000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a28b55f41413d16c71a76b7af3ff9f707323bb3906096b85f7a581415aaeff55

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 16 Jun 2023 03:58:48 GMT
age: 75052
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1896
x-xss-protection: 0
server: sffe
etag: "fbb7a7837efaff21"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 15 Jun 2024 03:58:48 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012305252018000/v0/ Frame 02F4 40 KB
13 KB 64ms
60ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012305252018000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45352935afb3119009abbfa8ed5bf7b67fc4edf64e8b718a134975410823ace9

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 14 Jun 2023 21:11:23 GMT
age: 185897
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12956
x-xss-protection: 0
server: sffe
etag: "bd37dd4c3b7b688b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Jun 2024 21:11:23 GMT

GET
H3 200 tr.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 02F4 3 KB
3 KB 41ms
40ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 19:04:08 GMT
x-content-type-options: nosniff
server: cafe
age: 20732
etag: 9957912877679239782
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3057
x-xss-protection: 0
expires: Sat, 17 Jun 2023 19:04:08 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 02F4 344 B
368 B 41ms
40ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 13:35:10 GMT
x-content-type-options: nosniff
server: cafe
age: 40470
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Sat, 17 Jun 2023 13:35:10 GMT

GET
DATA 200
OK truncated
/ Frame 02F4 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 06f0060cc5659f4c8968817a09846032c30a7d5b6d3cf734cd96066b55639975

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 12849547922031087808
s0.2mdn.net/simgad/ Frame 02F4 573 KB
574 KB 156ms
40ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/12849547922031087808

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b2dc560efa5766b1601b67424a1ec28bef879b4e6ab41e14220cd25c9f07c5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 08:28:08 GMT
x-content-type-options: nosniff
age: 145292
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 586902
x-xss-protection: 0
last-modified: Tue, 04 Apr 2023 12:43:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Jun 2024 08:28:08 GMT

GET
H2 200 1861294809109631555
s0.2mdn.net/simgad/ Frame 02F4 10 KB
10 KB 202ms
86ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/1861294809109631555

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 23:37:38 GMT
x-content-type-options: nosniff
age: 4322
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Tue, 04 Apr 2023 12:43:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Jun 2024 23:37:38 GMT

GET
H3 200 ad
googleads.g.doubleclick.net/dbm/ Frame 02F4 42 B
63 B 65ms
64ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Arl7GWLpWBxdnri8eAxH4mPMuua4TAVCuWqXl7kXzLcGGtQtwzori8W1tjfkbnaWNluU4VST8dK_xrWkAW5Z863LmAMTSVwjNW-r4Rc2tNViR7PhKYW0J1_bCQUrzKyA7zqlZ8rv6LDQa5zdpqyUSfKB_pew&dbm_d=AKAmf-DdnBfXmQAD_MfSV9-skE_D7nMCiVvMoxGs_B22ZpNYFCNkPYT9a58AcJCIhL4Dm43nG476kf_jJHzJZ7wl4LujWy63hXa6ifsJTONgjnIZ5bUF8yMrCFY-FEa3TIBiyFTFqCXEpD8I5Lso6s0uU1q9xAquRy40_pusWghtQuh0IOKWaoavistfwtPC7a9EFLQ8vaiQprVXzs-CXx-pd8_f7FcIv7jSqPvwTuuFyLfUeMIK7GCBRFyJqwcqljGp6yhj4VE1PLwxPTu4Pv2DxIRllqky69q4YG_FG7p8hYviwaYUnJy3qC6y1a7VHU9sRnuz4E302fgUApPSfSLkqitO1gEnBR6j9DCv96-jgKCU5snmIWDTZek16KSwvLildLH4Lj9voS-RCJ5ZMlT4kZ8yqgSEI1_QdnSGBRu6mRVXysltx2tnOvyqg5jXIGOHE1Kj4AsblA4mRlRnsi3jxlRj_r8FGgEELWuaDKWR52FwlECKPISUQgvTPX1meoe67HX0B5G0oyMDemzdRYyIE5zNt6xij_aTuwXkE1TO1zkGo3dcSc0RAL8oYGhvgOLhf0aHjns176jP09tkyUCZzdO7BKxQtaEhGPuWpgHoFglLSXu7xFs1i_NWii7rpqwAqOmqzHXZNEWlRkc7mq0yDJNIGzVY-eqVJm7KTmtMXsfKqJpjILn3-CSVJUnzikH2akusC3LYTV3OTmiptXOxIZWFqJ2SbcYlGVvlOfOTmhywHHlV_YlxMg3ydrHu87aT8Tq0KbDxkztM4mE13qqGRs_nCCmQJxdU2JKHtnQNVWFk8DyxhfFvirk1iSd_KRJMJdAr7dLt-Zx9YmDWA3M8IhMYi8EnMDjpdCp0NmjhYy-7NnMtD6LkuksohdPN2E3W4NchRJECca92l4h5Bx9gGVw7UD0E3hir-BqcVt2KptZ-clh9hVxAvEO1SR-9hXg3qMG_ONavLioEocYlrSyRRWMItLYUpFu9iGSv9urqneMVclz45a5l1CPLunLtyVFyuFTyI0Dl5p2Jv76FEU7nJ6zUeDvpNaKSk5jeGSKYlptxZzs-QoiA64_Hes5NnGO_zGLsuxfNGVNWG8drfKyRbNCK2HTrtu5ceiDNnF0uB2tPRGitKIJjTUHVwJ5hOpjMWaziZlLx6WbeOOvKIc5eeNob0ffP5Xv-BcYCEk30nlOiPm7gnUBpD-5g1OuRQDeB347JcXwgALKu6GCArEtdopa4fty9bmhfIikR2jz1u6vCH_sPEYggqGzDpJomrjPSYcBJXs6scX_ZPMYacTp6WlPgg3HvXvFRSVREr1v1rPi0NDHMfJJ2fFnfqv7-4gUOQ_5g8xefu52BiU9rSQro0wntyr_mslFLWAWmrqczyEoMg-TiZVmXGZTTgFD1vugkgrbUoGM2tXZenr4G1Y2K6QmL-cuaXrwQrFP0YJN6c96E7Z0gFXyIGxLGPyvG0W3C6FiFiz6_-JDb5hVyP3PjhYZnZLO7dM0y_ZvuFu922vYaqQaVlgvM8ILes2_J3RyRvMTo0plFbKR0kJ4TDaAuo8GmAYdE4qyD9sVNC29kl4MHjL2TbJdtjmGFbpKAGe1ontuzgCNCaPIRxR8h2z48pKs4N9S2WVDi6WUJXRavrKTgO_p1JETsSssXNionOHWIvus0SL_DD8v-LxeuXI3ysZ2DOlekvWrjnWaWeFTu2FAAa8Ma6svKEoeXsK5tq3Ft_INR9DFyqnWnBTvQMdgRSgymkTvdYPGRnk4MRarMijV1ovqR1rJqEu_w0PE-fRt5O2ZXUsRWUCuBFMXLNoNxHZt2V3BgFZS5L09GTAaLLXr_i3asapBnQ3szePG-4JcYAu2_YucVU0W4rj9gtHAh4kbH_aaGzy8XvbpSAILMnDK9A89OcYvSU3E5fpwrj9lpuqQ4zMDYc17bVw00jawGNwmlW1J8Dm_xtwurMnyO8dR2K4BjpkE1AEgnCklctC5u2Fr3gPbC-W4qssD9DNVcgZRCyxJCmBL18V_GhhlfFDyTzadHTL1a5lx7Zy8YbDyCRufTk9XueOdH4YgLWVGKkNS7UVDyKfIawkGoAMq8osSLvLyGl9Ul6J9aduNAoOxsdHLeGk5X0XDDeaP1k5Le6Mg-9G82669o9LsldJ5fzsPoJLcm127Wy-WWTTr4Lk-r-wcdV5kE5Yu60p5de-ECnGlAg_moQONVtwQSoD2pK-cPKCKJ8rBBVTuZLquEPwi8IUGeKtTYbyoaOWxcqmDyaKCaMKvTtY8d1yV93mXzQMlbe5eizRHeLgS-THEtbxXvUMJvr3ei0ixUO0KcuHKagAa8wFCD5pdPCCXACSQVikxkJ_A2WWC2MnPpWUspWyGeA6SWZiNo0omVZ0h7kyJsR9ipUJq6SpL0DE_2wb-uZuf2dzVxdOClHABsb2mLoo_KD77mCAKgDUbha-De0dAvmkks9baAFmIXcOIqR7orxviYKs7ogKvctMDeWyqcGsjCVjd8ceXY9yTr2KMED5Jv9UgKC95M8bpo5k42bosfNyjdsLUTnsfQE2VqlEViy4YlE_p8gU6-7yeb2336JHBatmLtTCELVUoc26Y3fKgleZhIx-buBPN9bF6OYm91MvA9GMjt9mg1-G1qAmGIdx4zfpWjV22hFH-ym4llKDJI-AP4Rn1Ll5nKaqFRI7NSMd827Ss0qDVr93aEC7Ppniikz1XYDw8VVlxHyQwhkzsAihoDYbC_jFYv6FLN6TAtGuisYnX5Q4lNUwuMA9iszdV49IFKMS_7gGv8PlDX5jCqa3ifg0TZ139qyneVM-xcvlGz6ZUYA-O3fcXhw5h-BtiA1em2bJbsTF2LzWH_Zp8Mh9jAGFXwGE8qx_i9hXQ7sLCc4bemWxJ_LvXDb0k4qaH1KMN8vsqQsov20CU0ewlZQ_MKedBg8Ze7UwA_X8R1i1xVzVdFdrC2MOZlorFV7YAK4W8HWaBSXD-eaRt7U9THR5I8bxDi_JVMVCPOaM93sv1CB2gc6rX-i72AkEt1EDJrvnwks6wFrDyi6UQ6VuD24Qw4x8IGEYkUd29vIbtL-CnH62FgLrQsXEczdg2a6iP8tmyAJu2JF_G7v7gFgCXOD8Yz14ySVjb4lMoO-Ieub_GGyIU07KNnIg5cj8LxOgG1sX60oP0MPKcoZcHE-1ERfgbtWVx94-EuV-FlkwijrISX6dxSM7HCQ2Wg55FLvd7ymuEmiNJMzVCRKbc77hY2Kf-L3M7Eo7DMzhHLbbbgtJT6rl6jecbE8qTraRRgtHqeZ9cR5MOgveLreuqPDqNddFe3eiLIEbnXYlpMAjch-Wej_OhG_APJarXLpCrcv1KdEdUNThOt2923EDbolTOQaM2eyxLHoWRqcCYa4BVPmelvvIWHg_3p15MIRKEOJv0Xp14IXTfxpKXEZiJ2HopN68K9YcMYOH-i7H24C5oIFosXzdC02dlxiWrUKcY97KLmZ3gOgk0h7VgGKQSUhZVcaKuvKkoO0EHmrpOxqPRygSGSy5A3DfqyQBzZEpLqKn5bQPrlhvRQuhVRRLgWuOmnfXNu38sO5Dz5ltw10Era7mvHIZBy6aiYdHf5fyq1ZCnYKivH8zYFlxuhonghZytMzSQ_N7sgkR9RpNeCXzJ_D8ztJjMAVO5pXO8zCsy8d_B7rvqkmDQYlQ&cid=CAQSOwBygQiDkIW9KK9wnKWLeLQzVwNaiTX3lUCakD5gz49KVf22XP31kGgsuAwwxGkoZo0gPb1ww3QMvb69GAE&dc_exteid=31118974352969918787740928592404365&dc_pubid=4

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 02F4 0
0 80ms
79ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CEbijIwONZIiOLNSNgAf-g78Q_9Do5W-s1-v8nBHwLhABIMCygmtgldqIgpgHoAHTqd35AsgBBqkCyK2YOo5isj6oAwGqBNsBT9BSgLylWaVxA4Ipq_0emXGKZyNCGDAcHPPA0WWHsgfuhqBFoqodztdMkU-msDTsuXH1y69aYEP5q6L-XI7Vd6tktTAbi6JBKHQfljCRVSewyfm-RzMlz4dWI2nIrslz5CjPwEJwc4ssVSUbzUyuRE03W-djmtEElZL_GyF9nsVwtxG1lq-vQ-wFL_pCleHCSSeKIcotAR4NBhTdVdzyHYn7NisDvudvqsNyR7loVOOVfm4yHAvT20IT4MvJAX9CQFKl8zXStm3i6pCwkZPGwQar9o6cOU3w-QNcwATcnJj-qwTgBAOIBfjqm5VKkgUGCBsQAhgBkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAY3gAeV1qKGAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcKEK3gChjw_-blAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgPICwGwE4D1vhPIE5vtjuID0BMA2BMNiBQC2BQB0BUBgBcBshceChwIABIUcHViLTY1OTM1MjMyMTAwMTAxNTQY6sFt&sigh=2QlmUCn1YMI&uach_m=[UACH]&cid=CAQSOwBygQiDkIW9KK9wnKWLeLQzVwNaiTX3lUCakD5gz49KVf22XP31kGgsuAwwxGkoZo0gPb1ww3QMvb69GAE&template_id=509&vt=10
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H2 204 l
www.google.com/ads/measurement/ Frame 02F4 0
0 141ms
50ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSexJdaEiQlRuwfE-VmlBcQnhaciulLSeeH9LEGxPwUXc21_lEDbPyDpSmPLhq5I5rz9VMrRJUowZ4lCZ1RKnQffSzLdQ
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 container.html Show response
464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1E00 6 KB
3 KB 45ms
44ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 17 Jun 2023 00:49:39 GMT
expires: Sun, 16 Jun 2024 00:49:39 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4A57 6 KB
3 KB 40ms
39ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 17 Jun 2023 00:49:39 GMT
expires: Sun, 16 Jun 2024 00:49:39 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9BB4 6 KB
3 KB 40ms
39ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 17 Jun 2023 00:49:39 GMT
expires: Sun, 16 Jun 2024 00:49:39 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 000002642977.jpg
imagesrv.adition.com/banners/3326/files/00/28/54/21/ Frame B951 82 KB
82 KB 44ms
43ms Image
image/jpeg 217.79.188.10
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagesrv.adition.com/banners/3326/files/00/28/54/21/000002642977.jpg
Requested by: Host: ad13.adfarm1.adition.com
URL: https://ad13.adfarm1.adition.com/banner?sid=4813093&adjsver=3&fvers=&iframe=1&ref=https%3A//ye-mek.net/&ro=https%3A//464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html%3Fn%3D1&uao=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/114.0.5735.133%20Safari/537.36&os=17&browser=11&userid=7245450824371538703&kid=5872531&screen_res=6&wpt=J&clickurl=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE2MDg1MCZzaXRlSWQ9ODQyNjE5JmFkSWQ9Mzc0OTkyNSZrYWRzaXplaWQ9OSZ0bGRJZD0wJmNhbXBhaWduSWQ9MjI5ODcmY3JlYXRpdmVJZD0wJnVjcmlkPTgxNzU1MjI4NDIzODUyNzI2NjYmYWRTZXJ2ZXJJZD0yNDMmaW1waWQ9NUYzREMwNzQtNUM5RS00QjI3LTg0MEMtNjIyNEJFQTI2ODE0JnBhc3NiYWNrPTA%3D%5Furl%3Dhttps%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCK5GFIwONZPLcHYXe7gP5iKqIC9yo%2DJJx%5F%2Dfm58QR9C4QASDLidYjYJXaiIKYB8gBCakCyK2YOo5isj6oAwGqBNkBT9AYgv6I2XNr8A8KE%2DEfmobrIM3KxFqMSeF%2Dy7oGBVxtR5QM5jE%2DBhHIMLjA4ISm0bYYr55eo6SMQQGRBbZcYvPa6qVZWZvupTgjqkC6weuUysxi27d8hYwBm67GGemw6EmXTUI736ltXO9kMcBukPlJ8DnRN5pUPQmkPxyZHGZf4TduC4qs%2D%5F61OQLOMJ53KLuZWaLnlhrJTeCsx%5FKhjHabZmJH5TX%2DOPOiptAY8BRxKVLhvgNCN2KqKNo6%2DIRnLpyklQANaomgPfPfyLCCaYLc%2Dh%5F3ZEBWE8AEgNjpkr4E4AQDkAYBoAZNgAfXu7TEAagHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB%5F%2DesQKoB9%2DfsQLYBwDSCBYIgOGAEBABGF8yAqoCOgKAQEi9%5FcE68ggNYmlkZGVyLTg0MjYxOYAKBJgLAcgLAYAMAbATp%5FreE9ATANgTA9gUAdAVAfgWAYAXAQ%2526ae%253D1%2526num%253D1%2526cid%253DCAQSGwBygQiDboqLXsG3jhs1o4HPJOZMBjHCQVbdGxgB%2526sig%253DAOD64%5F0iyJgF151tpA7wAaS5hJLTPzcVoA%2526client%253Dca%2Dpub%2D6362111942204036%2526dbm%5Fc%253DAKAmf%2DAQrWnrxWdeyG3IUjFrHKtQpnaiIk1P58KQo3%2DJPCHUt5fE0VExgClNavjmTlok%2DtsXH2wU7bH1UNkH9MOMi48ArVe2Xrx7mJffgbIyTw6XInRLPETbv2SPE%5FzYFI1JsNjDPk3k2JQAjiPGp9yI3bgr8hRy0v%2DTFUpDhf5wPZUlm6srKdQ%2526cry%253D1%2526dbm%5Fd%253DAKAmf%2DAdZ00HIz2DM8IAP8kc1IEq8FDkSdpMGjTp4ztlGgWpZnRy%2DXi6IrsH1%2DBhTI58W3VXkLbObKmMvF2ONVcFhGhgMchpXUPYSQXkaoa0V7FyGRcif4XXW3fbFPzhGyj3HygO7DLkshR4%2DuwmonM3moapmFzlmzY596o4SYAEMWb5NqUQQ6tcSnBrSJLfZl9nKmpXoYgsvm%2D%2D%2D5atn%2DNU6xGBH%2DYSzsoPHrhBQUQXDo%2DDsIhqDM%5FMgez8j5DoglL3NrW2BPwhg2Z8NlAej0FXSzmEa%5FUdPP7FZ5dtG0jeXOJfWivAitMoN1pFKoqWMiMZtFpbSnQUXBaC%2Dy4HKoBgPsDxx2WHAY%5FJ%5FHuVnjX%2DrRV%2DDfQbxM1Im5da3N74JrhtojwwlGlA39dCT2inyFofcRW4NRme%2DnmAMXN%2DBP4xxLCU1h%5FhtevZwY48QQHlyP%2DjPr%5FqjDiHSJ6hXCwvkCn3Kgi4S0aMzlPyOCj6XdkT3TpYQWlay4zEq3eMFm0dwlhd5UDvd%5FFZUVlV8B8xG0vfPr8iCDVw2Q%2526adurl%253D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.79.188.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: cf0ebd338dece7cddfe2f599cfd297de1f503355591b43de942c34b20a2148b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 17 Jun 2023 00:49:40 GMT
last-modified: Thu, 15 Jun 2023 04:11:23 GMT
accept-ranges: bytes
etag: "2401418494"
content-length: 83922
content-type: image/jpeg

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame A3D2 22 KB
8 KB 43ms
40ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 126175
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 13:46:45 GMT
expires: Fri, 14 Jun 2024 13:46:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 0F56 39 KB
14 KB 145ms
45ms Document
text/html 23.32.184.192
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.32.184.192 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-184-192.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5cd425896ccfd119ee720821af6a832189231c40d52ae8cad03480886967b984

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=86447
content-encoding: gzip
content-length: 14445
content-type: text/html
date: Sat, 17 Jun 2023 00:49:40 GMT
expires: Sun, 18 Jun 2023 00:50:27 GMT
last-modified: Tue, 21 Mar 2023 06:09:28 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame B951 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 96c9d5526261a29afe062480e6befe0680041e7ec0bd393c89803d6245e6b602

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 8563 648 B
253 B 58ms
56ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNUFGPIHDGzr5OPGS7fh-XrQrutxcBR8k0RG0c34b4sMFIADRJ-3zRPGvDHnZCKRKFoBcT-ELtgF2I7Ha7Jp8uajplPsJfWwhgTCanLVyNpe_iCdzyiXZPylXiM0x_RaPF6Umg8wQNIkO9hg3S-TPJSzQ78ZsaChbqMaYfFJ_7HC-764jOU

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1abef527f498afd45a968e9d226413e58b40b21872f23164ff7a203a26f40b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 233
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 17 Jun 2023 00:49:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 1E00 78 KB
27 KB 67ms
67ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:49:40 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1E00 42 B
63 B 75ms
73ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BxGC5c_5S23NUWRv-2fbiErjopd2F_jnyXrYHewMrGHTchZeGI8hZ6XDFyMdhVUvubKrOVoFxZgOEU98X2ZqAFWvDZG9YcUjxb_H4ls1rqv1OMCpQ

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1E00 0
20 B 76ms
74ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=11523493843760791410&x=1&ct=76

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame 1E00 3 KB
1 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/window_focus_fy2021.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 08:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58155
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 08:40:25 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame 1E00 19 KB
8 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 17:36:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25975
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8120
x-xss-protection: 0
server: cafe
etag: 8171891181101138299
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 17:36:45 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 1E00 0
0 61ms
58ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS5wHGnbga2kZy0HrTN3F-STB38ANPOsm6HzaRXR3n1zptBuWeGP5WZyIUMOnuiVnM9hllID4tj56qgoYeM1WnxwJVn5w
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1E00 178 KB
56 KB 60ms
58ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:49:40 GMT

GET
H3 200 container.html Show response
464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F347 6 KB
3 KB 40ms
40ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 17 Jun 2023 00:49:39 GMT
expires: Sun, 16 Jun 2024 00:49:39 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B564 500 B
259 B 54ms
53ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNWx7VM4t-_SHKyu6qggZz24uC3dvOqayM1Pfp93-dld98FDdHlrgngw1gCC488a3lTv8WK-bdN70ehLtnxW0AfFCry1mI7vuCEZ4jbWNvw1X6l3Gi-gln_yAkRYr9H07LL7UasB9Mjudg8KPtNWiknLVB5LttjNKQip1PEf3sGGLh4RACs

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aedf3dff6e3596bea2ed1f9bb489aca220ac62eb0f0eb2ec34306f215388a1c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 239
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 17 Jun 2023 00:49:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 4A57 78 KB
27 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:49:40 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4A57 42 B
63 B 76ms
75ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BDpkVpMNs0Qxbi_U0RyTjoTIHsXzFWSR5zaxKgSERi8AUaC5GG7d8v890QYGHsStsFeHSaZpFAgRN8UJM13j-eCQ6llt86Pv6VmKtOExgBVj_qX10

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4A57 0
20 B 75ms
74ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=10127637358763131638&x=1&ct=76

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame 4A57 3 KB
1 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/window_focus_fy2021.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 08:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58155
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 08:40:25 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame 4A57 19 KB
8 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 17:36:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25975
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8120
x-xss-protection: 0
server: cafe
etag: 8171891181101138299
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 17:36:45 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 4A57 0
0 49ms
47ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTt4EMKCUC861gHLnkVlI_Tzl547JLOi-L_vXmkgai4rFaw8H60YX8LVTvT4U8hO9WKo8dLvij8OyHnV6xEzkR7fO7hmA
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4A57 178 KB
56 KB 52ms
51ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:49:40 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/ Frame 020A 29 KB
11 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DheUxhBjJ2V9cKaiktK2hrIySurfo66Bd06x-QZR1Eabwcw2iYT9Sp-mwLjcWye2ftujvqVc-tB3sB06u1BZ3l5QRuhoCU2id55jIG-PnwEibyrhKps0-9CzHeSwg3VDFG7Upgmg6SCzkX9KQ-Z934-ydHE3E1le2ZEOMbC_qFon4gsrU&cry=1&dbm_d=AKAmf-BnH7e5PSIjYWbP8EdYevTeWL60kuetDuORZT6dJKArFgYyS1J_W94vEaRE9KfBhH21XLfxpFm3TBfThmUbLyqj-u8xBdLywMpb_TCJcV8QZkkcDxoUhpBC4kpBwTfJ3a3bzenYi8nxMxyzG_mmh5B1Jl5ZD7GndWYtMItfnMkxARHhBuHvN1jo2bO0HzLLNPX8xfGZHCNpxiYAYgSd61-X1shNIRjGsufsP1eGPk5aLWKeiHxWzm2aCcMYJsEmo-iJB0YGf4KhHhGq7dfgTdiYcRb5pfcHHXmzci8fiMmIocRbCpF0lqsPpsXTHZTTR_sJwFM1O-o7lZl00m1xFrSWJs0mgz9k_x_wXmfMlfppKOfWUgAT_vCoUjVS-1w0l5Ihwo7qTzpyIiaM8PysQnvms8AL29p_7G1zn7qz0yApQlxC02mhzc_8XdRlApA1AQkJkFmEujo_9RzFGRwxDtf__9wxMFkcJUmWLpFubM90rpQzmjgjs_VF_QYCgIzckzmgvuE5Tx-hmd6WlBeS9WM8ywFWl75sOU77FTZIKDeEoOJPFQx3QSJgbtx910wKfggNp93kTDCLKw1-MTloY2pRuuupchPlMFC3kylNqNWPJWrhLL39kHAeRWjBZULCQXVX0SqgaxsmqW5O_Vl2AkEXivm05zrwW9mzfLLwE56vOW56sGJfHFX5K_8cIuAETwCIagYpI-JniwWZzUnAf0o5RwI4SSMi7XN7aYFq88ZIDk6PeFCYUv9XSWhFm40Nyn30_uKjR0F0vZdzbhN1CszDAws9KJvS4wLgk9QbiaL-HnC0X2odrqVa9vsUr8e3w9EjsUg0nfsGkLR9fQWwQbGuzTzDcH0HZGS4yQtK1V5T3Og_-qdJRW3bo7UG-eioBzlaTYmcNAUsLOjAGFMM9dMz45sr7UZlaIBtYh4EVWIAGBhtGHEXZmzjMPkDQre0sdOqX2i3aygj60Xa5R4yCYT0X73sKZN6Eg2bhvr6rUVYVxK0O9IPXRv_pUtH7SXSWLLY5vzZ1hhLA95qFit9Ys-GzknJuh1gKxP8e4svNLgB2b6INTpPNyYaTXBY9ATaTdNdn3AvoFM_mDeUI7sh6hTT5DxUTE6CFGQxqE0rpUZ2eVHiv5Ok7QuTWb5pjc0ptCTp8jmFYE0Sv6BiQD-HzfDOnPxP8QY6NmPY0E0rMw07X3Qkvv5mntdpEx66nQN-MnSDnDHp4UPcxEkRRaCWbA_fKc5RgVs8t7KuUnu78FkayGpBqKH0NCWqjstQ2d1lQTFRM69X76Zd6w2-BOl3MoulsXQk2O7mhsdOftAt2nlZMZsIus-tkh__dQq64TYEGUIoeb5B840J6n6sXyubopbiemoQ1e62uzSwQTVb0GiEok0vY3-TTgICAF9jvcIHfMYGJY9T-ZjYx_XMD84MUydyg_EB2ZdwDA-zAyek7h6C4R_N1BTx7qZS8r_6FPXoRSyRd69REoeyqGKDIPMMFA6FwhhRaxnVhvRjAThRRftSrq_BudAQ5ausfFoX2tHONBXv_zWTvXjXYbU9xzMl9-T60vFum6ng72GghuExUrXKRQoh0iwKyQbAiiiP4LA2wEnMJV2TKqZdihSjh4l-JovOla67byP6yztAyAvL5r12mW1pwCluUKA6REs9SmaFR7eEzQEHwvg9OgYRVuEHpJ-0pliDjldbzyTrpCU-6nctqmrSGyZ_d_YIkKlvwkRF5qRfGEBctbpEkOSL8nAc98X2G3uu2xxyWip1iWzPHxzUIh_9ybJurX3yErvf-q4phXIXoDPVDogoms3hPpajGf5iCLXa7M1O-1sJen88G-tl5KwzbpnfG-GNHiAceMFqYHBpFHBT8kxUtg36PWjj_PDp2iCIiDpsQiheIojCI0AA5VVqIhHXta9E9Lmz_8CaP4_qlq5mQIwfYN6a0MWIuNRVcUsrRE44QrMrGgcpJDWOvLu1o3xK3tOZj50wlZ1GA7S5yjPBzoiOUk3d7Ca41BLK-wkXIkXgZS5Pks2cLiWv7emndUteATz6iZuBQSvZHavFB4a4lHYqxQHu9zwdxqI2ywQcvI9v30vBvakHfM5QXR2sBcW3ln40SOW0JP8tJWjJgCsc--Dy9JEY-slqYsbzWEo5MKjbzRRe6RphaRR5KkXeKmc9uHNKC-XFHuWZQmhqFhsUw870EwvMjtgey4vTbH0C6vP9A0Z824xQFlE9j-D2m6H6U-7rfaO9HG8gnxqtGEkKLOtJS1gBHeH0sOvdwsK_dK_-Dku56CYUb17NBXAS3pXKPtG7cubIqFvECD2hWgY05Qzln8kkZsquSiDl_HWgjA8jDLmsCdKdtDhptm1JiCY4byZ4EffYmJEf2QmfOdXUeg6kRRDz-ifeTWEv-7WK3X70ioejYrfzNRpVMM8c1cm9nHbFOsBYiUK_CfTzlh51FcRVhaRAuvIosZyv1WDDFuzUi0UxMW1arUQA___SwPtvk6XXN0ny0khl1Wr9VL3zBGAhb2I1H5bIeyJJdoK1KAcmED_XHqKJZDjWAVLUEUnW2P2Kg5tUvQhVIb3QGupChZMK93SSktYOKU61AIafXtNnekgIu1zbJNQqMUOuKBJa7X905M1B5FwNQtPowH_BjIozBPirTzsdjZ9VsK67PbkPIROqw3IxGxmWCZ0rRZzrEAJeC6g292LwoSJIm2poCV9dcotZXRSzZq4GUjS1LdcVUiZ5M9DLs5Kcchb0ngvKufcrmxXV6_HkMcILfuxm_NKjkg2HN4TinFgDcx1NwDFf7WFvnlsrxSC2n6cy_ND7_chAl1qtTdKTK8MTqzO4W9Lz0UVKImjLmZeiZ5A9ND-ffYeTHZ-M4L93K-YXd8n9Vf-goyoMdlegqn1_eBL2ppETR3Zkl6hl71HVF29FiGVeoDzB9D2s2T8IWN-dkgOUPhJNLkRgpbdh-TMjHFCf1xxS1QSWIJ-zQSXPVPvTtiiDKfT9fmFDxsDcFJRhKI_lHRTapU1BH28EB7H4OXhubAUz1LO2cR9srJBDx0_VnRhU0ugcuHjw4YsJvLz0D9Do9cuRMAmyoy6vUIjpPmM2ww3WPr8ny3U_En-ogET0Th2pkW91IDbfmPZjjdAOojRdXufWG8a2j37nxDiFPpcNVLp0N1CHZlnNLlSGSeNkGTMi9fCd30Rl7HdNcCRatfaC8p4s1f4LLUnWt9ZBkWRhRSeNMuzp8-gpa0C9f3wwOE3wXzYEilz1JJccUcxHLxrfsNw9Wvj9gENttZeY0PG_gEiq2bLkwgKhsHfvd712OGTgwQH7DIw5TEmlDp4CMlRVOWYmB43zAKGQuLIHRuZQUtuneUNuQc9fQBAEIPy9K4iOJhdnUvCkBPFCurL1xZqzcDtfgxYt30ht_NqwMy-bsv70T_VS4m7QQzDFPqj1Bl2QQYhTbuIl-fxx-d2sZRsQrFfzWAaK2YmnUh8tu0Me&pr=6%3A0.115964&cid=CAQSGwBygQiDp5U9SEfyPaRE4yqZBq6HMWu0Mmlr7hgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=9491841747300272000&adk=207133284&idt=63&cac=0&dtd=19

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 17:36:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26020
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11316
x-xss-protection: 0
server: cafe
etag: 309758756414748794
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 17:36:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 020A 41 KB
15 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 13:19:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127830
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Jun 2024 13:19:10 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9BB4 0
0 87ms
86ms Fetch
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cijr8IwONZOeVLKSx-gbH7J7oBc-HjptcwIbZgsYCwI23ARABIABglYKHgpgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBPcBT9DRl5p6NOD2LN3FXip9oPE88ggbHWZNvVkHEWLqMq0NYyHWx1WhTSDrW0VYhzAi8dKftcLLd7UbRaQlZI_qVMs6KtZxBmfvXkIYCm7CConXCNlKbc6tvoROGrD11YnCb6pbDM2_EexwjzU0cJ50dn1IpNDztMJXR85v4dT8-xibTrKKZ4X7roZJ4CecOLBCuVp_f3JuoTm4wCpMektZkKSvmDTnav35o45L82CrM6AESTnumf7RXG5Kn24N-O99RzHzrbWp49nu_pdwqqf-Y0sjWTzsxUZrpGrDKz2DSXW7dxyJKPL8c01L2KQLZxG0yU_XnzoVn-AEAYAGvtTW_Nma6J2oAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNzk4MzY1MTI1NzgzODI4MhjqwW0&sigh=nKnuuo9pTec&uach_m=[UACH]&cid=CAQSOwBygQiDXYaXSE-OiwulSaHiHoRpVJp_Gyad-Sin1gnG0SgRbYAGoqAuafvCMRFfmiASddlJRmu4MAQ6GAE&tpd=AGWhJmtxLxy99ny985phodI-eVY_3ZANESs1cq8UsaF3rPpkgFhkJQtrKp2DgK7gVCTUEMo_dgVt1zzNApmzxEvxEX3aaqEOi43NxJ_sibgMwMCobFebPGvL3QvJqku6Rp6jlSXPme3WNIwffQUAc9NxGXe100PrjcXpUl1tAkTDbSo0rtzKLnzq3Jef98qXjc7viwcXXQQe-OHbnsnHsgGhi9ogxYw77PUunHzAAvffCOyVNaLXojTfoO0D2xrVtooWkem6utX1ujjx2u7KZvTB6qBdNoKO3jzQQjCxMzKA1LkJjBNz2uQ1Wa9RrU9HYzoQ_0c0RjdAe3gyGhfuZajLSvPje4ywdvAZ756il0LNrr7VZG3Pu_Hj7MLJB5Pt9ZAghk_yETYZgwfUlA1NC1mFD6hlTSu0UktA1mphZnq8OcTmNaTW_4ptMWoKX-2DxP-RuMQjZqF9hG4RL4sLrM7cdiJ5qGZwpicGNFJ4aQ_EFggO6_zT4vZs5NEKSXCZXHzzF1Xe1mvqpL18qfaTKiVvfE2rbo-A6jqp_e_o04WhvPQb6PBApUr_u9jTSfH1ZYLWGpH5CgAjm3XbtJPJAvtdrkbr8bvw_yND9U0jaAH3XXp5Sqo-mjQ4DZyoDrH6GwIJoM5GQRpPCU-oXADZehvpSF7eO8TfesQN-ynyCLYF3AzjsNlCA-3ZXF5Pc7OksYIEvimb9SxR3yr3QyrVWCA2xA1LpZmw9SlWDCW0Rs2Q0wB4fEZkTiWr5s_VuQ4PuqPlrK4R8OtozzKkYBaG_nsuQwIqVa7LTRhZFn5JLBI-LkFDJbqVnYR6u73RTtAzq4bhr59CDutRSy_jbN7Iy8XueOvoW9mTjofvUsLQlEDmEL_EP96NxecpGSqtJ7sD0o9OhXhjUzLzzeSmi-jXbj6OYUqqlSnuxyQoR65SxdR6GXPSConh2E82zwhURt8SAMdYqodbGXUmqGijjzyIJ_em-vS63gOJ2bcPybLYnG622Dkds3oSQFhU8qTQrqWM22c--TKfXqxoRkmfZ3lWyOjNISNTyCfte_zUnG0VFxetB-f2nnlfxEZiQAzjoKNRYIjedfgf2zITrOXMh-SlpWTT2sLYRWAEdWoXO6h_uB3SlLioY26HuldJ
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 9BB4 3 KB
2 KB 187ms
78ms Script
application/x-javascript 185.29.132.246
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWWpsbE9HTTRPREl0WXpKaU1TMWlaalk0TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg3NDE0MjU0NTQ5NjI0NDY3OTIvNjYyMjMzMi80NTYyMzA2LzQvdTdSVlIzR1RPOFJsM2JrMmZsUTRPVnh2d3d6VG82bjNhNUZwd0d0aThqTS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC84NzQxNDI1NDU0OTYyNDQ2NzkyL2Ftcy8wLzEzMy8xMS85OTkvMTYyLzJhMDE6NGEwOjEzMzg6Oi8wLjAwMC8xNjg2OTYyOTc5LzE2ODY5NzU1NzkvNC9wdWItNzk4MzY1MTI1NzgzODI4Mi8/uTVn0O6ZXGxlqC1DvtETaJ4sz50&nodeid=3264&group=cdg&auctionid=8741425454962446792&pbs_auctionid=8741425454962446792&shardkey=8741425454962446792&sid=4562306&cid=6622332&bp=a_ajjeag&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.89&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC6yXxIwONZOeVLKSx-gbH7J7oBc-HjptcwIbZgsYCwI23ARABIABglYKHgpgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBPoBT9DRl5p6NOD2LN3FXip9oPE88ggbHWZNvVkHEWLqMq0NYyHWx1WhTSDrW0VYhzAi8dKftcLLd7UbRaQlZI_qVMs6KtZxBmfvXkIYCm7CConXCNlKbc6tvoROGrD11YnCb6pbDM2_EexwjzU0cJ50dn1IpNDztMJXR85v4dT8-xibTrKKZ4X7roZJ4CecOLBCuVp_f3JuoTm4wCpMektZkKSvmDTnav35o45L82CrM6AESTnumf7RXG5Kn24N-O99RzHzrbWp49nu_pdwqqf-Y0thWx1-afrPo-dnY5ZbCdpLagiDlPjSa6z2GOSknbCq5Vd5BoYSEq4_--AEAYAGvtTW_Nma6J2oAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0-BlWIoYrmF_mDIoDMSrhFlaE5gw%26client%3Dca-pub-7983651257838282%26adurl%3D
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.246 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.392.0 /
Resource Hash: bfe6f78248eda598a1e85b3ef73553c3c32921630573d523a59b04f74b23bef6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 17 Jun 2023 00:49:40 GMT
x-mm-nodeid: 3264
Content-Encoding: gzip
x-mm-bid-request-time: 1686962979
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Connection: close
x-mm-handled-by-owner: true
Last-Modified: Sat, 17 Jun 2023 00:49:39 GMT
Server: MMBD/3.392.0
x-mm-latency: 32 (0)
Content-Type: application/x-javascript; charset=UTF-8
x-mm-dbg: NotCount
Cache-Control: no-cache
x-mm-host: zrh-router-x73, cdg-bidder-x52
x-mm-lag: 1
Expires: Sat, 17 Jun 2023 00:49:39 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame 9BB4 3 KB
1 KB 53ms
52ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/window_focus_fy2021.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 08:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58155
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 08:40:25 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame 9BB4 19 KB
8 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 17:36:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25975
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8120
x-xss-protection: 0
server: cafe
etag: 8171891181101138299
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 17:36:45 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 9BB4 24 KB
6 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 13:25:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 127444
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 14 Jun 2024 13:25:36 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9BB4 178 KB
56 KB 65ms
64ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:49:40 GMT

