pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Submission: On July 05 via api (July 5th 2023, 1:12:24 pm UTC) from TR — Scanned from DE

Summary HTTP 296 Redirects Behaviour Indicators

Summary

This website contacted 55 IPs in 3 countries across 57 domains to perform 296 HTTP transactions. The main IP is 20.60.220.36, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pcloak.blob.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on March 22nd 2023. Valid for: a year.

This is the only time pcloak.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	20.60.220.36 20.60.220.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NIOBEBILI...) (NIOBEBILISIMHIZMETLERI)
3	94.138.206.83 94.138.206.83	49126 (AS49126) (AS49126)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
40	2a02:6ea0:c70... 2a02:6ea0:c700::17	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
2	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	2.16.96.119 2.16.96.119	16625 (AKAMAI-AS) (AKAMAI-AS)
19	185.7.176.223 185.7.176.223	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
16	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
27	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
3	13.225.30.130 13.225.30.130	16509 (AMAZON-02) (AMAZON-02)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
2	185.7.176.221 185.7.176.221	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
7	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	52.222.253.136 52.222.253.136	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
22	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:80e::2002	() ()
2 7	52.29.25.103 52.29.25.103	16509 (AMAZON-02) (AMAZON-02)
5	2600:9000:225... 2600:9000:2251:8600:3:4706:a6c0:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2600:9000:249... 2600:9000:2491:1200:1b:f040:3600:93a1	16509 (AMAZON-02) (AMAZON-02)
5	154.58.197.185 154.58.197.185	() ()
7	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
2 4	2001:678:cb4:... 2001:678:cb4:bbbb::11	() ()
7 49	142.250.181.226 142.250.181.226	() ()
2 2	151.101.194.49 151.101.194.49	() ()
1	98.98.134.242 98.98.134.242	() ()
3	35.186.253.211 35.186.253.211	() ()
6 8	185.80.39.216 185.80.39.216	() ()
6 6	52.17.208.101 52.17.208.101	() ()
1 2	51.75.86.98 51.75.86.98	() ()
3 4	37.252.171.53 37.252.171.53	() ()
1 1	185.29.132.241 185.29.132.241	() ()
1 1	35.204.74.118 35.204.74.118	() ()
3 3	85.114.159.93 85.114.159.93	() ()
3 3	213.155.156.169 213.155.156.169	() ()
2 2	69.173.144.138 69.173.144.138	() ()
3 3	46.228.174.117 46.228.174.117	() ()
2	2620:116:800d... 2620:116:800d:21:93ca:31d8:d86e:38f6	() ()
2 2	2a05:d018:d29... 2a05:d018:d29:3605:6cdc:9419:1549:d39d	() ()
4 4	198.47.127.19 198.47.127.19	() ()
1	185.86.139.104 185.86.139.104	() ()
1 1	20.127.253.7 20.127.253.7	() ()
1	141.95.33.111 141.95.33.111	() ()
1	2a02:fa8:8806... 2a02:fa8:8806:20::2010	() ()
2 2	35.186.193.173 35.186.193.173	() ()
2 2	13.248.245.213 13.248.245.213	() ()
1	3.75.62.37 3.75.62.37	() ()
3 3	35.157.132.87 35.157.132.87	() ()
2 2	3.121.27.216 3.121.27.216	() ()
3 3	37.157.6.237 37.157.6.237	() ()
1	2600:1901:0:7... 2600:1901:0:76b9::	() ()
12	2606:4700:20:... 2606:4700:20::681a:ad1	() ()
7	2a00:1450:400... 2a00:1450:4001:830::2006	() ()
1	52.223.40.198 52.223.40.198	() ()
1	178.250.1.9 178.250.1.9	() ()
1 2	104.75.89.75 104.75.89.75	() ()
1	34.96.105.8 34.96.105.8	() ()
2 2	216.52.2.48 216.52.2.48	() ()
1	2606:4700:20:... 2606:4700:20::681a:61b	() ()
2	2606:4700:20:... 2606:4700:20::ac43:4a81	() ()
2	104.103.93.163 104.103.93.163	() ()
1	13.42.188.208 13.42.188.208	() ()
1	18.66.147.98 18.66.147.98	() ()
1	99.86.4.53 99.86.4.53	() ()
2	13.40.20.169 13.40.20.169	() ()
296	55

4 20.60.220.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pcloak.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NIOBEBILISIMHIZMETLERI, TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 94.138.206.83 (Turkey)

ASN49126 (AS49126, TR)

ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a02:6ea0:c700::17 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

cdn.ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.96.119 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-16-96-119.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 185.7.176.223 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

static.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng2.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.225.30.130 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-30-130.cdg3.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.7.176.221 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

c1.imgiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

feed.pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.253.136 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-253-136.fra60.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80e::2002 (None, )

ASN- ()

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.29.25.103 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-25-103.eu-central-1.compute.amazonaws.com

i.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:2251:8600:3:4706:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cti.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:2491:1200:1b:f040:3600:93a1 (United States)

ASN16509 (AMAZON-02, US)

ads.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 154.58.197.185 (None, )

ASN- ()

t.hspvst.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:678:cb4:bbbb::11 (None, ) 2 redirects

ASN- ()

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 142.250.181.226 (None, ) 7 redirects

ASN- ()

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.194.49 (None, ) 2 redirects

ASN- ()

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 98.98.134.242 (None, )

ASN- ()

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.253.211 (None, )

ASN- ()

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.80.39.216 (None, ) 6 redirects

ASN- ()

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.17.208.101 (None, ) 6 redirects

ASN- ()

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.75.86.98 (None, ) 1 redirects

ASN- ()

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.252.171.53 (None, ) 3 redirects

ASN- ()

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.241 (None, ) 1 redirects

ASN- ()

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.74.118 (None, ) 1 redirects

ASN- ()

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 85.114.159.93 (None, ) 3 redirects

ASN- ()

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.155.156.169 (None, ) 3 redirects

ASN- ()

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.138 (None, ) 2 redirects

ASN- ()

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 46.228.174.117 (None, ) 3 redirects

ASN- ()

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:93ca:31d8:d86e:38f6 (None, )

ASN- ()

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:d29:3605:6cdc:9419:1549:d39d (None, ) 2 redirects

ASN- ()

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 198.47.127.19 (None, ) 4 redirects

ASN- ()

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.104 (None, )

ASN- ()

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.127.253.7 (None, ) 1 redirects

ASN- ()

sync.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.33.111 (None, )

ASN- ()

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:20::2010 (None, )

ASN- ()

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.193.173 (None, ) 2 redirects

ASN- ()

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.245.213 (None, ) 2 redirects

ASN- ()

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.75.62.37 (None, )

ASN- ()

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.157.132.87 (None, ) 3 redirects

ASN- ()

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.121.27.216 (None, ) 2 redirects

ASN- ()

ads.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.6.237 (None, ) 3 redirects

ASN- ()

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:76b9:: (None, )

ASN- ()

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700:20::681a:ad1 (None, )

ASN- ()

as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2006 (None, )

ASN- ()

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (None, )

ASN- ()

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (None, )

ASN- ()

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.75.89.75 (None, ) 1 redirects

ASN- ()

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (None, )

ASN- ()

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.48 (None, ) 2 redirects

ASN- ()

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:61b (None, )

ASN- ()

static-de.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4a81 (None, )

ASN- ()

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.103.93.163 (None, )

ASN- ()

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.42.188.208 (None, )

ASN- ()

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.98 (None, )

ASN- ()

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.53 (None, )

ASN- ()

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.40.20.169 (None, )

ASN- ()