GET
H2 200 banner Show response
ad13.adfarm1.adition.com/ Frame 020A 4 KB
3 KB 49ms
49ms Script
text/javascript 217.79.188.54
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad13.adfarm1.adition.com/banner?sid=4813093&adjsver=3&fvers=&iframe=1&ref=https%3A//ye-mek.net/&ro=https%3A//464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html%3Fn%3D1&uao=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/114.0.5735.133%20Safari/537.36&os=17&browser=11&userid=7245450824371538703&kid=5872531&screen_res=6&wpt=J&clickurl=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE2MDg1MCZzaXRlSWQ9ODQyNjE5JmFkSWQ9Mzc0OTkyNSZrYWRzaXplaWQ9OSZ0bGRJZD0wJmNhbXBhaWduSWQ9MjI5ODcmY3JlYXRpdmVJZD0wJnVjcmlkPTgxNzU1MjI4NDIzODUyNzI2NjYmYWRTZXJ2ZXJJZD0yNDMmaW1waWQ9NkM1ODZERDgtRURFMC00NDQ2LTg3NzQtRTYxOUZCNjIzM0QwJnBhc3NiYWNrPTA%3D%5Furl%3Dhttps%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCrVSpIwONZMGNKYXC3wPlqraoC9yo%2DJJx%5F%2Dfm58QR9C4QASDLidYjYJXaiIKYB8gBCakCyK2YOo5isj6oAwGqBNMBT9Da%5FK7Z22ih1kgk8qWXtgD8CjoSnyioU6ZJIjR4ahN7pQGyy1fihQdWxA2j1ew62chu7puTmRo6eretzet2rjnHeW3Q6TlRKDRipmIblgKFrasqGYvqSyG1G4AhMZ3g3pi%2DK%2DLm2A81tBN2ZjpJvTE%5FX46xAX7EcdcJtlE%5FdYgIMmk%2DRyQ9ASX8iZbH0tQkOsQphveN97LsOUK%5F7FXg4L4skzvVXHPRBs3%2DvugupZv3YIOhbRMgCDXg1HZwO368n8putJHlD5jxnO%5FYnRTb7kU04sAEgNjpkr4E4AQDkAYBoAZNgAfXu7TEAagHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB%5F%2DesQKoB9%2DfsQLYBwDSCBYIgOGAEBABGF8yAqoCOgKAQEi9%5FcE68ggNYmlkZGVyLTg0MjYxOYAKBJgLAcgLAYAMAbATp%5FreE9ATANgTA9gUAdAVAfgWAYAXAQ%2526ae%253D1%2526num%253D1%2526cid%253DCAQSGwBygQiDp5U9SEfyPaRE4yqZBq6HMWu0Mmlr7hgB%2526sig%253DAOD64%5F1hpULDyfhosm0ioZXJzJbAjGv5Sg%2526client%253Dca%2Dpub%2D6362111942204036%2526dbm%5Fc%253DAKAmf%2DAP8NpKlZxFClgi7W1BDu%2DtAn9t0dayvWq6gVe153ED6B3%5FFe%2D0PEc%2D4FhjBDG2taZI1BYu2a%5F3or7yxrm1Z%5FJDet87iFORbE%2Da4Xj9cONTP%2D6abeaNswJGZAeAxdc2cUXeBJ6cX%2D0BOTGdG1v3zde4RYIlVhuNC9O6102Fkk33pcRNkoQ%2526cry%253D1%2526dbm%5Fd%253DAKAmf%2DApVCtAqPcPH1nFSIqUQPUF4N40a0oesIJX1lDjWW4olFWYe3tJ2%5Frj0r1YgMsSIwnN3RFnkYfns5IrpFnGbS0%2DWF2UnNKsmOKoyQhJIF2D6INxeaurnH2aLvfjmjC7xrUKIhhrsw1XTavMyNl6auWOxCvkrLE4mfSxs%2DknHA6wY0xsLzvhfCOyLfuynRwvnJ3Rn1gdV5ax6M4IYIaJNtg%2DX5H9JmW78gnOi%2DdG%2DPVwv5RHlGtOIhUdo%2DFfu07gU%5F7VbU7HoIrETs%2D80i3W9vxL7upLR0an4wN0gBTFss02oiyD%5FCPVeSZodYR%5Fr%5FVeL36TBHVBylUtKjzFAJT0CLbYZAs64Po5954KjZom09hwlUhO7sO17WcOO8%5FbDWyxokXZKKJ6tZRxwLphkEp7RuO6NBO3DJnuxyZUttFV8qeBvtm5YRstlRynsRwH7Sid6cb3wEfoE0Q2k00%2DRm%5FwPXDh%5FJ%5FTvGzlvJOV7fXZckNrR03P4uj9g8N7DiHuctatwygH%5FRS7SRGZ8PDl%5FlsSiPayC0eWJA%2526adurl%253D
Requested by: Host: ad13.adfarm1.adition.com
URL: https://ad13.adfarm1.adition.com/js?wp_id=4813093&gdpr=&gdpr_consent=&kid=5872531&clickurl=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE2MDg1MCZzaXRlSWQ9ODQyNjE5JmFkSWQ9Mzc0OTkyNSZrYWRzaXplaWQ9OSZ0bGRJZD0wJmNhbXBhaWduSWQ9MjI5ODcmY3JlYXRpdmVJZD0wJnVjcmlkPTgxNzU1MjI4NDIzODUyNzI2NjYmYWRTZXJ2ZXJJZD0yNDMmaW1waWQ9NkM1ODZERDgtRURFMC00NDQ2LTg3NzQtRTYxOUZCNjIzM0QwJnBhc3NiYWNrPTA%3D_url%3Dhttps://googleads.g.doubleclick.net/dbm/clk%253Fsa%253DL%2526ai%253DCrVSpIwONZMGNKYXC3wPlqraoC9yo-JJx_-fm58QR9C4QASDLidYjYJXaiIKYB8gBCakCyK2YOo5isj6oAwGqBNMBT9Da_K7Z22ih1kgk8qWXtgD8CjoSnyioU6ZJIjR4ahN7pQGyy1fihQdWxA2j1ew62chu7puTmRo6eretzet2rjnHeW3Q6TlRKDRipmIblgKFrasqGYvqSyG1G4AhMZ3g3pi-K-Lm2A81tBN2ZjpJvTE_X46xAX7EcdcJtlE_dYgIMmk-RyQ9ASX8iZbH0tQkOsQphveN97LsOUK_7FXg4L4skzvVXHPRBs3-vugupZv3YIOhbRMgCDXg1HZwO368n8putJHlD5jxnO_YnRTb7kU04sAEgNjpkr4E4AQDkAYBoAZNgAfXu7TEAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGF8yAqoCOgKAQEi9_cE68ggNYmlkZGVyLTg0MjYxOYAKBJgLAcgLAYAMAbATp_reE9ATANgTA9gUAdAVAfgWAYAXAQ%2526ae%253D1%2526num%253D1%2526cid%253DCAQSGwBygQiDp5U9SEfyPaRE4yqZBq6HMWu0Mmlr7hgB%2526sig%253DAOD64_1hpULDyfhosm0ioZXJzJbAjGv5Sg%2526client%253Dca-pub-6362111942204036%2526dbm_c%253DAKAmf-AP8NpKlZxFClgi7W1BDu-tAn9t0dayvWq6gVe153ED6B3_Fe-0PEc-4FhjBDG2taZI1BYu2a_3or7yxrm1Z_JDet87iFORbE-a4Xj9cONTP-6abeaNswJGZAeAxdc2cUXeBJ6cX-0BOTGdG1v3zde4RYIlVhuNC9O6102Fkk33pcRNkoQ%2526cry%253D1%2526dbm_d%253DAKAmf-ApVCtAqPcPH1nFSIqUQPUF4N40a0oesIJX1lDjWW4olFWYe3tJ2_rj0r1YgMsSIwnN3RFnkYfns5IrpFnGbS0-WF2UnNKsmOKoyQhJIF2D6INxeaurnH2aLvfjmjC7xrUKIhhrsw1XTavMyNl6auWOxCvkrLE4mfSxs-knHA6wY0xsLzvhfCOyLfuynRwvnJ3Rn1gdV5ax6M4IYIaJNtg-X5H9JmW78gnOi-dG-PVwv5RHlGtOIhUdo-Ffu07gU_7VbU7HoIrETs-80i3W9vxL7upLR0an4wN0gBTFss02oiyD_CPVeSZodYR_r_VeL36TBHVBylUtKjzFAJT0CLbYZAs64Po5954KjZom09hwlUhO7sO17WcOO8_bDWyxokXZKKJ6tZRxwLphkEp7RuO6NBO3DJnuxyZUttFV8qeBvtm5YRstlRynsRwH7Sid6cb3wEfoE0Q2k00-Rm_wPXDh_J_TvGzlvJOV7fXZckNrR03P4uj9g8N7DiHuctatwygH_RS7SRGZ8PDl_lsSiPayC0eWJA%2526adurl%253D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.54 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: aa.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: 45c655f0c14695d90b542c55ad2cd84fedd09ee0995684c862284ff4784e0ab8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 02:49:40 +0200
content-encoding: gzip
server: ADITIONSERVER v1.0
p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
content-type: text/javascript
cache-control: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 02F4
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

63ms
63ms

Image
text/html

2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Redirect headers

date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

um
sync.teads.tv/ Frame 8563
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEK7QyIjco_I7BkeRA6zJIfA&google_cver=1

23 B
163 B

123ms
66ms

Image
image/gif

104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEK7QyIjco_I7BkeRA6zJIfA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNUFGPIHDGzr5OPGS7fh-XrQrutxcBR8k0RG0c34b4sMFIADRJ-3zRPGvDHnZCKRKFoBcT-ELtgF2I7Ha7Jp8uajplPsJfWwhgTCanLVyNpe_iCdzyiXZPylXiM0x_RaPF6Umg8wQNIkO9hg3S-TPJSzQ78ZsaChbqMaYfFJ_7HC-764jOU
Protocol: H2
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Sat, 17 Jun 2023 00:49:40 GMT
pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEK7QyIjco_I7BkeRA6zJIfA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 8563 23 B
163 B 205ms
65ms Image
image/gif 104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNUFGPIHDGzr5OPGS7fh-XrQrutxcBR8k0RG0c34b4sMFIADRJ-3zRPGvDHnZCKRKFoBcT-ELtgF2I7Ha7Jp8uajplPsJfWwhgTCanLVyNpe_iCdzyiXZPylXiM0x_RaPF6Umg8wQNIkO9hg3S-TPJSzQ78ZsaChbqMaYfFJ_7HC-764jOU
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Sat, 17 Jun 2023 00:49:40 GMT
pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 8563
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESED4MFtlAOJ2v-ZIrkq332Nw&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESED4MFtlAOJ2v-ZIrkq332Nw&google_cver=1&__user_check__=1&sync_id=d7824585-0ca8-11ee-acab-1f057aaa0206

43 B
548 B

45ms
44ms

Image
image/gif

185.94.180.125
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESED4MFtlAOJ2v-ZIrkq332Nw&google_cver=1&__user_check__=1&sync_id=d7824585-0ca8-11ee-acab-1f057aaa0206
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNUFGPIHDGzr5OPGS7fh-XrQrutxcBR8k0RG0c34b4sMFIADRJ-3zRPGvDHnZCKRKFoBcT-ELtgF2I7Ha7Jp8uajplPsJfWwhgTCanLVyNpe_iCdzyiXZPylXiM0x_RaPF6Umg8wQNIkO9hg3S-TPJSzQ78ZsaChbqMaYfFJ_7HC-764jOU
Protocol: HTTP/1.1
Server: 185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 17 Jun 2023 00:49:40 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 90
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Sat, 17 Jun 2023 00:49:40 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=7025&uid=CAESED4MFtlAOJ2v-ZIrkq332Nw&google_cver=1&__user_check__=1&sync_id=d7824585-0ca8-11ee-acab-1f057aaa0206
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 131
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8563
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZDc4MjQ1MzQtMGNhOC0xMWVlLWFjYWItMWYwNTdhYWEwMjA2

170 B
188 B

50ms
50ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZDc4MjQ1MzQtMGNhOC0xMWVlLWFjYWItMWYwNTdhYWEwMjA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNUFGPIHDGzr5OPGS7fh-XrQrutxcBR8k0RG0c34b4sMFIADRJ-3zRPGvDHnZCKRKFoBcT-ELtgF2I7Ha7Jp8uajplPsJfWwhgTCanLVyNpe_iCdzyiXZPylXiM0x_RaPF6Umg8wQNIkO9hg3S-TPJSzQ78ZsaChbqMaYfFJ_7HC-764jOU

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 17 Jun 2023 00:49:40 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZDc4MjQ1MzQtMGNhOC0xMWVlLWFjYWItMWYwNTdhYWEwMjA2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 127
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B564
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1pMzI0N1AxRTJ1R2oxUXNHalBnUDhaXzJ6eGJyZjFRNX5B

170 B
188 B

50ms
50ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1pMzI0N1AxRTJ1R2oxUXNHalBnUDhaXzJ6eGJyZjFRNX5B

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNWx7VM4t-_SHKyu6qggZz24uC3dvOqayM1Pfp93-dld98FDdHlrgngw1gCC488a3lTv8WK-bdN70ehLtnxW0AfFCry1mI7vuCEZ4jbWNvw1X6l3Gi-gln_yAkRYr9H07LL7UasB9Mjudg8KPtNWiknLVB5LttjNKQip1PEf3sGGLh4RACs

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1pMzI0N1AxRTJ1R2oxUXNHalBnUDhaXzJ6eGJyZjFRNX5B
date: Sat, 17 Jun 2023 00:49:41 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame B564
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_dbm
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEPJq_cjlu0fvJtduNrHcmLA&google_cver=1

43 B
163 B

151ms
51ms

Image
image/gif

185.86.138.152
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEPJq_cjlu0fvJtduNrHcmLA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNWx7VM4t-_SHKyu6qggZz24uC3dvOqayM1Pfp93-dld98FDdHlrgngw1gCC488a3lTv8WK-bdN70ehLtnxW0AfFCry1mI7vuCEZ4jbWNvw1X6l3Gi-gln_yAkRYr9H07LL7UasB9Mjudg8KPtNWiknLVB5LttjNKQip1PEf3sGGLh4RACs
Protocol: HTTP/1.1
Server: 185.86.138.152 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:40 GMT
transfer-encoding: chunked
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEPJq_cjlu0fvJtduNrHcmLA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 316
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame B564 43 B
163 B 174ms
50ms Image
image/gif 185.86.138.152
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=GOOGLE_HOSTED_PI&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_hm%3DSMART_USER_ID_B64
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNWx7VM4t-_SHKyu6qggZz24uC3dvOqayM1Pfp93-dld98FDdHlrgngw1gCC488a3lTv8WK-bdN70ehLtnxW0AfFCry1mI7vuCEZ4jbWNvw1X6l3Gi-gln_yAkRYr9H07LL7UasB9Mjudg8KPtNWiknLVB5LttjNKQip1PEf3sGGLh4RACs
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.152 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:39 GMT
transfer-encoding: chunked
content-type: image/gif

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame CCE6 0
16 B 58ms
52ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARiD27LlATAB&v=APEucNWBKIb1sTxRxcrmoQMSIyxbxC1PXBWO3IHoiYnOAJD4NgcalZyA5Wmfdu1TYUosswKUDmG0KaoGVTfZrxXRcvfhYZ8CY0qCTty0X1PAgMvn70r8p0RHVc6XL89LerstZRnFh9qPQ3aLqv4FyD5a5VY_vHGY6Qg6MwVqiGgBMyuz1QiFPmg

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 17 Jun 2023 00:49:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame F347 78 KB
27 KB 67ms
67ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:49:40 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F347 42 B
63 B 75ms
74ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BE48XAjgOJnRAHOgs85ESIHoUIWFY71EtL8K3DXOU33O-zNTcj0-tZesHnRs-XjE1a7v5Rktzmhp7neO_QkAcSPHwztdbaIwB4fGMfdN3nDj3DklY

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F347 0
20 B 74ms
73ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=12385758760440820249&x=1&ct=76

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame F347 3 KB
1 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/window_focus_fy2021.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 08:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58155
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 08:40:25 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame F347 19 KB
8 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 17:36:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25975
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8120
x-xss-protection: 0
server: cafe
etag: 8171891181101138299
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 17:36:45 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame F347 0
0 48ms
47ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT1IP6cX2PMTOqaN6K0wNbZdO5zVxEvA6wwz-sUr6XjJDV1FjP2UkEtCrOgwm_I-27vmsxSaiLtvxsVAZb0W_-NoEQapw
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F347 178 KB
56 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:49:40 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1E00 0
20 B 74ms
74ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7124413277398&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1E00 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7124413277398&version=m202301230201&ct=76&x=1&cor=11523493843760792000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 1E00 101 KB
39 KB 94ms
93ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AvDvs5LoV-pMuzW6j6W40UHs5PS_EJQtURq_iG8hkQkMTL8jOHSuLvnqZ97OsYyvyDXS49pDDjT9cfcSpMXJkXS8swXiu-XwoTMAnpStODZYLaLIgovoDWOBnVrnR5W6XPYvz8WRUuCxYvWJPe2xp8J1_WV1A_q1v48AddlQEWxH9ND-o&dbm_d=AKAmf-DU67BRddgP-DmrpXqxeL1JH0o-wNK5ceO5cBG9rQ2Wz6_RgjyYRCp6mnGEXoPgzlSDJcvAWJMMkzuxWIkz3sLTICvQoWc1ZrN6VY9f1Ek_fCnM71X6d08UKO4gWR1Tw01h_c7len7mpoqif8T6KEGGsVxApDUN2GG5aXQED9iKkpc0G5TJ08ggrUYA1Qp7aGfseHysB34qMtaOGE1m6OwmV1NbdmAilYE0zvaA08fuwbQjz__4fSahA2Z88DgYTpPf8kdI9T16epjqkgB2g8F-5ejK2oQCzaNkL8fZ_EvnOZ7MnIob84j0T5fT9jDZawFHGX5opH_NOAgOSI3Ly6jAtebfxBI-i_fKfrqNcVnU2sXcjZY2gRCghm-i_s5G_5GQ6mLVyENk3lry4-xs6DJUEbOORwrShmUB4n2xvfHIUmoB9-xniEfg2Swj6gSCvrz-MEzRD8gJZEUNcvWH-2JlMpufpKk72eAiRKV3b56Xn8XadjKw8nUCWjiUgv_Dcy8Npvu_-1reDWlQCJJK68EJAOpZp42MjeAAflGyHvafV-fVRbu9KNdn1IgDvVOJSuq-AMXNBjaq1oCP2RpPZKthtUe1N20wML1Sh8e2SYo2a1n0QdnaORxiysqDimvTbWh7iOpC0Woi5L3KU9ou_LBwRba3eTEtM25phjgMgvfp_J5XvVX2VEHxXsLlgZEyZJnN0fTQCwpd725y4iDG5dMv3cddCJHA5xIYJzHuCO_32oXl7wmxVPaLBzZTZhJ0fRVdlTFIz1YjgwmB4V4ZXWOB0ev9A2bMLwD9fGeVCyao1uBSeligN4iFiJxRQkQyRGa9zFna9mSxPznFCQuXcHTlk10ht7HQkN1ek_E90qWv7mGc0gh-FdaJofd6hXF96w_vlYFcpeWHhylrt3zZ4LcPRABfYF_3t5O6b4zchnlgP7aQHqVZYeH2kgomSGaOMXxhZ0W2NfQiNtQbJPwkX2cwBuo-dyaLF5AHuDFXW2507YwVZiRi_KMn-BR--az42Thso27wpR5CDUPBDWw9KDltwQ76vSYMcrRyF3gUegU76sMjoGnNovcq_Tgl81W33aYdqP9avzsyFDYb_CFzr0B8XYxEX5TVmd4sLNA0VybytkMqQdDAD0cZkBjoZvcek8Nl50fWJ9wnxX75dIR94FicsJIFS1Bo3BGaw8qcEdEQgaExrVYpsmkF85ZE8QCR1NLfHF9bTbZYMJjvj2T8IhQrhj4e6zjBwypcV_N9gOdfPhKp0s-Rl8kFK5B9hZ9SkakgeE4v-D1n6BfbhPgjRiKg228_l_ySBdLsojWIO4TGXVmZNIr2y8a4ISCoP3MkdDYIafGMfvtTiQF6AX4cF-5yd36e_nn4MbNDGk1hvDPmO_w3mwpF64-p5-QhcpgxEkGCFvBQwgfNe9-jb7LmF4wz2LwIyUwroXx-UgMkOfGTvsL8Rma7RKPu1t4b8pUMJn_iAF_zFxYG0bSMjI9_XCINz2f2B_CSFJ64wBiDEWnSZaJIfaPbHXORmzpxBuy8OXBlPG3MLwGwqBb64IIF6dC5TZlK-RBjYkFva1BpdJD0YQx-GSTLvORe8O8zi4oJR0rr98dMeuWyP0nFSDxD2egFVSU8Rfwdm0LLGub2Fq3QtZ9mHVYMKWMmmErtoIqeK5GtUj97PiIS6Y9sQW3SizH_cnrj1_ROWBIxm71GaCW36P90YF9jOqVC_kylGFl28jhgkeGnQku-A0A2zrZuLXcYsS1o0aY_AGJffRL4__K8TJq_W49E-p05d22LrvrjBn5vmDw-0AUCr5DEhB-dTG54jD5LK_MMMhxL5gPNGDTgyktEAvTU6VZ-ApYkZY62hK51j9S3U52eRYvzOtU02wAMVA-_n3sCWmEEzhXPYlFtsaDirU4FineUpgdu7gTs1CuuQy56j72tu_xgHZ_WP_Eg82ottuW6fQhf_zGgAVnIBVoPE-Y-CrFR8Vn_GKBJL9LqC1ArVQ6dEsUN-KwuirPkKa9ENyJicEP5x2HpZcZOX-q6b0DimsFNe3xHwMLOL83mlX6tAqpZmqO74xrCNcoNhrgjLIfvd9IvI4VuEFV7LIUISSwlHHxk_O-qtiQ1AsgJQdwI8JRf6sc26szfVwvBPhByHMZcO0k3TgKZRrZ0ABM6tXn7PM6mdMxxubXLCSJ4cSsXDOZIsKJVD3hQQCokIiCLIZm67KXcxcgVR6aLNH4c-SD3putGU0qEe5KvjHzxOElJTV-2qQihM75xphQCCPXtvByjamyXa50PP58h5ZyIDVFHbEfTIOBzEiIk2ztA7dinIx3oaTsVF6B295UiruMk-YPorbelTkQhLVq9UD5Li809VEKaxWE2Np_cMpx6wVhKuVfSOGgInbGuD6Dy6H6sBs4bNwi6OiiKY3snLB6SZW79CS1yyF98BcjZfdYEHwda-xlu0t8N5HTqVBIZO1Lw4_zXTzGOs5YO0AvUhKnufUIKD_yRZx8RVZPow2t_1QD6ZNWE02pyEtVp7Ej9HR3xRtZ1skFeDxY4cYt9CZCzEngSSjW5qjJQWV0AckrnrIscIsl8TfFcP8orQw-S7pJ9uTGfIWH8NkawXPnYV2YwE76RlWbY9kITpXfIP-vMJULDy74vZwjQrQJlu6VOSo_NuP5arnIDHsEtbsNX9stOUTpFsrbBhzxnq_sSDdQIa-ZQn6q0_c6SzKmcOxdQ-i9aa5wh45p0wu6L3QFStHvTV6ujZ7RQBAiSw1ZUS5KUnVTIaAC86Cjv9peZM4xfPynDMeTE1gX46wcdoi9GUSH2ToUnZSL2KKYuLuQXqNVwN-x6ziyg-T-Wjlf2KqLHNqRtPP9xnYQJ9unS_pF-0vuJ7ERim5I-Aj2u6dqtOnyVyQNZ04dNLEqyWWYbfrzWw8B0hDObfmAWWoWG89xyKcT6vuzcl4GGXNGqQKKsC5XGeZO4JLFumjgMq9M8sqF2axw4_f6FWJwMcvgX1i9ydDRT6bGh5TzYuq9ONAy6A0zmrLsiyhZ7W7icf3ZWi9pt9aa8AnHTDjb_sb09ukUFC6jU-RmGtgPPBUnb2fm3nYznMEazY98z_B-mcsjbCKSV3Q9jBgzfBYDfR1gQE965HQ4ZyAB5B-dGHFwWJWIetc6CNcpzCWljAxjqfXQg2nOH-HvsL_HqF4HXZwbyJTicuAVHCK8zHnVwyDKqegeExwo5K65pIoAs9644zJVEehG9lyfczoNaqDy8otVeBYajlXlidP-YZIpuQziSIxoBdML2hjXVzFaBVV83daL-hTS8LcrQZE6AJnB_U0WJ46E7oYqkt5mKidNFRHLD0d6nlUMnDfFk3bB5-wwVaW2nPUbA2XXluXad3TEJlIjOp3yH_vo-9zg&cid=CAQSOwBygQiDtgFgPJZu1ZsaHVUtuP9yJ-ykXUDlpHPBBub_ep6RYCxFAlr5WwVq7AJNuZbNlg22YTSgqYVhGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=11523493843760792000&adk=3587751834&idt=72&cac=0&dtd=16

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ab4272c450db8b742f8dd5a4fe3c570fdd58915924b57b935308cfaa2903e5cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39687
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 r.js Show response
q.adrta.com/s/pbm/ Frame 13DC 122 B
322 B 207ms
207ms Script
application/javascript 44.236.199.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://q.adrta.com/s/pbm/r.js?v=22.110&rcb=978004&cb=1015140641_1686962979_259802
Requested by: Host: q.adrta.com
URL: https://q.adrta.com/s/pbm/aa.js?cb=1015140641_1686962979_259802
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.236.199.192 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-236-199-192.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 13561f3dfebf8d31d9727967c099209c171311fdf9be2cc01abd526d9062b8a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: gzip
server: nginx
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4A57 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8626316574756&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4A57 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8626316574756&version=m202301230201&ct=76&x=1&cor=10127637358763130000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 4A57 101 KB
39 KB 116ms
116ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CdIv3Z3gnya7hkQ82sMDx4-2NjduFhmyTFdZLAONomxLH7bHmV5g9aYrJ1H6xXBhjSQGVK784L7KXgnsYQKCfqd-Ertp1ckhT0MEKxmT7x0t_Zm6zvchAn6hHr-4MhhYA-7BkbsrcDj4q5fBUp39mXs2_aUYm4ourpew42wHkaMiPrnto&dbm_d=AKAmf-BQprZMbDpDSYA67xHHIxImAH9a9chuRxfl4D2ElWsEuW4tbbrPCq6yym4xL0frioVM44TWDnba0dK3QCFzULASv0wNjJlo_zDoo_557nkthdGeWk-0Z14r38fReHCPBJ5L-fUZ2jmUHDDWSNKUQRHIH1OARxsHsXsDqo2b4gdKhh62G0Yx81rwLv8LHg8s3J3A-d-pUVhi2lTjbY1tGRw5L5_yySrUhqEdEImdHgTU3UJbkB6nKkGi0hNMWXGsB57dQl4-mevfLfw4wfjxU853b8ZlMuNnAhc1gaQzPFH5MWsiCiPp1_Q5seLkjL1AOMJWmAyH9L2AjsD2h7FtejKDFpv7QjBkG3XsLqCG9B_vBPy1ngs2-JcEGoL9Cq44sVW1V_0C-bHc7NgBI_8EClDx7tLhmcX0-6oFXclM4HXIJ8E7CpRBY1myYtJIHXxbjxQ3POkwVeybtoyE7Q5UsvdeonT_TmeeBTnSpSkuPwLPrJCyg1ZhZf7vRE_miU2ij30d1oELneSOwQ2BzRom0O6WJrxY3IDNdDZmj9YhzEtdiyQCfvdTBvJnEcUX6rPGU8wn5fhcFvvYiukCGqktClgd8aTCLDGhmgbebZURoNy096f5WrQwoe5K-Lyatlm8SdlNNrsbQ-_AlIvfDEJiE1ayJTDNvBhxckBBXFFqOlFulXNtKBHzTIrTJENcz5UMA92N2OvO3Y_ANGY_gjWz7qKhIIfIX99sjtgTKZfbzft7OugM-S4bl2neH7HveMiNAIB48M4EFG2h0_-sQi-uzqYluNUOuAQeq8C-zyq6h9df1JT_JfATmyPh9tpLymd1v0MgMCVOyMyYURKOlfRZrOhwno0G12rfdlc_wBhIpMKFjLFSFEtQM0kXFeNQHOjGQIrhK8CMswiTookpV03DFePnoyvAs_vEwk3epv4qm5zxKbfBI3qTeS5cUPs0iF2mmiiXzcaVgBn0kUit8oXQGj9APh1dxIYKsIGU-8_-EzdlEj74J82rCQpYKlJrPMj0Oc6zf8rkA9wou1GhPvhdfhFJDcFKKRMyOqL651MxLyyWbYH33tlnHOVde9C_wqZfv-x1eiQuHHjusFVef5aLR6WNeBI6ATg61JvbzsFdjvt5r-HTbs_SOGpSrZS5aie78ZA62j-XwohA70TUJETj2b_LBIk1ikVZS80uqyPPow860o-0OYm8I8Csx7rDPGBXF5GQlHuJQ9q9qQo6vdz2YGgZaVbxjC7iCFDE-bgw-98y-Wz98YojZfD819xCm4475MhIyxEbadr6PwhhDLkHh8e0sr244FxAXwKAc_IRjB2uvL_26l7CEZPFAWEMXUwOfr9q1VK8AFcpM1MVVbCYO2B54_HsSz7fsbvLt6r5POZk9p0Y296wI5n1jX0OSANvBatU00mbdFCMT7Bb2KmdyBji1QOLPe-nU2pUtHH8t-l9ScpyQamBUnob8jA-Tme4YuygwCaS9m9mdA-NFpNRCu3Z04dkbmoyhBvqZsBRiHqjGcab_eT-u5I1AHpK3jG0_UBNkoUWobgxFbf_DJxZui_ywKd3B2vTr9DBQ_bKaK4wtv7COpl7Oky21xqmoqsKj4ne9LMIMUUhnzjld-I8YGY-xghgofRIH-11E3LEYU9DUa1Smaw4FNgdkYGfFQ3N_b4xtav5kafJPpb-dEaP7jxhw77TfzQjmZcaXC8DwMLkabCVe0t9GBmuvv7GbHjxidfx6kcsnk0JFPcFdzZZj1faRtiQoQq2e9vtQZPbonIj9pXGfAIW0LxYzwr_LB1qjwPQGCHwMWsTXZHZKSBlyQiK3vBCjk3ijKXQHRjVRvbwUe4Nz9ZH0vJOXkQLKRTFgMx8wXdzHDp1bx06Mg1EaGY-mPtZwUrvMUd2Zm1_1qfD4ShwxhztEQbAm-seIMq81AFbxMd990DUllOy64sBp6B-ck_krabZn6JqMEjfzWmLtZVaderR0WaeevUlGYSQmS5BqP0RFBmFcgaWkxpNQspqYxM0wsohSYUoWBrfO8Ohl5223g5FdqYFcHhCG9aieHMwg7X8HaPG8xotSg_CUAJPEYNFeleFl43OI5Eyo5DVwCBX_nIT0oIiEtiuGFQk_-tX-GeCTVUqiJXp2DQxCpEqP-mcnCQDXGSzgBJk_TqrU-SO3RXDzSFB7XUJmkfNA9EOwbGQPHIQ_rUPYZBb6l6yUKlaiUO4wwAO23y-Du2gOQX_dWzW6X7kwIYIgrSJG71UB18wLgAbSQNxsj-QhKsCZRm6aTuH1XJqLmq7U6rQFipw9ZB5ec3As6rn2cW2C08rBTwuwHB4t5kc-tm-alkF0uH4qjiFbV_LK1hJ3A1ucmmrUACarPduYU123nNPlM5HjdM0_legCBfT4Bs4Tux-0CZwCwFuHF6vDiL8OLkLLUcyHcsqOYSvEYTG6TYUKZaPOqYgIe1dppyP0ah6Ncny8nYTSgFzMqDk3q3gblGbYypf_vlKjr0H43HeyN1jxvZnlOM7prsMWfgFIItPhb9AmduDp-bEhuJChHSulFcwZfGCYq6u4E35UT8pO6ivR1GmKyxCMeS1675TpDj9pWwPQcwdvuGLTsVQmvoAo_WvdPtyvFB-Ewb8qKyOL1jizvIseldXjT_OfX-JLp9iIWdkuOiTO6m9PoFRbtuu1iwJ534-WiC_evc0awX6mFcTymvYsL2eO6ndUyukFXXowWZ_ZBIBtaTPW583OkFSG5Pbkcvmn7rcITVsieN4j-c3xwaL2M9hYtqvNpi5NlX3kOiJE2ap5Bk166J6cNu8r4JtBDXJR8I96RrwyWRkX2_w5OwWN8tQxUBhBHDA9uBW510LY4_VuIMEC4qb8TgEb6NGflcEws8uNdYrHT0NuWgwRzNAw-gdFrIGG2sD8OsHjbS_rLd2uk2bXlDBYzaw8bQPqYITkYJI_Hxt3OqQ7i2p-xYSlGRhUnTWP6dZhtJRP9BtfgLfDqtZv-OhG5qu7N3oori2HnAxq5pZHgBs2nyyFqe_65rNrJ3hL2gDfMPmE8jSvq_HpsEofAQR1SroCgERH0sakkwZD_UlZryetP87I4k2_pkUdkSFHkmqGiKUmkZuQWRE3PQPT2HUNKn9QDRVXUkok9rUbG4SKO1SrIsMsBF2D53-1HYOPYIqeiZkKcQHHWIreLn_8vCndoyh2rMrC9H1p-CMsduinI-ED9nUQllcJks2LByvuGskMasgX11b2bEK0xyVuoMFmehiVV04NPClnw7iCA7MmdpIHBqEQ5MQYmI0iSWzPNPMd4EJprP8gqRxSWyNtv2XycJ1m-G3bRv1xExTMvDFBw31g8H9y1tg9q7a3dk6VFwrOYxdXV-qPOPvEXo_pBFnBg6DSGqvZfOikao&cid=CAQSOwBygQiD9vkfXSgr0gD9FzYatLTBJfKQ8HvD7AwEXcmJAQ2d2wQi4-_FF41SEJOcWFinr-fvH2Y1xGLSGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=10127637358763130000&adk=578009112&idt=65&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8ad92b1c7e5bcc8f201872ca3770d95f4a5deb86781cbcc58809f3a275ec0dce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39695
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js Show response
pagead2.googlesyndication.com/bg/ Frame A3D2 37 KB
14 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

176df1038f84f14d1d2ec33b51af8cef8034b6ebf27106f9b716f714d560e882

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 09:31:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141468
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14698
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 14 Jun 2024 09:31:52 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 69BD 22 KB
8 KB 41ms
40ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 126175
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 13:46:45 GMT
expires: Fri, 14 Jun 2024 13:46:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame A72E 39 KB
14 KB 41ms
41ms Document
text/html 23.32.184.192
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.32.184.192 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-184-192.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5cd425896ccfd119ee720821af6a832189231c40d52ae8cad03480886967b984

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=86447
content-encoding: gzip
content-length: 14445
content-type: text/html
date: Sat, 17 Jun 2023 00:49:40 GMT
expires: Sun, 18 Jun 2023 00:50:27 GMT
last-modified: Tue, 21 Mar 2023 06:09:28 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 13DC 178 KB
56 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:49:40 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 0F56 0
42 B 157ms
41ms Script
text/plain 198.47.127.19
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=73089671&p=160850&s=842619&a=0&ptask=DSP&np=0&fp=1&rp=0&mpc=10&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:40 GMT
content-length: 0

GET
H2 200 000002642977.jpg
imagesrv.adition.com/banners/3326/files/00/28/54/21/ Frame 020A 82 KB
82 KB 45ms
44ms Image
image/jpeg 217.79.188.10
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagesrv.adition.com/banners/3326/files/00/28/54/21/000002642977.jpg
Requested by: Host: ad13.adfarm1.adition.com
URL: https://ad13.adfarm1.adition.com/banner?sid=4813093&adjsver=3&fvers=&iframe=1&ref=https%3A//ye-mek.net/&ro=https%3A//464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html%3Fn%3D1&uao=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/114.0.5735.133%20Safari/537.36&os=17&browser=11&userid=7245450824371538703&kid=5872531&screen_res=6&wpt=J&clickurl=https%3A%2F%2Fclicktrack.pubmatic.com%2FAdServer%2FAdDisplayTrackerServlet%3FclickData%3DJnB1YklkPTE2MDg1MCZzaXRlSWQ9ODQyNjE5JmFkSWQ9Mzc0OTkyNSZrYWRzaXplaWQ9OSZ0bGRJZD0wJmNhbXBhaWduSWQ9MjI5ODcmY3JlYXRpdmVJZD0wJnVjcmlkPTgxNzU1MjI4NDIzODUyNzI2NjYmYWRTZXJ2ZXJJZD0yNDMmaW1waWQ9NkM1ODZERDgtRURFMC00NDQ2LTg3NzQtRTYxOUZCNjIzM0QwJnBhc3NiYWNrPTA%3D%5Furl%3Dhttps%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCrVSpIwONZMGNKYXC3wPlqraoC9yo%2DJJx%5F%2Dfm58QR9C4QASDLidYjYJXaiIKYB8gBCakCyK2YOo5isj6oAwGqBNMBT9Da%5FK7Z22ih1kgk8qWXtgD8CjoSnyioU6ZJIjR4ahN7pQGyy1fihQdWxA2j1ew62chu7puTmRo6eretzet2rjnHeW3Q6TlRKDRipmIblgKFrasqGYvqSyG1G4AhMZ3g3pi%2DK%2DLm2A81tBN2ZjpJvTE%5FX46xAX7EcdcJtlE%5FdYgIMmk%2DRyQ9ASX8iZbH0tQkOsQphveN97LsOUK%5F7FXg4L4skzvVXHPRBs3%2DvugupZv3YIOhbRMgCDXg1HZwO368n8putJHlD5jxnO%5FYnRTb7kU04sAEgNjpkr4E4AQDkAYBoAZNgAfXu7TEAagHjs4bqAeT2BuoB%2D6WsQKoB%5F6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB%5F%2DesQKoB9%2DfsQLYBwDSCBYIgOGAEBABGF8yAqoCOgKAQEi9%5FcE68ggNYmlkZGVyLTg0MjYxOYAKBJgLAcgLAYAMAbATp%5FreE9ATANgTA9gUAdAVAfgWAYAXAQ%2526ae%253D1%2526num%253D1%2526cid%253DCAQSGwBygQiDp5U9SEfyPaRE4yqZBq6HMWu0Mmlr7hgB%2526sig%253DAOD64%5F1hpULDyfhosm0ioZXJzJbAjGv5Sg%2526client%253Dca%2Dpub%2D6362111942204036%2526dbm%5Fc%253DAKAmf%2DAP8NpKlZxFClgi7W1BDu%2DtAn9t0dayvWq6gVe153ED6B3%5FFe%2D0PEc%2D4FhjBDG2taZI1BYu2a%5F3or7yxrm1Z%5FJDet87iFORbE%2Da4Xj9cONTP%2D6abeaNswJGZAeAxdc2cUXeBJ6cX%2D0BOTGdG1v3zde4RYIlVhuNC9O6102Fkk33pcRNkoQ%2526cry%253D1%2526dbm%5Fd%253DAKAmf%2DApVCtAqPcPH1nFSIqUQPUF4N40a0oesIJX1lDjWW4olFWYe3tJ2%5Frj0r1YgMsSIwnN3RFnkYfns5IrpFnGbS0%2DWF2UnNKsmOKoyQhJIF2D6INxeaurnH2aLvfjmjC7xrUKIhhrsw1XTavMyNl6auWOxCvkrLE4mfSxs%2DknHA6wY0xsLzvhfCOyLfuynRwvnJ3Rn1gdV5ax6M4IYIaJNtg%2DX5H9JmW78gnOi%2DdG%2DPVwv5RHlGtOIhUdo%2DFfu07gU%5F7VbU7HoIrETs%2D80i3W9vxL7upLR0an4wN0gBTFss02oiyD%5FCPVeSZodYR%5Fr%5FVeL36TBHVBylUtKjzFAJT0CLbYZAs64Po5954KjZom09hwlUhO7sO17WcOO8%5FbDWyxokXZKKJ6tZRxwLphkEp7RuO6NBO3DJnuxyZUttFV8qeBvtm5YRstlRynsRwH7Sid6cb3wEfoE0Q2k00%2DRm%5FwPXDh%5FJ%5FTvGzlvJOV7fXZckNrR03P4uj9g8N7DiHuctatwygH%5FRS7SRGZ8PDl%5FlsSiPayC0eWJA%2526adurl%253D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.79.188.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: cf0ebd338dece7cddfe2f599cfd297de1f503355591b43de942c34b20a2148b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 17 Jun 2023 00:49:40 GMT
last-modified: Thu, 15 Jun 2023 04:11:23 GMT
accept-ranges: bytes
etag: "2401418494"
content-length: 83922
content-type: image/jpeg

GET
DATA 200
OK truncated
/ Frame 13DC 221 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52a680abb013b3e801df60190717a10bfe765e2e15ce1131470799d6cb710807

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame C096 39 KB
14 KB 42ms
41ms Document
text/html 23.32.184.192
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.32.184.192 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-184-192.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5cd425896ccfd119ee720821af6a832189231c40d52ae8cad03480886967b984

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=86447
content-encoding: gzip
content-length: 14445
content-type: text/html
date: Sat, 17 Jun 2023 00:49:40 GMT
expires: Sun, 18 Jun 2023 00:50:27 GMT
last-modified: Tue, 21 Mar 2023 06:09:28 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 020A 178 KB
56 KB 61ms
61ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:49:40 GMT

GET
DATA 200
OK truncated
/ Frame 020A 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e1eeffc1ffab8d29d222faedce533601a99ae1510c31707127fddafc8a0f6b16

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F347 0
20 B 74ms
74ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6608572852287&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F347 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6608572852287&version=m202301230201&ct=76&x=1&cor=12385758760440820000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F347 86 KB
36 KB 86ms
85ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bt0vgWy8PzqqB8XJBcQA3Ci6GSxclrDQuLeMruvUIZ0e96z-mSOALNYV3J2fYmZtGYUZmTHjGtJ4M5n3uuGHdscERmu4HOljBhzRumaJBbAbVu9Oi92Vdtt-gWBxXlVYQ8ferIxnCU-wxHOJkiB6G9PpTkfjoQeduhJrQ1chSnWxsQQIs&dbm_d=AKAmf-AuNklby6SIbmGu5_wbRWadfAgxBzMNlUfA6eX4fsYOZ3gRqANEFJ-Y4oimYOBVy3R5ZoUs8tbRnakHuxt8C1Il7ztM4s6zDzdyAHFhvtT1_JXLRkPbhf0HYe8DA7R3yRRb3sbOLivk4c0ZqQVkAoR8zQd9832RiLwYgIyajrtoeO4IxGYZoLZkQFCPPWjb0qtPWYSjJTPzTJw7L-aGl5eCw2aIfEhSLNNjX-7ZgDwR-gxVeRQ_RxDSIZ3hBOcLeEK4HcWQtzYLfz6Q3DJu_zrGej6e4sjcMpCBsrgqJBlzlLvv7IsbjaOuNOecusF8sOFHL-hPCoDcjvztKqrFlXkOj7uVeNaa4SzkaXIGsEogU1NAz8cbZgBM-YG0cH-Zo4BL4qIFPulmU_M2G3dyMoNgjvEjan5l8H8qj5s4UlROG1r3B-B04wx9YIjA47y02wEJzTqE7q26eEJRgk6Hood6xKT4SWh7nztdWExuI0xbA69MN5JqiL-eX_e3q5z1Ed-c3uAdNiPag3J1SEneXr117X-H6zsZLOHit-eT8MieXnYIB3cje4aBRntMWEurcGT5a31bpvFrYUNwcKxJp2Huk0FVdHzSSIauSINuiWYTr6OH0E_eV4OvdLWWEGAPL_eTkylqZYG5TBsY3Idb-3DFNAzTUj1BMAkuVpam5LZabOOHtFrPYARGXUV_fTiIkelelmSeiIEWzUoJ7Q-VfApjGPXo__lyF_IkORKvuuphtIHFVKB2I2jMENsb2Z2JEyS1_A77fRtKGNzqep9HBuBGMkdymE9sovTy57kZYRSNhfZyIvZxfwEB5jzH078CXQLLvLw4CimixQx_Kw_YMKFdpLhRyQBrNlZuL2L1fhs8JTKgDaq6l_Izl_VWUVfR36vI7f5oKJK4xYQ4C8-n0h89KzZ208yI5BoSQX_fbwhfm2rpGmKTLwyjKeyxD4ZHRL7StDqVKF_RE4OvohQh1thPmLfvqW5F28GXLjlTBH3SooefKnLpOUZS59X10sSvsCY03FYJgBGafahWKC8bPq2utBG5VJkIoVwh-g3IIg8eTpUVSbsoPfz8z98hw3b1J8jNE64e4OroJ8vnZ_4v8oCb0w_8i9W098G5kiHpCw8WzQSfED6GvS37tTeX-_7xyVF4tR0lEeZhJ5uzRiaJcZAglB8-MBirH7nmTK58iNwlrZBf0_7vvUz2hkhw8-Bt21EABGEtffoHP3YZ7__jq7s06wpZ2FdqIPvUQh5RVOZAshfCGOipVECVg_gdZZBuCkk_ge4egH3Tk4807iPLyV9lSeLFvrjeRtxjIfBtxLkhYqHqHczBUjOczDT8BOm9reHbKR-dc7m_Zm1DJT7mY9_ugwzXqlafiPP0tPwpVHK3B9oZ2YZrCglE5EZZNhGMK15cNHK3cSYs81lYXEmqamN5-YS5_yZcS8Asg_ZQXnXtoIhLYE-BH0z2lQpgO89PTLhoffCqgXW1Xy07Lzvu3LJZfbZb1mITmX7jxW-XnWgPwdPs0w68bRaYFbus7sEd52X5jZFogB-MrbCtNoqs4_SuG7WyM25ume_xZerztPNLnKCOKtTmL5OHzKpHidZUfoBa6OP1aUP7Fmz4ApG80oMSh2jc1KiKUOkrC-JHslGu77G1yxGqPBcA05l3bWOmTt33eyJ_7-yDDvubvP6-iZOspkP0DsQV01H0q4ZEyhE5agcKly7A4S0gi7qhgvLQpTWiTVKOfrYiZFTXPYaC9_dcjFMvAF0VJtBC_oVbHhVBHE5BQDZnxgRb5xcY26sJu641OTZyQro6d_Gb1eF-qGZy_V1emUjpBWxhfokqzw2jXBjt6rn_BhOnPcYSdrEbKDEcE3G1rPwhGJSAmaHNjQDXXGh44NWMG-hmwGjVhq3rXAfowW_r06amPiD9DsxZ3zfpMQlslKEWGpwfTmf9rValBlsI8hk4x02_68pm5byEvHub0Xk_u1Q7C9sANsx7owGD3yFy8BRc-zZK5rbldJpE17-5rYgtBDOd7Qlyjn9jSrD81OPO2cAyeAf6-bUyKJL1wf0IXhKOQ3FczTIatxqETPyKcEjJtZq4YxDENe41dQoRi86uKUigoSnsF5x5OC2WGHaVjWQFEf4kDjSOhXwqbL5FGfOb29TGAKRp_4IQAqSe75rDgk7tvmQHxJ-qSo87B526iA_C0a3k7qtjYDYaLek-4RK-pT80my8hPC9gJHnYdapMr3TLeu0dDRnzITDWiF6sP94V7-bjuPMVAPv7rvvHKhBSiVUoBiJLyeTCCHC4u1QAlCN4qZGYEVbRp52MYOGlY8Q8Fez9VzlXBfVPLaDp5fdUlQGqM33gBHifcIqMGfoQugUc4FdNcoIo-c1MIY7yJwRRCAYlSO8_E2HzhKW3Yj5PRiCLWt7QqXuPZgu8zkECX4X5Ollw6ioiOjeGOTQE4JGiW7aD3GLdG_z6mY0AkhrxlOvzYsHV5dH0mVOXndJStxaUQqND6HiWHAHk_ZKzGzZjoxmLcef8EbU5LSw_IBEuxDHM7xr02tGMAVg0R3JthRn8xfPnFWt95V_111WjnBgeeKeS2GneETV9MaYc38-p28yBaIcjWpzCdYJHjqha-46SYubvF2THowCA64uLWI6Ojg2Grym48AHRmI-VNBLwpgfjZjADPaQQH0pnpA995_UQfnufCeQrZNYQq0nb8fQZSG3GzF-o7nNcN8KDiRbZPDpg1wL0jqFnbT1HbkwGB6UQ2LIab9XX105_XSX7CR2tdTHqYmTDF_uo2MBM_nbpH7psHfZXSTZGpkg7Pb9rem-Wzh6GtXSAdOXjaWlLSL7qyMkUCsqenIE-oxGzFd5Y8iBfpAiv7ocVipx2Vd2jD8MhvwlCg0iTR4c8FRd_d91gHFkbM_E-8iSMtfJ99yeQQqewhzEVAItE5nCLRVe664A67c_fcTV2_nFGMhR59Deg8jrJHY0e_GEnoJXf3Dfr9s4Kd9SwsP7JnTbhU8wR-6ZsvNTRBCOKBXg6kwIGl4yiTpLRpgvD3LJ-zNOHD2gpQis6EsZafo6Kjc06MVZ_MjD3mHbXoZYbT3zswqWdnyegaycsxrwnzTE1-UBL4oO3ehP1f82UJ8CEJEruwi-AxF1xpPH3-8HPZ2cx29Qc-GGaVi3sg1UN4A-xjg48qAcZeE-mNfpxgm9pEgSKnXw4irMAidVL5d5ly9HYxlHqm-ax4-vaiO5dPp7e0NhtXokQOq5Pi93UxtdgxdpZLbbXlWIPpebpTfVa2OD3fjmmjcnm3ZtUyt_TfzoSyGsClcxCXdWoTUJPEqpY5WE5gWWGOJ0wr43ZNwEsJkU0BWAPCZJ5FoBW615q8FQBLij3ygwONxiGfr6-WqFOSUjkTjHq03UYX6H818uPaP-WGQ33szSRWWUde2NfhJaCM3ySL3NmOClH6_4XOm2QwCGffGAnrgCjZ9OTzzsFhH9Ns74ppoWYdeXldqoRWGzkh_kcVxsmi-IE_Doz_SCgNKtDwQYIEtpFZ-G6bWpDsND3t2Y4-IvAcAQNvEAD6uXLTIC-_OglBpxNx54OypMQAU-urab09EVZ22pxwNaxNvVFRAIuJ3Fdk_GjwQKRYWC2mR6_cg&cid=CAQSOwBygQiDWxnwjMPZt3msAhZI-dmFfmenPYt7MotK-j6T8Q05QsgXHYwwuBq0LTMAoP9NhCTjeukuvEWkGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=12385758760440820000&adk=3563752640&idt=74&cac=0&dtd=14

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a133ebeb1ab05648a3e66ee081eebee3a6925f20c25da3d3299cbd60b6bd3382

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36734
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3403 0
20 B 77ms
76ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BTFxIIwONZP-sJ5iBrATI4r3YBAAAAAA4AeAEAg&bg=!r6ylrPjNAAaGYqkwpmI7ADkAdvg8Wll8NADNIlProKhFksHIrFKa74E8CNKIQNuBtVE7oUQT86oXjbBlbOv5VMVkuUYy6t0TkncCAAABUlIAAAACaAEHmQNG_L0gNmzWoTRRQXCkMZMaxpo0gkMn8qR_aUkOnLQfRYr-GEaOtFje7J1mCO7C4ip8zK9kfEBpzKtlOnHSn1iiwekFfo-Oxm8RjA46JdNcTxVf_cSmAnhg4GAQYh6k7vEBW-VwkJqI33WwVDmkN1kS3L0xSuFP3tAFNz3RMc4YHp9RLa95pJkATWbJvRYZico4aru4udgAf-D2vjti1FcsrYs6XjfqGtRUchvJ4qPn0q7hH_ERcJx0BEdz7m1JjRXe9Hq8WzvIZRPaZ2lXQiUtq3BoVciyoNX9tRyZErbXhuZSc5A-Usj7-r60sHXCbZi9_czXbpFDBTsASjXUVahXYLtAn1C3DU0zQCWSeJcsuRBT_3Lu8zECWsiU2Nq993xPHnTYrD3FuDkF6TNxj-cfGDkWIOjY2dlBz-BhMQr5-p9k_YSPZRP4oFy79g-puQWpJglQNUiITxPrKa0Nb96OsJYA6Vwb119TZofvjpl66do9BycSVEbl2DADq9FPCTe5h--L-00JL3VFXDdCMmfZ2YvhNaEEPfa0rzJlRipnQSd_FaZPnES5NBlt83TKE_fzsq9eg38NdeqDDl72k9vWO3Lk5HplpSOg-ehGCqQ8gyaov3VMNRJ3kkrDypITMfXfoJq5TQvQUe_0k-CfW7xSJf5seUf5IHSE-_ABrRsMsIMAx5I2XCOXYl05y_YVVpemjv-cewWYCorj6xAnuZtJmJ1myMjwCtZTW2ZmWUQePOHQeUoLuEzg1axSEracPdovAz1ZoRr34X1kXqKdp8YGKqdIwxcVIPsLepyUzv7Ujh2vC3ByaQZsJdeninB1U6rO_XaYVcE5poioR18Cis6ihWEH4g6tGZGDpsZHFF-6V1TKYdyZSVDciBp9R0ELfz-ZdLb71CoHpszIq9RykqoBqqSWTFjT4i-PUIPZ2CHvB_845ISRX-lnB2RMzFG6f59mrYFf9jpDLwSXdYfcZn7sX2pCfLfYO3An1MVYJ9aY3nx9EuhDNVPPIw-1l5atUHppq0Ixd9qjnxVwBYmJ2y-B7cceweFL2DQn6mfAQDeQVwYsecZZyv3zb7BuiA7GZA3khMLYhk_xD80TJb5YJRZ7Tihx_Gmk0g

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK ajk4xlebn4mw Show response
hal9000.redintelligence.net/zone/ Frame 9BB4 10 KB
4 KB 140ms
45ms Script
text/html 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/ajk4xlebn4mw?subid=&gdpr=1&gdpr_consent=li&rnd=8741425454962446792&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYQer8KFSFL_2W7ZbAvMfUw%26exch_seat%3D20035004448%26mt_aid%3D8741425454962446792%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D1500648d-0324-4f01-a889-5da72114128c%26mt_cid%3D1500648d-0324-4f01-a889-5da72114128c%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC6yXxIwONZOeVLKSx-gbH7J7oBc-HjptcwIbZgsYCwI23ARABIABglYKHgpgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBPoBT9DRl5p6NOD2LN3FXip9oPE88ggbHWZNvVkHEWLqMq0NYyHWx1WhTSDrW0VYhzAi8dKftcLLd7UbRaQlZI_qVMs6KtZxBmfvXkIYCm7CConXCNlKbc6tvoROGrD11YnCb6pbDM2_EexwjzU0cJ50dn1IpNDztMJXR85v4dT8-xibTrKKZ4X7roZJ4CecOLBCuVp_f3JuoTm4wCpMektZkKSvmDTnav35o45L82CrM6AESTnumf7RXG5Kn24N-O99RzHzrbWp49nu_pdwqqf-Y0thWx1-afrPo-dnY5ZbCdpLagiDlPjSa6z2GOSknbCq5Vd5BoYSEq4_--AEAYAGvtTW_Nma6J2oAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0-BlWIoYrmF_mDIoDMSrhFlaE5gw%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 8edd81efeebfa7bb3c1ffbfafa5450d29a485a8f52495b50c301ca3fe9bc4e6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 17 Jun 2023 00:49:40 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3457
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame 9BB4 49 B
329 B 148ms
57ms Image
image/gif 185.29.132.246
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=8741425454962446792&node_id=3264&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWWpsbE9HTTRPREl0WXpKaU1TMWlaalk0TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg3NDE0MjU0NTQ5NjI0NDY3OTIvNjYyMjMzMi80NTYyMzA2LzQvdTdSVlIzR1RPOFJsM2JrMmZsUTRPVnh2d3d6VG82bjNhNUZwd0d0aThqTS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC84NzQxNDI1NDU0OTYyNDQ2NzkyL2Ftcy8wLzEzMy8xMS85OTkvMTYyLzJhMDE6NGEwOjEzMzg6Oi8wLjAwMC8xNjg2OTYyOTc5LzE2ODY5NzU1NzkvNC9wdWItNzk4MzY1MTI1NzgzODI4Mi8/uTVn0O6ZXGxlqC1DvtETaJ4sz50&nodeid=3264&group=cdg&auctionid=8741425454962446792&pbs_auctionid=8741425454962446792&shardkey=8741425454962446792&sid=4562306&cid=6622332&bp=a_ajjeag&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.89&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC6yXxIwONZOeVLKSx-gbH7J7oBc-HjptcwIbZgsYCwI23ARABIABglYKHgpgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBPoBT9DRl5p6NOD2LN3FXip9oPE88ggbHWZNvVkHEWLqMq0NYyHWx1WhTSDrW0VYhzAi8dKftcLLd7UbRaQlZI_qVMs6KtZxBmfvXkIYCm7CConXCNlKbc6tvoROGrD11YnCb6pbDM2_EexwjzU0cJ50dn1IpNDztMJXR85v4dT8-xibTrKKZ4X7roZJ4CecOLBCuVp_f3JuoTm4wCpMektZkKSvmDTnav35o45L82CrM6AESTnumf7RXG5Kn24N-O99RzHzrbWp49nu_pdwqqf-Y0thWx1-afrPo-dnY5ZbCdpLagiDlPjSa6z2GOSknbCq5Vd5BoYSEq4_--AEAYAGvtTW_Nma6J2oAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0-BlWIoYrmF_mDIoDMSrhFlaE5gw%26client%3Dca-pub-7983651257838282%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.246 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.392.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 17 Jun 2023 00:49:40 GMT
Server: MMBD/3.392.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x68, cdg-bidder-x52
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Sat, 17 Jun 2023 00:49:39 GMT

GET
H/1.1 200
OK analytics.js Show response
s.update.mediamathtag.com/2/619621/ Frame 9BB4 7 KB
3 KB 282ms
54ms Script
text/javascript 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.update.mediamathtag.com/2/619621/analytics.js?dt=6196211556140246740000&pd=avt&di=https%3A//ye-mek.net&ui=b9e8c882-c2b1-bf68-0000-000000000000&ap=&ti=8741425454962446792&pv=e5ace1e6-3ad0-42bb-826a-c104801e3de2&pp=pub-7983651257838282&sr=4&de=43000&si=1208769424&dm=728x90&ac=651871&cr=6622332&ai=216536&c1=4562306&r1=2a01:4a0:1338::&r2=&r3=

Requested by

Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWWpsbE9HTTRPREl0WXpKaU1TMWlaalk0TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg3NDE0MjU0NTQ5NjI0NDY3OTIvNjYyMjMzMi80NTYyMzA2LzQvdTdSVlIzR1RPOFJsM2JrMmZsUTRPVnh2d3d6VG82bjNhNUZwd0d0aThqTS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC84NzQxNDI1NDU0OTYyNDQ2NzkyL2Ftcy8wLzEzMy8xMS85OTkvMTYyLzJhMDE6NGEwOjEzMzg6Oi8wLjAwMC8xNjg2OTYyOTc5LzE2ODY5NzU1NzkvNC9wdWItNzk4MzY1MTI1NzgzODI4Mi8/uTVn0O6ZXGxlqC1DvtETaJ4sz50&nodeid=3264&group=cdg&auctionid=8741425454962446792&pbs_auctionid=8741425454962446792&shardkey=8741425454962446792&sid=4562306&cid=6622332&bp=a_ajjeag&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.89&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC6yXxIwONZOeVLKSx-gbH7J7oBc-HjptcwIbZgsYCwI23ARABIABglYKHgpgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBPoBT9DRl5p6NOD2LN3FXip9oPE88ggbHWZNvVkHEWLqMq0NYyHWx1WhTSDrW0VYhzAi8dKftcLLd7UbRaQlZI_qVMs6KtZxBmfvXkIYCm7CConXCNlKbc6tvoROGrD11YnCb6pbDM2_EexwjzU0cJ50dn1IpNDztMJXR85v4dT8-xibTrKKZ4X7roZJ4CecOLBCuVp_f3JuoTm4wCpMektZkKSvmDTnav35o45L82CrM6AESTnumf7RXG5Kn24N-O99RzHzrbWp49nu_pdwqqf-Y0thWx1-afrPo-dnY5ZbCdpLagiDlPjSa6z2GOSknbCq5Vd5BoYSEq4_--AEAYAGvtTW_Nma6J2oAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0-BlWIoYrmF_mDIoDMSrhFlaE5gw%26client%3Dca-pub-7983651257838282%26adurl%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-248-176-243.eu-west-1.compute.amazonaws.com

Software

Resource Hash

68a66b0550813290742cfa96358e865b8ed252afa1fbce84924139645230fd1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 17 Jun 2023 00:49:39 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Accept-Ch: Viewport-Width, Viewport-Height, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: *
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, no-store, must-revalidate, no-transform, private, max-age=0
Timing-Allow-Origin: *
Content-Length: 2997
Expires: 0

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 9BB4 43 B
418 B 148ms
49ms Image
image/gif 184.30.20.207
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=8741425454962446792&v3=651871&v4=4562306&v5=6622332&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWWpsbE9HTTRPREl0WXpKaU1TMWlaalk0TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg3NDE0MjU0NTQ5NjI0NDY3OTIvNjYyMjMzMi80NTYyMzA2LzQvdTdSVlIzR1RPOFJsM2JrMmZsUTRPVnh2d3d6VG82bjNhNUZwd0d0aThqTS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC84NzQxNDI1NDU0OTYyNDQ2NzkyL2Ftcy8wLzEzMy8xMS85OTkvMTYyLzJhMDE6NGEwOjEzMzg6Oi8wLjAwMC8xNjg2OTYyOTc5LzE2ODY5NzU1NzkvNC9wdWItNzk4MzY1MTI1NzgzODI4Mi8/uTVn0O6ZXGxlqC1DvtETaJ4sz50&nodeid=3264&group=cdg&auctionid=8741425454962446792&pbs_auctionid=8741425454962446792&shardkey=8741425454962446792&sid=4562306&cid=6622332&bp=a_ajjeag&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.89&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC6yXxIwONZOeVLKSx-gbH7J7oBc-HjptcwIbZgsYCwI23ARABIABglYKHgpgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBPoBT9DRl5p6NOD2LN3FXip9oPE88ggbHWZNvVkHEWLqMq0NYyHWx1WhTSDrW0VYhzAi8dKftcLLd7UbRaQlZI_qVMs6KtZxBmfvXkIYCm7CConXCNlKbc6tvoROGrD11YnCb6pbDM2_EexwjzU0cJ50dn1IpNDztMJXR85v4dT8-xibTrKKZ4X7roZJ4CecOLBCuVp_f3JuoTm4wCpMektZkKSvmDTnav35o45L82CrM6AESTnumf7RXG5Kn24N-O99RzHzrbWp49nu_pdwqqf-Y0thWx1-afrPo-dnY5ZbCdpLagiDlPjSa6z2GOSknbCq5Vd5BoYSEq4_--AEAYAGvtTW_Nma6J2oAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0-BlWIoYrmF_mDIoDMSrhFlaE5gw%26client%3Dca-pub-7983651257838282%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.207 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-207.deploy.static.akamaitechnologies.com
Software: MT3 1031 59fd23a master cdg cdg-pixel-x33 config_version:"1438" /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 17 Jun 2023 00:49:40 GMT
Server: MT3 1031 59fd23a master cdg cdg-pixel-x33 config_version:"1438"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Sat, 17 Jun 2023 00:49:39 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 9BB4 49 B
329 B 156ms
66ms Image
image/gif 185.29.132.246
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=8741425454962446792&st=4562306&time=1686962980&nodeid=3264
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWWpsbE9HTTRPREl0WXpKaU1TMWlaalk0TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg3NDE0MjU0NTQ5NjI0NDY3OTIvNjYyMjMzMi80NTYyMzA2LzQvdTdSVlIzR1RPOFJsM2JrMmZsUTRPVnh2d3d6VG82bjNhNUZwd0d0aThqTS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC84NzQxNDI1NDU0OTYyNDQ2NzkyL2Ftcy8wLzEzMy8xMS85OTkvMTYyLzJhMDE6NGEwOjEzMzg6Oi8wLjAwMC8xNjg2OTYyOTc5LzE2ODY5NzU1NzkvNC9wdWItNzk4MzY1MTI1NzgzODI4Mi8/uTVn0O6ZXGxlqC1DvtETaJ4sz50&nodeid=3264&group=cdg&auctionid=8741425454962446792&pbs_auctionid=8741425454962446792&shardkey=8741425454962446792&sid=4562306&cid=6622332&bp=a_ajjeag&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.89&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC6yXxIwONZOeVLKSx-gbH7J7oBc-HjptcwIbZgsYCwI23ARABIABglYKHgpgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBPoBT9DRl5p6NOD2LN3FXip9oPE88ggbHWZNvVkHEWLqMq0NYyHWx1WhTSDrW0VYhzAi8dKftcLLd7UbRaQlZI_qVMs6KtZxBmfvXkIYCm7CConXCNlKbc6tvoROGrD11YnCb6pbDM2_EexwjzU0cJ50dn1IpNDztMJXR85v4dT8-xibTrKKZ4X7roZJ4CecOLBCuVp_f3JuoTm4wCpMektZkKSvmDTnav35o45L82CrM6AESTnumf7RXG5Kn24N-O99RzHzrbWp49nu_pdwqqf-Y0thWx1-afrPo-dnY5ZbCdpLagiDlPjSa6z2GOSknbCq5Vd5BoYSEq4_--AEAYAGvtTW_Nma6J2oAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0-BlWIoYrmF_mDIoDMSrhFlaE5gw%26client%3Dca-pub-7983651257838282%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.246 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.392.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 17 Jun 2023 00:49:40 GMT
Server: MMBD/3.392.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x38, cdg-bidder-x52
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Sat, 17 Jun 2023 00:49:39 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1484055/72040524/ Frame 1E00 47 KB
12 KB 193ms
56ms Script
application/javascript 46.137.93.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1484055/72040524/skeleton.js?ias_dspID=64
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.137.93.67 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-46-137-93-67.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 3201a7d1b47e363ca2d7881e88c491bd18d9fb202c6623ab0225df6c49625778

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 1E00 172 KB
60 KB 122ms
41ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Origin: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 10:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52338
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Jun 2023 10:17:22 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/ Frame 1E00 11 KB
4 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AvDvs5LoV-pMuzW6j6W40UHs5PS_EJQtURq_iG8hkQkMTL8jOHSuLvnqZ97OsYyvyDXS49pDDjT9cfcSpMXJkXS8swXiu-XwoTMAnpStODZYLaLIgovoDWOBnVrnR5W6XPYvz8WRUuCxYvWJPe2xp8J1_WV1A_q1v48AddlQEWxH9ND-o&dbm_d=AKAmf-DU67BRddgP-DmrpXqxeL1JH0o-wNK5ceO5cBG9rQ2Wz6_RgjyYRCp6mnGEXoPgzlSDJcvAWJMMkzuxWIkz3sLTICvQoWc1ZrN6VY9f1Ek_fCnM71X6d08UKO4gWR1Tw01h_c7len7mpoqif8T6KEGGsVxApDUN2GG5aXQED9iKkpc0G5TJ08ggrUYA1Qp7aGfseHysB34qMtaOGE1m6OwmV1NbdmAilYE0zvaA08fuwbQjz__4fSahA2Z88DgYTpPf8kdI9T16epjqkgB2g8F-5ejK2oQCzaNkL8fZ_EvnOZ7MnIob84j0T5fT9jDZawFHGX5opH_NOAgOSI3Ly6jAtebfxBI-i_fKfrqNcVnU2sXcjZY2gRCghm-i_s5G_5GQ6mLVyENk3lry4-xs6DJUEbOORwrShmUB4n2xvfHIUmoB9-xniEfg2Swj6gSCvrz-MEzRD8gJZEUNcvWH-2JlMpufpKk72eAiRKV3b56Xn8XadjKw8nUCWjiUgv_Dcy8Npvu_-1reDWlQCJJK68EJAOpZp42MjeAAflGyHvafV-fVRbu9KNdn1IgDvVOJSuq-AMXNBjaq1oCP2RpPZKthtUe1N20wML1Sh8e2SYo2a1n0QdnaORxiysqDimvTbWh7iOpC0Woi5L3KU9ou_LBwRba3eTEtM25phjgMgvfp_J5XvVX2VEHxXsLlgZEyZJnN0fTQCwpd725y4iDG5dMv3cddCJHA5xIYJzHuCO_32oXl7wmxVPaLBzZTZhJ0fRVdlTFIz1YjgwmB4V4ZXWOB0ev9A2bMLwD9fGeVCyao1uBSeligN4iFiJxRQkQyRGa9zFna9mSxPznFCQuXcHTlk10ht7HQkN1ek_E90qWv7mGc0gh-FdaJofd6hXF96w_vlYFcpeWHhylrt3zZ4LcPRABfYF_3t5O6b4zchnlgP7aQHqVZYeH2kgomSGaOMXxhZ0W2NfQiNtQbJPwkX2cwBuo-dyaLF5AHuDFXW2507YwVZiRi_KMn-BR--az42Thso27wpR5CDUPBDWw9KDltwQ76vSYMcrRyF3gUegU76sMjoGnNovcq_Tgl81W33aYdqP9avzsyFDYb_CFzr0B8XYxEX5TVmd4sLNA0VybytkMqQdDAD0cZkBjoZvcek8Nl50fWJ9wnxX75dIR94FicsJIFS1Bo3BGaw8qcEdEQgaExrVYpsmkF85ZE8QCR1NLfHF9bTbZYMJjvj2T8IhQrhj4e6zjBwypcV_N9gOdfPhKp0s-Rl8kFK5B9hZ9SkakgeE4v-D1n6BfbhPgjRiKg228_l_ySBdLsojWIO4TGXVmZNIr2y8a4ISCoP3MkdDYIafGMfvtTiQF6AX4cF-5yd36e_nn4MbNDGk1hvDPmO_w3mwpF64-p5-QhcpgxEkGCFvBQwgfNe9-jb7LmF4wz2LwIyUwroXx-UgMkOfGTvsL8Rma7RKPu1t4b8pUMJn_iAF_zFxYG0bSMjI9_XCINz2f2B_CSFJ64wBiDEWnSZaJIfaPbHXORmzpxBuy8OXBlPG3MLwGwqBb64IIF6dC5TZlK-RBjYkFva1BpdJD0YQx-GSTLvORe8O8zi4oJR0rr98dMeuWyP0nFSDxD2egFVSU8Rfwdm0LLGub2Fq3QtZ9mHVYMKWMmmErtoIqeK5GtUj97PiIS6Y9sQW3SizH_cnrj1_ROWBIxm71GaCW36P90YF9jOqVC_kylGFl28jhgkeGnQku-A0A2zrZuLXcYsS1o0aY_AGJffRL4__K8TJq_W49E-p05d22LrvrjBn5vmDw-0AUCr5DEhB-dTG54jD5LK_MMMhxL5gPNGDTgyktEAvTU6VZ-ApYkZY62hK51j9S3U52eRYvzOtU02wAMVA-_n3sCWmEEzhXPYlFtsaDirU4FineUpgdu7gTs1CuuQy56j72tu_xgHZ_WP_Eg82ottuW6fQhf_zGgAVnIBVoPE-Y-CrFR8Vn_GKBJL9LqC1ArVQ6dEsUN-KwuirPkKa9ENyJicEP5x2HpZcZOX-q6b0DimsFNe3xHwMLOL83mlX6tAqpZmqO74xrCNcoNhrgjLIfvd9IvI4VuEFV7LIUISSwlHHxk_O-qtiQ1AsgJQdwI8JRf6sc26szfVwvBPhByHMZcO0k3TgKZRrZ0ABM6tXn7PM6mdMxxubXLCSJ4cSsXDOZIsKJVD3hQQCokIiCLIZm67KXcxcgVR6aLNH4c-SD3putGU0qEe5KvjHzxOElJTV-2qQihM75xphQCCPXtvByjamyXa50PP58h5ZyIDVFHbEfTIOBzEiIk2ztA7dinIx3oaTsVF6B295UiruMk-YPorbelTkQhLVq9UD5Li809VEKaxWE2Np_cMpx6wVhKuVfSOGgInbGuD6Dy6H6sBs4bNwi6OiiKY3snLB6SZW79CS1yyF98BcjZfdYEHwda-xlu0t8N5HTqVBIZO1Lw4_zXTzGOs5YO0AvUhKnufUIKD_yRZx8RVZPow2t_1QD6ZNWE02pyEtVp7Ej9HR3xRtZ1skFeDxY4cYt9CZCzEngSSjW5qjJQWV0AckrnrIscIsl8TfFcP8orQw-S7pJ9uTGfIWH8NkawXPnYV2YwE76RlWbY9kITpXfIP-vMJULDy74vZwjQrQJlu6VOSo_NuP5arnIDHsEtbsNX9stOUTpFsrbBhzxnq_sSDdQIa-ZQn6q0_c6SzKmcOxdQ-i9aa5wh45p0wu6L3QFStHvTV6ujZ7RQBAiSw1ZUS5KUnVTIaAC86Cjv9peZM4xfPynDMeTE1gX46wcdoi9GUSH2ToUnZSL2KKYuLuQXqNVwN-x6ziyg-T-Wjlf2KqLHNqRtPP9xnYQJ9unS_pF-0vuJ7ERim5I-Aj2u6dqtOnyVyQNZ04dNLEqyWWYbfrzWw8B0hDObfmAWWoWG89xyKcT6vuzcl4GGXNGqQKKsC5XGeZO4JLFumjgMq9M8sqF2axw4_f6FWJwMcvgX1i9ydDRT6bGh5TzYuq9ONAy6A0zmrLsiyhZ7W7icf3ZWi9pt9aa8AnHTDjb_sb09ukUFC6jU-RmGtgPPBUnb2fm3nYznMEazY98z_B-mcsjbCKSV3Q9jBgzfBYDfR1gQE965HQ4ZyAB5B-dGHFwWJWIetc6CNcpzCWljAxjqfXQg2nOH-HvsL_HqF4HXZwbyJTicuAVHCK8zHnVwyDKqegeExwo5K65pIoAs9644zJVEehG9lyfczoNaqDy8otVeBYajlXlidP-YZIpuQziSIxoBdML2hjXVzFaBVV83daL-hTS8LcrQZE6AJnB_U0WJ46E7oYqkt5mKidNFRHLD0d6nlUMnDfFk3bB5-wwVaW2nPUbA2XXluXad3TEJlIjOp3yH_vo-9zg&cid=CAQSOwBygQiDtgFgPJZu1ZsaHVUtuP9yJ-ykXUDlpHPBBub_ep6RYCxFAlr5WwVq7AJNuZbNlg22YTSgqYVhGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=11523493843760792000&adk=3587751834&idt=72&cac=0&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 17:36:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26020
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 17:36:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/ Frame 1E00 29 KB
11 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 17:36:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26020
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11316
x-xss-protection: 0
server: cafe
etag: 309758756414748794
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 17:36:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1E00 41 KB
15 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 13:19:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127830
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Jun 2024 13:19:10 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 41CC 1 KB
643 B 40ms
39ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41328
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Jun 2023 13:20:52 GMT
etag: 48472445140208031
expires: Sat, 17 Jun 2023 13:20:52 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 1E00 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 00df2998e7efb895eaab207705a7a815a315b29f60570df29e5be01a000bf735