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
72	doubleclick.net 7 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 216 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 cm.g.doubleclick.net googleads4.g.doubleclick.net	311 KB
57	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 135 f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 160	566 KB
43	ye-mek.net ye-mek.net cdn.ye-mek.net	644 KB
19	virgul.com static.virgul.com — Cisco Umbrella Rank: 81866 ng.virgul.com — Cisco Umbrella Rank: 65490 ng2.virgul.com — Cisco Umbrella Rank: 74231	231 KB
17	w55c.net 2 redirects i.w55c.net — Cisco Umbrella Rank: 2590 cti.w55c.net — Cisco Umbrella Rank: 4192 ads.w55c.net — Cisco Umbrella Rank: 12943 pm.w55c.net	289 KB
14	ad4m.at as.ad4m.at ad4m.at assets.ad4m.at	428 KB
10	google.com adservice.google.com — Cisco Umbrella Rank: 113 www.google.com — Cisco Umbrella Rank: 10	743 B
8	casalemedia.com 6 redirects ssum-sec.casalemedia.com dsum-sec.casalemedia.com	7 KB
8	googletagservices.com www.googletagservices.com	449 KB
7	2mdn.net s0.2mdn.net	164 KB
6	360yield.com 6 redirects match.360yield.com	3 KB
5	hspvst.com t.hspvst.com	4 KB
4	pubmatic.com 4 redirects image6.pubmatic.com	2 KB
4	adnxs.com 3 redirects ib.adnxs.com secure.adnxs.com	4 KB
4	turn.com 2 redirects ad.turn.com r.turn.com	2 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 353 aax.amazon-adsystem.com — Cisco Umbrella Rank: 438	62 KB
4	windows.net pcloak.blob.core.windows.net	3 KB
3	webgains.io analytics.webgains.io api.webgains.io	31 KB
3	adform.net 3 redirects c1.adform.net	2 KB
3	bidswitch.net 3 redirects x.bidswitch.net	2 KB
3	yahoo.com 2 redirects pr-bh.ybp.yahoo.com ups.analytics.yahoo.com	2 KB
3	de17a.com 3 redirects d5p.de17a.com	964 B
3	adition.com 3 redirects dsp.adfarm1.adition.com	2 KB
3	openx.net rtb.openx.net	406 B
2	awin1.com www.awin1.com	1 KB
2	lijit.com 2 redirects ap.lijit.com	1 KB
2	teads.tv 1 redirects sync.teads.tv	452 B
2	ad4mat.net prod-rtb.ad4mat.net static-de.ad4mat.net	4 KB
2	creative-serving.com 2 redirects ads.creative-serving.com	1 KB
2	3lift.com 2 redirects eb2.3lift.com	1021 B
2	ctnsnet.com 2 redirects gcm.ctnsnet.com	1 KB
2	quantserve.com cms.quantserve.com	926 B
2	1rx.io 2 redirects sync.1rx.io	2 KB
2	rubiconproject.com 2 redirects pixel.rubiconproject.com	961 B
2	onetag-sys.com 1 redirects onetag-sys.com	534 B
2	everesttech.net 2 redirects sync-tm.everesttech.net	853 B
2	imgiz.com c1.imgiz.com — Cisco Umbrella Rank: 136022	131 KB
2	pghub.io pghub.io — Cisco Umbrella Rank: 2090 feed.pghub.io — Cisco Umbrella Rank: 2360	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 173	88 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 13228	6 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 433 imasdk.googleapis.com — Cisco Umbrella Rank: 500	154 KB
2	cloakan.co www.cloakan.co	1 KB
1	webgains.team cdn.track.production.webgains.team	15 KB
1	webgains.com track.webgains.com	2 KB
1	blismedia.com tr.blismedia.com	173 B
1	criteo.com dis.criteo.com	363 B
1	adsrvr.org match.adsrvr.org	265 B
1	dotomi.com dclk-match.dotomi.com	104 B
1	id5-sync.com id5-sync.com	1 KB
1	inmobi.com 1 redirects sync.inmobi.com	745 B
1	smartadserver.com ssbsync.smartadserver.com	45 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	576 B
1	simpli.fi 1 redirects um.simpli.fi	715 B
1	mathtag.com 1 redirects sync.mathtag.com	731 B
1	sitescout.com pixel-sync.sitescout.com	187 B
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2484	360 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	82 KB
296	57

	Domain	Requested by
47	cm.g.doubleclick.net	7 redirects f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com googleads.g.doubleclick.net ye-mek.net
40	cdn.ye-mek.net	ye-mek.net cdn.ye-mek.net
27	pagead2.googlesyndication.com	static.virgul.com pagead2.googlesyndication.com f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com ye-mek.net www.googletagservices.com securepubads.g.doubleclick.net
22	tpc.googlesyndication.com	f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com googleads.g.doubleclick.net pcloak.blob.core.windows.net tpc.googlesyndication.com pagead2.googlesyndication.com securepubads.g.doubleclick.net
16	securepubads.g.doubleclick.net	static.virgul.com securepubads.g.doubleclick.net f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com pcloak.blob.core.windows.net www.googletagservices.com
8	www.googletagservices.com	f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com googleads.g.doubleclick.net
8	f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
8	ng.virgul.com	static.virgul.com ye-mek.net
7	s0.2mdn.net	pcloak.blob.core.windows.net s0.2mdn.net f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com ye-mek.net
7	www.google.com	f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com googleads.g.doubleclick.net
7	googleads.g.doubleclick.net	pagead2.googlesyndication.com f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com googleads.g.doubleclick.net
7	static.virgul.com	ye-mek.net static.virgul.com pcloak.blob.core.windows.net
6	assets.ad4m.at	as.ad4m.at
6	match.360yield.com	6 redirects
5	t.hspvst.com	f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
5	ads.w55c.net	f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
5	cti.w55c.net	f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
5	i.w55c.net	pcloak.blob.core.windows.net f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
4	ad4m.at	as.ad4m.at ad4m.at
4	as.ad4m.at	googleads.g.doubleclick.net as.ad4m.at ad4m.at
4	image6.pubmatic.com	4 redirects
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	ssum-sec.casalemedia.com	4 redirects
4	ng2.virgul.com	ye-mek.net
4	pcloak.blob.core.windows.net	pcloak.blob.core.windows.net
3	c1.adform.net	3 redirects
3	x.bidswitch.net	3 redirects
3	d5p.de17a.com	3 redirects
3	dsp.adfarm1.adition.com	3 redirects
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	rtb.openx.net	f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
3	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
3	c.amazon-adsystem.com	static.virgul.com c.amazon-adsystem.com
3	ye-mek.net	www.cloakan.co ye-mek.net
2	api.webgains.io	analytics.webgains.io
2	www.awin1.com	as.ad4m.at
2	googleads4.g.doubleclick.net	pcloak.blob.core.windows.net
2	ap.lijit.com	2 redirects
2	sync.teads.tv	1 redirects googleads.g.doubleclick.net
2	ads.creative-serving.com	2 redirects
2	eb2.3lift.com	2 redirects
2	gcm.ctnsnet.com	2 redirects
2	pr-bh.ybp.yahoo.com	2 redirects
2	cms.quantserve.com	f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
2	sync.1rx.io	2 redirects
2	pixel.rubiconproject.com	2 redirects
2	pm.w55c.net	2 redirects
2	onetag-sys.com	1 redirects f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
2	sync-tm.everesttech.net	2 redirects
2	r.turn.com	f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
2	ad.turn.com	2 redirects
2	c1.imgiz.com	static.virgul.com c1.imgiz.com
2	connect.facebook.net	ye-mek.net connect.facebook.net
2	images.dmca.com	ye-mek.net
2	www.cloakan.co	pcloak.blob.core.windows.net
1	cdn.track.production.webgains.team	as.ad4m.at
1	analytics.webgains.io	track.webgains.com
1	track.webgains.com	as.ad4m.at
1	static-de.ad4mat.net	as.ad4m.at
1	secure.adnxs.com	1 redirects
1	tr.blismedia.com	f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
1	dis.criteo.com	googleads.g.doubleclick.net
1	match.adsrvr.org	googleads.g.doubleclick.net
1	prod-rtb.ad4mat.net	googleads.g.doubleclick.net
1	ups.analytics.yahoo.com	f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
1	dclk-match.dotomi.com	f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
1	id5-sync.com	f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
1	sync.inmobi.com	1 redirects
1	ssbsync.smartadserver.com	f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
1	sync.targeting.unrulymedia.com	1 redirects
1	um.simpli.fi	1 redirects
1	sync.mathtag.com	1 redirects
1	pixel-sync.sitescout.com	f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
1	imasdk.googleapis.com	c1.imgiz.com
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	feed.pghub.io	pghub.io
1	pghub.io	static.virgul.com
1	s7.addthis.com	ye-mek.net
1	www.googletagmanager.com	ye-mek.net
1	ajax.googleapis.com	ye-mek.net
296	80

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2023-03-22` - `2024-03-22`	a year	crt.sh
cpanel.cloakan.co R3	`2023-07-03` - `2023-10-01`	3 months	crt.sh
www.ye-mek.net RapidSSL TLS RSA CA G1	`2023-07-04` - `2024-07-06`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
1099124734.rsc.cdn77.org R3	`2023-06-13` - `2023-09-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
images.dmca.com R3	`2023-05-13` - `2023-08-11`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
*.virgul.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-24` - `2023-09-28`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-04-13` - `2023-07-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
*.imgiz.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-27` - `2023-09-09`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.w55c.net Amazon RSA 2048 M02	`2023-05-30` - `2024-06-27`	a year	crt.sh
*.hspvst.com Gandi Standard SSL CA 2	`2022-12-12` - `2023-12-09`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.sitescout.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-09` - `2024-02-02`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-02-21` - `2023-08-16`	6 months	crt.sh
prod-rtb.ad4mat.net GTS CA 1D4	`2023-06-04` - `2023-09-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-07` - `2024-05-06`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-12` - `2023-08-10`	3 months	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-06-09` - `2023-09-07`	3 months	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
*.webgains.io Amazon RSA 2048 M02	`2023-03-02` - `2023-09-21`	7 months	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M01	`2023-02-28` - `2023-10-28`	8 months	crt.sh

This page contains 29 frames:

Primary Page: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Frame ID: D4F4647F9F664B866DEF855E17A21B9B
Requests: 6 HTTP requests in this frame

Frame: https://ye-mek.net/
Frame ID: CB6433E780754C1E64EB235DFFBA7056
Requests: 91 HTTP requests in this frame

Frame: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Frame ID: CBB8B2D99123C0D86F23E2CC5B9E865A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230627/r20190131/zrt_lookup.html
Frame ID: FC8932A6B10221186073CAD41F75B609
Requests: 1 HTTP requests in this frame

Frame: https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D
Frame ID: B3BC9FA7F36FEBDC33B21B154CA6D413
Requests: 1 HTTP requests in this frame

Frame: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 5CA4FD1CD4D77EC093B56C85EE500A59
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688562739967&bpp=5&bdt=777&idt=344&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&nras=1&correlator=2282535237193&frm=24&ife=1&pv=2&ga_vid=1330345952.1688562740&ga_sid=1688562740&ga_hid=1757646299&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C44759842%2C31071259%2C31075623%2C44788442&oid=2&pvsid=3355809029795402&tmod=1149460829&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.dy08tawkzvo7&fsb=1&dtd=367
Frame ID: EA36D910CDAC88FC9B8606730490EF88
Requests: 1 HTTP requests in this frame

Frame: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: CDB8AAD68B866A1C68A66BEAE050E539
Requests: 11 HTTP requests in this frame

Frame: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 8417EDF02A96F50A89F67F52EC5E4ACE
Requests: 13 HTTP requests in this frame

Frame: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: D7E94B1D9C56BC0FA2D1F61688B9DD0C
Requests: 13 HTTP requests in this frame

Frame: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: FB0C5137944E0D6ACB89E81DEDB1C72F
Requests: 13 HTTP requests in this frame

Frame: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 59DDB0ED9A8A5595556E3E616FF9754B
Requests: 19 HTTP requests in this frame

Frame: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 828A92BB2EB6DF6B6239865DAE0D37D8
Requests: 13 HTTP requests in this frame

Frame: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: B2F9D8023B12A8529217CCDF0ED6B808
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407250215&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688562741007&bpp=10&bdt=169&idt=209&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&nras=1&correlator=7044068159677&frm=8&ife=1&pv=2&ga_vid=670432806.1688562741&ga_sid=1688562741&ga_hid=571393246&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=819287971&scr_x=-12245933&scr_y=-12245933&eid=42532277%2C42532279%2C44759842%2C44759875%2C44759926%2C31075645%2C44788442%2C21065724&oid=2&pvsid=3029861226246386&tmod=922379705&uas=0&nvt=1&fsapi=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.8bjligus8d4v&fsb=1&dtd=244
Frame ID: 22C4CD5FB20ED0F9A5DAC65AC4E8F074
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688562741017&bpp=3&bdt=179&idt=258&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7044068159677&frm=8&ife=1&pv=1&ga_vid=670432806.1688562741&ga_sid=1688562741&ga_hid=571393246&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=819287971&scr_x=-12245933&scr_y=-12245933&eid=42532277%2C42532279%2C44759842%2C44759875%2C44759926%2C31075645%2C44788442%2C21065724&oid=2&pvsid=3029861226246386&tmod=922379705&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3jlrkcjgj8ak&fsb=1&dtd=264
Frame ID: CF39E5E8EBE4B8042649C28B37C50BB2
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 15B50AA798C397CF438688BD8DF24103
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNEDENWYWRjzjcnuATAB&v=APEucNXN4qwrUmarwoIH7-6AXUns0NpTzzaYVxXJ-pkKtzNH5jhFE-uYhi-7ufD8THkb_xJ2IcYyOGcre_UpbpdYis_m9khXZpgcsgF1GKcDneUus2szQW3VfrvdbLcBUqd_Ret-eOR7T4wqZIdmy0tfdpCAWpfpG5Y2A35RcHjbBMxEj7eZAgg
Frame ID: 81C7BBA02223507C44684C8454F37E5A
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2F84A87523ECF6C66E89D896E866FB50
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 58060356F180B3223A5B99640DECE770
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5CE5689254CAE881A5E9A969417E226F
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: D50DD43991704F6CCCC4FB0684AB9DBB
Requests: 9 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1gv2sr9b3zvksvxvxzckv3sjcb19fz0cpy257j11tyzyacbxeerb0m76731vcfz761ztc2ftxmh9pmcgtzh1afv5zk6m6jyrvsf3qqs9c8sxmanygpfh25cmqdpe7gyyf59qg5c1qhzq7bjtqxpwgjcb7rh3vcaw3qpbrv1qnce7yjn9pdmxgn0p930khhz98xc2wya5y9vgf1wsnszg0qqb5g6dm5xwdxbdna5nqvdm22tvraszehff629ta76m8xjer5wcs57v1ffhxykk20hkyj59gkq14x5sthkpj0zxjzjqv20t1nta87d43r591s6f9tjf5q7rrdf4cy9nzw8b3dbvhppk9akxvqx7fejjz8xdyzkkvb7kwh3fxm2xkf5ka75rv326qkkwxbvrnd2h99y0wfksbv6c9k3pz661nzbjmhpyt08ky3wx9zpk9djw2b9wzm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%26client%3Dca-pub-6593523210010154%26adurl%3D
Frame ID: DE5323E56E62E1311AF24D90627FABB1
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: CBB3D3C3AAD710D2D30D417340812458
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5033A92BF3CC0F873D97FD4A65725A14
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/18225457952125459833/728x90/728x90.html?ev=01_250
Frame ID: 00C5CE8719B613F66B2363E193E94BD0
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 13AC7ACF987BB1C8EEC1A4CA24341A70
Requests: 3 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 6BF34347D569F432D1F59C9E791EE991
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=fbca34843907381617b7cefcbbc278bf%2F9256271693418598238&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688562742155&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j39e8wnx88e0bs8wj7419kb3dwsmrpc8nm7t29v16td3s9cjz007g732m076fyqa1tx72xqdpxxk36nmrwjk2xrf0p20j62z8ase30vmw196pez4m0tj6nk9g0bhsbwdkex0y7yjdc62kd5y59x8hq7mvw4h5hjyq7srpvm7vvjyj9wx3bbhacb5zjs3khbyzx92ke8cbxvmfeh63efts8d5bgb7bjs0gfxejwmkvp9241r0183z74hxz0d7gjfzsb7vk34rm5zqg7c1gfcvh6hnw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Frame ID: 0DD08C38D067A6875B87C8BA2FC2BA04
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