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js Show response
pagead2.googlesyndication.com/bg/ Frame 69BD 37 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

176df1038f84f14d1d2ec33b51af8cef8034b6ebf27106f9b716f714d560e882

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 09:31:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141468
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14698
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 14 Jun 2024 09:31:52 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1484055/72040524/ Frame 4A57 47 KB
12 KB 116ms
56ms Script
application/javascript 46.137.93.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1484055/72040524/skeleton.js?ias_dspID=64
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.137.93.67 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-46-137-93-67.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 19b114e06702588e001e31adc64daaa84f2ac9963a2fc30ee124f5bbd5e4f797

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 4A57 172 KB
60 KB 47ms
44ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Origin: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 10:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52338
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Jun 2023 10:17:22 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/ Frame 4A57 11 KB
4 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CdIv3Z3gnya7hkQ82sMDx4-2NjduFhmyTFdZLAONomxLH7bHmV5g9aYrJ1H6xXBhjSQGVK784L7KXgnsYQKCfqd-Ertp1ckhT0MEKxmT7x0t_Zm6zvchAn6hHr-4MhhYA-7BkbsrcDj4q5fBUp39mXs2_aUYm4ourpew42wHkaMiPrnto&dbm_d=AKAmf-BQprZMbDpDSYA67xHHIxImAH9a9chuRxfl4D2ElWsEuW4tbbrPCq6yym4xL0frioVM44TWDnba0dK3QCFzULASv0wNjJlo_zDoo_557nkthdGeWk-0Z14r38fReHCPBJ5L-fUZ2jmUHDDWSNKUQRHIH1OARxsHsXsDqo2b4gdKhh62G0Yx81rwLv8LHg8s3J3A-d-pUVhi2lTjbY1tGRw5L5_yySrUhqEdEImdHgTU3UJbkB6nKkGi0hNMWXGsB57dQl4-mevfLfw4wfjxU853b8ZlMuNnAhc1gaQzPFH5MWsiCiPp1_Q5seLkjL1AOMJWmAyH9L2AjsD2h7FtejKDFpv7QjBkG3XsLqCG9B_vBPy1ngs2-JcEGoL9Cq44sVW1V_0C-bHc7NgBI_8EClDx7tLhmcX0-6oFXclM4HXIJ8E7CpRBY1myYtJIHXxbjxQ3POkwVeybtoyE7Q5UsvdeonT_TmeeBTnSpSkuPwLPrJCyg1ZhZf7vRE_miU2ij30d1oELneSOwQ2BzRom0O6WJrxY3IDNdDZmj9YhzEtdiyQCfvdTBvJnEcUX6rPGU8wn5fhcFvvYiukCGqktClgd8aTCLDGhmgbebZURoNy096f5WrQwoe5K-Lyatlm8SdlNNrsbQ-_AlIvfDEJiE1ayJTDNvBhxckBBXFFqOlFulXNtKBHzTIrTJENcz5UMA92N2OvO3Y_ANGY_gjWz7qKhIIfIX99sjtgTKZfbzft7OugM-S4bl2neH7HveMiNAIB48M4EFG2h0_-sQi-uzqYluNUOuAQeq8C-zyq6h9df1JT_JfATmyPh9tpLymd1v0MgMCVOyMyYURKOlfRZrOhwno0G12rfdlc_wBhIpMKFjLFSFEtQM0kXFeNQHOjGQIrhK8CMswiTookpV03DFePnoyvAs_vEwk3epv4qm5zxKbfBI3qTeS5cUPs0iF2mmiiXzcaVgBn0kUit8oXQGj9APh1dxIYKsIGU-8_-EzdlEj74J82rCQpYKlJrPMj0Oc6zf8rkA9wou1GhPvhdfhFJDcFKKRMyOqL651MxLyyWbYH33tlnHOVde9C_wqZfv-x1eiQuHHjusFVef5aLR6WNeBI6ATg61JvbzsFdjvt5r-HTbs_SOGpSrZS5aie78ZA62j-XwohA70TUJETj2b_LBIk1ikVZS80uqyPPow860o-0OYm8I8Csx7rDPGBXF5GQlHuJQ9q9qQo6vdz2YGgZaVbxjC7iCFDE-bgw-98y-Wz98YojZfD819xCm4475MhIyxEbadr6PwhhDLkHh8e0sr244FxAXwKAc_IRjB2uvL_26l7CEZPFAWEMXUwOfr9q1VK8AFcpM1MVVbCYO2B54_HsSz7fsbvLt6r5POZk9p0Y296wI5n1jX0OSANvBatU00mbdFCMT7Bb2KmdyBji1QOLPe-nU2pUtHH8t-l9ScpyQamBUnob8jA-Tme4YuygwCaS9m9mdA-NFpNRCu3Z04dkbmoyhBvqZsBRiHqjGcab_eT-u5I1AHpK3jG0_UBNkoUWobgxFbf_DJxZui_ywKd3B2vTr9DBQ_bKaK4wtv7COpl7Oky21xqmoqsKj4ne9LMIMUUhnzjld-I8YGY-xghgofRIH-11E3LEYU9DUa1Smaw4FNgdkYGfFQ3N_b4xtav5kafJPpb-dEaP7jxhw77TfzQjmZcaXC8DwMLkabCVe0t9GBmuvv7GbHjxidfx6kcsnk0JFPcFdzZZj1faRtiQoQq2e9vtQZPbonIj9pXGfAIW0LxYzwr_LB1qjwPQGCHwMWsTXZHZKSBlyQiK3vBCjk3ijKXQHRjVRvbwUe4Nz9ZH0vJOXkQLKRTFgMx8wXdzHDp1bx06Mg1EaGY-mPtZwUrvMUd2Zm1_1qfD4ShwxhztEQbAm-seIMq81AFbxMd990DUllOy64sBp6B-ck_krabZn6JqMEjfzWmLtZVaderR0WaeevUlGYSQmS5BqP0RFBmFcgaWkxpNQspqYxM0wsohSYUoWBrfO8Ohl5223g5FdqYFcHhCG9aieHMwg7X8HaPG8xotSg_CUAJPEYNFeleFl43OI5Eyo5DVwCBX_nIT0oIiEtiuGFQk_-tX-GeCTVUqiJXp2DQxCpEqP-mcnCQDXGSzgBJk_TqrU-SO3RXDzSFB7XUJmkfNA9EOwbGQPHIQ_rUPYZBb6l6yUKlaiUO4wwAO23y-Du2gOQX_dWzW6X7kwIYIgrSJG71UB18wLgAbSQNxsj-QhKsCZRm6aTuH1XJqLmq7U6rQFipw9ZB5ec3As6rn2cW2C08rBTwuwHB4t5kc-tm-alkF0uH4qjiFbV_LK1hJ3A1ucmmrUACarPduYU123nNPlM5HjdM0_legCBfT4Bs4Tux-0CZwCwFuHF6vDiL8OLkLLUcyHcsqOYSvEYTG6TYUKZaPOqYgIe1dppyP0ah6Ncny8nYTSgFzMqDk3q3gblGbYypf_vlKjr0H43HeyN1jxvZnlOM7prsMWfgFIItPhb9AmduDp-bEhuJChHSulFcwZfGCYq6u4E35UT8pO6ivR1GmKyxCMeS1675TpDj9pWwPQcwdvuGLTsVQmvoAo_WvdPtyvFB-Ewb8qKyOL1jizvIseldXjT_OfX-JLp9iIWdkuOiTO6m9PoFRbtuu1iwJ534-WiC_evc0awX6mFcTymvYsL2eO6ndUyukFXXowWZ_ZBIBtaTPW583OkFSG5Pbkcvmn7rcITVsieN4j-c3xwaL2M9hYtqvNpi5NlX3kOiJE2ap5Bk166J6cNu8r4JtBDXJR8I96RrwyWRkX2_w5OwWN8tQxUBhBHDA9uBW510LY4_VuIMEC4qb8TgEb6NGflcEws8uNdYrHT0NuWgwRzNAw-gdFrIGG2sD8OsHjbS_rLd2uk2bXlDBYzaw8bQPqYITkYJI_Hxt3OqQ7i2p-xYSlGRhUnTWP6dZhtJRP9BtfgLfDqtZv-OhG5qu7N3oori2HnAxq5pZHgBs2nyyFqe_65rNrJ3hL2gDfMPmE8jSvq_HpsEofAQR1SroCgERH0sakkwZD_UlZryetP87I4k2_pkUdkSFHkmqGiKUmkZuQWRE3PQPT2HUNKn9QDRVXUkok9rUbG4SKO1SrIsMsBF2D53-1HYOPYIqeiZkKcQHHWIreLn_8vCndoyh2rMrC9H1p-CMsduinI-ED9nUQllcJks2LByvuGskMasgX11b2bEK0xyVuoMFmehiVV04NPClnw7iCA7MmdpIHBqEQ5MQYmI0iSWzPNPMd4EJprP8gqRxSWyNtv2XycJ1m-G3bRv1xExTMvDFBw31g8H9y1tg9q7a3dk6VFwrOYxdXV-qPOPvEXo_pBFnBg6DSGqvZfOikao&cid=CAQSOwBygQiD9vkfXSgr0gD9FzYatLTBJfKQ8HvD7AwEXcmJAQ2d2wQi4-_FF41SEJOcWFinr-fvH2Y1xGLSGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=10127637358763130000&adk=578009112&idt=65&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 17:36:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26020
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 17:36:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/ Frame 4A57 29 KB
11 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 17:36:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26020
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11316
x-xss-protection: 0
server: cafe
etag: 309758756414748794
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 17:36:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 4A57 41 KB
15 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 13:19:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127830
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Jun 2024 13:19:10 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8049 1 KB
643 B 40ms
39ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41328
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Jun 2023 13:20:52 GMT
etag: 48472445140208031
expires: Sat, 17 Jun 2023 13:20:52 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 4A57 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ba8f80e57750a37d1932267b11263208e5a3881e6a3c5864faa1a7e09e020df

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame F347 172 KB
60 KB 66ms
66ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Origin: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 10:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 52338
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Jun 2023 10:17:22 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/ Frame F347 11 KB
4 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bt0vgWy8PzqqB8XJBcQA3Ci6GSxclrDQuLeMruvUIZ0e96z-mSOALNYV3J2fYmZtGYUZmTHjGtJ4M5n3uuGHdscERmu4HOljBhzRumaJBbAbVu9Oi92Vdtt-gWBxXlVYQ8ferIxnCU-wxHOJkiB6G9PpTkfjoQeduhJrQ1chSnWxsQQIs&dbm_d=AKAmf-AuNklby6SIbmGu5_wbRWadfAgxBzMNlUfA6eX4fsYOZ3gRqANEFJ-Y4oimYOBVy3R5ZoUs8tbRnakHuxt8C1Il7ztM4s6zDzdyAHFhvtT1_JXLRkPbhf0HYe8DA7R3yRRb3sbOLivk4c0ZqQVkAoR8zQd9832RiLwYgIyajrtoeO4IxGYZoLZkQFCPPWjb0qtPWYSjJTPzTJw7L-aGl5eCw2aIfEhSLNNjX-7ZgDwR-gxVeRQ_RxDSIZ3hBOcLeEK4HcWQtzYLfz6Q3DJu_zrGej6e4sjcMpCBsrgqJBlzlLvv7IsbjaOuNOecusF8sOFHL-hPCoDcjvztKqrFlXkOj7uVeNaa4SzkaXIGsEogU1NAz8cbZgBM-YG0cH-Zo4BL4qIFPulmU_M2G3dyMoNgjvEjan5l8H8qj5s4UlROG1r3B-B04wx9YIjA47y02wEJzTqE7q26eEJRgk6Hood6xKT4SWh7nztdWExuI0xbA69MN5JqiL-eX_e3q5z1Ed-c3uAdNiPag3J1SEneXr117X-H6zsZLOHit-eT8MieXnYIB3cje4aBRntMWEurcGT5a31bpvFrYUNwcKxJp2Huk0FVdHzSSIauSINuiWYTr6OH0E_eV4OvdLWWEGAPL_eTkylqZYG5TBsY3Idb-3DFNAzTUj1BMAkuVpam5LZabOOHtFrPYARGXUV_fTiIkelelmSeiIEWzUoJ7Q-VfApjGPXo__lyF_IkORKvuuphtIHFVKB2I2jMENsb2Z2JEyS1_A77fRtKGNzqep9HBuBGMkdymE9sovTy57kZYRSNhfZyIvZxfwEB5jzH078CXQLLvLw4CimixQx_Kw_YMKFdpLhRyQBrNlZuL2L1fhs8JTKgDaq6l_Izl_VWUVfR36vI7f5oKJK4xYQ4C8-n0h89KzZ208yI5BoSQX_fbwhfm2rpGmKTLwyjKeyxD4ZHRL7StDqVKF_RE4OvohQh1thPmLfvqW5F28GXLjlTBH3SooefKnLpOUZS59X10sSvsCY03FYJgBGafahWKC8bPq2utBG5VJkIoVwh-g3IIg8eTpUVSbsoPfz8z98hw3b1J8jNE64e4OroJ8vnZ_4v8oCb0w_8i9W098G5kiHpCw8WzQSfED6GvS37tTeX-_7xyVF4tR0lEeZhJ5uzRiaJcZAglB8-MBirH7nmTK58iNwlrZBf0_7vvUz2hkhw8-Bt21EABGEtffoHP3YZ7__jq7s06wpZ2FdqIPvUQh5RVOZAshfCGOipVECVg_gdZZBuCkk_ge4egH3Tk4807iPLyV9lSeLFvrjeRtxjIfBtxLkhYqHqHczBUjOczDT8BOm9reHbKR-dc7m_Zm1DJT7mY9_ugwzXqlafiPP0tPwpVHK3B9oZ2YZrCglE5EZZNhGMK15cNHK3cSYs81lYXEmqamN5-YS5_yZcS8Asg_ZQXnXtoIhLYE-BH0z2lQpgO89PTLhoffCqgXW1Xy07Lzvu3LJZfbZb1mITmX7jxW-XnWgPwdPs0w68bRaYFbus7sEd52X5jZFogB-MrbCtNoqs4_SuG7WyM25ume_xZerztPNLnKCOKtTmL5OHzKpHidZUfoBa6OP1aUP7Fmz4ApG80oMSh2jc1KiKUOkrC-JHslGu77G1yxGqPBcA05l3bWOmTt33eyJ_7-yDDvubvP6-iZOspkP0DsQV01H0q4ZEyhE5agcKly7A4S0gi7qhgvLQpTWiTVKOfrYiZFTXPYaC9_dcjFMvAF0VJtBC_oVbHhVBHE5BQDZnxgRb5xcY26sJu641OTZyQro6d_Gb1eF-qGZy_V1emUjpBWxhfokqzw2jXBjt6rn_BhOnPcYSdrEbKDEcE3G1rPwhGJSAmaHNjQDXXGh44NWMG-hmwGjVhq3rXAfowW_r06amPiD9DsxZ3zfpMQlslKEWGpwfTmf9rValBlsI8hk4x02_68pm5byEvHub0Xk_u1Q7C9sANsx7owGD3yFy8BRc-zZK5rbldJpE17-5rYgtBDOd7Qlyjn9jSrD81OPO2cAyeAf6-bUyKJL1wf0IXhKOQ3FczTIatxqETPyKcEjJtZq4YxDENe41dQoRi86uKUigoSnsF5x5OC2WGHaVjWQFEf4kDjSOhXwqbL5FGfOb29TGAKRp_4IQAqSe75rDgk7tvmQHxJ-qSo87B526iA_C0a3k7qtjYDYaLek-4RK-pT80my8hPC9gJHnYdapMr3TLeu0dDRnzITDWiF6sP94V7-bjuPMVAPv7rvvHKhBSiVUoBiJLyeTCCHC4u1QAlCN4qZGYEVbRp52MYOGlY8Q8Fez9VzlXBfVPLaDp5fdUlQGqM33gBHifcIqMGfoQugUc4FdNcoIo-c1MIY7yJwRRCAYlSO8_E2HzhKW3Yj5PRiCLWt7QqXuPZgu8zkECX4X5Ollw6ioiOjeGOTQE4JGiW7aD3GLdG_z6mY0AkhrxlOvzYsHV5dH0mVOXndJStxaUQqND6HiWHAHk_ZKzGzZjoxmLcef8EbU5LSw_IBEuxDHM7xr02tGMAVg0R3JthRn8xfPnFWt95V_111WjnBgeeKeS2GneETV9MaYc38-p28yBaIcjWpzCdYJHjqha-46SYubvF2THowCA64uLWI6Ojg2Grym48AHRmI-VNBLwpgfjZjADPaQQH0pnpA995_UQfnufCeQrZNYQq0nb8fQZSG3GzF-o7nNcN8KDiRbZPDpg1wL0jqFnbT1HbkwGB6UQ2LIab9XX105_XSX7CR2tdTHqYmTDF_uo2MBM_nbpH7psHfZXSTZGpkg7Pb9rem-Wzh6GtXSAdOXjaWlLSL7qyMkUCsqenIE-oxGzFd5Y8iBfpAiv7ocVipx2Vd2jD8MhvwlCg0iTR4c8FRd_d91gHFkbM_E-8iSMtfJ99yeQQqewhzEVAItE5nCLRVe664A67c_fcTV2_nFGMhR59Deg8jrJHY0e_GEnoJXf3Dfr9s4Kd9SwsP7JnTbhU8wR-6ZsvNTRBCOKBXg6kwIGl4yiTpLRpgvD3LJ-zNOHD2gpQis6EsZafo6Kjc06MVZ_MjD3mHbXoZYbT3zswqWdnyegaycsxrwnzTE1-UBL4oO3ehP1f82UJ8CEJEruwi-AxF1xpPH3-8HPZ2cx29Qc-GGaVi3sg1UN4A-xjg48qAcZeE-mNfpxgm9pEgSKnXw4irMAidVL5d5ly9HYxlHqm-ax4-vaiO5dPp7e0NhtXokQOq5Pi93UxtdgxdpZLbbXlWIPpebpTfVa2OD3fjmmjcnm3ZtUyt_TfzoSyGsClcxCXdWoTUJPEqpY5WE5gWWGOJ0wr43ZNwEsJkU0BWAPCZJ5FoBW615q8FQBLij3ygwONxiGfr6-WqFOSUjkTjHq03UYX6H818uPaP-WGQ33szSRWWUde2NfhJaCM3ySL3NmOClH6_4XOm2QwCGffGAnrgCjZ9OTzzsFhH9Ns74ppoWYdeXldqoRWGzkh_kcVxsmi-IE_Doz_SCgNKtDwQYIEtpFZ-G6bWpDsND3t2Y4-IvAcAQNvEAD6uXLTIC-_OglBpxNx54OypMQAU-urab09EVZ22pxwNaxNvVFRAIuJ3Fdk_GjwQKRYWC2mR6_cg&cid=CAQSOwBygQiDWxnwjMPZt3msAhZI-dmFfmenPYt7MotK-j6T8Q05QsgXHYwwuBq0LTMAoP9NhCTjeukuvEWkGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=12385758760440820000&adk=3563752640&idt=74&cac=0&dtd=14

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 17:36:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26020
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 17:36:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/ Frame F347 29 KB
11 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 17:36:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26020
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11316
x-xss-protection: 0
server: cafe
etag: 309758756414748794
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 17:36:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F347 41 KB
15 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 13:19:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127830
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Jun 2024 13:19:10 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame ED1C 1 KB
643 B 43ms
42ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41328
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Jun 2023 13:20:52 GMT
etag: 48472445140208031
expires: Sat, 17 Jun 2023 13:20:52 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F347 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 055e1962d0691e6440468ef346666c48361a6cbcb9de27a7b4ce65f1094e0d8b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9C31 22 KB
8 KB 40ms
39ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 126175
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 13:46:45 GMT
expires: Fri, 14 Jun 2024 13:46:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cdnf.js Show response
pix.adrta.com/ Frame 13DC 32 KB
11 KB 158ms
44ms Script
application/javascript 18.66.122.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pix.adrta.com/cdnf.js?v=22.110
Requested by: Host: q.adrta.com
URL: https://q.adrta.com/s/pbm/aa.js?cb=1015140641_1686962979_259802
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-114.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b1f0c32bdddde9d823fb770b4934d91c2f398b6b49fd9895b072bed2f8e87e60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id: R83C925SYCJlAS3EPf859mHfAdKdIqOi
content-encoding: gzip
via: 1.1 109c7a7f1cf897851e09b16d3030a948.cloudfront.net (CloudFront)
date: Fri, 16 Jun 2023 11:37:09 GMT
last-modified: Thu, 02 Feb 2023 21:52:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 47552
x-amz-server-side-encryption: AES256
etag: W/"72275c8d62679b2e305f159c912ba52a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: WmKDcWlWlimbWfS023B3SVDypEPvXfzokkWp576SwPuTCZ8fhobWuw==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 41CC
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEDy5_lryPaWlMm24uAEZLNg&google_push=ATf1kGOqL4T_CKJidPoxjy2RaJP-khsMh0rLVNB_J13zSAHmVALg6uDXAz...

170 B
188 B

51ms
50ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEDy5_lryPaWlMm24uAEZLNg&google_push=ATf1kGOqL4T_CKJidPoxjy2RaJP-khsMh0rLVNB_J13zSAHmVALg6uDXAzLoBcJESCYViqodA0izjhtVYQoqtdxHKUXZMGf3XZ0l

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230036-FRA
pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1686962981.730209,VS0,VE89
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEDy5_lryPaWlMm24uAEZLNg&google_push=ATf1kGOqL4T_CKJidPoxjy2RaJP-khsMh0rLVNB_J13zSAHmVALg6uDXAzLoBcJESCYViqodA0izjhtVYQoqtdxHKUXZMGf3XZ0l
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 41CC
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEALqLpJm7KlpTW1Vq2OimAk&google_cver=1&google_push=ATf1kGPAmMs3r_VfM0yA7St0itXCZvjjsv-whDTti8dwKvAgv4fDMstULg-XuNBc16lhixK3itQjxC8qe1V...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPAmMs3r_VfM0yA7St0itXCZvjjsv-whDTti8dwKvAgv4fDMstULg-XuNBc16lhixK3itQjxC8qe1VxkTdo3uN-5cd7tk02&google_hm=IqHdgTqyQuCODMEkFgOo6Gc

170 B
188 B

55ms
55ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPAmMs3r_VfM0yA7St0itXCZvjjsv-whDTti8dwKvAgv4fDMstULg-XuNBc16lhixK3itQjxC8qe1VxkTdo3uN-5cd7tk02&google_hm=IqHdgTqyQuCODMEkFgOo6Gc

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:39 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPAmMs3r_VfM0yA7St0itXCZvjjsv-whDTti8dwKvAgv4fDMstULg-XuNBc16lhixK3itQjxC8qe1VxkTdo3uN-5cd7tk02&google_hm=IqHdgTqyQuCODMEkFgOo6Gc
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 41CC
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEFaQncktId6Eb9BjqrN5m88&google_cver=1&google_push=ATf1kGOnJgxLwDCfUXQbirDo_GNLfExO3WBvXf5m5KikxImbYMADbuBeQRC4HaLgDJUAsAn8Q1C8qa_JvcVd9pRzg8hk...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEFaQncktId6Eb9BjqrN5m88&google_cver=1&google_push=ATf1kGOnJgxLwDCfUXQbirDo_GNLfExO3WBvXf5m5KikxImbYMADbuBeQRC4HaLgDJUAsAn8Q1C8qa_JvcVd9p...
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgoogle
https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dgoogle
https://x.bidswitch.net/sync?dsp_id=59&user_id=07f4e4cf-6e5e-41fc-b98d-568f2924cb36&ssp=google
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGOnJgxLwDCfUXQbirDo_GNLfExO3WBvXf5m5KikxImbYMADbuBeQRC4HaLgDJUAsAn8Q1C8qa_JvcVd9pRzg8hknW1hPNSx&google_hm=l1dbC0KGSf2TQU5uZLOTQA==

170 B
188 B

50ms
49ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGOnJgxLwDCfUXQbirDo_GNLfExO3WBvXf5m5KikxImbYMADbuBeQRC4HaLgDJUAsAn8Q1C8qa_JvcVd9pRzg8hknW1hPNSx&google_hm=l1dbC0KGSf2TQU5uZLOTQA==

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGOnJgxLwDCfUXQbirDo_GNLfExO3WBvXf5m5KikxImbYMADbuBeQRC4HaLgDJUAsAn8Q1C8qa_JvcVd9pRzg8hknW1hPNSx&google_hm=l1dbC0KGSf2TQU5uZLOTQA==
date: Sat, 17 Jun 2023 00:49:41 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

usersync.aspx
widget.eu.criteo.com/dis/ Frame 41CC
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&...
https://widget.eu.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH...

43 B
363 B

163ms
50ms

Image
image/gif

178.250.7.11

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://widget.eu.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEI2-W6EgbwLzEDOc3UTjev4&google_cver=1&google_push=ATf1kGOW9dWy71HGhVMkj3si7WRxd3x1a9vxvyiyyzGfP7QI490jKsX9nAVrLUIEzWDxEfsfLZQaDRi9qJe-zw-3eiqu-xsmp6-N

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

178.250.7.11 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 143809
expires: Sat, 17 Jun 2023 00:00:00 GMT

Redirect headers

location: https://widget.eu.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEI2-W6EgbwLzEDOc3UTjev4&google_cver=1&google_push=ATf1kGOW9dWy71HGhVMkj3si7WRxd3x1a9vxvyiyyzGfP7QI490jKsX9nAVrLUIEzWDxEfsfLZQaDRi9qJe-zw-3eiqu-xsmp6-N
date: Sat, 17 Jun 2023 00:49:40 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 159555
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 41CC
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHgtXX0pLR76uolrKFyWthE&google_cver=1&google_push=ATf1kGNaYFPu8eFi5knrzkQBRcbVyJ2t7Q62r2PtFQSTc-Kp_vLOAVLRea3ZhXkrhai9gK2bnnqEL0HM...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEHgtXX0pLR76uolrKFyWthE&google_cver=1&google_push=ATf1kGNaYFPu8eFi5knrzkQBRcbVyJ2t7Q62r2PtFQSTc-Kp_vLOAVLRea3ZhXkrhai9gK2bnnq...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzQ2MDg0NTI2NzQxMzgyMTM2MQ&google_push=ATf1kGNaYFPu8eFi5knrzkQBRcbVyJ2t7Q62r2PtFQSTc-Kp_vLOAVLRea3ZhXkrhai9gK2bnnqEL0...

170 B
188 B

50ms
50ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzQ2MDg0NTI2NzQxMzgyMTM2MQ&google_push=ATf1kGNaYFPu8eFi5knrzkQBRcbVyJ2t7Q62r2PtFQSTc-Kp_vLOAVLRea3ZhXkrhai9gK2bnnqEL0HMN71cpKrnn2GT13pWN2SH

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzQ2MDg0NTI2NzQxMzgyMTM2MQ&google_push=ATf1kGNaYFPu8eFi5knrzkQBRcbVyJ2t7Q62r2PtFQSTc-Kp_vLOAVLRea3ZhXkrhai9gK2bnnqEL0HMN71cpKrnn2GT13pWN2SH
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 41CC
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEEwW6se3E9BzQZ8HrKTxxY8&google_cver=1&google_push=ATf1kGOfoK8Of7FJHOOc3qVxFCWYK34b-CGFBpxoZla75E8o-Vja84w1U-EguHvg6HJT_zuF5jwOT0O8g3b0...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOfoK8Of7FJHOOc3qVxFCWYK34b-CGFBpxoZla75E8o-Vja84w1U-EguHvg6HJT_zuF5jwOT0O8g3b0IUshKaRHa_QBJjfe

170 B
188 B

50ms
50ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOfoK8Of7FJHOOc3qVxFCWYK34b-CGFBpxoZla75E8o-Vja84w1U-EguHvg6HJT_zuF5jwOT0O8g3b0IUshKaRHa_QBJjfe

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOfoK8Of7FJHOOc3qVxFCWYK34b-CGFBpxoZla75E8o-Vja84w1U-EguHvg6HJT_zuF5jwOT0O8g3b0IUshKaRHa_QBJjfe
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 41CC
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEN...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=ATf1kGP60jAzDAhiarTSfeKA1f2q6tYsTAuQKudPHYIkGATsdEBz_lCeQu0Or5NUJVSoUg3Luf_KeHJLAPLZE88bPT2s-5AE8Zb7&redir=https%3A%2F%2Fcm.g.doubl...
https://sync.targeting.unrulymedia.com/csync/RX-dcd2f19b-ee84-495f-8f66-a0f2abeeeffd-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DATf1kGP60jAzDAhiarTSfeKA1...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGP60jAzDAhiarTSfeKA1f2q6tYsTAuQKudPHYIkGATsdEBz_lCeQu0Or5NUJVSoUg3Luf_KeHJLAPLZE88bPT2s-5AE8Zb7&google_hm=A9zS8ZvuhElfj2ag8qvu7_0

170 B
188 B

51ms
51ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGP60jAzDAhiarTSfeKA1f2q6tYsTAuQKudPHYIkGATsdEBz_lCeQu0Or5NUJVSoUg3Luf_KeHJLAPLZE88bPT2s-5AE8Zb7&google_hm=A9zS8ZvuhElfj2ag8qvu7_0

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGP60jAzDAhiarTSfeKA1f2q6tYsTAuQKudPHYIkGATsdEBz_lCeQu0Or5NUJVSoUg3Luf_KeHJLAPLZE88bPT2s-5AE8Zb7&google_hm=A9zS8ZvuhElfj2ag8qvu7_0
date: Sat, 17 Jun 2023 00:49:41 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXdcd2f19bee84495f8f66a0f2abeeeffd003
content-type: text/html

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 41CC 0
12 B 50ms
48ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KCRNZzD13O4BoqWUAgrjxzukrESU9S8HEH0n26oe07cjWzljayAuh1HWiLBo5vIZHUuRrD

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:40 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK request.php Show response
hal900025.redintelligence.net/ Frame 9BB4 3 KB
2 KB 224ms
119ms Script
application/x-javascript 138.201.84.245

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/request.php?zone=ajk4xlebn4mw&nw=20&renderingType=javascript&namespace=53652a58dd&subid=&uid=3f06b0f34a0d5444&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYQer8KFSFL_2W7ZbAvMfUw%26exch_seat%3D20035004448%26mt_aid%3D8741425454962446792%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D1500648d-0324-4f01-a889-5da72114128c%26mt_cid%3D1500648d-0324-4f01-a889-5da72114128c%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC6yXxIwONZOeVLKSx-gbH7J7oBc-HjptcwIbZgsYCwI23ARABIABglYKHgpgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBPoBT9DRl5p6NOD2LN3FXip9oPE88ggbHWZNvVkHEWLqMq0NYyHWx1WhTSDrW0VYhzAi8dKftcLLd7UbRaQlZI_qVMs6KtZxBmfvXkIYCm7CConXCNlKbc6tvoROGrD11YnCb6pbDM2_EexwjzU0cJ50dn1IpNDztMJXR85v4dT8-xibTrKKZ4X7roZJ4CecOLBCuVp_f3JuoTm4wCpMektZkKSvmDTnav35o45L82CrM6AESTnumf7RXG5Kn24N-O99RzHzrbWp49nu_pdwqqf-Y0thWx1-afrPo-dnY5ZbCdpLagiDlPjSa6z2GOSknbCq5Vd5BoYSEq4_--AEAYAGvtTW_Nma6J2oAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0-BlWIoYrmF_mDIoDMSrhFlaE5gw%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D&documentReferer=https%3A%2F%2F464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=5010563771016&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/ajk4xlebn4mw?subid=&gdpr=1&gdpr_consent=li&rnd=8741425454962446792&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYQer8KFSFL_2W7ZbAvMfUw%26exch_seat%3D20035004448%26mt_aid%3D8741425454962446792%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D1500648d-0324-4f01-a889-5da72114128c%26mt_cid%3D1500648d-0324-4f01-a889-5da72114128c%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC6yXxIwONZOeVLKSx-gbH7J7oBc-HjptcwIbZgsYCwI23ARABIABglYKHgpgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBPoBT9DRl5p6NOD2LN3FXip9oPE88ggbHWZNvVkHEWLqMq0NYyHWx1WhTSDrW0VYhzAi8dKftcLLd7UbRaQlZI_qVMs6KtZxBmfvXkIYCm7CConXCNlKbc6tvoROGrD11YnCb6pbDM2_EexwjzU0cJ50dn1IpNDztMJXR85v4dT8-xibTrKKZ4X7roZJ4CecOLBCuVp_f3JuoTm4wCpMektZkKSvmDTnav35o45L82CrM6AESTnumf7RXG5Kn24N-O99RzHzrbWp49nu_pdwqqf-Y0thWx1-afrPo-dnY5ZbCdpLagiDlPjSa6z2GOSknbCq5Vd5BoYSEq4_--AEAYAGvtTW_Nma6J2oAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0-BlWIoYrmF_mDIoDMSrhFlaE5gw%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 61b71c2be325b3ebb4c944e2259618358e59dcdd6588694914eec3fbce1db22a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 17 Jun 2023 00:49:40 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 93483700005664200951389012358025
Connection: close
Content-Length: 1170
Expires: Sat, 17 Jun 2023 01:49:40 +0200

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 911A 22 KB
8 KB 40ms
39ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 126175
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 13:46:45 GMT
expires: Fri, 14 Jun 2024 13:46:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 8049
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEHC23SUPlx4KKx8f-7fEfs8&google_cver=1&google_push=ATf1kGPo-q30EBeAOObddw0uqSNPM-f3lo-Td4BH1tn_UH3fw7zeVkYtLPS07nOj5XzGSaxBn6cu7x0IBs-366p_1PTNa5aU0YKXJQ
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzMzODAxNjIzMjA0OTY5NTA3NQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHC23SUPlx4KKx8f-7fEfs8&google_cver=1

43 B
398 B

87ms
45ms

Image
image/gif

46.228.164.11

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHC23SUPlx4KKx8f-7fEfs8&google_cver=1
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 46.228.164.11 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHC23SUPlx4KKx8f-7fEfs8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8049
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEPz8j5dAmw83ezkbiSZGbr0&google_cver=1&google_push=ATf1kGN9c_RGYrH1Q3j8g2zEq7KMvBO2jIbe4Qs0lMDsjmN8y2zpF7BOZ6NohIDI1LxBokuisTAB12JZitT15W...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0NTQ1MDgyNDM3MTUzODcwMw%3D%3D&google_push=ATf1kGN9c_RGYrH1Q3j8g2zEq7KMvBO2jIbe4Qs0lMDsjmN8y2zpF7BOZ6NohIDI1LxBokuisTAB12JZitT15WE2rU...