296
Requests

85 %
HTTPS

34 %
IPv6

57
Domains

80
Subdomains

55
IPs

3
Countries

3676 kB
Transfer

8376 kB
Size

45
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 171

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEKSYfxeg4SxuqFgwEph5Igs&google_cver=1&google_push=AaAOQGFZEzN_bb_z11DXd2L4PaFs3WdblU3k5KYC66bcKgTk_rOdTZfWzNNXZ4z5VFw6142odE-LQqHEl6U1BP2L1khDo7XLfXxQ3UqPrb9m8P0i_bOquIXmpUHWKLdG2q2Z8dYAq3Yp5wDQ9A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzI1NjQ1NTYzODE2MDg2MTgxNw==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHXCYoEUuxdb9AG5uFJwt8U&google_cver=1

Request Chain 172

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESELmPvPPG3c9tRcUBD4P1LFo&google_cver=1&google_push=AaAOQGECElmOLLVDqKR17qHYTm6nIuwDNvgAnERVZ0aOvAiz9sqJn8WM4TIkK7zItOm0MQAb5LNX-Vvfli67cwAuqfiVD9ecjoXOKJ68JJWY_fU-8DEO1G54e677Exta2ntpKHaGa_Uecm8cRQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESELmPvPPG3c9tRcUBD4P1LFo&google_push=AaAOQGECElmOLLVDqKR17qHYTm6nIuwDNvgAnERVZ0aOvAiz9sqJn8WM4TIkK7zItOm0MQAb5LNX-Vvfli67cwAuqfiVD9ecjoXOKJ68JJWY_fU-8DEO1G54e677Exta2ntpKHaGa_Uecm8cRQ

Request Chain 175

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPOKm3__FORGqkuRYxfhrrs&google_cver=1&google_push=AaAOQGECTaXpd1cJJg7O51RHGWN7TdR2QBjYY6OsZPgkiBL-rIFGm8CEhBee5moiwNM8rSmV30fpf8wrr94Rx4w-KCUze_xos2yU1VUMkdo9NlwbWM4DFaUOUpwor5jlgzocNAOghYeycBGR HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEPOKm3__FORGqkuRYxfhrrs&google_push=AaAOQGECTaXpd1cJJg7O51RHGWN7TdR2QBjYY6OsZPgkiBL-rIFGm8CEhBee5moiwNM8rSmV30fpf8wrr94Rx4w-KCUze_xos2yU1VUMkdo9NlwbWM4DFaUOUpwor5jlgzocNAOghYeycBGR&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPOKm3__FORGqkuRYxfhrrs&google_hm=ZKVsNeQlRcaOsAk3li2-CgAACJsAAAAB&google_nid=index&google_push=AaAOQGECTaXpd1cJJg7O51RHGWN7TdR2QBjYY6OsZPgkiBL-rIFGm8CEhBee5moiwNM8rSmV30fpf8wrr94Rx4w-KCUze_xos2yU1VUMkdo9NlwbWM4DFaUOUpwor5jlgzocNAOghYeycBGR

Request Chain 176

https://match.360yield.com/match/ebda?google_gid=CAESEDD9eJp_l54lbwd2WxOPxXM&google_cver=1&google_push=AaAOQGErFTbk2w_u1TcdUaEX01d_Iqax3VmIuSPKqN9JnJbuRL0DdoywC_QgYvw4tVuNYy1tW16NE8kEU9IslQuJSq_3iSmbOrLJ4JkDrLJjGQU7lg-hvDdAVrbKCPayQof4VrMfz1aEJNyo-Q HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEDD9eJp_l54lbwd2WxOPxXM&google_cver=1&google_push=AaAOQGErFTbk2w_u1TcdUaEX01d_Iqax3VmIuSPKqN9JnJbuRL0DdoywC_QgYvw4tVuNYy1tW16NE8kEU9IslQuJSq_3iSmbOrLJ4JkDrLJjGQU7lg-hvDdAVrbKCPayQof4VrMfz1aEJNyo-Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aC08-LogQn2qwH6BbD37KQ&google_push=AaAOQGErFTbk2w_u1TcdUaEX01d_Iqax3VmIuSPKqN9JnJbuRL0DdoywC_QgYvw4tVuNYy1tW16NE8kEU9IslQuJSq_3iSmbOrLJ4JkDrLJjGQU7lg-hvDdAVrbKCPayQof4VrMfz1aEJNyo-Q

Request Chain 177

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEPa8TJOH2bRBg_hoY-y_ItQ&google_cver=1&google_push=AaAOQGG810mortbE1uzzXS0-TWPfRYDQHUsEK_0gHxMkPXmJxgRHzpqeLhlfR6Fo3VcRforrlpOQgaMzCBsnd3l2TVarMI2MxM0tNzZIfYHEJXLMkw4UTkYyquAYHXI0Ds4V8Me7hBdUffR4z9c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGG810mortbE1uzzXS0-TWPfRYDQHUsEK_0gHxMkPXmJxgRHzpqeLhlfR6Fo3VcRforrlpOQgaMzCBsnd3l2TVarMI2MxM0tNzZIfYHEJXLMkw4UTkYyquAYHXI0Ds4V8Me7hBdUffR4z9c HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 179

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN_lGS204E6DEfGfT_OcGB8&google_cver=1

Request Chain 180

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZKVsNeQlRcaOsAk3li2.CgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN_lGS204E6DEfGfT_OcGB8&google_cver=1&google_hm=2

Request Chain 181

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPTBNOz_KdhMh7f5GhVi-l8&google_cver=1

Request Chain 182

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzMxMjk0NjE4NzYwNTk2MjA1Ng%3D%3D

Request Chain 183

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAZXwYKpu058-D_rmnPMksw&google_cver=1&google_push=AaAOQGEj2TxVGOPsdZAwRuj93lKBADRiO5xecC_O6zydT_mbk1wpTtm_cmYGI-8MHjXYDY7C_zBAxpfoj5ZKpODUyEyqChRdSz20xA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SVpJMGNXTlgxUWgyaVY1&google_gid=CAESEAZXwYKpu058-D_rmnPMksw&google_cver=1&google_push=AaAOQGEj2TxVGOPsdZAwRuj93lKBADRiO5xecC_O6zydT_mbk1wpTtm_cmYGI-8MHjXYDY7C_zBAxpfoj5ZKpODUyEyqChRdSz20xA

Request Chain 184

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEJaQbbqnauCRJ6mxWcu3VCk&google_cver=1&google_push=AaAOQGENJ4sfrGhikd07nM5AZTH7u5sBxaUZAvK1T45FqvYRjjw-WYZwn9WjQOEdgaJEdpdRKmv9eyyuPrz_n5mnZmyB1f2VRvfUfw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGENJ4sfrGhikd07nM5AZTH7u5sBxaUZAvK1T45FqvYRjjw-WYZwn9WjQOEdgaJEdpdRKmv9eyyuPrz_n5mnZmyB1f2VRvfUfw