170 B
188 B

54ms
53ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0NTQ1MDgyNDM3MTUzODcwMw%3D%3D&google_push=ATf1kGN9c_RGYrH1Q3j8g2zEq7KMvBO2jIbe4Qs0lMDsjmN8y2zpF7BOZ6NohIDI1LxBokuisTAB12JZitT15WE2rUQyT4PMqoQ0uw

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0NTQ1MDgyNDM3MTUzODcwMw%3D%3D&google_push=ATf1kGN9c_RGYrH1Q3j8g2zEq7KMvBO2jIbe4Qs0lMDsjmN8y2zpF7BOZ6NohIDI1LxBokuisTAB12JZitT15WE2rUQyT4PMqoQ0uw
Date: Sat, 17 Jun 2023 00:49:40 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8049
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEIGGmONLieERV1p5jHBOhKM&google_cver=1&google_push=ATf1kGPSGNXMPc-FtYfQXW_WQ7Tw5MP-Auk7xpefCFbOcwN9l7Hx8IDj7phP9EblmsNEtqzJo5i1TMspmRKPVqKGH0NU63d...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEIGGmONLieERV1p5jHBOhKM&google_cver=1&google_push=ATf1kGPSGNXMPc-FtYfQXW_WQ7Tw5MP-Auk7xpefCFbOcwN9l7Hx8IDj7phP9EblmsNEtqzJo5i1TMspmRKPVqKGH0NU6...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGPSGNXMPc-FtYfQXW_WQ7Tw5MP-Auk7xpefCFbOcwN9l7Hx8IDj7phP9EblmsNEtqzJo5i1TMspmRKPVqKGH0NU63dfIOLNqQ

170 B
188 B

50ms
49ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGPSGNXMPc-FtYfQXW_WQ7Tw5MP-Auk7xpefCFbOcwN9l7Hx8IDj7phP9EblmsNEtqzJo5i1TMspmRKPVqKGH0NU63dfIOLNqQ

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGPSGNXMPc-FtYfQXW_WQ7Tw5MP-Auk7xpefCFbOcwN9l7Hx8IDj7phP9EblmsNEtqzJo5i1TMspmRKPVqKGH0NU63dfIOLNqQ
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2

200

usersync.aspx
widget.eu.criteo.com/dis/ Frame 8049
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&...
https://widget.eu.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH...

43 B
362 B

163ms
50ms

Image
image/gif

178.250.7.11

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://widget.eu.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEI2-W6EgbwLzEDOc3UTjev4&google_cver=1&google_push=ATf1kGM23p0jep9SV-oA-k6soFvWXLioNwLimGqNZ56Hi5emMmdR-AHrfauHtIapYxw03exlWbTUVC2sZb0iQ8hwtDL06UbzSc1ZhQ

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

178.250.7.11 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 204793
expires: Sat, 17 Jun 2023 00:00:00 GMT

Redirect headers

location: https://widget.eu.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEI2-W6EgbwLzEDOc3UTjev4&google_cver=1&google_push=ATf1kGM23p0jep9SV-oA-k6soFvWXLioNwLimGqNZ56Hi5emMmdR-AHrfauHtIapYxw03exlWbTUVC2sZb0iQ8hwtDL06UbzSc1ZhQ
date: Sat, 17 Jun 2023 00:49:40 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 90065
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8049
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=0fwtzlkcSXaYNkKOiJ9bPQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

57ms
56ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=0fwtzlkcSXaYNkKOiJ9bPQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGNj0KXLNqUwJkKVPEsighV3T-938qB4fHqMKxQX4XJo2fcyFbNrpcTuiwCS1a0r7LzJIESK8jY-0nTdGwhUr812qAH7YHdWkA

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=0fwtzlkcSXaYNkKOiJ9bPQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGNj0KXLNqUwJkKVPEsighV3T-938qB4fHqMKxQX4XJo2fcyFbNrpcTuiwCS1a0r7LzJIESK8jY-0nTdGwhUr812qAH7YHdWkA
date: Sat, 17 Jun 2023 00:49:40 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8049
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEN...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=ATf1kGN0HkKe07l4ofNMAOlgUihQuXS87dJSODTrl5OpEwMeB84ICOhv2Ne5Rh4wHgCpouexVRu_8QRNGi0PrBmGLt_zrPy-ekYMxw&redir=https%3A%2F%2Fcm.g.dou...
https://sync.targeting.unrulymedia.com/csync/RX-dcd2f19b-ee84-495f-8f66-a0f2abeeeffd-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DATf1kGN0HkKe07l4ofNMAOlgU...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGN0HkKe07l4ofNMAOlgUihQuXS87dJSODTrl5OpEwMeB84ICOhv2Ne5Rh4wHgCpouexVRu_8QRNGi0PrBmGLt_zrPy-ekYMxw&google_hm=A9zS8ZvuhElfj2ag8qvu7_0

170 B
188 B

50ms
50ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGN0HkKe07l4ofNMAOlgUihQuXS87dJSODTrl5OpEwMeB84ICOhv2Ne5Rh4wHgCpouexVRu_8QRNGi0PrBmGLt_zrPy-ekYMxw&google_hm=A9zS8ZvuhElfj2ag8qvu7_0

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGN0HkKe07l4ofNMAOlgUihQuXS87dJSODTrl5OpEwMeB84ICOhv2Ne5Rh4wHgCpouexVRu_8QRNGi0PrBmGLt_zrPy-ekYMxw&google_hm=A9zS8ZvuhElfj2ag8qvu7_0
date: Sat, 17 Jun 2023 00:49:41 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXdcd2f19bee84495f8f66a0f2abeeeffd003
content-type: text/html

GET
H2

200

/
onetag-sys.com/match/ Frame 8049
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEEwW6se3E9BzQZ8HrKTxxY8&google_cver=1&google_push=ATf1kGN6G2yW4GNHbg9FgOpwNCg8EeHJx2H-yE_z8MAqUvfAvuoJCOlWTuby_Q91xecoAmgeRD7-_7SYVJw...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGN6G2yW4GNHbg9FgOpwNCg8EeHJx2H-yE_z8MAqUvfAvuoJCOlWTuby_Q91xecoAmgeRD7-_7SYVJwwb6XCBeCrGWbK3nyo2qc
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

40ms
40ms

Image
text/plain

51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

51.38.120.206 Hessen, Germany, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 8049 0
12 B 49ms
49ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LBaH4jCS6G96-KSVzHVDXeM_jJNx0npdEsu7b5n9WTRSg8ehiZpbZf1i6dKm9sztmASnspwA

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:40 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame CB39 22 KB
8 KB 42ms
41ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 126175
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 13:46:45 GMT
expires: Fri, 14 Jun 2024 13:46:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 4A57 8 KB
4 KB 231ms
41ms Script
application/javascript 2a02:26f0:6c00::210:ba19

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=20309721&cmp=29968277&sid=3288807&plc=367565023&num=&adid=&advid=4309118&adsrv=1&btreg=558488166&btadsrv=doubleclick&crt=192207036&gdpr=&gdpr_consent=&tagtype=&dvtagver=6.1.src
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba19 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash: 3161f812469fd0552b9863a8bf904c86342db3208368ef4460329fe5fc2f8863

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 17 Jun 2023 00:49:40 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 Jun 2023 09:15:55 GMT
Server: UploadServer
ETag: "71b8beedfc8712992269775dfe385a4e"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3374
Expires: Tue, 06 Jun 2023 09:33:40 GMT

GET
H2 200 index.html Show response
s0.2mdn.net/sadbundle/16829948873192997814/ Frame 2966 14 KB
3 KB 50ms
49ms Document
text/html 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=SimwOY70bH&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8cd9f7f932e502b97e7ebd1194ba28e4b5a441b6100a07a09a6c02f102c8b55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3050
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 17 Jun 2023 00:49:40 GMT
expires: Sun, 16 Jun 2024 00:49:40 GMT
last-modified: Fri, 12 May 2023 09:19:58 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4A57 0
0 185ms
88ms Fetch
image/gif 172.217.16.194

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuKeldR_2KewRhGDFAM5c00exST8k4rzOn-qiMFZxwuc0eIkjIBI0sQmkkDIOmJH8fcSNQCjVOQn3slTFdNBp6zP7Oi4okbDMw2Lo7yYHIBuRbPOZGqR90UiH84gRZAjWKawH_C-KwEn4r8Oow0LuZT0FVL-5gRM8h6Nl2XElLiXpMbGObC21v9KbBFKCHW4w74Ezp854earmG6XLhBfxvE_3aXKUNKMX85JaPIWOqBEVOUTOuDygmpybuYbua8E9jxXOJptALlptURm4VndKZSeLFGoBclFBSc8OZrZDrQ8rR3kGUs-rlZ_czn3sIAlvqEfc84RHH_rpIdnbm8eV7Nv6fKrSz4TjNvmj_FHJOv-DaR29tu1H1Gwj-UJHjAJ0p2B2xOD3w17EsaH4pVOdi0sYAj0zl3i9UWXpLWMz6ArV1jgZRFbg2QIRMo5Axc7iP3EJZxYUr31Xjv9_QV31xkAyRgU0OHDa44LBSRI71lAufK_A55bhhVATf5YGq0T0rR5Ve0SK5T7JSntvzL7b9Kj7UyztYkvyi_BhuhQ1xBVxQHPZm6kvKa9sg3yr0sWW7iwKpeJ0EVR5DdIFHIicLmFrmpGnNgF40BZ9OHUrnqoLdhp8qWsa5GOQ6En6A-gK2HXeMwgZAhJJqKbDtvwkClrm20xLIgITkcFWN3vWgwBEy0ny4jAHxj7auq1jav5o5O1t3zOvzyZFwJpsId92rZ8nuiTqpcROjGv4lx5dpB25eMa_-GDE969OAVJgHUNMNC6IWqBoS0tzm6WzvpWW35D6p5BzmA5y_bBkYi6d5T1cioRgDhH3jJh217xG03fga144yPuKWZH-vjLQ9TuwhYTCf2CEum9yNhRduXgaQTGO0kMRWQYlsKvDXdg1zqL6h0ulxH2-6-ZnnAQZJPuIZuZUlzeU7gJougz3Ge4YzKwPkJN-N9Kx-tTd_MTcadeQcw39CXLe8SaCfgOHShIyUBaaN5wWVRSEN0Y1Dv9x_9dgdXWJcJsgcEhQAh_uIDB0hZhtGW0G_byQoeENntZstM47xokQfoT4xdRrSGxWL6cZ-FfdH2D66ss4SRxB9ARvDeDaWYfQZ9BSOh7-CMv4L0ZOWjEAFSg2DWuZaxyF2afclJiZ90R-_L1dBRlMqux4DVCqZPMiDoRF4yPEwg0PVl1T3SpmX1PDwCZ9TpmACjHAjjI9r5uMHmo71BuUJFTPS6hRVv2tZeQz5ycH7pnzHo0HzJcvEharblEAvGSBA28NIULZk6FMYtOENYbOaxKiVZdo5OUO21zsDSyrQD-vhftHkbR58pZBe8HHGtRRxo&sai=AMfl-YQq0SINUO7NrO0pGhc_-Rdma3xW-UuTzNqGBXxPnrWMSGFtT8DvGVUWVwrU5NuLiUJW2FoLNds3b-8WcRV62UQuarBqVjNlglfGgDwoMBvhcbjnjg65KALT7uwrCgR5nugtodd-d8ZdihqSjN6YOfpXqqrbBAnX6DbqAr8S1jZJTvRaGnT_JJEvUI8RMH1MsIoTwLuS_Afuy6808m6lrY9VKhncxlLVubAI2RiwReY0LpfVJb2DzZeFVKemoJmWaFMIbH-yZyQUjNxbNu4N86IAPu3tWw&sig=Cg0ArKJSzEzfH9VKyNC7EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=182&cbvp=1&cstd=176&cisv=r20230614.93763&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:49:40 GMT

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 1E00 8 KB
4 KB 200ms
41ms Script
application/javascript 2a02:26f0:6c00::210:ba19

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=20309721&cmp=29968277&sid=3288807&plc=367565023&num=&adid=&advid=4309118&adsrv=1&btreg=558488166&btadsrv=doubleclick&crt=192207036&gdpr=&gdpr_consent=&tagtype=&dvtagver=6.1.src
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba19 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash: 3161f812469fd0552b9863a8bf904c86342db3208368ef4460329fe5fc2f8863

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 17 Jun 2023 00:49:40 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 Jun 2023 09:15:55 GMT
Server: UploadServer
ETag: "71b8beedfc8712992269775dfe385a4e"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3374
Expires: Tue, 06 Jun 2023 09:33:40 GMT

GET
H2 200 index.html Show response
s0.2mdn.net/sadbundle/16829948873192997814/ Frame 05D1 14 KB
3 KB 49ms
48ms Document
text/html 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=1VT5fc9Ca6&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8cd9f7f932e502b97e7ebd1194ba28e4b5a441b6100a07a09a6c02f102c8b55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3050
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 17 Jun 2023 00:49:40 GMT
expires: Sun, 16 Jun 2024 00:49:40 GMT
last-modified: Fri, 12 May 2023 09:19:58 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1E00 0
0 154ms
90ms Fetch
image/gif 172.217.16.194

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvM4IZqiQ9o__d49oQZ-oOGIYLSKIzIGZfXGYvnXxrDnKqiMPjF-olkmaXbbLpTgkg14UW7EUqzSsGnJ2dtMtUL3gdbCa6JPi9Q9Zsh1dmw9ynxqmYwxb1F91Qfihb0Fvq6YIiKjHPehE2d-QksBPr10441cg9_pD568r-2JtHrbI4XOUqJ2VGUNn8TXSThEXNLftAVsRt83_ZChkkdEM4wuSwY8zC-lafrd6NiMHbmsjwGRwQ-5aZvrzraT7QI5Nt6xXgjk7GnRZnd8CWCO9udV4hNot1Eadj1azuejL7iRbxqTuB1rEjnQr6rI1QuoFbp06vEGFqT7grZI-g1fBEPKSOrRsf89VFzxYBwRKtFy2lI6oXJ3ujvx46o5JTLCrwZLV6jbDshLsnA6aiEz9EYyIkqblSuN9WA_PrKe5Psn3IgceDURz9TqI6izTngfAppebJNpnp6nq1OnHJZowd0F43x7-U4OJ_Bz_6vpd01dH0ozRb3GYBIKR9ZtVjE_-LF9gdvUZOc4vVInD0P2IBWimL_qmulTi04StyZOZ1fA2u81FSVQTmLASWLFq2ZHdIfkR6votCvAqYCb3ci0q-aqEkZAodxCNmG8oKtrVB_fjBwnS4jZC3jujQXEJb3zk4VsYiLfnUBz_OXtdjDiTyen1QA471eU4qpNmY5-lRVzg8Rk1TXXgoC_q5dQDw1HrRFuFlBnyPPOC-SfN2RaHhFYwWjD5lJNGUXNnavbyGO9CSf3HCHrwr6l6Ume_4R69XDLovhpv8c70giDHYUWiOB91vVEG-ViNGxjtSwkfUWNfK7JWd9EcIg_cS_dw5otxSvAY5y4oNZb4d_Adag8KoFdOU20YW4pV0iQ8tbvXtH88QUxG0b48sa8QaYstbZ27GseyBeCQMrNq0pg3kkbFq3qr3uDRzoiKb7xDjyfdPXbtSIKcz2VK5vfjnbRRvOCZwkVRfJ1_Y-X-o9rgl8mUffOW3zB-T9ZWx_LSQZ1Nm1D1Wz9R8ttfqPomxqJ6m8ocx70IYh1lHqqcXSX2H32WEb-7qj_G7vAK6FdzixPR0dqc29QvHgkGpAlO-_stAhc5CEfSnPASwrT9X9dkPXp9p_FNbgrAUDCdB5AcJNcvk0IoH5SrcMQpUXMI959c5h39xiwaAptIY8riQc6Tjc1WckrvypP3cnLxADKoXtE0gdHBqfFTsMqbcUSsknWOUjFLzidhh3JWOqA3ee1e7zUsE1wL0KRkJ0zOo4t-oqPGIcyOcoRdSSP0mxg8LyJPtX81X4tSWTXqn3QPNLUd9xnKi3sBAWeS10NP9gGwqs8Nyd&sai=AMfl-YQlFe3pESoBtfY01z8QaQSf07Y9Lxk2nk6rBqXavWfUTfKJLU3Q547ZNtmPg7t1O2laRtL8VWICt85rDQX5iFgSjxA8DVpu-XlzXRdaFCPJMPHUxzHLC5rmdX1x69kDHW0ACoNTsIokbnW0Y3bXdwS5LPbaeQiCqUmLwo5zlTnByMlEcmKziYgIogDfz56kYaW_fC2QXCKkKHweGd40dnC-7QcuReLBv3wBi4Se9ne4gCUKBDEuXin2o_wF3DdS2hQyU8kG5wcIuF6y7NpAzG5eca3IuA&sig=Cg0ArKJSzPRK15grfqtEEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=293&cbvp=1&cstd=286&cisv=r20230614.21791&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:49:40 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame ED1C 0
104 B 243ms
88ms Image
text/plain 2a02:fa8:8806:20::2010

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEIn_dZa5RV9SgoN5GxZuu78&google_cver=1&google_push=ATf1kGPrXVDxOoi2SteIw4x5b-jCOT2kUTY9M6CWnJ0DcxZre-v97CiQVnZTyTti6i0w83Rmy7m6zPJw_1wOWNcEET1F5fYrHME
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2010 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame ED1C
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEDy5_lryPaWlMm24uAEZLNg&google_push=ATf1kGPnTP87pPxNua0LJcjT8zEuafoRTPR8uxybmVosM_WrhnciX_9hmq...

170 B
188 B

52ms
51ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEDy5_lryPaWlMm24uAEZLNg&google_push=ATf1kGPnTP87pPxNua0LJcjT8zEuafoRTPR8uxybmVosM_WrhnciX_9hmqT-hj9ZT1AaBw9Hh4cl4BB_aEfa3t9TEZ1swvvI91rF

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230036-FRA
pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1686962981.743517,VS0,VE93
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEDy5_lryPaWlMm24uAEZLNg&google_push=ATf1kGPnTP87pPxNua0LJcjT8zEuafoRTPR8uxybmVosM_WrhnciX_9hmqT-hj9ZT1AaBw9Hh4cl4BB_aEfa3t9TEZ1swvvI91rF
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2 200 dds
rtb.openx.net/sync/ Frame ED1C 43 B
245 B 138ms
48ms Image
image/gif 35.227.252.103

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEB1m9xk0TAOyicA6gAUIg40&google_cver=1&google_push=ATf1kGM3hDzJl2WhD4FhOCyz02HaQhf-n12Kpy7_xOgGeTzhKB9dGSv_9DcL_sFSXy2w2n2yYMswuvAutnSgmhyV5dXml756_WUE
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame ED1C
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEEwW6se3E9BzQZ8HrKTxxY8&google_cver=1&google_push=ATf1kGNOaFYwwuxB61gwO_Cu08rhGKyRd8AZdY6cN5qZDVPYBZpuWTd1h9VDwcRhDlM_6-QKoZrjOiMhEGef...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGNOaFYwwuxB61gwO_Cu08rhGKyRd8AZdY6cN5qZDVPYBZpuWTd1h9VDwcRhDlM_6-QKoZrjOiMhEGefMglpEZb0bhjpTQBH

170 B
188 B

57ms
57ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGNOaFYwwuxB61gwO_Cu08rhGKyRd8AZdY6cN5qZDVPYBZpuWTd1h9VDwcRhDlM_6-QKoZrjOiMhEGefMglpEZb0bhjpTQBH

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGNOaFYwwuxB61gwO_Cu08rhGKyRd8AZdY6cN5qZDVPYBZpuWTd1h9VDwcRhDlM_6-QKoZrjOiMhEGefMglpEZb0bhjpTQBH
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame ED1C
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEIA41nkbccDWj4mLiK33IJU&google_cver=1&google_push=ATf1kGNoTkFM46spUAd6O_kknBs4c5jOY8hZnMnDcqumMALIcsk2bKUUp8c4EB0RU-G7we3u2j...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEIA41nkbccDWj4mLiK33IJU&google_cver=1&google_push=ATf1kGNoTkFM46spUAd6O_kknBs4c5jOY8hZnMnDcqumMALIcsk2bKUUp8c4EB0RU-G7we3u2j...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1jQVhWS3N4RTJ1RWlKSE5CMFp1WGtEWnNPa1JsaVRWZ35B&google_push=ATf1kGNoTkFM46spUAd6O_kknBs4c5jOY8hZnMnDcqumMALIcsk2bKUUp...

170 B
188 B

51ms
51ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1jQVhWS3N4RTJ1RWlKSE5CMFp1WGtEWnNPa1JsaVRWZ35B&google_push=ATf1kGNoTkFM46spUAd6O_kknBs4c5jOY8hZnMnDcqumMALIcsk2bKUUp8c4EB0RU-G7we3u2jfee25nqHc854CF7chrkWlRAj-vMA

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1jQVhWS3N4RTJ1RWlKSE5CMFp1WGtEWnNPa1JsaVRWZ35B&google_push=ATf1kGNoTkFM46spUAd6O_kknBs4c5jOY8hZnMnDcqumMALIcsk2bKUUp8c4EB0RU-G7we3u2jfee25nqHc854CF7chrkWlRAj-vMA
date: Sat, 17 Jun 2023 00:49:41 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

report
sync.teads.tv/um/ Frame ED1C
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEKJbk2_FUDJiP3vP6RF8B5k&...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=ATf1kGMqUHH8cVWSW89xDwFwz3MoJY7U_e1VTQbrWzdiCf8bBxeaRwPi31USudPIfbcPnWTggmSnaF5ZGEcrmOfiPVWY0WAymVpakw
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

65ms
64ms

Image
image/gif

104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Sat, 17 Jun 2023 00:49:40 GMT
pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame ED1C
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESECgwNCA9t3a2mEz99N3UmJE&google_cver=1&google_push=ATf1kGPWIVOmOfK5B...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTA2NTg0Njk0NzU3OTIwOTA2OA%3D%3D&google_gid=CAESECgwNCA9t3a2mEz99N3UmJE&google_cver=1&google_push=ATf1kGPWIVOmOfK5BoI-OnD4-lO8kBjPXi...

170 B
188 B

51ms
50ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTA2NTg0Njk0NzU3OTIwOTA2OA%3D%3D&google_gid=CAESECgwNCA9t3a2mEz99N3UmJE&google_cver=1&google_push=ATf1kGPWIVOmOfK5BoI-OnD4-lO8kBjPXi9eE_S3dhHUWHbE3Q8INqSj1uxlNK-emWYcztMrkenJvNcq2y-fv6t8bDvn2sFw2qBQ

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 17 Jun 2023 00:49:40 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.7.103; 80.255.7.103; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 114e7983-89be-4998-b46b-371eac11195e
Server: nginx/1.23.4
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTA2NTg0Njk0NzU3OTIwOTA2OA%3D%3D&google_gid=CAESECgwNCA9t3a2mEz99N3UmJE&google_cver=1&google_push=ATf1kGPWIVOmOfK5BoI-OnD4-lO8kBjPXi9eE_S3dhHUWHbE3Q8INqSj1uxlNK-emWYcztMrkenJvNcq2y-fv6t8bDvn2sFw2qBQ
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame ED1C 0
12 B 49ms
48ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Ib6Xuj3PNlhZC40YGrE5oTLGnBxN4jSihdwRRvm3JsazbecZLR_jxB4jonH2hGoWTInCriJEcx

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:40 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 index.html Show response
s0.2mdn.net/sadbundle/7493198391404092334/ Frame 8D06 13 KB
3 KB 54ms
53ms Document
text/html 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=N0DsKKGVou&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c6d900511c502a6d0b97a298ecab07040eb48a8756ec785beddb35006825f0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2701
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 17 Jun 2023 00:49:40 GMT
expires: Sun, 16 Jun 2024 00:49:40 GMT
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F347 0
0 134ms
89ms Fetch
image/gif 172.217.16.194

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvQ8KSfZehGiYGk450o1Zz6y9RpdyQbssWtDU1Z6-hDmE99Z-fXtzpsl93xcsaxgHjPltauhPetGwwzFKlb0NUCuGe0bM9pP87Koms1yXlaW1XtbApohsyJY5Rm6u8bfGA2FeKWeMvcTzTytIVsAQ0UOpAxGBilZxoeyUsaF2L8oDV_Dsi5OYEV3oGU8hJiJMKJ6TPc2xTZZYO9rhhrqgQaVvKKg2sLCqapRvUgz7UuOjIlrDNAXimm-a3q7eCl-0qOpdX-OTawPUJ6gc1PuUcUvZ5xMD44wxT0_ga3eGpLmREj0HwpegoxjK2MYng6A-njsZFM7aJUFBShdkyS6jsb8-oBp8CQvqD-h-xOfXhbsDGZjVMDxXFtNS6QLCr44hDDojQ9EPDKCXtTmgYGkxJpgD60ftLXIO38RkchOBFW72iQ07WE5Z--1Q5dJK7C47_KGxdizwG5an35VWk9dx17AJkmXoYH9urK-kHxzVwBhGH4Sj_aqEwq8cmaYOIAMKXdifTjRtO0yLn-UrvdXRM2uTWowKKj0tOzFzljE-cXh3KigijAguIpGdkfnO1_zsHemgeHtKyUCAdYjvXbAOL9NCNLEKXCSwcfMs3BKkZJfRThR6ySLzaYd3S5hRsuA3XEmaoYcDCgu0ZDYmQ7nrNkIe71SMVZNVk40C4MhANAGNhlWTyXNhgCkHzwyG4ixWVVs5zCkdbSQf1UZ8PYdBbe8nS7Uxw-f2vVBj42nKk3RtzHn6bLua0Z9S8GehMC_63JLbY-HogSEIx8xscRioerPKtxn6ZnW8_6Yk3HjhpBSX2iwNFN2gb9Rqp1Nhaxlb0cAcE_Q6QApCnAWZqv4AXS_areVKp-AdUEFCQ-xTX6uG_7QaATWWYYzSsfQFnt1KJMDKjYGA9ljcQ57pKvU8gwg7WetK84j-0IZB-7xdbz1P5hb6FWnP7wZJBbjP4b94jFpihFj10oPQ_GT66DMdLUtR9Cw18YdFAsFI2Hp_Mi77WYld4q5xTKZ-2cDx83xBxY5XSbSYMameyZN1_VHpB9WFtejNeSUJq-xlR3rEnaj4P-U3XC2ZcxP_ZDz9RnZRgUB80wGqZico8iduSiuUieCo0U-dxfAsRR2Ay3LA7S9Y3e0X-VJdepAY0TFbZw5APPJkeLcljznlM28VGUj2jFtBMlTM1_2XogEqPK6wtxrusexa99e9SUgwVlFFCt21FUwomHegChMihdkTf3KwKXQ6NFHYJ8fNMnKBW-OCJsN-bZaNQ4QFsmb_mBEpIu9EmLgpkdh3v8LSQlx-nymUFlryCNtAHT4Bk&sai=AMfl-YRWvLLuqfmJEmsjk4agc-Z-U_hVHh0PVnaj0fWx563Y2vBezwQxlorobXBdYuOK4wj5iRRRsl-nX78DYJd6gKevMhGvvTXV3iFYtsFOThFFpLicOoWxpRqveIZFiJHMUyo76pOazJ7NplKNHl75edim07nUc9uNRdc8yx1zUKJUQqRwEY8C17CBzrWBuc28VjYs1z4jwltyJ7loIKivIcEr4g3CqALheOHVhOhAYD7-Nh4nM4eHwOXkbnd2OE2_nkHmXebER9NoH0aSNK9y6GMuyVWHEg&sig=Cg0ArKJSzGIga0dYaipBEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=194&cbvp=1&cstd=188&cisv=r20230614.10964&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sat, 17 Jun 2023 00:49:40 GMT

GET
H2 200 main.19.8.417.js Show response
static.adsafeprotected.com/ Frame 1E00 202 KB
63 KB 163ms
51ms Script
application/javascript 2600:9000:223f:6200:8:48e:53c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.417.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/1484055/72040524/skeleton.js?ias_dspID=64
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:6200:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 751fb681f54d257d1e40ec453a64608224a9862491da12791310bdeb0c1d8a2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 08 Jun 2023 15:17:27 GMT
x-amz-version-id: UVbFefY6UOYSsxlF6c.82fk2mbTK4IKy
content-encoding: gzip
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 725534
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 07 Jun 2023 21:53:40 GMT
server: AmazonS3
etag: W/"bb95c129f80c46c33e169dde0694b792"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: 1WifsXOJ1lL3DgzKVM3rH1gvzave9lQ7M8IgU9Magqb5NwjNHkY4WQ==

GET
H2 200 5ed76f76e4b07a92411bc03a
ng2.virgul.com/tck/imp/ Frame 8CDD 0
209 B 277ms
82ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed76f76e4b07a92411bc03a?g=1&t=gb&r=153377@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1686962978644&userId=vnetd3f78832-c440-4156-b5e0-4abada343ea3
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Sat, 17 Jun 2023 00:49:40 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 main.19.8.417.js Show response
static.adsafeprotected.com/ Frame 4A57 202 KB
63 KB 211ms
104ms Script
application/javascript 2600:9000:223f:6200:8:48e:53c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.417.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/1484055/72040524/skeleton.js?ias_dspID=64
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:6200:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 751fb681f54d257d1e40ec453a64608224a9862491da12791310bdeb0c1d8a2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 08 Jun 2023 15:17:27 GMT
x-amz-version-id: UVbFefY6UOYSsxlF6c.82fk2mbTK4IKy
content-encoding: gzip
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 725534
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 07 Jun 2023 21:53:40 GMT
server: AmazonS3
etag: W/"bb95c129f80c46c33e169dde0694b792"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: D43vLnRrgt41epJTx_-zk6MlR1-I1EV6VrIGN5zxdOP36aV_7r-FsQ==

GET
H3 200 F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js Show response
pagead2.googlesyndication.com/bg/ Frame 9C31 37 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

176df1038f84f14d1d2ec33b51af8cef8034b6ebf27106f9b716f714d560e882

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 09:31:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141468
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14698
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 14 Jun 2024 09:31:52 GMT

GET
H2 200 styles.css
s0.2mdn.net/sadbundle/16829948873192997814/css/ Frame 2966 6 KB
2 KB 48ms
48ms Stylesheet
text/css 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=SimwOY70bH&t=1&renderingType=2&ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce3cf09c371f16e84cd9db5935613c3c8eeb5b5cf14511fa484818c7282cf5fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=SimwOY70bH&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 15:09:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 121211
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1606
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Jun 2024 15:09:29 GMT

GET
H2 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 2966 120 KB
41 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=SimwOY70bH&t=1&renderingType=2&ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=SimwOY70bH&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 20:55:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14051
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Jun 2023 20:55:29 GMT

GET
H3 200 overlay.png
s0.2mdn.net/sadbundle/16829948873192997814/img/ Frame 2966 95 B
122 B 56ms
54ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/img/overlay.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=SimwOY70bH&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=SimwOY70bH&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 19:24:52 GMT
x-content-type-options: nosniff
age: 365088
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jun 2024 19:24:52 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/16829948873192997814/img/ Frame 2966 5 KB
2 KB 40ms
39ms Image
image/svg+xml 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/img/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=SimwOY70bH&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb8b1178b759a87b00aa44abf1019c82e9df19b6059f1761c4646b3d470a7f01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=SimwOY70bH&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 19:24:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 365088
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2339
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jun 2024 19:24:52 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 2966 60 KB
24 KB 82ms
82ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=SimwOY70bH&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=SimwOY70bH&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Jun 2023 00:49:40 GMT

GET
H3 200 styles.css
s0.2mdn.net/sadbundle/16829948873192997814/css/ Frame 05D1 6 KB
2 KB 42ms
42ms Stylesheet
text/css 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=1VT5fc9Ca6&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce3cf09c371f16e84cd9db5935613c3c8eeb5b5cf14511fa484818c7282cf5fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=1VT5fc9Ca6&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 15:09:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 121211
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1606
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Jun 2024 15:09:29 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 05D1 120 KB
41 KB 46ms
46ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=1VT5fc9Ca6&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=1VT5fc9Ca6&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 20:55:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14051
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Jun 2023 20:55:29 GMT

GET
H3 200 overlay.png
s0.2mdn.net/sadbundle/16829948873192997814/img/ Frame 05D1 95 B
122 B 40ms
40ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/img/overlay.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=1VT5fc9Ca6&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=1VT5fc9Ca6&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 19:24:52 GMT
x-content-type-options: nosniff
age: 365088
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jun 2024 19:24:52 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/16829948873192997814/img/ Frame 05D1 5 KB
2 KB 39ms
39ms Image
image/svg+xml 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/img/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=1VT5fc9Ca6&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb8b1178b759a87b00aa44abf1019c82e9df19b6059f1761c4646b3d470a7f01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=1VT5fc9Ca6&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 19:24:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 365088
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2339
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jun 2024 19:24:52 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 05D1 60 KB
24 KB 64ms
63ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=1VT5fc9Ca6&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=1VT5fc9Ca6&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Jun 2023 00:49:40 GMT

GET
H3 200 F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js Show response
pagead2.googlesyndication.com/bg/ Frame 911A 37 KB
14 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

176df1038f84f14d1d2ec33b51af8cef8034b6ebf27106f9b716f714d560e882

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 09:31:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141468
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14698
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 14 Jun 2024 09:31:52 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A3D2 0
20 B 78ms
78ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B3i_GIwONZLPnNc6DrASBxq2gCgAAAAA4AeAEAg&bg=!Hh2lHUnNAAaGYqkwpmI7ADkAdvg8WvmaaxomDdqQeJ2dEk3DgZKFK0IzagQ7ZXGHcHMlZkbZxpbNrUwB-VUfAIRZBLKYNkCte4sCAAABSlIAAAABaAEHmQNs4zfBzGUS3UnYWzY9hlNveqtFDDdwgf_2ZEhi1GzgrSyfPM48sj7PxbnFCx49O3wpJXV2LHYS8_Ik575NNQBcF3peEdaJRVqtZq854VAIbh2VH8Vg17CwjJI0DhfEdSd0IRahfg-JPy4uSKcMWyLja4dmuu_xXiczh2YY5D5W4WnBYMLGlTjGp4mZzHF5zAW_sQ9QtW8Agsk_HW7Np4-Jmw1_SHlK14xIcT4TWTiDrTO_FNN-aSq4WRFi-nAIYKwgC1yr2dIDnuxGBphMDJ2SPPJaLKmw_9HZbNfqoq0nQdWcWPhVwzeqUZM8S27nRXnJh5BQzeI267mvQtSrYPxzdPnf_vJObSEsQYkahswJPhbfVL-5AtfA6uIeUcVBvKe3tHcJsAW80ATAGV1pjycXph1eVSP2iypSQLVQxn0MTKPUssRvRXuy6JA2HJgxpYGpK61DDEFhaFM-LeF73jKGYnupnr3kjHlAQXxkm5sbhlynEj7DfCJHHq2Q9uQjeKAF2QEkoVCBXdzftUYMiOjOOUTSUhJtFM5LRWltBsL68H4cj1VLuo7hbfq_ruqptNpON-HRlBMQum4PQJWbKAJ6PqfiyMrA8tIxVWQ5RdIqJtfoKU7-20mKC9WcJu9MLoNAQ_r7I6_DGjyCpmeepC-1wZDTkEAoNAiYXTqR00loNUYA0Fn5Gmoq56Z8w94gSRjjYSrATdz2yBMSYCp8E2RcAi0ViriNFKUWwwnvJ712hANxeloomD84icSkkObeJGcy1HF0gvNk4_1pDxoCPUmZQFDWdTpsnfMsV1oJ2qflHIh3spA8ezmf7dlqBDE37nqN0kKFOncmCawhdlqwXfi5Y4flXBfYNSoqi8F3gVuzSMILtcNWiVhLN0FzOtxzC3xlQpf9QaGXCzv_czK_hg3MaKZ6-ptDd_eZCvJdMTv1X_sDnaFPk6z28WXkfeuI4X_AAVD77d39rKjpTo4KGiEaMOsku0H85Zbcv9abGpLwLWWiXeQkcORE0NBVs1XFe22Y2oh64fHXVT7prmQztdgxSDjz-bYXkQAT-AcTp7F1nMhV0rlmTO_8Xe6xBVU77_h2DEVdPxENMGY3zVPjLEkkKizQhq-uPSmNsxzCyGhGQzaTBSpLKFiLa0o_WSqTPw95_wehoUE_UdHMjvNZ

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js Show response
pagead2.googlesyndication.com/bg/ Frame CB39 37 KB
14 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

176df1038f84f14d1d2ec33b51af8cef8034b6ebf27106f9b716f714d560e882

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 09:31:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141468
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14698
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 14 Jun 2024 09:31:52 GMT

GET
H3 200 styles.css
s0.2mdn.net/sadbundle/7493198391404092334/css/ Frame 8D06 6 KB
1 KB 42ms
42ms Stylesheet
text/css 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=N0DsKKGVou&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac2429c9dd60bbe0eeab4fb4322667db2a3566125b4a1d772c488381de05b9e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=N0DsKKGVou&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 17:14:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 545717
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1446
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 09 Jun 2024 17:14:23 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 8D06 118 KB
40 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=N0DsKKGVou&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=N0DsKKGVou&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 07:18:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63054
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Jun 2023 07:18:46 GMT

GET
H3 200 overlay.png
s0.2mdn.net/sadbundle/7493198391404092334/img/ Frame 8D06 95 B
122 B 41ms
41ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/img/overlay.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=N0DsKKGVou&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=N0DsKKGVou&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 07:44:55 GMT
x-content-type-options: nosniff
age: 579885
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 09 Jun 2024 07:44:55 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/7493198391404092334/img/ Frame 8D06 6 KB
3 KB 40ms
40ms Image
image/svg+xml 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/img/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=N0DsKKGVou&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b1bfbac0178604f4dce665117d962743d2916a2a37968438f3d49d7e9c04445

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=N0DsKKGVou&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 00:15:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 261271
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2563
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 13 Jun 2024 00:15:10 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 8D06 60 KB
24 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=N0DsKKGVou&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=N0DsKKGVou&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Jun 2023 00:49:40 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 13DC 42 B
174 B 77ms
75ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstfbz6FDKsiMgQtteaOL_hRlL_RjhiFp8SSJqxBQgAM0PpbiLsOWwiKRFoo7uJqNAz9FpE63fRLK41siqyvYqqhMdBp&sig=Cg0ArKJSzEtmugzsaL00EAE&id=lidar2&mcvt=1012&p=0,0,250,300&mtos=1012,1012,1012,1012,1012&tos=1012,0,0,0,0&v=20230614&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1314976528&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1686962979463&rpt=311&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
ipv6.adrta.com/ Frame 13DC 129 B
244 B 596ms
190ms Script
text/javascript 2600:1f14:b4f:4b03:d0af:5b:a619:bc2

General

Check archive.org

Show headers Download Go to

Full URL

https://ipv6.adrta.com/?callback=_1686962980813

Requested by

Host: pix.adrta.com
URL: https://pix.adrta.com/cdnf.js?v=22.110

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f14:b4f:4b03:d0af:5b:a619:bc2 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

b65818868af60dc3ef2dad96b972a1e1fc79e13303505e34c33949eff883d4d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
content-type: text/javascript; charset=utf-8

GET
H2 200 i Show response
adrta.com/ Frame 13DC 144 B
271 B 487ms
117ms Script
text/javascript 35.171.128.173

General

Check archive.org

Show headers Download Go to

Full URL: https://adrta.com/i?cb=60975297&__aasv=22.121&__aaii=8270680602865097880&__aait=1686962980388&__aavz=0&__aaib=0&__aaai=1&__aaaa=0&__aafl=0&__aaaf=1&__aaag=8&__aahd=%7B%22chrome%22%3A%22na%22%7D&__aarf=2&__aart=9&__aacd=1&__aaax=0&__aaay=0&__aasz=300x250&__aapf=0&__aaec=4&__aaup=1&__aaae=0&__aaat=0&__aaav=0&__aaas=0&__aaah=0&__aaph=0&__aapw=0&__aapc=0&__aap1=0&__aap2=0&__aap3=0&__aap4=0&__aap5=0&__aass=1600x1200&__aaim=1&__aaho=1&__aacb=1015140641_1686962979_259802&__aaxf=80.255.7.103%2C%2010.2.3.71&__aaci=pbm&paid=pbm&kv24=1&avid=721441&plid=8175522842385272666&lineItemId=&caid=22987&publisherId=160850&pricePaid=0.115964&kv12=3749925&siteId=842619&kv3=&kv15=58&kv11=DD01C5DD-082E-4D26-A738-C75694989FB6&kv18=&kv19=&kv5=80&kv6=25295&kv13=ye-mek.net&kv8=ye-mek.net&kv2=ye-mek.net&__aapu=https%3A%2F%2F464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&__aapr=https%3A%2F%2Fpcloak.blob.core.windows.net&__aatu=https%3A%2F%2Fpcloak.blob.core.windows.net
Requested by: Host: pix.adrta.com
URL: https://pix.adrta.com/cdnf.js?v=22.110
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.128.173 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 736f27b030395f67439bdfaa3411ddfa9dd76a72a28d0d8337af4d51208fd009

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-type: text/javascript;charset=ISO-8859-1
pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
cache-control: no-cache
content-encoding: gzip
server: nginx
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK e99aace94e6e5873881d3400993e1e7e Show response
pv.medialead.de/trck/epv/ Frame 7ED8 0
365 B 437ms
103ms Document
application/javascript 145.239.193.130

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=93483700005664200951389012358025&t=htlp&gdpr=1&consent=1&gdpr_consent=li

Requested by

Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request.php?zone=ajk4xlebn4mw&nw=20&renderingType=javascript&namespace=53652a58dd&subid=&uid=3f06b0f34a0d5444&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYQer8KFSFL_2W7ZbAvMfUw%26exch_seat%3D20035004448%26mt_aid%3D8741425454962446792%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D1500648d-0324-4f01-a889-5da72114128c%26mt_cid%3D1500648d-0324-4f01-a889-5da72114128c%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC6yXxIwONZOeVLKSx-gbH7J7oBc-HjptcwIbZgsYCwI23ARABIABglYKHgpgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBPoBT9DRl5p6NOD2LN3FXip9oPE88ggbHWZNvVkHEWLqMq0NYyHWx1WhTSDrW0VYhzAi8dKftcLLd7UbRaQlZI_qVMs6KtZxBmfvXkIYCm7CConXCNlKbc6tvoROGrD11YnCb6pbDM2_EexwjzU0cJ50dn1IpNDztMJXR85v4dT8-xibTrKKZ4X7roZJ4CecOLBCuVp_f3JuoTm4wCpMektZkKSvmDTnav35o45L82CrM6AESTnumf7RXG5Kn24N-O99RzHzrbWp49nu_pdwqqf-Y0thWx1-afrPo-dnY5ZbCdpLagiDlPjSa6z2GOSknbCq5Vd5BoYSEq4_--AEAYAGvtTW_Nma6J2oAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0-BlWIoYrmF_mDIoDMSrhFlaE5gw%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D&documentReferer=https%3A%2F%2F464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=5010563771016&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 -, , ASN (),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 0
Content-Type: application/javascript; charset=utf-8
Date: Sat, 17 Jun 2023 00:49:41 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40028
X-IPLB-Request-ID: 50FF0767:BC16_91EFC182:01BB_648D0324_CB4DDD:1ECFB

GET
H2 200 / Show response
adv.office-partner.de/ Frame BA93 930 B
931 B 339ms
52ms Document
text/html 2a0b:4d07:101::1

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request.php?zone=ajk4xlebn4mw&nw=20&renderingType=javascript&namespace=53652a58dd&subid=&uid=3f06b0f34a0d5444&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYQer8KFSFL_2W7ZbAvMfUw%26exch_seat%3D20035004448%26mt_aid%3D8741425454962446792%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D1500648d-0324-4f01-a889-5da72114128c%26mt_cid%3D1500648d-0324-4f01-a889-5da72114128c%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC6yXxIwONZOeVLKSx-gbH7J7oBc-HjptcwIbZgsYCwI23ARABIABglYKHgpgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBPoBT9DRl5p6NOD2LN3FXip9oPE88ggbHWZNvVkHEWLqMq0NYyHWx1WhTSDrW0VYhzAi8dKftcLLd7UbRaQlZI_qVMs6KtZxBmfvXkIYCm7CConXCNlKbc6tvoROGrD11YnCb6pbDM2_EexwjzU0cJ50dn1IpNDztMJXR85v4dT8-xibTrKKZ4X7roZJ4CecOLBCuVp_f3JuoTm4wCpMektZkKSvmDTnav35o45L82CrM6AESTnumf7RXG5Kn24N-O99RzHzrbWp49nu_pdwqqf-Y0thWx1-afrPo-dnY5ZbCdpLagiDlPjSa6z2GOSknbCq5Vd5BoYSEq4_--AEAYAGvtTW_Nma6J2oAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0-BlWIoYrmF_mDIoDMSrhFlaE5gw%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D&documentReferer=https%3A%2F%2F464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=5010563771016&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 -, , ASN (),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Sat, 17 Jun 2023 00:49:41 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Sat, 24 Jun 2023 00:49:41 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2 200 link.html Show response
track.webgains.com/ Frame 9BB4 2 KB
2 KB 396ms
112ms Script
text/html 13.41.177.135

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=93483700005664200951389012358025&nw=1
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.41.177.135 -, , ASN (),
Reverse DNS
Software: nginx / PHP/7.4.26
Resource Hash: a2bc91f713c9c1ca0639aea7b68766e33040d5be45459ee9dc977b58b44d04f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:41 GMT
last-modified: Sat, 17 Jun 2023 00:49:41 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Sat, 17 Jun 2023 00:50:41 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900025.redintelligence.net/ Frame 3913 7 KB
2 KB 119ms
41ms Document
text/html 138.201.84.245

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/request_content.php?s=93483700005664200951389012358025&a=abeddfb0
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request.php?zone=ajk4xlebn4mw&nw=20&renderingType=javascript&namespace=53652a58dd&subid=&uid=3f06b0f34a0d5444&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYQer8KFSFL_2W7ZbAvMfUw%26exch_seat%3D20035004448%26mt_aid%3D8741425454962446792%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D1500648d-0324-4f01-a889-5da72114128c%26mt_cid%3D1500648d-0324-4f01-a889-5da72114128c%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC6yXxIwONZOeVLKSx-gbH7J7oBc-HjptcwIbZgsYCwI23ARABIABglYKHgpgHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBPoBT9DRl5p6NOD2LN3FXip9oPE88ggbHWZNvVkHEWLqMq0NYyHWx1WhTSDrW0VYhzAi8dKftcLLd7UbRaQlZI_qVMs6KtZxBmfvXkIYCm7CConXCNlKbc6tvoROGrD11YnCb6pbDM2_EexwjzU0cJ50dn1IpNDztMJXR85v4dT8-xibTrKKZ4X7roZJ4CecOLBCuVp_f3JuoTm4wCpMektZkKSvmDTnav35o45L82CrM6AESTnumf7RXG5Kn24N-O99RzHzrbWp49nu_pdwqqf-Y0thWx1-afrPo-dnY5ZbCdpLagiDlPjSa6z2GOSknbCq5Vd5BoYSEq4_--AEAYAGvtTW_Nma6J2oAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0-BlWIoYrmF_mDIoDMSrhFlaE5gw%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D&documentReferer=https%3A%2F%2F464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=5010563771016&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: d2d66ff9bc1e76fe4040dbff16931c794b02ac016d8cf71a2fc64de4fc00681b

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2060
Content-Type: text/html; charset=utf-8
Date: Sat, 17 Jun 2023 00:49:40 GMT
Expires: Sat, 17 Jun 2023 01:49:40 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/eview/ Frame 9BB4
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=93483700005664200951389012358025&t=htlp&gdpr=1&consent=1&gdpr_consent=li
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=93483700005664200951389012358025&t=htlp&gdpr=1&consent=1&gdpr_consent=li

43 B
381 B

178ms
106ms

Image
image/gif

145.239.193.130

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=93483700005664200951389012358025&t=htlp&gdpr=1&consent=1&gdpr_consent=li

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Server

145.239.193.130 -, , ASN (),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 17 Jun 2023 00:49:41 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: 50FF0767:BC16_91EFC182:01BB_648D0325_CB4DDE:1ECFB
X-IPLB-Instance: 40028
Content-Type: image/gif
Keep-Alive: timeout=20
Content-Length: 43
Proxy-Host: pv.medialead.de

Redirect headers

location: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=93483700005664200951389012358025&t=htlp&gdpr=1&consent=1&gdpr_consent=li
date: Sat, 17 Jun 2023 00:49:41 GMT
server: nginx
content-length: 154
content-type: text/html

GET
H/1.1

200
OK

inv.gif
img.tradedoubler.com/images/ Frame 9BB4
Redirect Chain

https://impfr.tradedoubler.com/imp?type(inv)g(24495172)a(1565155)epi(93483700005664200951389012358025)326784600
https://img.tradedoubler.com/images/inv.gif

43 B
642 B

148ms
40ms

Image
image/gif

13.224.189.92

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.tradedoubler.com/images/inv.gif

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Server

13.224.189.92 -, , ASN (),

Reverse DNS

Software

Apache /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Fri, 16 Jun 2023 22:49:09 GMT
Via: 1.1 9e62923882d737ac8cd27f0d1b1c24ce.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA2-C1
Age: 7232
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 19 Nov 2004 15:35:04 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: image/gif
Accept-Ranges: bytes
X-Amz-Cf-Id: o5NdyYTrdw5d8NIrIYHAovGOaKf1dmHho-ojfW1t5ev3IgL1VDnLEw==

Redirect headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
via: 1.1 google
referrer-policy: origin
server: TXServerHttp
p3p: policyref="http://tracker.tradedoubler.com/w3c/p3p.xml",CP="NOI DSP COR NID CUR OUR NOR"
location: https://img.tradedoubler.com/images/inv.gif
access-control-allow-origin: *
content-type: text/html; charset=ISO-8859-1
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 248

GET
H3 200 FordAntennaCondMedium.subline.woff
s0.2mdn.net/sadbundle/16829948873192997814/fonts/ Frame 2966 13 KB
13 KB 41ms
41ms Font
font/woff 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/fonts/FordAntennaCondMedium.subline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 19:24:59 GMT
x-content-type-options: nosniff
age: 365081
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13336
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jun 2024 19:24:59 GMT

GET
H3 200 FordAntennaBlack.headline.woff
s0.2mdn.net/sadbundle/16829948873192997814/fonts/ Frame 2966 12 KB
12 KB 46ms
45ms Font
font/woff 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/fonts/FordAntennaBlack.headline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 07:39:51 GMT
x-content-type-options: nosniff
age: 61789
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11876
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Jun 2024 07:39:51 GMT

GET
H3 200 FordAntennaRegular.legal.woff
s0.2mdn.net/sadbundle/16829948873192997814/fonts/ Frame 2966 14 KB
14 KB 48ms
47ms Font
font/woff 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/fonts/FordAntennaRegular.legal.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 19:24:59 GMT
x-content-type-options: nosniff
age: 365081
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14468
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jun 2024 19:24:59 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D4E7 1 KB
643 B 53ms
40ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41329
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 16 Jun 2023 13:20:52 GMT
etag: 48472445140208031
expires: Sat, 17 Jun 2023 13:20:52 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.96.0/619621/AhDoDk8LEeQVnSZF/ Frame 9BB4 0
145 B 219ms
54ms XHR
text/plain 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.96.0/619621/AhDoDk8LEeQVnSZF/postback?oz_pl=1&dm=728x90&ac=651871&r3=&ci=619621&di=https%3A%2F%2Fye-mek.net&ap=&si=1208769424&sr=4&r1=2a01%3A4a0%3A1338%3A%3A&r2=&ui=b9e8c882-c2b1-bf68-0000-000000000000&ti=8741425454962446792&pp=pub-7983651257838282&ai=216536&c1=4562306&dt=6196211556140246740000&pv=e5ace1e6-3ad0-42bb-826a-c104801e3de2&de=43000&pd=avt&cr=6622332&psv=2.96.0&_x=1
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/619621/analytics.js?dt=6196211556140246740000&pd=avt&di=https%3A//ye-mek.net&ui=b9e8c882-c2b1-bf68-0000-000000000000&ap=&ti=8741425454962446792&pv=e5ace1e6-3ad0-42bb-826a-c104801e3de2&pp=pub-7983651257838282&sr=4&de=43000&si=1208769424&dm=728x90&ac=651871&cr=6622332&ai=216536&c1=4562306&r1=2a01:4a0:1338::&r2=&r3=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-176-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 17 Jun 2023 00:49:40 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H/1.1 200
OK main.js Show response
s.update.mediamathtag.com/2/2.96.0/ Frame 9BB4 176 KB
53 KB 53ms
53ms Script
text/javascript 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.update.mediamathtag.com/2/2.96.0/main.js

Requested by

Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/619621/analytics.js?dt=6196211556140246740000&pd=avt&di=https%3A//ye-mek.net&ui=b9e8c882-c2b1-bf68-0000-000000000000&ap=&ti=8741425454962446792&pv=e5ace1e6-3ad0-42bb-826a-c104801e3de2&pp=pub-7983651257838282&sr=4&de=43000&si=1208769424&dm=728x90&ac=651871&cr=6622332&ai=216536&c1=4562306&r1=2a01:4a0:1338::&r2=&r3=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-248-176-243.eu-west-1.compute.amazonaws.com

Software

Resource Hash

2ece6bd89b2087c1b8fd2a9cafddcef7af5671be5992f0cd99525f7ce3a326f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 17 Jun 2023 00:49:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: br
Accept-Ch: Viewport-Width, Viewport-Height, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: Origin, Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public, no-transform, immutable, max-age=999999999
Timing-Allow-Origin: *
Content-Length: 54224
Expires: Mon, 22 Feb 2055 06:27:40 GMT

GET
H3 200 FordAntennaCondMedium.subline.woff
s0.2mdn.net/sadbundle/16829948873192997814/fonts/ Frame 05D1 13 KB
13 KB 41ms
40ms Font
font/woff 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/fonts/FordAntennaCondMedium.subline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 19:24:59 GMT
x-content-type-options: nosniff
age: 365081
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13336
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jun 2024 19:24:59 GMT

GET
H3 200 FordAntennaBlack.headline.woff
s0.2mdn.net/sadbundle/16829948873192997814/fonts/ Frame 05D1 12 KB
12 KB 43ms
42ms Font
font/woff 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/fonts/FordAntennaBlack.headline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 07:39:51 GMT
x-content-type-options: nosniff
age: 61789
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11876
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Jun 2024 07:39:51 GMT

GET
H3 200 FordAntennaRegular.legal.woff
s0.2mdn.net/sadbundle/16829948873192997814/fonts/ Frame 05D1 14 KB
14 KB 45ms
44ms Font
font/woff 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/fonts/FordAntennaRegular.legal.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 19:24:59 GMT
x-content-type-options: nosniff
age: 365081
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14468
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jun 2024 19:24:59 GMT

GET
DATA 200
OK truncated
/ Frame 9BB4 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 16f27ad1942eb8eedb6d58ae436e69c1d78b874087c370c653000734347b9516

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B951 42 B
64 B 76ms
75ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvljzspfhlH_LSQ_r8A0_nzmmoJB9031eeUI3YRZRdGnsN-OOPdZsygEfGRfYHxLMcqwRitHxoyl2FTlz-scJdF1vYh&sig=Cg0ArKJSzFQGqxHyC0FCEAE&id=lidar2&mcvt=1046&p=0,0,250,300&mtos=1046,1046,1046,1046,1046&tos=1046,0,0,0,0&v=20230614&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1404223681&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1686962979656&rpt=295&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 FordAntennaCondMedium.subline.woff
s0.2mdn.net/sadbundle/7493198391404092334/fonts/ Frame 8D06 13 KB
13 KB 41ms
41ms Font
font/woff 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/fonts/FordAntennaCondMedium.subline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 02:35:40 GMT
x-content-type-options: nosniff
age: 598441
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13336
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 09 Jun 2024 02:35:40 GMT

GET
H3 200 FordAntennaBlack.headline.woff
s0.2mdn.net/sadbundle/7493198391404092334/fonts/ Frame 8D06 12 KB
12 KB 42ms
42ms Font
font/woff 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/fonts/FordAntennaBlack.headline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 11:23:09 GMT
x-content-type-options: nosniff
age: 566792
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11876
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 09 Jun 2024 11:23:09 GMT

GET
H3 200 FordAntennaRegular.legal.woff
s0.2mdn.net/sadbundle/7493198391404092334/fonts/ Frame 8D06 14 KB
14 KB 44ms
44ms Font
font/woff 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/fonts/FordAntennaRegular.legal.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 23:46:17 GMT
x-content-type-options: nosniff
age: 3804
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14468
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Jun 2024 23:46:17 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 69BD 0
20 B 77ms
76ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BctouJAONZPSoAtrm3wP-mYPQDQAAAAA4AeAEAg&bg=!CwilCFzNAAaGYqkwpmI7ADkAdvg8Wkf05UfZOrnyvU-oPU_mOCd9DbBav9YCFt1cRLw0Ar9uJWgnTqzcjklBrgCAzyh8g0pRxoICAAABHVIAAAACaAEHCgAQysgwDLNJYf1aP8JLu24Ih5kDPiNem3uAFzaUKPKgcyAR_A_fDu3JfZ4DRZw_zEsLI4DQUAisXH9aGDMxS9XeYyYKK4C_0JOzQwfSaX9znL0yciMm9-qqUMhPjTXiY3ulC9a3LSNey09CZiA9glR9hsfayPU5TsYpKJDzPiwYaYyGpArt4h4L33rhtbAiTYT5fbfc196TpEWDrhkxIuH-3soUFByBbtincPGIEIy9-1xeUBsx6vERICzUJMQ11BemtjPH-x2QzDcBpEhxYtLFaScvLAnz9kLTvfB7ob9aStrNrc1_cZWzOM5RvxxtXrGe6iLkEaGGHUfQlM7KFm-dKLn6lCdSJ-NDItFkOQHPB8aHQB_aqOwPHX-O2tgTlt2FzUbEVjKCtRY5RXSpfdnL-jDsVPntEXdFdVumiBHEWaDVR1EQhEBPwYbtv_NXBmCdQrl08ZradhqXWntxfTlEH2BbJKtDG_oVEDEJH7tD1U-LFkWOLsQRhfZyCYg3Zof9cqyL28d1XvILwZ0zGoNAoc5IaojzdP1gfd13WpkCZ4xvMkgkYN5-75dA7HXx3nQ1IJwaJppp3tpNSw28oldHFoV6HmxRBzHLNf0Idb_YvSpxQC1i_dZkvOLY6lyqrm89o9d9kqfsa2dQdjnFgsFE0hebuLDIeytEcnDKuDma092U0n2n6EonR7m4-uP2M-GLovhmnM6CKUvJHUAotd4vTJj2k7uDhCzOmYCROwzbA4PuvRDObhtN2XdVPF6CHzT-xlpyWGRDzCh7wyOatnBFyc5S0U4Qgz1keroKFan-eH15NRT9o0MXTJ1RIvvdGh6yWTR-uTFcp2tVpPai5i6UvLEuCwCEPfY6z2mfOfV_4a-fTnBP8rGPXZ35-GHz4DFAMA0AXYbe1WHsNPX6lUV8echPNQ5jrMSFyrz80-rkSOYtS6tIsgEY4kDd8Ph0OaBDgY-VJh1nhPfu2qCLPoB4cmVfemVRrLRUzAFgHF0SIAVy6Tyb-36AF7xHArqGJppJo-1t3GpH5VJOnTcMNcwJJwoQaNfa6ntX1GvbwxKulrivmiFgV2J892udC9VyayPWHE3ou-wiwsADEDN9DIdGjw3F05m-YQZd2gYixPB_FhdM

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dv-measurements3886.js Show response
cdn.doubleverify.com/ Frame CB63 534 KB
101 KB 44ms
44ms Script
application/javascript 2a02:26f0:6c00::210:ba19

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements3886.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba19 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash: f74a971771bbed56a13238f100e81152d4e14e3efb0a3da5772340955160f5d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 17 Jun 2023 00:49:41 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 Jun 2023 06:22:01 GMT
Server: UploadServer
ETag: "4bc7e362cab7f510577e8cd49ba8f796"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 103299
Expires: Wed, 05 Jun 2024 06:22:07 GMT

GET
H/1.1 200
OK dv-measurements3886.js Show response
cdn.doubleverify.com/ Frame 63CE 534 KB
101 KB 43ms
43ms Script
application/javascript 2a02:26f0:6c00::210:ba19

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements3886.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba19 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash: f74a971771bbed56a13238f100e81152d4e14e3efb0a3da5772340955160f5d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 17 Jun 2023 00:49:41 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 Jun 2023 06:22:01 GMT
Server: UploadServer
ETag: "4bc7e362cab7f510577e8cd49ba8f796"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 103299
Expires: Wed, 05 Jun 2024 06:22:07 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2966 7 KB
6 KB 55ms
55ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cc939da02f17c0a4b588e6add9db98743b91e675a9ee37deb1a2114ac541a8f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5627
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4A57 0
0 79ms
79ms Fetch
image/gif 172.217.16.194

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuKeldR_2KewRhGDFAM5c00exST8k4rzOn-qiMFZxwuc0eIkjIBI0sQmkkDIOmJH8fcSNQCjVOQn3slTFdNBp6zP7Oi4okbDMw2Lo7yYHIBuRbPOZGqR90UiH84gRZAjWKawH_C-KwEn4r8Oow0LuZT0FVL-5gRM8h6Nl2XElLiXpMbGObC21v9KbBFKCHW4w74Ezp854earmG6XLhBfxvE_3aXKUNKMX85JaPIWOqBEVOUTOuDygmpybuYbua8E9jxXOJptALlptURm4VndKZSeLFGoBclFBSc8OZrZDrQ8rR3kGUs-rlZ_czn3sIAlvqEfc84RHH_rpIdnbm8eV7Nv6fKrSz4TjNvmj_FHJOv-DaR29tu1H1Gwj-UJHjAJ0p2B2xOD3w17EsaH4pVOdi0sYAj0zl3i9UWXpLWMz6ArV1jgZRFbg2QIRMo5Axc7iP3EJZxYUr31Xjv9_QV31xkAyRgU0OHDa44LBSRI71lAufK_A55bhhVATf5YGq0T0rR5Ve0SK5T7JSntvzL7b9Kj7UyztYkvyi_BhuhQ1xBVxQHPZm6kvKa9sg3yr0sWW7iwKpeJ0EVR5DdIFHIicLmFrmpGnNgF40BZ9OHUrnqoLdhp8qWsa5GOQ6En6A-gK2HXeMwgZAhJJqKbDtvwkClrm20xLIgITkcFWN3vWgwBEy0ny4jAHxj7auq1jav5o5O1t3zOvzyZFwJpsId92rZ8nuiTqpcROjGv4lx5dpB25eMa_-GDE969OAVJgHUNMNC6IWqBoS0tzm6WzvpWW35D6p5BzmA5y_bBkYi6d5T1cioRgDhH3jJh217xG03fga144yPuKWZH-vjLQ9TuwhYTCf2CEum9yNhRduXgaQTGO0kMRWQYlsKvDXdg1zqL6h0ulxH2-6-ZnnAQZJPuIZuZUlzeU7gJougz3Ge4YzKwPkJN-N9Kx-tTd_MTcadeQcw39CXLe8SaCfgOHShIyUBaaN5wWVRSEN0Y1Dv9x_9dgdXWJcJsgcEhQAh_uIDB0hZhtGW0G_byQoeENntZstM47xokQfoT4xdRrSGxWL6cZ-FfdH2D66ss4SRxB9ARvDeDaWYfQZ9BSOh7-CMv4L0ZOWjEAFSg2DWuZaxyF2afclJiZ90R-_L1dBRlMqux4DVCqZPMiDoRF4yPEwg0PVl1T3SpmX1PDwCZ9TpmACjHAjjI9r5uMHmo71BuUJFTPS6hRVv2tZeQz5ycH7pnzHo0HzJcvEharblEAvGSBA28NIULZk6FMYtOENYbOaxKiVZdo5OUO21zsDSyrQD-vhftHkbR58pZBe8HHGtRRxo&sai=AMfl-YQq0SINUO7NrO0pGhc_-Rdma3xW-UuTzNqGBXxPnrWMSGFtT8DvGVUWVwrU5NuLiUJW2FoLNds3b-8WcRV62UQuarBqVjNlglfGgDwoMBvhcbjnjg65KALT7uwrCgR5nugtodd-d8ZdihqSjN6YOfpXqqrbBAnX6DbqAr8S1jZJTvRaGnT_JJEvUI8RMH1MsIoTwLuS_Afuy6808m6lrY9VKhncxlLVubAI2RiwReY0LpfVJb2DzZeFVKemoJmWaFMIbH-yZyQUjNxbNu4N86IAPu3tWw&sig=Cg0ArKJSzEzfH9VKyNC7EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=565&vt=11&dtpt=383&dett=3&cstd=176&cisv=r20230614.93763&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 17 Jun 2023 00:49:41 GMT

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame 1E00
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1484055/72040524/skeleton.js?ias_dspID=64&adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_typ...
https://static.adsafeprotected.com/skeleton.js

17 B
466 B

40ms
39ms

Script
application/javascript

2600:9000:223f:6200:8:48e:53c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2600:9000:223f:6200:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 03:51:51 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 13121871
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: zbeqO5P5Q0Bb1aAN_hs2SCJ9IQVwQhNxJ-CrGmMBh5J2ZdzvmyZZZQ==

Redirect headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: nginx
x-server-name: app04.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 2034 91 KB
23 KB 42ms
41ms Script
application/javascript 2600:9000:223f:6200:8:48e:53c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:6200:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 23188405
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: jg8MYuOwo6U23lKJoSoaP0oM2n0_8IJ22IL7l07IMLrpzVfucvvC2w==

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame 4A57
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1484055/72040524/skeleton.js?ias_dspID=64&adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_typ...
https://static.adsafeprotected.com/skeleton.js

17 B
466 B

39ms
39ms

Script
application/javascript

2600:9000:223f:6200:8:48e:53c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2600:9000:223f:6200:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 03:51:51 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 13121871
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: xhJx9qlOhoIghhRkIx0SxgVKxcYGJNaXLpJc5KkowhAJCYDPpCFNbg==

Redirect headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: nginx
x-server-name: app02.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 9BC5 91 KB
23 KB 43ms
43ms Script
application/javascript 2600:9000:223f:6200:8:48e:53c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:6200:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 23188405
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: GcxZxJAnI6oWxn3NgobsuQ1Qrh57424pNDX0B3eKxY9ZsGs0lkm1ig==

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1E00 0
0 79ms
78ms Fetch
image/gif 172.217.16.194

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvM4IZqiQ9o__d49oQZ-oOGIYLSKIzIGZfXGYvnXxrDnKqiMPjF-olkmaXbbLpTgkg14UW7EUqzSsGnJ2dtMtUL3gdbCa6JPi9Q9Zsh1dmw9ynxqmYwxb1F91Qfihb0Fvq6YIiKjHPehE2d-QksBPr10441cg9_pD568r-2JtHrbI4XOUqJ2VGUNn8TXSThEXNLftAVsRt83_ZChkkdEM4wuSwY8zC-lafrd6NiMHbmsjwGRwQ-5aZvrzraT7QI5Nt6xXgjk7GnRZnd8CWCO9udV4hNot1Eadj1azuejL7iRbxqTuB1rEjnQr6rI1QuoFbp06vEGFqT7grZI-g1fBEPKSOrRsf89VFzxYBwRKtFy2lI6oXJ3ujvx46o5JTLCrwZLV6jbDshLsnA6aiEz9EYyIkqblSuN9WA_PrKe5Psn3IgceDURz9TqI6izTngfAppebJNpnp6nq1OnHJZowd0F43x7-U4OJ_Bz_6vpd01dH0ozRb3GYBIKR9ZtVjE_-LF9gdvUZOc4vVInD0P2IBWimL_qmulTi04StyZOZ1fA2u81FSVQTmLASWLFq2ZHdIfkR6votCvAqYCb3ci0q-aqEkZAodxCNmG8oKtrVB_fjBwnS4jZC3jujQXEJb3zk4VsYiLfnUBz_OXtdjDiTyen1QA471eU4qpNmY5-lRVzg8Rk1TXXgoC_q5dQDw1HrRFuFlBnyPPOC-SfN2RaHhFYwWjD5lJNGUXNnavbyGO9CSf3HCHrwr6l6Ume_4R69XDLovhpv8c70giDHYUWiOB91vVEG-ViNGxjtSwkfUWNfK7JWd9EcIg_cS_dw5otxSvAY5y4oNZb4d_Adag8KoFdOU20YW4pV0iQ8tbvXtH88QUxG0b48sa8QaYstbZ27GseyBeCQMrNq0pg3kkbFq3qr3uDRzoiKb7xDjyfdPXbtSIKcz2VK5vfjnbRRvOCZwkVRfJ1_Y-X-o9rgl8mUffOW3zB-T9ZWx_LSQZ1Nm1D1Wz9R8ttfqPomxqJ6m8ocx70IYh1lHqqcXSX2H32WEb-7qj_G7vAK6FdzixPR0dqc29QvHgkGpAlO-_stAhc5CEfSnPASwrT9X9dkPXp9p_FNbgrAUDCdB5AcJNcvk0IoH5SrcMQpUXMI959c5h39xiwaAptIY8riQc6Tjc1WckrvypP3cnLxADKoXtE0gdHBqfFTsMqbcUSsknWOUjFLzidhh3JWOqA3ee1e7zUsE1wL0KRkJ0zOo4t-oqPGIcyOcoRdSSP0mxg8LyJPtX81X4tSWTXqn3QPNLUd9xnKi3sBAWeS10NP9gGwqs8Nyd&sai=AMfl-YQlFe3pESoBtfY01z8QaQSf07Y9Lxk2nk6rBqXavWfUTfKJLU3Q547ZNtmPg7t1O2laRtL8VWICt85rDQX5iFgSjxA8DVpu-XlzXRdaFCPJMPHUxzHLC5rmdX1x69kDHW0ACoNTsIokbnW0Y3bXdwS5LPbaeQiCqUmLwo5zlTnByMlEcmKziYgIogDfz56kYaW_fC2QXCKkKHweGd40dnC-7QcuReLBv3wBi4Se9ne4gCUKBDEuXin2o_wF3DdS2hQyU8kG5wcIuF6y7NpAzG5eca3IuA&sig=Cg0ArKJSzPRK15grfqtEEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=709&vt=11&dtpt=416&dett=3&cstd=286&cisv=r20230614.21791&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 17 Jun 2023 00:49:41 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 05D1 7 KB
5 KB 54ms
54ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f812e897ae3a77c1b7c1f131bdfa130aa46b15de91143784d77a7bb353ac6492

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5518
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame F347 0
0 79ms
79ms Fetch
image/gif 172.217.16.194

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvQ8KSfZehGiYGk450o1Zz6y9RpdyQbssWtDU1Z6-hDmE99Z-fXtzpsl93xcsaxgHjPltauhPetGwwzFKlb0NUCuGe0bM9pP87Koms1yXlaW1XtbApohsyJY5Rm6u8bfGA2FeKWeMvcTzTytIVsAQ0UOpAxGBilZxoeyUsaF2L8oDV_Dsi5OYEV3oGU8hJiJMKJ6TPc2xTZZYO9rhhrqgQaVvKKg2sLCqapRvUgz7UuOjIlrDNAXimm-a3q7eCl-0qOpdX-OTawPUJ6gc1PuUcUvZ5xMD44wxT0_ga3eGpLmREj0HwpegoxjK2MYng6A-njsZFM7aJUFBShdkyS6jsb8-oBp8CQvqD-h-xOfXhbsDGZjVMDxXFtNS6QLCr44hDDojQ9EPDKCXtTmgYGkxJpgD60ftLXIO38RkchOBFW72iQ07WE5Z--1Q5dJK7C47_KGxdizwG5an35VWk9dx17AJkmXoYH9urK-kHxzVwBhGH4Sj_aqEwq8cmaYOIAMKXdifTjRtO0yLn-UrvdXRM2uTWowKKj0tOzFzljE-cXh3KigijAguIpGdkfnO1_zsHemgeHtKyUCAdYjvXbAOL9NCNLEKXCSwcfMs3BKkZJfRThR6ySLzaYd3S5hRsuA3XEmaoYcDCgu0ZDYmQ7nrNkIe71SMVZNVk40C4MhANAGNhlWTyXNhgCkHzwyG4ixWVVs5zCkdbSQf1UZ8PYdBbe8nS7Uxw-f2vVBj42nKk3RtzHn6bLua0Z9S8GehMC_63JLbY-HogSEIx8xscRioerPKtxn6ZnW8_6Yk3HjhpBSX2iwNFN2gb9Rqp1Nhaxlb0cAcE_Q6QApCnAWZqv4AXS_areVKp-AdUEFCQ-xTX6uG_7QaATWWYYzSsfQFnt1KJMDKjYGA9ljcQ57pKvU8gwg7WetK84j-0IZB-7xdbz1P5hb6FWnP7wZJBbjP4b94jFpihFj10oPQ_GT66DMdLUtR9Cw18YdFAsFI2Hp_Mi77WYld4q5xTKZ-2cDx83xBxY5XSbSYMameyZN1_VHpB9WFtejNeSUJq-xlR3rEnaj4P-U3XC2ZcxP_ZDz9RnZRgUB80wGqZico8iduSiuUieCo0U-dxfAsRR2Ay3LA7S9Y3e0X-VJdepAY0TFbZw5APPJkeLcljznlM28VGUj2jFtBMlTM1_2XogEqPK6wtxrusexa99e9SUgwVlFFCt21FUwomHegChMihdkTf3KwKXQ6NFHYJ8fNMnKBW-OCJsN-bZaNQ4QFsmb_mBEpIu9EmLgpkdh3v8LSQlx-nymUFlryCNtAHT4Bk&sai=AMfl-YRWvLLuqfmJEmsjk4agc-Z-U_hVHh0PVnaj0fWx563Y2vBezwQxlorobXBdYuOK4wj5iRRRsl-nX78DYJd6gKevMhGvvTXV3iFYtsFOThFFpLicOoWxpRqveIZFiJHMUyo76pOazJ7NplKNHl75edim07nUc9uNRdc8yx1zUKJUQqRwEY8C17CBzrWBuc28VjYs1z4jwltyJ7loIKivIcEr4g3CqALheOHVhOhAYD7-Nh4nM4eHwOXkbnd2OE2_nkHmXebER9NoH0aSNK9y6GMuyVWHEg&sig=Cg0ArKJSzGIga0dYaipBEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=606&vt=11&dtpt=412&dett=3&cstd=188&cisv=r20230614.10964&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 17 Jun 2023 00:49:41 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 1E00 43 B
215 B 414ms
119ms Image
image/gif 2600:1f18:1aca:4281:40a6:f5dd:4ba9:a1c7