Request Chain 185

https://um.simpli.fi/gp_match?google_gid=CAESEIxgqLNEfnjPsHyDuoPdFqM&google_cver=1&google_push=AaAOQGE4gQpfBLZ2pAsJuKtF-E_z-r056KB-0zHj8zndkwaxAAwDxshr0M6qxGi7aS9HvXySnd5RNI1UOx4tA6WDxHQtSDQE2zrp HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=FE054351540E4ADC88C8D737F5E878DC&google_push=AaAOQGE4gQpfBLZ2pAsJuKtF-E_z-r056KB-0zHj8zndkwaxAAwDxshr0M6qxGi7aS9HvXySnd5RNI1UOx4tA6WDxHQtSDQE2zrp

Request Chain 186

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESELBFGrn3yxlSl3wdkJqvr10&google_cver=1&google_push=AaAOQGEkQn05v9244gebbMJ8nYkzVwUFvo8t45ZW3A9jDaqjjbKz8JCu4XR28e0xNPNI-mW-NKpi57jfQrh5SEXsohRiC-oXH6Hq5Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MjMyMTc0OTg2MTMzMzE0Ng%3D%3D&google_push=AaAOQGEkQn05v9244gebbMJ8nYkzVwUFvo8t45ZW3A9jDaqjjbKz8JCu4XR28e0xNPNI-mW-NKpi57jfQrh5SEXsohRiC-oXH6Hq5Q

Request Chain 187

https://d5p.de17a.com/cookies/google?google_gid=CAESEInTKUUO9G-F00zHmpMASyc&google_cver=1&google_push=AaAOQGF1Ie7U-5cOTO928MHoSuzUWpt0eeSLwMThNvzk2tV7He8xpc6aslRZRPLfusYSfolGNjjufPMt_AeZWqlV7rscN7lRvo8VVA HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEInTKUUO9G-F00zHmpMASyc&google_cver=1&google_push=AaAOQGF1Ie7U-5cOTO928MHoSuzUWpt0eeSLwMThNvzk2tV7He8xpc6aslRZRPLfusYSfolGNjjufPMt_AeZWqlV7rscN7lRvo8VVA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGF1Ie7U-5cOTO928MHoSuzUWpt0eeSLwMThNvzk2tV7He8xpc6aslRZRPLfusYSfolGNjjufPMt_AeZWqlV7rscN7lRvo8VVA

Request Chain 188

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEO5U5rm_DUfgCsvjDhNXzq4&google_cver=1&google_push=AaAOQGFCbr9sbRmS05Gs-nEttOMQeT02NWvItaA1PmqUW4-sIev_iQrQkuGyHnHO41yD5qwEeb1segOHBfH4ME9VDB-iuIrimsPV HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpQUU5QWVItVC0xOFZI&google_push=AaAOQGFCbr9sbRmS05Gs-nEttOMQeT02NWvItaA1PmqUW4-sIev_iQrQkuGyHnHO41yD5qwEeb1segOHBfH4ME9VDB-iuIrimsPV

Request Chain 189

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEB2k9x5uC_nob3d5I26WE0g&google_cver=1&google_push=AaAOQGHVxjkHR4l0msapweqEqaHMB4RhthiQalo2vYo-WhzT7iu1HOqtDKS2rdq7xHH79kQPhL1Qonda_0ItWDBFeXwHiruM5Aul_A HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AaAOQGHVxjkHR4l0msapweqEqaHMB4RhthiQalo2vYo-WhzT7iu1HOqtDKS2rdq7xHH79kQPhL1Qonda_0ItWDBFeXwHiruM5Aul_A&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1688562741569 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-a2b7bcfd-05a5-415d-afd3-9cb29b3c9502-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAaAOQGHVxjkHR4l0msapweqEqaHMB4RhthiQalo2vYo-WhzT7iu1HOqtDKS2rdq7xHH79kQPhL1Qonda_0ItWDBFeXwHiruM5Aul_A%26google_hm%3DA6K3vP0FpUFdr9Ocsps8lQI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGHVxjkHR4l0msapweqEqaHMB4RhthiQalo2vYo-WhzT7iu1HOqtDKS2rdq7xHH79kQPhL1Qonda_0ItWDBFeXwHiruM5Aul_A&google_hm=A6K3vP0FpUFdr9Ocsps8lQI

Request Chain 193

https://ad.turn.com/r/cs?pid=3&google_gid=CAESENa7La73sgNUiE-AR-1t2Ac&google_cver=1&google_push=AaAOQGFK3wFxUKOMb33mVePdA6q3TAv3qMS9qU7etk0enS_QZrS3fHOXZAsPOl2FN67LDfH0bWAHXxwTLEh0pI5D0XU9p7Mcew0CVCsefafSUEskXgxLDKoYep_cpkgfK-g4kS9IcECzog HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzMyODUxMzIzMjE5ODc4OTc1Mw==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHXCYoEUuxdb9AG5uFJwt8U&google_cver=1

Request Chain 195

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEPkmO4Xf6ijjbf5G2Mm0A1M&google_cver=1&google_push=AaAOQGH5mrF--WirJHI8hU2rXv3zHmbHbDhB3SNKupoVANvl9DYUYMkV5ke1VqzArB7nc6k02Bque3ayCb9SmKKaDNyYCAyjymN054NZzcDtqP1HpOU44u4YuuyQ7CchSMs2tsbqbJm1Iw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MjMyMTc0OTg2NDQxMzMzOA%3D%3D&google_push=AaAOQGH5mrF--WirJHI8hU2rXv3zHmbHbDhB3SNKupoVANvl9DYUYMkV5ke1VqzArB7nc6k02Bque3ayCb9SmKKaDNyYCAyjymN054NZzcDtqP1HpOU44u4YuuyQ7CchSMs2tsbqbJm1Iw

Request Chain 196

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHVTIELkEY304vMES_1TLZE&google_cver=1&google_push=AaAOQGHE9SOkO7Y9gtsCDZBZBR37W4pOgQM0SKoEAJrHMjm59b5P08eglybwasFsOIYJZplyxT4uQvkHOfRODJXHc-5Gfa8Gu3hl4G3K8nS0YqcVLJd_4IFxyXytamTDUTvhmw3mflNa2Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGHE9SOkO7Y9gtsCDZBZBR37W4pOgQM0SKoEAJrHMjm59b5P08eglybwasFsOIYJZplyxT4uQvkHOfRODJXHc-5Gfa8Gu3hl4G3K8nS0YqcVLJd_4IFxyXytamTDUTvhmw3mflNa2Q&google_hm=eS1DTl9qcmJaRTJwSGJJTDY5di50RFhVV3lLa0lybW9RUX5B

Request Chain 197

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEi1tD94ViMDzvg2NoI0AlM&google_cver=1&google_push=AaAOQGHu9cQY66ty0Lb2sARh4Y4D0DmUbNtwxghcbxA40pr5bFHUSeWRndQO72clZOIod95lJSfKaKA5B447qj0h8dWLESpNxfJeIX6BUvA6hIBZ6p3apxELr5GHiKXyirHaSddHx_5tQQ HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEi1tD94ViMDzvg2NoI0AlM&google_cver=1&google_push=AaAOQGHu9cQY66ty0Lb2sARh4Y4D0DmUbNtwxghcbxA40pr5bFHUSeWRndQO72clZOIod95lJSfKaKA5B447qj0h8dWLESpNxfJeIX6BUvA6hIBZ6p3apxELr5GHiKXyirHaSddHx_5tQQ&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=lJY4gpmPQ-Kz8Xl1Z-xscw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHu9cQY66ty0Lb2sARh4Y4D0DmUbNtwxghcbxA40pr5bFHUSeWRndQO72clZOIod95lJSfKaKA5B447qj0h8dWLESpNxfJeIX6BUvA6hIBZ6p3apxELr5GHiKXyirHaSddHx_5tQQ