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=a67eb679-2e37-90bf-4aad-474d7b09dc4f&tv=%7Bc:fKGhy1,pingTime:-3,time:430,type:v,im:%7Bpci:%7Btdr:32%7D%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:367%7D,%7Bpiv:-1,vs:n,r:,t:422%7D,%7Bpiv:0,vs:o,r:l,t:429%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:430,n:7,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:367,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B77~0%5D,as:%5B77~728.90%5D%7D%7D,%7Bsl:n,t:422,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B7~1,0~0%5D,as:%5B7~728.90%5D%7D%7D,%7Bsl:o,t:429,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHowKqv+111%7C112%7C113%7C114%7C115%7C116%7C1171%7C1172%7C1173%7C1181%7C1182%7C1183%7C1191%7C1192%7C1193%7C11a%7C11b*.1484055-72040524%7C11b1%7C11b2%7C11b31%7C11b4%7C11b5%7C11c1%7C11c2%7C11c31%7C11c4%7C11c5%7C11d1%7C11d2%7C11d3%7C11d4%7C11e1%7C11e2%7C11e31%7C11e4,idMap:11b*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:368%7D&br=c
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:40a6:f5dd:4ba9:a1c7 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: nginx
x-server-name: dt20.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 1E00 43 B
215 B 412ms
120ms Image
image/gif 2600:1f18:1aca:4281:40a6:f5dd:4ba9:a1c7

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=a67eb679-2e37-90bf-4aad-474d7b09dc4f&tv=%7Bc:fKGhy2,pingTime:-6,time:431,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:431,n:7,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:367,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B77~0%5D,as:%5B77~728.90%5D%7D%7D,%7Bsl:n,t:422,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B7~1,0~0%5D,as:%5B7~728.90%5D%7D%7D,%7Bsl:o,t:429,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B2~0%5D,as:%5B2~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHowKqv+111%7C112%7C113%7C114%7C115%7C116%7C1171%7C1172%7C1173%7C1181%7C1182%7C1183%7C1191%7C1192%7C1193%7C11a%7C11b*.1484055-72040524%7C11b1%7C11b2%7C11b31%7C11b4%7C11b5%7C11c1%7C11c2%7C11c31%7C11c4%7C11c5%7C11d1%7C11d2%7C11d3%7C11d4%7C11e1%7C11e2%7C11e31%7C11e4,idMap:11b*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:368%7D&tpiLookup=ao:pcloak.blob.core.windows.net*%2Cye-mek.net*&br=c
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:40a6:f5dd:4ba9:a1c7 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: nginx
x-server-name: dt21.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4A57 43 B
216 B 406ms
118ms Image
image/gif 2600:1f18:1aca:4281:40a6:f5dd:4ba9:a1c7

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=5fbed5b9-60b1-c74e-e598-a3873d6e1526&tv=%7Bc:fKGhy8,pingTime:-3,time:433,type:v,im:%7BpBlk:389%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:382%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:433,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:382,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B57~0%5D,as:%5B57~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHowKqv+111%7C112%7C113%7C114%7C115%7C116%7C1171%7C1172%7C1173%7C1181%7C1182%7C1183%7C1191%7C1192%7C1193%7C11a%7C11b.1484055-72040524%7C11b1%7C11b2%7C11b31%7C11b4%7C11b5%7C11b6%7C11c*.1484055-72040524%7C11c1%7C11c2%7C11c31%7C11c4%7C11c5%7C11d1%7C11d2%7C11d3%7C11d4%7C11e1%7C11e2%7C11e31%7C11e4,idMap:11c*,rmeas:1,rend:0,renddet:na,siq:382%7D&br=c
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:40a6:f5dd:4ba9:a1c7 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: nginx
x-server-name: dt01.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4A57 43 B
215 B 406ms
121ms Image
image/gif 2600:1f18:1aca:4281:40a6:f5dd:4ba9:a1c7

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=5fbed5b9-60b1-c74e-e598-a3873d6e1526&tv=%7Bc:fKGhy9,pingTime:-6,time:434,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:434,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:382,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B59~0%5D,as:%5B59~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHowKqv+111%7C112%7C113%7C114%7C115%7C116%7C1171%7C1172%7C1173%7C1181%7C1182%7C1183%7C1191%7C1192%7C1193%7C11a%7C11b.1484055-72040524%7C11b1%7C11b2%7C11b31%7C11b4%7C11b5%7C11b6%7C11c*.1484055-72040524%7C11c1%7C11c2%7C11c31%7C11c4%7C11c5%7C11d1%7C11d2%7C11d3%7C11d4%7C11e1%7C11e2%7C11e31%7C11e4,idMap:11c*,rmeas:1,rend:0,renddet:na,siq:382%7D&tpiLookup=ao:pcloak.blob.core.windows.net*%2Cye-mek.net*&br=c
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:40a6:f5dd:4ba9:a1c7 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: nginx
x-server-name: dt02.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 8D06 7 KB
6 KB 58ms
57ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02e0a0e8befda4ff7976c5fe1003e093e84d90e949b31a29028bbeee274d4d3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5785
x-xss-protection: 0

GET
H3 200 visual.jpg
s0.2mdn.net/sadbundle/7493198391404092334/img/ Frame 8D06 84 KB
84 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/img/visual.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b438fcb0b6409866bcf245a57397590528a9db351cceb09953f27f9105069895

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=N0DsKKGVou&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 02:35:41 GMT
x-content-type-options: nosniff
age: 598440
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86025
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 09 Jun 2024 02:35:41 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 3913 2 KB
530 B 52ms
51ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=93483700005664200951389012358025&a=abeddfb0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7fb07880fe0e8c6a59441a5eb71aed95f6542a8c4bc1ed859984d2e8efe054e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 17 Jun 2023 00:49:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 16 Jun 2023 23:38:08 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 17 Jun 2023 00:49:41 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 3913 18 KB
18 KB 189ms
109ms Image
image/png 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/23333/creativesup/1200x627_Matthias.jpg
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=93483700005664200951389012358025&a=abeddfb0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: a9d215e3058f5d7f8e4c4c2e270d695b25eb3fecbe9096838764b07ed690cf3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 17 Jun 2023 00:49:41 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 18609
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 3913 16 KB
16 KB 125ms
46ms Image
image/png 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=93483700005664200951389012358025&a=abeddfb0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: c4e5ff98a650e762acc7cfe6392e04ec3429e8cc9839a21b0b6ff0de542e3796

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 17 Jun 2023 00:49:41 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16230
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 3913 16 KB
16 KB 127ms
46ms Image
image/png 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=93483700005664200951389012358025&a=abeddfb0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: d889a1ca224f872f647248a6cdee1a92eca475fa0ea8796129e39b03bbc09628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 17 Jun 2023 00:49:41 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16512
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 1E00 43 B
215 B 371ms
120ms Image
image/gif 2600:1f18:1aca:4281:40a6:f5dd:4ba9:a1c7

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=a67eb679-2e37-90bf-4aad-474d7b09dc4f&tv=%7Bc:fKGhyI,pingTime:-2,time:473,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:391,bdZ:637,beA:710,beZ:710,mfA:1053,cmA:1054,inA:1054,inZ:1057,prA:1057,prZ:1073,si:1077,poA:1078,poZ:1089,cmZ:1089,mfZ:1089,loA:1140,loZ:1143,ltA:1183,ltZ:1183,mdA:711,mdZ:920%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:367%7D,%7Bpiv:-1,vs:n,r:,t:422%7D,%7Bpiv:0,vs:o,r:l,t:429%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:473,n:7,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:367,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B77~0%5D,as:%5B77~728.90%5D%7D%7D,%7Bsl:n,t:422,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B7~1,0~0%5D,as:%5B7~728.90%5D%7D%7D,%7Bsl:o,t:429,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B44~0%5D,as:%5B44~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHowKqv+111%7C112%7C113%7C114%7C115%7C116%7C1171%7C1172%7C1173%7C1181%7C1182%7C1183%7C1191%7C1192%7C1193%7C11a%7C11b*.1484055-72040524%7C11b1%7C11b2%7C11b31%7C11b4%7C11b5%7C11c.1484055-72040524%7C11c1%7C11c2%7C11c31%7C11c4%7C11c5%7C11d1%7C11d2%7C11d3%7C11d4%7C11e1%7C11e2%7C11e31%7C11e4,idMap:11b*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:368,sinceFw:105,readyFired:true%7D&br=c
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:40a6:f5dd:4ba9:a1c7 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: nginx
x-server-name: dt17.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4A57 43 B
215 B 368ms
121ms Image
image/gif 2600:1f18:1aca:4281:40a6:f5dd:4ba9:a1c7

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=5fbed5b9-60b1-c74e-e598-a3873d6e1526&tv=%7Bc:fKGhyN,pingTime:-2,time:474,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:461,bdZ:630,beA:706,beZ:707,mfA:1082,cmA:1082,inA:1082,inZ:1083,prA:1083,prZ:1087,si:1088,poA:1088,bl:1095,poZ:1096,cmZ:1096,mfZ:1096,loA:1140,loZ:1142,ltA:1180,ltZ:1180,mdA:708,mdZ:945%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:382%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:474,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:382,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B98~0%5D,as:%5B98~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHowKqv+111%7C112%7C113%7C114%7C115%7C116%7C1171%7C1172%7C1173%7C1181%7C1182%7C1183%7C1191%7C1192%7C1193%7C11a%7C11b.1484055-72040524%7C11b1%7C11b2%7C11b31%7C11b4%7C11b5%7C11b6%7C11c*.1484055-72040524%7C11c1%7C11c2%7C11c31%7C11c4%7C11c5%7C11d1%7C11d2%7C11d3%7C11d4%7C11e1%7C11e2%7C11e31%7C11e4,idMap:11c*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:na,siq:382,sinceFw:91,readyFired:true%7D&br=c
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:40a6:f5dd:4ba9:a1c7 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: nginx
x-server-name: dt16.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 05D1 17 KB
6 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 17 Jun 2023 00:49:41 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 020A 42 B
64 B 77ms
76ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuCWrkq6TnyF1RcAQUM3kKa0Zvr_eY6bTDxmy_jdeRfIoSGhAJa1ddBRCWPGrzSRCxa7GkG26RIBnUgANBFjup4CD7L&sig=Cg0ArKJSzKCwe3GWd0mDEAE&id=lidar2&mcvt=1022&p=0,0,250,300&mtos=1022,1022,1022,1022,1022&tos=1022,0,0,0,0&v=20230614&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1806867393&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1686962979825&rpt=358&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2966 17 KB
6 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 17 Jun 2023 00:49:41 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 8D06 17 KB
6 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 17 Jun 2023 00:49:41 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame BA93 112 KB
43 KB 50ms
49ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

11025ae36c36e2734f2f85331487c33b2f5ff1d267e6ed4cd123bde45f4bc416

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44193
x-xss-protection: 0
last-modified: Sat, 17 Jun 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 17 Jun 2023 00:49:41 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9C31 0
20 B 77ms
77ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BnKEUJAONZJGGE4SOjuwPg8CE4AYAAAAAOAHgBAI&bg=!LC-lL3vNAAaGYqkwpmI7ADkAdvg8WpyOKNNb69SPD7KU6LsSQhZfwwlyL0YReumAEXIhRnkRoeKltTRfuf-uVElf7jQ-Iaje0LoCAAABjFIAAAACaAEHmQNJTyxEGFpADk5Rc0jnOl_QlAPGKzzBOCKkzj_QLZHT3d9Og32W8ygzmFWCYtgJpz0DygJ2GbEEOpKpMSHf9utl8Tj9SgvkcAVmiHiWyc3BsvgL_-QaUGmKHSY5IriHw1pBKxAoyUhdEhXNPd_MUkmXS4am67DTXWYedOnhUg-lIoWsGVkP-hnYRjlb88ymO5Q4xveW7BB6S6SSrVKJySi_r0A55MKXriCSqBNpBGPpV_r5srz8HwWvKUNpPpqi_KN3BGJTJKflA8-hQbxjiqOjEDTvsdkvrSFip2llMnmQzr9LdbEH21XA73t5D0f0w087ot8LSKJcWlfvrGAs_MsOeAZJ54CQv2wg06JbU37tchQkqwQZJj1dswIG6SmoZQpvpEGP44db4rq5131wjvuVVBfbyzPQB_ap4VOCwva4Siw-RfnT-4P4BUFMWrR4WrnreverJtSWy9EZNlcfMAYJ02QHkdCcXUPFpQ9dos2lyFIICQNDIQPGp9cvXaUO3GL6kiu-Vwfb1J6343b3ICZfS5ce4yqvp6LdxlvRS4cKqLnjLoUrNFfLsNBr5QSOCxqJBOR9dGEcxYhgKEdX76kklj4GtV9Ty8nvboeG6tE8LgJiVGfJLNpKjbaaw6ZyWrWOHoMMIsJNzf_7zccEKUVTk3hfswpU2Tnxh5CMqk7w09aHOonPpqjOQGkburOCMd6a56gVJy2DOF8QZVu-s6yCuXndPeYO9B0EryQ9LnbxRyZY_4SADUCjtQye5l446h1aewtV56qmX1uglZ2l4VYA9M8feZEyrHHIphdvozXkLOUE_jW66mVrz_12H8GiwUZyPxZDa8SsDHxd2-wIKe0hn8gJma-ZbnikfzLnv67xgW4cSH9Vb8Zmme8FgUE9DMp6qRaNkT5pU4Z_SnvBjVNtZlaEIFcKupy0d3wooY8ZixgwUVEEjC-UD75FqCVE_sH4bymEntRXikv52Ktp_ct1S4ueSeNwCyc6h75KKd4fMC3DtK67LYSteZvjeP5OboVqPtsUhOBUeL58iQgA_Y_0zXDSSqWs0DuSMvfG3aKeCrugCpoO7xUlYsgFIi20-OsSAcZgk87hKdpPXYJMXtsP-e9TI6vJhtPbjA

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame 63CE 1008 B
904 B 234ms
56ms Script
text/javascript 130.211.44.5

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=245&ttfrms=26&brid=3&brver=114.0.5735.133&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauJ6%5C%3E6%3C%5D%3F6ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauA4%3D%402%3C%5D3%3D%403%5D4%40C6%5DH%3A%3F5%40HD%5D%3F6ETar9EEADTbpTauTauJ6%5C%3E6%3C%5D%3F6ETar9EEADTbpTauTaucecghb3fe_445d35feg_cgb4477ba%602f%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&srcurlD=1&aUrlD=0&ssl=https:&dfs=680&ddur=201&uid=1686962981311231&jsCallback=dvCallback_1686962981311980&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F114.0.5735.133%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=90&winw=728&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=3886&tgjsver=3886&lvvn=28&m1=13&refD=2&referrer=https%3A%2F%2F464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&fcifrms=1&brh=2&sdf=2&dvp_epl=280&noc=4&nav_pltfrm=Win32&ctx=20309721&cmp=29968277&sid=3288807&plc=367565023&crt=192207036&btreg=558488166&btadsrv=doubleclick&adsrv=1&advid=4309118&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=4395512914.105186&dvp_tukv=983866743.8327289&dvp_strhd=0.2999992370605469&dvpx_strhd=0.2999992370605469&dvp_tuid=208061158252&jurtd=765759122
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements3886.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 507221aa1d3f3d00517250677bbbedd055e563b6e19acdb2cbd4f5c618bd734b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 17 Jun 2023 00:49:41 GMT
Content-Encoding: br
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Timing-Allow-Origin: *
Expires: 06/16/2023 00:49:41

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame CB63 1008 B
908 B 137ms
57ms Script
text/javascript 130.211.44.5

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=396&ttfrms=6&brid=3&brver=114.0.5735.133&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauJ6%5C%3E6%3C%5D%3F6ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauA4%3D%402%3C%5D3%3D%403%5D4%40C6%5DH%3A%3F5%40HD%5D%3F6ETar9EEADTbpTauTauJ6%5C%3E6%3C%5D%3F6ETar9EEADTbpTauTaucecghb3fe_445d35feg_cgb4477ba%602f%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&srcurlD=1&aUrlD=0&ssl=https:&dfs=640&ddur=232&uid=1686962981430406&jsCallback=dvCallback_1686962981430427&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F114.0.5735.133%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=90&winw=728&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=3886&tgjsver=3886&lvvn=28&m1=13&refD=2&referrer=https%3A%2F%2F464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&fcifrms=1&brh=2&sdf=2&dvp_epl=280&noc=4&nav_pltfrm=Win32&ctx=20309721&cmp=29968277&sid=3288807&plc=367565023&crt=192207036&btreg=558488166&btadsrv=doubleclick&adsrv=1&advid=4309118&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=287773102.45136416&dvp_tukv=33156519256.493847&dvp_strhd=0.1999969482421875&dvpx_strhd=0.1999969482421875&dvp_tuid=289235502408&jurtd=1532202706
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements3886.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7f90a7e37bbf5e1c046dcee0b917b1049e1e764e39c68f1dc1d1e53a2271126b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 17 Jun 2023 00:49:41 GMT
Content-Encoding: br
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Timing-Allow-Origin: *
Expires: 06/16/2023 00:49:41

GET
H2 200 dpixel
cms.quantserve.com/ Frame D4E7 35 B
465 B 128ms
41ms Image
image/gif 2620:116:800d:21:b314:a0ef:ab7c:d546

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEDyGt7THJEotk0pj15Tsdw4&google_cver=1&google_push=ATf1kGPUvKP92G1-qX34h5x1rKvrOKNRE6K89hcA7JluhiV_klQU1vB2xsgxgAzGIoZmYYVLGDFEtNo_JzNKXonF-vQaV77nJPJx

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:b314:a0ef:ab7c:d546 -, , ASN (),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D4E7
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEMkeyaNf-RR4Lg6c7K3mn_I&google_cver=1&google_push=ATf1kGMVfEbhHgpZ0_7NQ9WJMKwiUQQCSf8q6G8Ix1H77gnkkesx78TlD8ionTAIYSEwy3n_8ewYrRTp_zKh_58m...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=FQBkjQMkTwGoiV2nIRQSjA&google_push=ATf1kGMVfEbhHgpZ0_7NQ9WJMKwiUQQCSf8q6G8Ix1H77gnkkesx78TlD8ionTAIYSEwy3n_8ewYrRTp_zKh_58m1Z8t41RI...

170 B
188 B

51ms
50ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=FQBkjQMkTwGoiV2nIRQSjA&google_push=ATf1kGMVfEbhHgpZ0_7NQ9WJMKwiUQQCSf8q6G8Ix1H77gnkkesx78TlD8ionTAIYSEwy3n_8ewYrRTp_zKh_58m1Z8t41RIjHatDA

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 17 Jun 2023 00:49:41 GMT
Server: MT3 1031 59fd23a master cdg cdg-pixel-x12 config_version:"1438"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=FQBkjQMkTwGoiV2nIRQSjA&google_push=ATf1kGMVfEbhHgpZ0_7NQ9WJMKwiUQQCSf8q6G8Ix1H77gnkkesx78TlD8ionTAIYSEwy3n_8ewYrRTp_zKh_58m1Z8t41RIjHatDA
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 17 Jun 2023 00:49:40 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D4E7
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEALqLpJm7KlpTW1Vq2OimAk&google_cver=1&google_push=ATf1kGM_F_5TxgvCM1RSaH_0tYvrFu5ZMMDyUYIVBdNaQsj5rQvHbFUh1ITZFUy_1aGLYeHFdCQ3FH24hC2...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGM_F_5TxgvCM1RSaH_0tYvrFu5ZMMDyUYIVBdNaQsj5rQvHbFUh1ITZFUy_1aGLYeHFdCQ3FH24hC2i6BV_dEGrw9fzkpQ2QA&google_hm=IqHdgTqyQuCODMEkFg...

170 B
188 B

50ms
50ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGM_F_5TxgvCM1RSaH_0tYvrFu5ZMMDyUYIVBdNaQsj5rQvHbFUh1ITZFUy_1aGLYeHFdCQ3FH24hC2i6BV_dEGrw9fzkpQ2QA&google_hm=IqHdgTqyQuCODMEkFgOo6Gc

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:40 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGM_F_5TxgvCM1RSaH_0tYvrFu5ZMMDyUYIVBdNaQsj5rQvHbFUh1ITZFUy_1aGLYeHFdCQ3FH24hC2i6BV_dEGrw9fzkpQ2QA&google_hm=IqHdgTqyQuCODMEkFgOo6Gc
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D4E7
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHgtXX0pLR76uolrKFyWthE&google_cver=1&google_push=ATf1kGMFUYQ7F9bT5e6mFFDm9uKTzJfGd2AWWO3tuTL5ACpZH3UvaBHxXDj8p6QOvCdTlyIifUkpM6o0...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzQ2MDg0NTI2NzQxMzgyMTM2MQ&google_push=ATf1kGMFUYQ7F9bT5e6mFFDm9uKTzJfGd2AWWO3tuTL5ACpZH3UvaBHxXDj8p6QOvCdTlyIifUkpM6...

170 B
188 B

50ms
49ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzQ2MDg0NTI2NzQxMzgyMTM2MQ&google_push=ATf1kGMFUYQ7F9bT5e6mFFDm9uKTzJfGd2AWWO3tuTL5ACpZH3UvaBHxXDj8p6QOvCdTlyIifUkpM6o0l41sQzmpWbLgcYS43B7hWA

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzQ2MDg0NTI2NzQxMzgyMTM2MQ&google_push=ATf1kGMFUYQ7F9bT5e6mFFDm9uKTzJfGd2AWWO3tuTL5ACpZH3UvaBHxXDj8p6QOvCdTlyIifUkpM6o0l41sQzmpWbLgcYS43B7hWA
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D4E7
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEIBFxfPJuoSEFlv0fK91AkQ&google_cver=1&google_push=ATf1kGPOVSdO3b0Ku6yd4pHyT5XevpB7PZlx8Y7HVT04GuPFa6umsK-Vsr4RRIRjGE2npXBBtAgGbRlyQIQIVaGTBAzk58...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEIBFxfPJuoSEFlv0fK91AkQ&google_cver=1&google_push=ATf1kGPOVSdO3b0Ku6yd4pHyT5XevpB7PZlx8Y7HVT04GuPFa6umsK-Vsr4RRIRjGE2npXBBtAgGbRlyQIQIVaGT...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=L9W3c8YaTBGEB-G3OZPolg&google_push=ATf1kGPOVSdO3b0Ku6yd4pHyT5XevpB7PZlx8Y7HVT04GuPFa6umsK-Vsr4RRIRjGE2npXBBtAgGbRlyQIQIVaG...

170 B
188 B

50ms
50ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=L9W3c8YaTBGEB-G3OZPolg&google_push=ATf1kGPOVSdO3b0Ku6yd4pHyT5XevpB7PZlx8Y7HVT04GuPFa6umsK-Vsr4RRIRjGE2npXBBtAgGbRlyQIQIVaGTBAzk58W01wismA

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=L9W3c8YaTBGEB-G3OZPolg&google_push=ATf1kGPOVSdO3b0Ku6yd4pHyT5XevpB7PZlx8Y7HVT04GuPFa6umsK-Vsr4RRIRjGE2npXBBtAgGbRlyQIQIVaGTBAzk58W01wismA
access-control-allow-origin: *
date: Sat, 17 Jun 2023 00:49:41 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

/
onetag-sys.com/match/ Frame D4E7
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEEwW6se3E9BzQZ8HrKTxxY8&google_cver=1&google_push=ATf1kGNsLyy7xJeVjs1N8a7QM3kjfqjGS4jfJ_45QaDuKXVjKvitT3GqIx-CEQ944WY0n4QyxzS6ZpqnwA0...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGNsLyy7xJeVjs1N8a7QM3kjfqjGS4jfJ_45QaDuKXVjKvitT3GqIx-CEQ944WY0n4QyxzS6ZpqnwA0nxHbZ5-jRe91aze3ztuw
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

41ms
40ms

Image
text/plain

51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

51.38.120.206 Hessen, Germany, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D4E7
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEP-th7uJp...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=97575b0b-4286-49fd-9341-4e6e64b39340&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

50ms
50ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=97575b0b-4286-49fd-9341-4e6e64b39340&%%GOOGLE_PUSH_PAIR%%

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=97575b0b-4286-49fd-9341-4e6e64b39340&%%GOOGLE_PUSH_PAIR%%
date: Sat, 17 Jun 2023 00:49:41 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame D4E7 0
12 B 49ms
47ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JdE65HT7_U3fKnJ9xpAaS14qa_75sdkQdK3_kfAoVRe_9oXg0VpgAU38S7qK6r9agUdXiEahE

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:41 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK viewability Show response
hal900025.redintelligence.net/ Frame 3913 0
150 B 121ms
42ms Script
text/html 138.201.84.245

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/viewability?s=93483700005664200951389012358025&a=b0a46231&vb=m
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=93483700005664200951389012358025&a=abeddfb0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/request_content.php?s=93483700005664200951389012358025&a=abeddfb0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Sat, 17 Jun 2023 00:49:41 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.96.0/619621/AhDoDk8LEeQVnSZF/ Frame 9BB4 0
145 B 55ms
55ms XHR
text/plain 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.96.0/619621/AhDoDk8LEeQVnSZF/postback?oz_pl=1&dm=728x90&ac=651871&r3=&ci=619621&di=https%3A%2F%2Fye-mek.net&ap=&si=1208769424&sr=4&r1=2a01%3A4a0%3A1338%3A%3A&r2=&ui=b9e8c882-c2b1-bf68-0000-000000000000&ti=8741425454962446792&pp=pub-7983651257838282&ai=216536&c1=4562306&dt=6196211556140246740000&pv=e5ace1e6-3ad0-42bb-826a-c104801e3de2&de=43000&pd=avt&cr=6622332&psv=2.96.0&_x=1
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/619621/analytics.js?dt=6196211556140246740000&pd=avt&di=https%3A//ye-mek.net&ui=b9e8c882-c2b1-bf68-0000-000000000000&ap=&ti=8741425454962446792&pv=e5ace1e6-3ad0-42bb-826a-c104801e3de2&pp=pub-7983651257838282&sr=4&de=43000&si=1208769424&dm=728x90&ac=651871&cr=6622332&ai=216536&c1=4562306&r1=2a01:4a0:1338::&r2=&r3=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-176-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 17 Jun 2023 00:49:40 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 020A 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2862690275287&version=m202301230201&ct=77&x=6&cor=9491841747300272000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.96.0/619621/AhDoDk8LEeQVnSZF/ Frame 9BB4 0
145 B 54ms
54ms XHR
text/plain 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.96.0/619621/AhDoDk8LEeQVnSZF/postback?dm=728x90&ac=651871&r3=&ci=619621&di=https%3A%2F%2Fye-mek.net&ap=&si=1208769424&sr=4&r1=2a01%3A4a0%3A1338%3A%3A&r2=&ui=b9e8c882-c2b1-bf68-0000-000000000000&ti=8741425454962446792&pp=pub-7983651257838282&ai=216536&c1=4562306&dt=6196211556140246740000&pv=e5ace1e6-3ad0-42bb-826a-c104801e3de2&de=43000&pd=avt&cr=6622332&sid=AhDoDk8LEeQVnSZF&oz_sc=e5799505eb17cb711166bdc5&oz_df=1686962981570&oz_l=237&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.96.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-176-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 17 Jun 2023 00:49:40 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 020A 42 B
64 B 76ms
75ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvXzmD5c7rtZMejA4ZBA3pp6RWVMgdVbVYd7Iuwq45pD9sc5IHTwF8gD1s1y0eVlZIe0F9VF7dxNAs3SAvvANildC-REe-8pVU&sig=Cg0ArKJSzL5hMfWH7PCpEAE&id=lidar2&mcvt=1064&p=0,0,254,300&mtos=0,1064,1064,1064,1064&tos=0,1064,0,0,0&v=20230614&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&vu=1&app=0&itpl=32&adk=207133284&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1686962979825&rpt=743&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5ed7702fe4b07a92411bc03e
ng2.virgul.com/tck/imp/ Frame 8CDD 0
209 B 96ms
96ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7702fe4b07a92411bc03e?g=1&t=gb&r=153378@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1686962978644&userId=vnetd3f78832-c440-4156-b5e0-4abada343ea3
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Sat, 17 Jun 2023 00:49:41 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 02F4 42 B
64 B 83ms
82ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssXV2z8IWwdxptKDDYDg_P_AohSbQcdS9KhcSxHl3AVglH9BPW3O7Y7iiff8Q43m2C4iU8PDGb4AWVP4AKdySl2aRk8TziqQJijWKrVv7Shpc7fou5qqzgbnUghI2v_y1r65OdQ3AugI06H&sai=AMfl-YQ3Pi1JnaJjSiznKHhN5-mlhEo45de4QQxdlNofYlqcpaeE8NErzfFTtm4DXz8yvRFSjAcFAL5WIFci9s6fmdusm6Zdh8cX0Ypkv_29Bkk9GDE8fZq59E7n1pI&sig=Cg0ArKJSzJRoS3SaHD5HEAE&cid=CAQSOwBygQiDkIW9KK9wnKWLeLQzVwNaiTX3lUCakD5gz49KVf22XP31kGgsuAwwxGkoZo0gPb1ww3QMvb69GAE&id=ampim&o=0,229&d=160,228&ss=1600,1200&bs=160,228&mcvt=1190&mtos=0,0,0,1190,1190&tos=0,0,0,1190,0&tfs=406&tls=1596&g=100&h=100&tt=1596&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 911A 0
20 B 77ms
77ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BG66ZJAONZO7VFPOn9u8P8amM-A4AAAAAOAHgBAI&bg=!ycqlyp7NAAaGYqkwpmI7ADkAdvg8Wp9QbFej4tv3YNCVLvdRVk4nSQ-ZyT_-DXITOTOEjbvOz_-gft1aiDsL3VmGZsuzGWzWqRsCAAABU1IAAAADaAEHmQNlHo2CAU3OYz4RKs7bS062F9VhTFHaJQS4MKbkJahk0KPpK3BAOn6VwKXvYWTywyN2Ax_lMYXFT1CkXCuYCnREJImxACZfJLBk4wT0stxUYqjeuAZE_h5BsmvK5gjfFcCdg9CxON9i9av2BM9wMcYVRYT5WJgxf2RHXWl7JcHvz_s1qsNy51B-vhsw-UfPo59fS7abeLTu69A6G_zRZbNIKFE9S3WFHbRC09a--u1P_l8asjEFKkH6f0F3cbp1YY0bNsWXeXSuSr44WepkqkFxLZpfusIh35vJNHIVvBxAuoAKLk45J5JTfPkQVGNz6mmrIm2Y1fIx5jCz0twoih1Rxc1yNPkAlVfmbX8mzk1rVvI9nooZqFGX_2uNOPtwJaLNa8ev7u-PtDmqATU_8pfK_S9RBMBO6GrPxUGmPQkyAMPW7UipSXtW_uknzkHP7yc2b0LqeFb35oXT9FFNg2Cz3iYJacLyEn-v_ubI0gZEaaVnRLeaRj423qAZuRJm6tlNl9wf2PTdDygJYjQtlxLTdGyRw4_5Oedh6NuVAXMZS7wni5yF3OWrOF7kelrBTpQGlW6WnwFduEQUU7qhabcGkvL1c1s_cukPBUlzFWA6Q0-utWsRkGzBm08Wags_A714wpw70Gj6oIG1dXzuJ8WNM99uAYrKy7WiK9XgSZJb3nBIbJKQKn3jnQkkcjTLRJSt7fMcifItn6wzWUf67YEyvyonOppd24T-w5H5A_OgOVMdHrlxGwr6hUg-q9u_xVfAth6AxWRGP2UJujCdE4kLXFa9gkJrDI3f1kabxTjd2-TXNDelv39RUxj_fud2ESv_IQayppHSlh8HAghW5kS1iG30R5YDM6d8m8yRStMG1wK2BxgFtsb1hqDaNEI5nGh2AxALuQTq5a-dOeWwxW4ZSBDAenb5lPHC_DMDjTydK-YptL8bfplp_9-yje2QCecbN4uEYgUNeWJhqHQdXd9beLVK8KwqHvpUj347BGlpfsFDhFGbgi7-dcXNlO3c0stx9HHEVccmqmZVkn224W9dPwlY1jKKhvH9OyGBDf2ei0NUhNxg03rRVyOrPtgYwna5GyW3cT7LXfs-E04fQglL6cIz18Hd0ZTDGXRWhk8WjB-YCNrX-lkzlYV-JpYnitu_hHrTZLc

Requested by

Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4A57 43 B
215 B 118ms
118ms Image
image/gif 2600:1f18:1aca:4281:40a6:f5dd:4ba9:a1c7

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=5fbed5b9-60b1-c74e-e598-a3873d6e1526&tv=%7Bc:fKGhGm,pingTime:-10,time:943,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE0LjAuNTczNS4xMzMgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1686962981686%7C%7Ca3b28f7b7a92c0704016d914cf27c6af%7C%7C8623b242deb4313525321dba17b62725%7C%7C3da3a2afaebbc5373d43cb7a282b5064%7C%7Cc118a79878bb047bd8856dadfe0e4864%7C%7Cf4bc226f32a94bee9774249158939234%7C%7Cb3f56dbcfcf56a894b8d3d04ac5d511a%7C%7C3a4f7e7875fcab9209dab78f951e50f9%7C%7C1663701684,im:%7BpWait:259,imprf:%7Bttecl:1161,ecd:134,tsecr:400%7D%7D%7D
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:40a6:f5dd:4ba9:a1c7 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: nginx
x-server-name: dt14.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B951 0
20 B 74ms
74ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6860175041383&version=m202301230201&ct=77&x=6&cor=1434405284800818400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B951 42 B
64 B 75ms
75ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuE7DeriwWuH6LNvAUs-9OQ4Ru6NaccDlTsCPtLcM609PAhoKDFLd_dvY_9vrbmmSr9DCp_LrVhHnJZxQ0dY4Ptxji7hKMgKJM&sig=Cg0ArKJSzAq8CpqziIjxEAE&id=lidar2&mcvt=1093&p=0,0,254,300&mtos=0,1093,1093,1093,1093&tos=0,1093,0,0,0&v=20230614&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&vu=1&app=0&itpl=32&adk=1558675593&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1686962979656&rpt=963&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js Show response
pagead2.googlesyndication.com/bg/ Frame 46C9 37 KB
14 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

176df1038f84f14d1d2ec33b51af8cef8034b6ebf27106f9b716f714d560e882

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 09:31:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141469
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14698
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 14 Jun 2024 09:31:52 GMT

GET
H3 200 F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js Show response
pagead2.googlesyndication.com/bg/ Frame 173E 37 KB
14 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

176df1038f84f14d1d2ec33b51af8cef8034b6ebf27106f9b716f714d560e882

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 09:31:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141469
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14698
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 14 Jun 2024 09:31:52 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 1E00 43 B
215 B 119ms
118ms Image
image/gif 2600:1f18:1aca:4281:40a6:f5dd:4ba9:a1c7

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=a67eb679-2e37-90bf-4aad-474d7b09dc4f&tv=%7Bc:fKGhHc,pingTime:-10,time:999,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE0LjAuNTczNS4xMzMgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1686962981738%7C%7C9d69ab21cc644ea47f035f115921219a%7C%7C8623b242deb4313525321dba17b62725%7C%7C4bbe9a8f86f9ee7ae36c1d7ae436becf%7C%7C610a5805f360fd33b00fa745ed3c4466%7C%7C771cc24033cea964016948f9646eafa1%7C%7Ca7d3b13515434715b6076c4057171516%7C%7C735f82b4e51023a843dc7b497fff41b5%7C%7C1663701684,im:%7Bimprf:%7Bttecl:1296,ecd:161,tsecr:448%7D%7D%7D
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:40a6:f5dd:4ba9:a1c7 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
server: nginx
x-server-name: dt04.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CB39 0
20 B 78ms
78ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BxpcTJAONZLTLGITCx_APzJCa-AwAAAAAOAHgBAI&bg=!ammlaT3NAAaGYqkwpmI7ADkAdvg8Wt0p_Ce6g44cfCaII28qpGL1lNyrAU_6e58mdzdPBTeNEPhaPk1KcymN0TSczhBpUvKTbHwCAAACLlIAAAACaAEHmQNBw-Nw4iVQ_26nJCQjsPCIGhcn53qR5GoJwSVUhy8TNfcwUIUCLc80iVkBcKSzcosxVRdsAe2Y4YALU2c6O5f4d3RNroY7TQPgJt7JC2nXvwcTEUA_rHNAEu1P1uGWWAcsfVUWYyqi1CajuhqTjIZn-525Wz3rYJvh6BX4YXcxTp6tN3Y2W-qfj8Sjt_ZdrO0rRwVJwO2LzT_ju9gVBjK3KekFr0Fz8NJ42w9aSoVkIzixRUUJ5MqT-LpavbQIezFPtpowJQEmJBbWcQjyYVeGa-27yOCfR6hhuDefGZGIiqmKNOWd4ZQ_Sse79rsusz7sw15OAEa0JHZ4S0kyNn7-bxAB-5H_Aqc2gL_n3eXFXAeeSiEzKMJR_Xr-B67dMDbKOJzI_6D7Qoacn79AI6rSZA_KcgWoZqG1rUJGLr4iu5ckWJc2TeK9ZUtSuI780dSLpHL03aGBs2irvT09krMeUMnEBF2BfRJ0Ty6ini5MtS1JrbPVQ1zKg35ArpPCuazo2V45Y0bo__sQxFFkmh50n32I6FcgSxfKLieN6vbLLC31xz-1yZBlD9NZo5ZDgtY_jLNUrYTPvntdI73Rzrm5VyFvTGJOkwatjPtU3IY5CRgoNE2G7dmKQpZ3kCP9dbIRnzs5WhFhuV6Q6lomZU-moz2Be0FsbpXASR9XI9KxVAc_GpyBxSA_rBBl2IvZXdoGwbk5csn6TbopSOcwGhseQy-GZstXJqfChfaGCproOoWNwjrKdGhQUcMIlJZWx9VwsIxZvuxbJz7yxqXm9fk5hMrmiJmszsZWfHW6GQSeJqWzdHZ9eIcS3SeBTv00nLtfHW9Fo5_eQBMfe9NemBa7KcV8e-458719aruUSXA18Ar9_evjW7TmdoUE_H_Wa9UfYmjxlfbtrmPeQzymki0eGKB4XC5HV8L-fIQZCbnxXRthyDHiaQSHHt13SvDUI5-_r2MpTpM93vIkTd_9chr7rjPy0527y0GpXH3_XW_8FmeJ2H6j6CQK82JT60OIY4J4I6-9ynoixi3yBQs3ldMMAIRv9rvVzNGw3apcpX0TuYgp4qCAU5TRC9x_Wpb5Yq_vmUCY03xtB_S2KiAgO6x91X8

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 9BB4 85 KB
31 KB 159ms
47ms Script
text/javascript 18.66.147.98

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=93483700005664200951389012358025&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.98 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 07:54:52 GMT
content-encoding: gzip
via: 1.1 307395f1eb3989f15e6f525475291c86.cloudfront.net (CloudFront)
last-modified: Wed, 15 Mar 2023 17:26:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 60889
etag: W/"876c293e6c37046ecb0c11ce2e276942"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: qBsWruR8rlIfF50Ai2rltkcvoswfkuw1KvPCUuNt7l19b8vjbt5ZmQ==

GET
H2 200 1x1.png
cdn.track.production.webgains.team/7121/ Frame 9BB4 3 KB
3 KB 133ms
40ms Image
image/png 99.86.4.94

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.png?Expires=1686963281&Signature=X8~mpfWDdIIg4Rn3-999Pz2ZgxAgGfU~Wq-oS7Q8h8z~1rtClKWlFlmsT4Uj6dSM6FPw9NnatiEsHSbda1LQof5At38tUDAAFxin2VXE6Gph8nXkEMQIpvTv8hRHpFZMWFZDosOY9~yoItlRZSd4OEqzbUnxiCp~liRegvk-YGoaKBZytIN55cYUEXKLTgugcJMkBW8BqNtuAdT14iv0xRB25svxJw0ej8VdxiEX32MTrRcj1eBFGMDmxVdI1RX9an4IgGCSKU89hVDnoeUFPn5V5~oQuzZZySYGxDxKOcLd0tHBtt5pZPzFnJBT~0E43M-5XiN5xTvbVY~zVl~~bA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.94 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id: null
date: Fri, 16 Jun 2023 04:53:12 GMT
via: 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 71790
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: If330VPEOjrs7JLAqr1KNqjhXE9syA3TngytFAi5yylrhglWShUjiQ==

GET
H3 200 F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js Show response
pagead2.googlesyndication.com/bg/ Frame 1125 37 KB
14 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

176df1038f84f14d1d2ec33b51af8cef8034b6ebf27106f9b716f714d560e882

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 09:31:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141469
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14698
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 14 Jun 2024 09:31:52 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F347 42 B
64 B 84ms
83ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsscVFSv_gp2ZzlEkKA_dM4gIrKKOi4AO8ghRYy6QsAzuK3UqfFTiwdopkSs8x_E0J3Ps3IrocmdAIrRdncw4XU4edTc4sLGD37_dKB1vWOf9v0EGoMponds0SpzXPDXB0yUa_GQecIlQjiC&sai=AMfl-YTrrJjxlkYw2-DQCFcOEvXYgNihM46lMPTgpiz_sssjJ33IYOOV5ed0PwI_zlUCrGF5f0XtOVkqAu_c4z2IIFxQsNWaWXnXBzsANPJzvujMQYJbwxW0DGKy1gE&sig=Cg0ArKJSzMe59H8iGjnwEAE&cid=CAQSOwBygQiDWxnwjMPZt3msAhZI-dmFfmenPYt7MotK-j6T8Q05QsgXHYwwuBq0LTMAoP9NhCTjeukuvEWkGAE&id=lidar2&mcvt=1021&p=0,119,40,160&mtos=1021,1021,1021,1021,1021&tos=1021,0,0,0,0&v=20230614&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3203893797&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1686962980128&rpt=466&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
BLOB 200
OK f2838f3c-cf94-4c87-a50b-4d31f31f16cc
https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/ Frame 9BE2 186 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/f2838f3c-cf94-4c87-a50b-4d31f31f16cc
Requested by: Host: 464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
URL: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 985d2b656cce9486a1f152d7c4bbbc4cc1d5a65a0af9bd52e260bcc255bced06

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Length: 186
Content-Type: application/javascript

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.96.0/619621/AhDoDk8LEeQVnSZF/ Frame 9BB4 0
145 B 55ms
55ms XHR
text/plain 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.96.0/619621/AhDoDk8LEeQVnSZF/postback?dm=728x90&ac=651871&r3=&ci=619621&di=https%3A%2F%2Fye-mek.net&ap=&si=1208769424&sr=4&r1=2a01%3A4a0%3A1338%3A%3A&r2=&ui=b9e8c882-c2b1-bf68-0000-000000000000&ti=8741425454962446792&pp=pub-7983651257838282&ai=216536&c1=4562306&dt=6196211556140246740000&pv=e5ace1e6-3ad0-42bb-826a-c104801e3de2&de=43000&pd=avt&cr=6622332&sid=AhDoDk8LEeQVnSZF&oz_sc=e5799505eb17cb711166bdc5&oz_df=1686962981799&oz_l=4338&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.96.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-176-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 17 Jun 2023 00:49:41 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H2 200 i Show response
adrta.com/ Frame 13DC 15 B
172 B 118ms
117ms Script
text/javascript 35.171.128.173

General

Check archive.org

Show headers Download Go to

Full URL: https://adrta.com/i?cb=55070474&__aasv=22.121&__aaii=8270680602865097880&__aait=1686962980388&__aasi=11179057848659210116&__aast=1686962980061&__aavi=7114998975857886363&__aavt=1686962980061&__aavz=0&__aaib=0&__aaai=1&__aaaa=0&__aafl=0&__aaaf=1&__aaag=8&__aahd=%7B%22chrome%22%3A%22na%22%7D&__aarf=2&__aart=9&__aacd=1&__aaax=0&__aaay=0&__aasz=300x250&__aapf=1&__aaec=4&__aaup=2&__aaat=0&__aaae=0&__aaav=1&__aaas=1074&__aaah=0&__aapc=0&__aaph=0&__aapw=0&__aap1=0&__aap2=0&__aap3=0&__aap4=0&__aap5=0&__aass=1600x1200&__aaim=1&__aawm=1&__aaho=1&__aacb=1015140641_1686962979_259802&__aaxf=80.255.7.103%2C%2010.2.3.71&__aas21=2a01%3A4a0%3A1338%3A92%3A%3A8&__aas23=2a01%3A4a0%3A1338%3A92%3A%3A8%2C%2010.2.3.46&__aaci=pbm&paid=pbm&kv24=1&avid=721441&plid=8175522842385272666&lineItemId=&caid=22987&publisherId=160850&pricePaid=0.115964&kv12=3749925&siteId=842619&kv3=&kv15=58&kv11=DD01C5DD-082E-4D26-A738-C75694989FB6&kv18=&kv19=&kv5=80&kv6=25295&kv13=ye-mek.net&kv8=ye-mek.net&kv2=ye-mek.net&__aapu=https%3A%2F%2F464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&__aapr=https%3A%2F%2Fpcloak.blob.core.windows.net&__aatu=https%3A%2F%2Fpcloak.blob.core.windows.net
Requested by: Host: pix.adrta.com
URL: https://pix.adrta.com/cdnf.js?v=22.110
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.128.173 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 0832fd95ee636ce4ee93987e86eacc95ae8284fa5944919afb4c39913df029e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-type: text/javascript;charset=ISO-8859-1
pragma: no-cache
date: Sat, 17 Jun 2023 00:49:41 GMT
cache-control: no-cache
server: nginx
content-length: 15
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 visual.jpg
s0.2mdn.net/sadbundle/16829948873192997814/img/ Frame 2966 36 KB
36 KB 40ms
40ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/img/visual.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a7236c859d6491548dcc21f41adf62f1ce3698c7a2bd60f9300634048de0c93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=SimwOY70bH&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 19:24:54 GMT
x-content-type-options: nosniff
age: 365087
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36861
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jun 2024 19:24:54 GMT

GET
H3 200 visual.jpg
s0.2mdn.net/sadbundle/16829948873192997814/img/ Frame 05D1 36 KB
36 KB 40ms
39ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/img/visual.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=1VT5fc9Ca6&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a7236c859d6491548dcc21f41adf62f1ce3698c7a2bd60f9300634048de0c93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=1VT5fc9Ca6&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 19:24:54 GMT
x-content-type-options: nosniff
age: 365087
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36861
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jun 2024 19:24:54 GMT

GET
H2 200 6363a944e4b0125bde9e6739
ng.virgul.com/tck/i_vb2/ Frame 8CDD 0
209 B 82ms
81ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/6363a944e4b0125bde9e6739?l=&r=153366@site_geneli@yemek_net:site_geneli&cs=1686962981928&userId=vnetd3f78832-c440-4156-b5e0-4abada343ea3
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Sat, 17 Jun 2023 00:49:41 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed76f76e4b07a92411bc03a
ng.virgul.com/tck/i_vb2/ Frame 8CDD 0
209 B 83ms
82ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed76f76e4b07a92411bc03a?l=&r=153377@site_geneli@yemek_net:site_geneli&cs=1686962981928&userId=vnetd3f78832-c440-4156-b5e0-4abada343ea3
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Sat, 17 Jun 2023 00:49:41 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771bae4b07a92411bc04c
ng.virgul.com/tck/i_vb2/ Frame 8CDD 0
209 B 84ms
83ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771bae4b07a92411bc04c?l=&r=153382@site_geneli@yemek_net:site_geneli&cs=1686962981928&userId=vnetd3f78832-c440-4156-b5e0-4abada343ea3
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Sat, 17 Jun 2023 00:49:41 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771e3e4b07a92411bc04e
ng.virgul.com/tck/i_vb2/ Frame 8CDD 0
209 B 83ms
83ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771e3e4b07a92411bc04e?l=&r=153383@site_geneli@yemek_net:site_geneli&cs=1686962981928&userId=vnetd3f78832-c440-4156-b5e0-4abada343ea3
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Sat, 17 Jun 2023 00:49:41 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4A57 43 B
215 B 120ms
120ms Image
image/gif 2600:1f18:1aca:4281:40a6:f5dd:4ba9:a1c7

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=5fbed5b9-60b1-c74e-e598-a3873d6e1526&tv=%7Bc:fKGhLd,time:1245,type:e,im:%7Bpci:%7Btdr:748%7D,pLoad:1130%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:1245,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:382,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B869~0%5D,as:%5B869~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:186,fm:tHowKqv+111%7C112%7C113%7C114%7C115%7C116%7C1171%7C1172%7C1173%7C1181%7C1182%7C1183%7C1191%7C1192%7C1193%7C11a%7C11b.1484055-72040524%7C11b1%7C11b2%7C11b31%7C11b4%7C11b5%7C11b6%7C11c*.1484055-72040524%7C11c1%7C11c2%7C11c31%7C11c4%7C11c5%7C11d1%7C11d2%7C11d3%7C11d4%7C11e1%7C11e2%7C11e31%7C11e4,idMap:11c*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:382,sis:916%7D&br=c
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:40a6:f5dd:4ba9:a1c7 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Jun 2023 00:49:42 GMT
server: nginx
x-server-name: dt18.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 8CDD 14 KB
11 KB 55ms
54ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202306130101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05f97034a922840d76df0094b86d5c80ade5835925943182e1e798c2c3bd3ebd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11201
x-xss-protection: 0

POST
H/1.1 200
OK postback Show response
s.update.mediamathtag.com/2/2.96.0/619621/AhDoDk8LEeQVnSZF/ Frame 9BB4 0
145 B 57ms
56ms XHR
text/plain 34.248.176.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.mediamathtag.com/2/2.96.0/619621/AhDoDk8LEeQVnSZF/postback?dm=728x90&ac=651871&r3=&ci=619621&di=https%3A%2F%2Fye-mek.net&ap=&si=1208769424&sr=4&r1=2a01%3A4a0%3A1338%3A%3A&r2=&ui=b9e8c882-c2b1-bf68-0000-000000000000&ti=8741425454962446792&pp=pub-7983651257838282&ai=216536&c1=4562306&dt=6196211556140246740000&pv=e5ace1e6-3ad0-42bb-826a-c104801e3de2&de=43000&pd=avt&cr=6622332&sid=AhDoDk8LEeQVnSZF&oz_sc=e5799505eb17cb711166bdc5&oz_df=1686962982005&oz_l=579&cv=3
Requested by: Host: s.update.mediamathtag.com
URL: https://s.update.mediamathtag.com/2/2.96.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.248.176.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-176-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 17 Jun 2023 00:49:41 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 8CDD 17 KB
6 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 17 Jun 2023 00:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 17 Jun 2023 00:49:42 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F9BC 13 KB
5 KB 41ms
39ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 50892
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 16 Jun 2023 10:41:30 GMT
expires: Sat, 15 Jun 2024 10:41:30 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe
www.google.com/recaptcha/api2/ Frame CA21 783 B
0 51ms
51ms Document
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-NBoCJx2140ihQJ56Yb2hdw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-NBoCJx2140ihQJ56Yb2hdw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 17 Jun 2023 00:49:42 GMT
expires: Sat, 17 Jun 2023 00:49:42 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST gen_204
pagead2.googlesyndication.com/pagead/ Frame F347 0
0

GET F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
pagead2.googlesyndication.com/bg/ Frame F9BC 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6608572852287&version=m202301230201&ct=76&x=1&cor=12385758760440820000

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

27 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 21:57:38	Name: IDE Value: AHWqTUmIF6v0SXYJqyDInWBQpzU5wTO-wsWcwr1jtQ1kDWUhX7gfW2yd_v17tmlHtoY
.adfarm1.adition.com/	1970-01-20 14:45:38	Name: UserID1 Value: 7245450824371538703
.casalemedia.com/	1970-01-20 21:21:38	Name: CMID Value: ZI0DI.binG0.Fe9N8QDNBAAA
.casalemedia.com/	1970-01-20 14:45:38	Name: CMPS Value: 2236
.casalemedia.com/	1970-01-20 14:45:38	Name: CMPRO Value: 2236
.adnxs.com/	1970-01-20 14:45:38	Name: uuid2 Value: 5065846947579209068
.adnxs.com/	1970-01-20 14:45:38	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>tpN`eO!@wnfH8K6pQK`!5=E<L5?%M(dH=[F6<$d$598-.7CjH5>FrQAGAdXU9lB`%nugO%v4VB%nnV.*--EX
.adrta.com/	1970-01-20 22:12:02	Name: __aavi Value: 7114998975857886363
.adrta.com/	1970-01-20 22:12:02	Name: __aavt Value: 1686962980061
.adrta.com/	1969-12-31 23:59:59	Name: __aasi Value: 11179057848659210116
.adrta.com/	1969-12-31 23:59:59	Name: __aast Value: 1686962980061
.ads.pubmatic.com/	1970-01-20 12:37:29	Name: KCCH Value: YES
.mathtag.com/	1970-01-20 21:21:38	Name: uuid Value: 1500648d-0324-4f01-a889-5da72114128c
.doubleclick.net/	1970-01-20 12:36:06	Name: DSID Value: NO_DATA
.spotxchange.com/	1970-01-20 13:16:22	Name: audience Value: d7824534-0ca8-11ee-acab-1f057aaa0206
.pubmatic.com/	1970-01-20 12:37:29	Name: KTPCACOOKIE Value: YES
.adform.net/	1970-01-20 13:19:14	Name: C Value: 1
.ctnsnet.com/	1970-01-20 21:21:38	Name: gid_CAESEALqLpJm7KlpTW1Vq2OimAk Value: 1
.ctnsnet.com/	1970-01-20 21:21:38	Name: cid_22a1dd813ab242e08e0cc1241603a8e8 Value: 1
.bidswitch.net/	1970-01-20 21:21:38	Name: tuuid Value: 97575b0b-4286-49fd-9341-4e6e64b39340
.bidswitch.net/	1970-01-20 21:21:38	Name: c Value: 1686962980
.bidswitch.net/	1970-01-20 21:21:38	Name: tuuid_lu Value: 1686962980
.pubmatic.com/	1970-01-20 21:21:38	Name: KADUSERCOOKIE Value: D1FC2DCE-591C-4976-9836-428E889F5B3D
.adform.net/	1970-01-20 14:02:26	Name: uid Value: 7460845267413821361
.bidswitch.net/	1970-01-20 12:36:03	Name: google_push Value: ATf1kGOnJgxLwDCfUXQbirDo_GNLfExO3WBvXf5m5KikxImbYMADbuBeQRC4HaLgDJUAsAn8Q1C8qa_JvcVd9pRzg8hknW1hPNSx
.1rx.io/	1970-01-20 21:21:38	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-dcd2f19b-ee84-495f-8f66-a0f2abeeeffd-003%22%7D
.de17a.com/	1970-01-20 21:14:26	Name: guid Value: 1.2013773068024684769

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pcloak.blob.core.windows.net/web/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
javascript	error	URL: https://ye-mek.net/(Line 39) Message: Unsafe attempt to initiate navigation for frame with URL 'https://pcloak.blob.core.windows.net/web/6x69807j0b5.html' from frame with URL 'https://ye-mek.net/'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/feature/5851021045661696.
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686962978860&bpp=4&bdt=1062&idt=251&shv=r20230614&mjsv=m202306120101&ptt=9&saldr=aa&nras=1&correlator=1113296724212&frm=24&ife=1&pv=2&ga_vid=1795257493.1686962978&ga_sid=1686962979&ga_hid=1910268385&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C42532277%2C42532279%2C44785295%2C44788442&oid=2&pvsid=3874342003548220&tmod=647139116&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.ixim7t8g1u8s&fsb=1&dtd=263 Message: Failed to load resource: the server responded with a status of 403 ()
worker	error	URL: blob:https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/f2838f3c-cf94-4c87-a50b-4d31f31f16cc Message: Mixed Content: The page at 'blob:https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/f2838f3c-cf94-4c87-a50b-4d31f31f16cc' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://eppiocemhmnlbhjplcgkofciiegomcon/content/safecheck-notification/notification-iframe/index.html'. This request has been blocked; the content must be served over HTTPS.
worker	error	URL: blob:https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/f2838f3c-cf94-4c87-a50b-4d31f31f16cc Message: Mixed Content: The page at 'blob:https://464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com/f2838f3c-cf94-4c87-a50b-4d31f31f16cc' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://cplklnmnlbnpmjogncfgfijoopmnlemp/skin/logo24.png'. This request has been blocked; the content must be served over HTTPS.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

464893b760ccd5bd7680483ccff321a7.safeframe.googlesyndication.com
aax.amazon-adsystem.com
ad.turn.com
ad.yieldlab.net
ad13.adfarm1.adition.com
adrta.com
ads.avct.cloud
ads.pubmatic.com
adservice.google.com
adv.office-partner.de
ajax.googleapis.com
analytics.webgains.io
c.amazon-adsystem.com
c1.adform.net
c1.imgiz.com
cdn.ampproject.org
cdn.doubleverify.com
cdn.track.production.webgains.team
cdn.ye-mek.net
cm.adform.net
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
d5p.de17a.com
dclk-match.dotomi.com
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
feed.pghub.io
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900025.redintelligence.net
ib.adnxs.com
image6.pubmatic.com
images.dmca.com
imagesrv.adition.com
imasdk.googleapis.com
img.tradedoubler.com
impfr.tradedoubler.com
ipv6.adrta.com
match.360yield.com
medialead.de
ng.virgul.com
ng2.virgul.com
onetag-sys.com
pagead2.googlesyndication.com
pcloak.blob.core.windows.net
pghub.io
pix.adrta.com
pixel.mathtag.com
pixel.rubiconproject.com
pv.medialead.de
q.adrta.com
r.turn.com
rtb-csync.smartadserver.com
rtb.openx.net
s.update.mediamathtag.com
s0.2mdn.net
s7.addthis.com
secure.adnxs.com
securepubads.g.doubleclick.net
static.adsafeprotected.com
static.virgul.com
sync-tm.everesttech.net
sync.1rx.io
sync.mathtag.com
sync.search.spotxchange.com
sync.targeting.unrulymedia.com
sync.teads.tv
tags.mathtag.com
token.rubiconproject.com
tpc.googlesyndication.com
tps.doubleverify.com
track.webgains.com
ups.analytics.yahoo.com
us-u.openx.net
widget.eu.criteo.com
www.cloakan.co
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
ye-mek.net
pagead2.googlesyndication.com
104.111.217.42
107.178.248.10
108.138.1.25
13.224.189.92
13.41.177.135
130.211.44.5
138.201.84.245
142.250.186.66
144.76.91.199
145.239.193.130
151.101.130.49
151.139.128.10
172.217.16.194
176.34.200.45
178.250.7.11
18.66.122.114
18.66.147.98
184.25.219.161
184.30.20.207
185.29.132.246
185.29.134.244
185.7.176.221
185.7.176.223
185.80.39.216
185.86.138.152
185.94.180.125
198.47.127.19
20.60.220.36
2001:4860:4802:38::178
213.155.156.181
217.79.188.10
217.79.188.54
23.206.208.114
23.32.184.192
2600:1f14:b4f:4b03:d0af:5b:a619:bc2
2600:1f18:1aca:4281:40a6:f5dd:4ba9:a1c7
2600:9000:223f:6200:8:48e:53c0:93a1
2620:116:800d:21:b314:a0ef:ab7c:d546
2a00:1450:4001:806::2003
2a00:1450:4001:80e::2001
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2004
2a00:1450:4001:827::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2006
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2008
2a00:1450:4001:82f::200a
2a00:1450:4001:830::200a
2a00:1450:4001:831::2001
2a00:1450:4001:831::200a
2a02:26f0:6c00::210:ba19
2a02:6ea0:c700::17
2a02:fa8:8806:20::2010
2a03:2880:f083:9:face:b00c:0:3
2a0b:4d07:101::1
3.70.117.93
34.102.243.38
34.248.176.243
35.171.128.173
35.186.193.173
35.227.252.103
35.241.45.217
35.244.159.8
37.157.2.234
37.157.6.233
37.252.171.22
37.252.173.215
44.236.199.192
46.137.93.67
46.228.164.11
46.228.174.117
51.38.120.206
52.222.253.136
52.86.34.19
54.177.234.125
69.173.144.138
69.173.144.165
74.119.118.138
77.245.159.14
85.114.159.93
94.138.206.83
94.23.99.218
99.86.4.94
00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
00df2998e7efb895eaab207705a7a815a315b29f60570df29e5be01a000bf735
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
02e0a0e8befda4ff7976c5fe1003e093e84d90e949b31a29028bbeee274d4d3a
04296b932c7ae1db59dadac93b18fcd4e46ab991308ea78a4d1c682be8733dcd
05452d9ffabcafe96540871c6ca81f557958ddaee370546ef488fcc62f86cd27
055e1962d0691e6440468ef346666c48361a6cbcb9de27a7b4ce65f1094e0d8b
05f97034a922840d76df0094b86d5c80ade5835925943182e1e798c2c3bd3ebd
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06f0060cc5659f4c8968817a09846032c30a7d5b6d3cf734cd96066b55639975
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0832fd95ee636ce4ee93987e86eacc95ae8284fa5944919afb4c39913df029e0
0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c3f2ad6b95c038d798951d0198ac1bf4161b61d88343cdf9ea4b0e3612a174f
0efbf35bca6b7a0a4a24bec921b735d4a8e16b28ec1452cbf46e3891b64b4bc7
0fe10d11912351a74a1bf773b10b90fde0c8e156b6a87ed10b9537ac9790a1ed
11025ae36c36e2734f2f85331487c33b2f5ff1d267e6ed4cd123bde45f4bc416
120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1292bd053d94b1f863330ac542e26da501795dc2285fe1f00046f659cdf074c6
13561f3dfebf8d31d9727967c099209c171311fdf9be2cc01abd526d9062b8a8
13874511ccf5085d18036021b424ce21c9b50d42f15531f626a7a29c6aada8be
153e16434e35bbd9bbcff26425cd7d24a240b15f44b9e04cd8f9c3efb3d052f8
15fa713cec97e8efafc1c53ccc987f702a28e6518f6ddcbd4c175e5452466571
16f27ad1942eb8eedb6d58ae436e69c1d78b874087c370c653000734347b9516
176df1038f84f14d1d2ec33b51af8cef8034b6ebf27106f9b716f714d560e882
19b114e06702588e001e31adc64daaa84f2ac9963a2fc30ee124f5bbd5e4f797
1bb1649700c382552132ddf0dda42a9728d1d27c424cc5f589a71a446e26e8a8
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1e190fdf47cb7389e127605fc34bfb1bfc74281d5264501b79f2779008a2ae73
1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc
22c974ca84d1beebef37b4c95335f8ae6f597563bbb9246eed2f4f647a176128
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
245ff7a388435601d41642dcbf834d7b99ff063486fcabea192f497909a067ad
27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea
29b2c61e389e564b3089a12674e8724e2174239c58df6c753e35f6e427517ad5
2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f
2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27
2ece6bd89b2087c1b8fd2a9cafddcef7af5671be5992f0cd99525f7ce3a326f5
2fd260c45b979ff64bd96a88fdac7f35416413d9b59ad9902370c2a912e6c777
3161f812469fd0552b9863a8bf904c86342db3208368ef4460329fe5fc2f8863
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
3201a7d1b47e363ca2d7881e88c491bd18d9fb202c6623ab0225df6c49625778
324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c
371113ed72df8c2a615fb1453724d0a1fdd50c2e5a75d95b6b76055eb95b206c
37996b46dda2191fba6cab6eada1bc9cf0a5bee4538ac2c1bf3ed8099d7bd701
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
391f0374b07f1b2c4eab58066cdee9bbc7c14507b5be3ea7e34e26c9ec575bb4
3a7cdd2a8d457a3a736abdd116f27948e56ad18163f6f31bc4191240fe28e312
3d2b34675fd418a1b23c652fa791f4875ccc12860d9b4b6ec8ae4aa09d51ec1e
3dad89bd01783443195a892365b91096da2f6ebb36b2169ab32af37344c82f1f
3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
41dd7e3a06aa3928007f6e365ee9da7c23cb323e0f3383a0f9910a41b2ba5d5e
43a6b0c697f542f7de9ddff571c0521bff885ef524fceef37f224854b1232844
45352935afb3119009abbfa8ed5bf7b67fc4edf64e8b718a134975410823ace9
45c655f0c14695d90b542c55ad2cd84fedd09ee0995684c862284ff4784e0ab8
4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b2dc560efa5766b1601b67424a1ec28bef879b4e6ab41e14220cd25c9f07c5e
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ba8f80e57750a37d1932267b11263208e5a3881e6a3c5864faa1a7e09e020df
4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f
4da4b2dbcb075d53b1f00b57f6d48feab4e0b340f3eac0030f3ddb7626b8d732
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
507221aa1d3f3d00517250677bbbedd055e563b6e19acdb2cbd4f5c618bd734b
5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184
5170aaf57181f13a2619d0e7e75d2973dcd5ce82ae5aca8cd7a9cb8a3a4e5d6a
5193db47eb9fc06307e77ac5bee288671f3947bcbf69031ad0faa1c41228fc5d
52a680abb013b3e801df60190717a10bfe765e2e15ce1131470799d6cb710807
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
574df8652d934830b1e8ca731a0b0638f5fc9ed49b8d2f852fc3ffe2d9b40ffc
5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92
580dad1a7f46af3417b3d06e483f4cfb043ce1d9e443398a4c0d98b47947d6ec
5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8
5cd425896ccfd119ee720821af6a832189231c40d52ae8cad03480886967b984
5ecd61f5ea38a0e66c87cfc42e04b9459b0535c4f778b9efe31710339b602e25
5fcd8e19a77d1b6fbb11a09bcb64e448e98547746eca2149b5aee5f85307d9f4
605b3f81cae22e511a6b284368d863e9da83d4c50680a9eb4527718e9146fe00
613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50
61b71c2be325b3ebb4c944e2259618358e59dcdd6588694914eec3fbce1db22a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
66e3d45a33f8bf62ac2e6447d4350aeb5d2392b76c1ebefe2143f6f5d4738a28
68a66b0550813290742cfa96358e865b8ed252afa1fbce84924139645230fd1f
6a7236c859d6491548dcc21f41adf62f1ce3698c7a2bd60f9300634048de0c93
6bc3d03f9d36b00c7c9e9480dc420908aaba03af664e60c3e09a12cc530a7436
6c6d900511c502a6d0b97a298ecab07040eb48a8756ec785beddb35006825f0a
6e517f1f2da440c36103d61ae698974db84ded6b3ac8635a8c24d8ac8652c10d
70e0a3b2c82384039a2e4b31c305c9ef1f72a59b585acad421c54a6101a25237
736f27b030395f67439bdfaa3411ddfa9dd76a72a28d0d8337af4d51208fd009
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
751fb681f54d257d1e40ec453a64608224a9862491da12791310bdeb0c1d8a2a
75a654ce513996dc8f544619cc1c99b2361261bb6f38d51c619833d68d0a6a72
7a362a952c292709a71537fec975cef5e5dcac4b976fba407d8cd38fcc8c8ce3
7a9344144d755ac52f3d8405003feb8eab3b79aebc78e330537ea10861d6f32e
7ad21cc90a930524e58c899f79123513618465e3b374c71bf742e42cfcdf5a86
7b1bfbac0178604f4dce665117d962743d2916a2a37968438f3d49d7e9c04445
7d7862e6fbf2d69229da6a29919581daccb5fda185e6d92171147b42184eb460
7de327885eb13552b4d8343d92108ecd9f34c139b358c2e2e4573227be944949
7f90a7e37bbf5e1c046dcee0b917b1049e1e764e39c68f1dc1d1e53a2271126b
7fb07880fe0e8c6a59441a5eb71aed95f6542a8c4bc1ed859984d2e8efe054e0
7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851
81dcdb89a5eeaf53d4f6dcea3ce572c43bad3386e620dccc88c5cf269ea5b2e8
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8ad92b1c7e5bcc8f201872ca3770d95f4a5deb86781cbcc58809f3a275ec0dce
8e7c0b0b1c36228ba736e564a00405f72bf3b6bcfe6ac826cde2b6b9c14e55ea
8edd81efeebfa7bb3c1ffbfafa5450d29a485a8f52495b50c301ca3fe9bc4e6a
8ef632787197eed4d48c94b8bf69add99b244a562f4927b491f8ec1f4d27e8e2
91ba9e463564da5fd6172206e4ae43b74de8f12efb8865aade1bc3c11a5b6ed6
95544e762173b33dfcecb7c09008b5edd6cd2f35ef8f9bc575fe34e0c8792d29
96c9d5526261a29afe062480e6befe0680041e7ec0bd393c89803d6245e6b602
985a210375670fb5c41b9c3239d382e96d3ae29a1a3f409a71757df339ec817c
985d2b656cce9486a1f152d7c4bbbc4cc1d5a65a0af9bd52e260bcc255bced06
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ca119586f3ba8e6a4a1dacf83852d3275071d2501de033ba04673b4efde1ac3
9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86
9d590c241b2c34260736e08ed8ad94777ab9890478221c31136c399c0ca84da2
9df6ee9cacae73c1c424e5e181c45ee6158e44f7a54cc535f10b65d3e520ee06
9e2ac756b7d18a0715d66cff4a48f4ba89882b3bcec6cd4fda5455387eaff84d
9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da
9ebdfd3be382aa105dd46aec5d42eb54b4138e89ba7fd8dbd559741e9519cefc
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a133ebeb1ab05648a3e66ee081eebee3a6925f20c25da3d3299cbd60b6bd3382
a151cd0ce17efc76f5fe92c0721fa47031a36190c5ac7ee5f6512b9ac734d277
a28b55f41413d16c71a76b7af3ff9f707323bb3906096b85f7a581415aaeff55
a2bc91f713c9c1ca0639aea7b68766e33040d5be45459ee9dc977b58b44d04f6
a37215a87bbf7c46df1f98856fb389cd4413398816a0cc417585fb9f9a0cfcbc
a4135cd61dfa379bb61b0718f3a20dc8b25d0b8f4e3f2e52ef4d0e5be736136c
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1
a9d215e3058f5d7f8e4c4c2e270d695b25eb3fecbe9096838764b07ed690cf3c
ab4272c450db8b742f8dd5a4fe3c570fdd58915924b57b935308cfaa2903e5cd
ac2429c9dd60bbe0eeab4fb4322667db2a3566125b4a1d772c488381de05b9e6
ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a
aedf3dff6e3596bea2ed1f9bb489aca220ac62eb0f0eb2ec34306f215388a1c7
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1f0c32bdddde9d823fb770b4934d91c2f398b6b49fd9895b072bed2f8e87e60
b3c98bcd8998a4f3f04cea70c93809eaba6b8cb41a7853ef9a6a43bf09a14d76
b438fcb0b6409866bcf245a57397590528a9db351cceb09953f27f9105069895
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b65818868af60dc3ef2dad96b972a1e1fc79e13303505e34c33949eff883d4d4
b869a852368eaa119ee4b5b375ad2c86eb2c8eedaceafc3aff741faf14dc48b1
bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a
bb8b1178b759a87b00aa44abf1019c82e9df19b6059f1761c4646b3d470a7f01
bcd5fa5d7dbca071d56d8dbd96ea4b73018dabd55ba191b2cd111719765f384c
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
be0c8346ffda26948856770034cf143c5aed0530f870ebfddb218f8e895954c8
bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c
bead47bb08af73c61c4d920ed428af54cc8582bf2c69e9b8f7ffcc01bac902fb
bf31521a23de960c1d10dfbef8a4325799cf9f54f007c6130e7bd072a1c3920a
bfe6f78248eda598a1e85b3ef73553c3c32921630573d523a59b04f74b23bef6
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c3c8f737c2c30356f2b788246c529049e20b42a6454539265981b00d318536ae
c4e5ff98a650e762acc7cfe6392e04ec3429e8cc9839a21b0b6ff0de542e3796
c53892d59cd32f8a5def4df38f83ab256563f83c0bad82e68b6d1c3403a955b8
c831368e6c1e3d134dec9d3498becba4c62456d17da204d5fb812ca14c7fca5e
cc939da02f17c0a4b588e6add9db98743b91e675a9ee37deb1a2114ac541a8f3
ce3cf09c371f16e84cd9db5935613c3c8eeb5b5cf14511fa484818c7282cf5fb
ce85c82c424389a3beb68bad84ffab90014e32a0b9111efc582373fc0f7ff22e
cf0ebd338dece7cddfe2f599cfd297de1f503355591b43de942c34b20a2148b2
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5
cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101
d0b51e4d758e7454766165519e4de87c1136f57c11e22042a103c8b17d349a77
d1abef527f498afd45a968e9d226413e58b40b21872f23164ff7a203a26f40b6
d2d66ff9bc1e76fe4040dbff16931c794b02ac016d8cf71a2fc64de4fc00681b
d469330093a2cebd898628a339df6abaf5edcb89e85769ff79840371195a7d1f
d69f2b4ba0b3d3c411bb34844d812afa68128a4ad85f62bb62df1b31fcf05b2b
d7ca1cee5940065f9da9986c40d7d20128a7cb8826205f9aa655e992e5bfd94e
d889a1ca224f872f647248a6cdee1a92eca475fa0ea8796129e39b03bbc09628
d8b4887a05128d173df033ad7b0ecf00bba347394d67b8800b831a90dfeff00c
d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60
da63501825ba120dc0299f39a0597144092890d0444a7803a7cc43541a0c4495
dadfdfc7b569cd00d0d156e506ab33933374a143c93f073a5ccc1c9feec4def7
dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc
e1eeffc1ffab8d29d222faedce533601a99ae1510c31707127fddafc8a0f6b16
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e47fe684eeb5978f6c7437edacdbe8f33a60d89a68403c3e58c0128bfe36a52d
e5717cc8aa2d5e23ac1adcdfdaff16f8a064f4c759b002fe9b97e6c71c0b810d
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0
e8cd9f7f932e502b97e7ebd1194ba28e4b5a441b6100a07a09a6c02f102c8b55
e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3
eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d
ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f22e44016410fdcef01a56b89401973c22cc1d5fc740e615ed904add45ad7ffe
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f74a971771bbed56a13238f100e81152d4e14e3efb0a3da5772340955160f5d6
f812e897ae3a77c1b7c1f131bdfa130aa46b15de91143784d77a7bb353ac6492
fb9ee137734c9d4933d908d02325dc37c4dd86dd58614a2c7d9d5a01890aefd2
ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884

pcloak.blob.core.windows.net Open in urlscan Pro 20.60.220.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

433 Requests

89 %HTTPS

28 %IPv6

57 Domains

90 Subdomains

70 IPs

9 Countries

5687 kBTransfer

13623 kBSize

27 Cookies

0 Outgoing links

Redirected requests

433 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Screenshot
Live screenshot

Full Image

433
Requests

89 %
HTTPS

28 %
IPv6

57
Domains

90
Subdomains

70
IPs

9
Countries

5687 kB
Transfer

13623 kB
Size

27
Cookies

433 HTTP transactions
9 data transactions