Request Chain 199

https://sync.inmobi.com/gob?google_gid=CAESENu7rRa3S4FXEOZpadkLMDo&google_cver=1&google_push=AaAOQGFNhaHVt1gO-L2Sv-QKvtJ3bolUdbUgBrOHyYqLXJNH3it-f1IM0SdrZ_SLDkNyZftdjihg-cUfRlwVWzaFzgetrh1HzztTWHFXZGrivFNN76mKAYFrHZHdIrfFHIhbev-QYELmdZ6- HTTP 302
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAaAOQGFNhaHVt1gO-L2Sv-QKvtJ3bolUdbUgBrOHyYqLXJNH3it-f1IM0SdrZ_SLDkNyZftdjihg-cUfRlwVWzaFzgetrh1HzztTWHFXZGrivFNN76mKAYFrHZHdIrfFHIhbev-QYELmdZ6-

Request Chain 206

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEEdVXIWK2o3cCoVBYqvsdGo&google_cver=1&google_push=AaAOQGHoF1qMYkvxQK2pIDVhdUcMDVvw8G6i8Mx9dK4NXENhw627kdj6zqF6n2uf7dQ1B3bkhHm3D2sT8eRGGUz2QiwiR2m4kyX0ZCN5df7Au2etxGWgDX0QebxZEfeYFnL72JD9DEnvRxpn HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SVpJMGNXTlgxUWgyaVY1&google_gid=CAESEEdVXIWK2o3cCoVBYqvsdGo&google_cver=1&google_push=AaAOQGHoF1qMYkvxQK2pIDVhdUcMDVvw8G6i8Mx9dK4NXENhw627kdj6zqF6n2uf7dQ1B3bkhHm3D2sT8eRGGUz2QiwiR2m4kyX0ZCN5df7Au2etxGWgDX0QebxZEfeYFnL72JD9DEnvRxpn

Request Chain 207

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEHgP-JImZcifNRiqmSVwu2Y&google_cver=1&google_push=AaAOQGEENM5J5sFBG9_VqsOVLbq94TBKl835BDPAMZa-H9m3fBvXoFhu8tE75tLedyUSbZYmgzrozFmo0haxUzM7CMmbsytCMgMoxdZmw3QXYMAsRb-hDnm2l-uede5hy641bMe3FrutPT9R HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGEENM5J5sFBG9_VqsOVLbq94TBKl835BDPAMZa-H9m3fBvXoFhu8tE75tLedyUSbZYmgzrozFmo0haxUzM7CMmbsytCMgMoxdZmw3QXYMAsRb-hDnm2l-uede5hy641bMe3FrutPT9R&google_hm=a1H8iV0QRWmxuafoPtntyIY

Request Chain 208

https://match.360yield.com/match/ebda?google_gid=CAESELK4nbOmTmDk9PX2D72AZKA&google_cver=1&google_push=AaAOQGEvc-wi7WmVF2wRLPm4Y27obdLM9VeNY47O92SVg6HmD-3evQfXr8LtSXFFzj_GwAQSEtrqrIDkbfRlNnSLeJjHQiUXxsCMvGsGRmOiF3nQaGcqxSTBa_gy-mWd5zw5NpBR-cpTtLtW HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESELK4nbOmTmDk9PX2D72AZKA&google_cver=1&google_push=AaAOQGEvc-wi7WmVF2wRLPm4Y27obdLM9VeNY47O92SVg6HmD-3evQfXr8LtSXFFzj_GwAQSEtrqrIDkbfRlNnSLeJjHQiUXxsCMvGsGRmOiF3nQaGcqxSTBa_gy-mWd5zw5NpBR-cpTtLtW HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aC08-LogQn2qwH6BbD37KQ&google_push=AaAOQGEvc-wi7WmVF2wRLPm4Y27obdLM9VeNY47O92SVg6HmD-3evQfXr8LtSXFFzj_GwAQSEtrqrIDkbfRlNnSLeJjHQiUXxsCMvGsGRmOiF3nQaGcqxSTBa_gy-mWd5zw5NpBR-cpTtLtW

Request Chain 209

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEF2_mgGifA2lJH8Yk_WqG64&google_cver=1&google_push=AaAOQGHvarMu3J3YI8pR2P3p-oA-Rg-VUhOkowpfbliFLyI7z7XixmgUCR_EIUY_d5MUFkHE4R_S0ieKqKqLz6ESghYR70SqSf061WpXh9LB8CFLnXwKhXkEaqIJSkdnGOKDQyRkUYDLKWkP HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AaAOQGHvarMu3J3YI8pR2P3p-oA-Rg-VUhOkowpfbliFLyI7z7XixmgUCR_EIUY_d5MUFkHE4R_S0ieKqKqLz6ESghYR70SqSf061WpXh9LB8CFLnXwKhXkEaqIJSkdnGOKDQyRkUYDLKWkP&google_gid=CAESEF2_mgGifA2lJH8Yk_WqG64 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NjMwOTg2NTY2MTIxNTk3MDMwNjk0&google_push=AaAOQGHvarMu3J3YI8pR2P3p-oA-Rg-VUhOkowpfbliFLyI7z7XixmgUCR_EIUY_d5MUFkHE4R_S0ieKqKqLz6ESghYR70SqSf061WpXh9LB8CFLnXwKhXkEaqIJSkdnGOKDQyRkUYDLKWkP

Request Chain 212

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEBjnjz18RNGWeae9HJ9gn2w&google_cver=1&google_push=AaAOQGHI1oh-iy7nVIEJAgisSRBFxoiyxazFp4_1_onw3_KjFLN5CXAn3BJHxbBPmOpU-Ezkbps8l6XfAns3f0b3GtP91voHXQ HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEBjnjz18RNGWeae9HJ9gn2w&google_cver=1&google_push=AaAOQGHI1oh-iy7nVIEJAgisSRBFxoiyxazFp4_1_onw3_KjFLN5CXAn3BJHxbBPmOpU-Ezkbps8l6XfAns3f0b3GtP91voHXQ HTTP 302
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=google&bsw_custom_parameter=4f16c4b7-1059-45ef-abeb-bc613163751c&gdpr=&gdpr_consent= HTTP 302
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=google&bsw_custom_parameter=4f16c4b7-1059-45ef-abeb-bc613163751c&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=4&user_id=d11a9a8d-d635-4cc5-af25-8640abe4d635&ssp=google&expires=30&user_group=5&bsw_param=4f16c4b7-1059-45ef-abeb-bc613163751c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGHI1oh-iy7nVIEJAgisSRBFxoiyxazFp4_1_onw3_KjFLN5CXAn3BJHxbBPmOpU-Ezkbps8l6XfAns3f0b3GtP91voHXQ&google_hm=TxbEtxBZRe-r67xhMWN1HA==

Request Chain 213

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEO8sphUJC7-dUMMg5nUiluo&google_cver=1&google_push=AaAOQGG_upe6SDp9mRO8oGHyzp9G_8KQ8AJizTWowtmfKsZG41hsu44Zmf2Rp6VoRtPxASkv0MOfV5zJaPXAOf8wleHVUszc8gU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGG_upe6SDp9mRO8oGHyzp9G_8KQ8AJizTWowtmfKsZG41hsu44Zmf2Rp6VoRtPxASkv0MOfV5zJaPXAOf8wleHVUszc8gU&google_hm=eS1WNXh4ZHhwRTJwRW4zdlVwNXN1dVFxaFVmTXhZUmJZdH5B

Request Chain 214

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHZjDfbycMxEyf1P1owCqqU&google_cver=1&google_push=AaAOQGFydgDbBDXBfZMWVeZl4awEGVw9kPCzSbUOIVPxK8Cfn_1oMOCaFvQphvNmTGTZm5UDVueB3l_vVl16Ug828xabJoQj0yc HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEHZjDfbycMxEyf1P1owCqqU&google_cver=1&google_push=AaAOQGFydgDbBDXBfZMWVeZl4awEGVw9kPCzSbUOIVPxK8Cfn_1oMOCaFvQphvNmTGTZm5UDVueB3l_vVl16Ug828xabJoQj0yc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODMxNjE3MDUwMDQ2NDMyMDMzMA&google_push=AaAOQGFydgDbBDXBfZMWVeZl4awEGVw9kPCzSbUOIVPxK8Cfn_1oMOCaFvQphvNmTGTZm5UDVueB3l_vVl16Ug828xabJoQj0yc

Request Chain 216

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJw8x3gUHcdq9_118gcwuic&google_cver=1&google_push=AaAOQGHJOnDP_riVysc-0IcCkp2cTiM67sdphQ-l5fVYT1B1Sr-kdrpvGZN7QAsYHEnO_BepDB_0OFlkmA7ABmGkJpfdqk0Ti0s HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJw8x3gUHcdq9_118gcwuic&google_cver=1&google_push=AaAOQGHJOnDP_riVysc-0IcCkp2cTiM67sdphQ-l5fVYT1B1Sr-kdrpvGZN7QAsYHEnO_BepDB_0OFlkmA7ABmGkJpfdqk0Ti0s&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=maaEuEb3TnCzZKEwiCv6QA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHJOnDP_riVysc-0IcCkp2cTiM67sdphQ-l5fVYT1B1Sr-kdrpvGZN7QAsYHEnO_BepDB_0OFlkmA7ABmGkJpfdqk0Ti0s

Request Chain 217

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGj2wUJgsyp-otEZMvUFMLI&google_cver=1&google_push=AaAOQGGgJor8CssLQYIaexSFVANeUQcalXjN4jOpkD4sqs96QhqmcTylxIgXEeSY5lIhFc72Ef-oh8trPOWNKSUOnq3xRMTQnw HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGj2wUJgsyp-otEZMvUFMLI&google_hm=ZKVsNeQlRcaOsAk3li2-CgAACJsAAAAB&google_nid=index&google_push=AaAOQGGgJor8CssLQYIaexSFVANeUQcalXjN4jOpkD4sqs96QhqmcTylxIgXEeSY5lIhFc72Ef-oh8trPOWNKSUOnq3xRMTQnw

Request Chain 218

https://match.360yield.com/match/ebda?google_gid=CAESEJ5mwhb0z6tizIp8-4CLbjA&google_cver=1&google_push=AaAOQGG1iMBxmy-mAsp9OoH4wEFJMSF31CRjFefxoB0CrVfjkmHxEK7Ud9e7cq7zcMaEJz79a70_AGf2aYmycBOHPkbbJl1lEQ HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEJ5mwhb0z6tizIp8-4CLbjA&google_cver=1&google_push=AaAOQGG1iMBxmy-mAsp9OoH4wEFJMSF31CRjFefxoB0CrVfjkmHxEK7Ud9e7cq7zcMaEJz79a70_AGf2aYmycBOHPkbbJl1lEQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aC08-LogQn2qwH6BbD37KQ&google_push=AaAOQGG1iMBxmy-mAsp9OoH4wEFJMSF31CRjFefxoB0CrVfjkmHxEK7Ud9e7cq7zcMaEJz79a70_AGf2aYmycBOHPkbbJl1lEQ

Request Chain 236

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEHdNlMVDN7ibe8IQovwc7Cw&google_cver=1&google_push=AaAOQGFsCvP5Hh5X_UAe0s8LXkhHyjOLJ3HlRRIC5ZdJ464hugkYzRktOB5S6-pY7crh9R6FmCstjh2w2gXwaeIcQe29rl7__IlDWg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WktWc05RQVczdGltR1FCTA==&google_gid=CAESEHdNlMVDN7ibe8IQovwc7Cw&google_cver=1&google_push=AaAOQGFsCvP5Hh5X_UAe0s8LXkhHyjOLJ3HlRRIC5ZdJ464hugkYzRktOB5S6-pY7crh9R6FmCstjh2w2gXwaeIcQe29rl7__IlDWg

Request Chain 238

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEChz9Cx0AinaEoAczXgVSzA&google_cver=1&google_push=AaAOQGHGajQKSsg3wDEdg3ALI_EhyJtqXyX98Lflp1Qc_25VnZAKbUiBZxU95OeSLnI6RQpeziWXncJ4kFVNcbRMsqNblEbE8lvSB6E HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGHGajQKSsg3wDEdg3ALI_EhyJtqXyX98Lflp1Qc_25VnZAKbUiBZxU95OeSLnI6RQpeziWXncJ4kFVNcbRMsqNblEbE8lvSB6E&google_hm=a1H8iV0QRWmxuafoPtntyIY

Request Chain 239

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEFS6TDNLj9n1IP8D1qah7YE&google_cver=1&google_push=AaAOQGHTETdnIb5x4clfPQX9awTdFbnPjLDpqVPCROKsUY19Qyat4hupZ-VZCtmSICNf-k8zek96vh4tJWvhL7TFi7oKslVHIKbtrSk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MjMyMTc0OTg2NDQxMzMzOA%3D%3D&google_push=AaAOQGHTETdnIb5x4clfPQX9awTdFbnPjLDpqVPCROKsUY19Qyat4hupZ-VZCtmSICNf-k8zek96vh4tJWvhL7TFi7oKslVHIKbtrSk

Request Chain 241

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHZjDfbycMxEyf1P1owCqqU&google_cver=1&google_push=AaAOQGHdOXy1Q2ysbU30-iLql2-PE_4uZi8_yhyVRecSM6dL4RQSWGh6y6bQxjfrArshHCro1TuedqzOvHkydMCccMUMkghNmrUkUBQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODMxNjE3MDUwMDQ2NDMyMDMzMA&google_push=AaAOQGHdOXy1Q2ysbU30-iLql2-PE_4uZi8_yhyVRecSM6dL4RQSWGh6y6bQxjfrArshHCro1TuedqzOvHkydMCccMUMkghNmrUkUBQ

Request Chain 242

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEAIoXrvtrOQ_O9Xt8anfZ4s&google_cver=1&google_push=AaAOQGGPvrErQ0FMmLNJnxUrsqs0dsbjB90B-YxlpFlhbNGfObvaYVBRhkEJhz7fT4wqdHfVVNU6M8SId4VlNDwuJ9-X9bqboBQ0jWwO HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AaAOQGGPvrErQ0FMmLNJnxUrsqs0dsbjB90B-YxlpFlhbNGfObvaYVBRhkEJhz7fT4wqdHfVVNU6M8SId4VlNDwuJ9-X9bqboBQ0jWwO HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 251

https://d5p.de17a.com/cookies/google?google_gid=CAESEJ28nz2cQb3i02sZjpq0zk4&google_cver=1&google_push=AaAOQGEKDxKqLhxvQiqWQMSsHpZbQFBbeQS2lj6eIOzSZmvdtUtZzLati3SNKwHOWBMDZsD0mBq8qa3JleSWobtHAWV2uTji3CKFFmIj7Rr2tl0Y_DbaUL6lmGdavImeKtVCg0JUhk0XIeU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGEKDxKqLhxvQiqWQMSsHpZbQFBbeQS2lj6eIOzSZmvdtUtZzLati3SNKwHOWBMDZsD0mBq8qa3JleSWobtHAWV2uTji3CKFFmIj7Rr2tl0Y_DbaUL6lmGdavImeKtVCg0JUhk0XIeU

Request Chain 253

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMIdgRlGYtMrvsn9EBFns3A&google_cver=1&google_push=AaAOQGG3Juzl4RBV8HMlM1q0YP7gUpZh_t8CE2GV4gDN-KmWeyzhXa6IYJm8g9ZSJ9nkbOgG2kldhvItNGOKTr3wiIa7vna3vFPzDhJvLc-Dhq1kpmYjoIAZia6Jw3j70lGZJ5WGgPl-gmQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpQUU5RQk8tMTQtNDVVNg==&google_push=AaAOQGG3Juzl4RBV8HMlM1q0YP7gUpZh_t8CE2GV4gDN-KmWeyzhXa6IYJm8g9ZSJ9nkbOgG2kldhvItNGOKTr3wiIa7vna3vFPzDhJvLc-Dhq1kpmYjoIAZia6Jw3j70lGZJ5WGgPl-gmQ

Request Chain 254

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENwTH1SxS1PlipZuN89vSzk&google_cver=1&google_push=AaAOQGHFi7RNYOKWin8K1mmkFjNxrHnrlRFfWjXgqgU05m0Xr--3NiaG2K9zieJ4plQB7P-Uv0QEJaBHTgTbiDp0p4h5f7xwEDOxRvhCS0mkgIG6cjfrTQEJ_NB-TiP3ux2d7SnRdY-Caa6T HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESENwTH1SxS1PlipZuN89vSzk&google_hm=ZKVsNeQlRcaOsAk3li2-CgAACJsAAAAB&google_nid=index&google_push=AaAOQGHFi7RNYOKWin8K1mmkFjNxrHnrlRFfWjXgqgU05m0Xr--3NiaG2K9zieJ4plQB7P-Uv0QEJaBHTgTbiDp0p4h5f7xwEDOxRvhCS0mkgIG6cjfrTQEJ_NB-TiP3ux2d7SnRdY-Caa6T

Request Chain 255

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEKVZcfJmkNeM9h0SEaliYcY&google_cver=1&google_push=AaAOQGEkdJqYo3G6zf6x1O2iA-54HGASpCsevHSUuPnLTWO3Rc_yK7wBSADye-EISj-KdehVopMGraR9gVfttWYcTSLa7Rzdsc7WMReTt_nawmQmEFdux3Ue0iNka5Je3-KXPoBVTnBbXMmT HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEKVZcfJmkNeM9h0SEaliYcY&google_cver=1&google_push=AaAOQGEkdJqYo3G6zf6x1O2iA-54HGASpCsevHSUuPnLTWO3Rc_yK7wBSADye-EISj-KdehVopMGraR9gVfttWYcTSLa7Rzdsc7WMReTt_nawmQmEFdux3Ue0iNka5Je3-KXPoBVTnBbXMmT&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGEkdJqYo3G6zf6x1O2iA-54HGASpCsevHSUuPnLTWO3Rc_yK7wBSADye-EISj-KdehVopMGraR9gVfttWYcTSLa7Rzdsc7WMReTt_nawmQmEFdux3Ue0iNka5Je3-KXPoBVTnBbXMmT&google_hm=G7g4tGZHoII28zE7RKeNcaP2

Request Chain 256

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEJAwyu8LNr9M1zOmKKAhXh0&google_cver=1&google_push=AaAOQGFRRrX5JjLPZcP6qpCjphNQ3VreYXJHQ5mG5RIrEKfISQdeMegi6eHqXrvo2TzI5HNX6VU7NzLXRjhhvlVwEhzCKw64iRLCSkxpIqRhrMD4qwIAn04FX1mQEZT9FKW7P6142ca3Te3GZw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MzMxMjk0NjE4NzYwNTk2MjA1Ng%3D%3D&google_gid=CAESEJAwyu8LNr9M1zOmKKAhXh0&google_cver=1&google_push=AaAOQGFRRrX5JjLPZcP6qpCjphNQ3VreYXJHQ5mG5RIrEKfISQdeMegi6eHqXrvo2TzI5HNX6VU7NzLXRjhhvlVwEhzCKw64iRLCSkxpIqRhrMD4qwIAn04FX1mQEZT9FKW7P6142ca3Te3GZw

296 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 6x6uf5z9e3262.html Show response
pcloak.blob.core.windows.net/web/ 1 KB
2 KB 953ms
95ms Document
text/html 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 22fee539734d38c9e84e3982188b21bafc9457236279a136ce1b3b9d55667437

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 1324
Content-MD5: XPHdOVCmWyxrVVstkB9xGw==
Content-Type: text/html
Date: Wed, 05 Jul 2023 13:12:17 GMT
ETag: 0x8DB5ED08476F0C5
Last-Modified: Sat, 27 May 2023 16:36:27 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 1ca798e0-701e-0046-2642-af768a000000
x-ms-version: 2009-09-19

GET
H/1.1 404
The specified blob does not exist. jquery.min.js
pcloak.blob.core.windows.net/web/ 0
0 100ms
100ms Script
application/xml 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/jquery.min.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-request-id: 1ca7994b-701e-0046-0742-af768a000000
Date: Wed, 05 Jul 2023 13:12:17 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 200
OK cloakan.js Show response
pcloak.blob.core.windows.net/web/ 308 B
717 B 291ms
94ms Script
text/javascript 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 05 Jul 2023 13:12:18 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: zPiKctHo6j8i1UGOFPpInw==
ETag: 0x8DA4D4A263C11C2
Content-Type: text/javascript
x-ms-request-id: 1ca79a0a-701e-0046-3842-af768a000000
x-ms-version: 2009-09-19
Content-Length: 308

GET
H/1.1 200
OK style.css
pcloak.blob.core.windows.net/web/ 166 B
568 B 196ms
95ms Stylesheet
text/css 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/style.css
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 05 Jul 2023 13:12:17 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 9ruAIrm4XHnQO3/sM8J0AQ==
ETag: 0x8DA4D4A26527CA0
Content-Type: text/css
x-ms-request-id: 1ca7999c-701e-0046-5342-af768a000000
x-ms-version: 2009-09-19
Content-Length: 166

GET
H2 200 px.php Show response
www.cloakan.co/ 743 B
681 B 272ms
147ms XHR
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/px.php?id=6x6uf5z9e3262
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:17 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 404

GET
H2 200 nv.php Show response
www.cloakan.co/ 232 B
385 B 262ms
148ms Script
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/nv.php?id=6x6uf5z9e3262-m
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:17 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 112

GET
H2 200 / Show response
ye-mek.net/ Frame CB64 77 KB
77 KB 224ms
52ms Document
text/html 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/
Requested by: Host: www.cloakan.co
URL: https://www.cloakan.co/nv.php?id=6x6uf5z9e3262-m
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 8334d0f1bb1c8ca3b3afd2f4a20ffaf1d95c63bd2a6c80a9e6ee84a3c2ddbbfd

Request headers

Referer: https://pcloak.blob.core.windows.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-length: 79035
content-type: text/html; charset=utf-8
date: Wed, 05 Jul 2023 13:12:18 GMT
expires: -1
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame CB64 90 KB
33 KB 120ms
36ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:06:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 590755
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33018
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 27 Jun 2024 17:06:24 GMT

GET
H2 200 yemeknet.js Show response
ye-mek.net/js/ Frame CB64 10 KB
2 KB 82ms
81ms Script
application/javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/js/yemeknet.js?v=1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Wed, 05 Jul 2023 13:12:18 GMT
content-encoding: br
last-modified: Tue, 20 Aug 2019 13:15:54 GMT
server: Microsoft-IIS/10.0
etag: "0a144655957d51:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=691200
accept-ranges: bytes
content-length: 2179

GET
H2 200 maincss.css
cdn.ye-mek.net/ Frame CB64 40 KB
12 KB 86ms
12ms Stylesheet
text/css 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ye-mek.net/maincss.css?v=434
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 6753297
x-accel-date: 1681809442
x-77-nzt: AZySIYhYL6f/EQxnAA
x-accel-expires: @1713345442
last-modified: Tue, 24 Nov 2020 00:00:32 GMT
server: CDN77-Turbo
etag: W/"5fbc4d20-9e5b"
x-77-nzt-ray: f6587a1de2d022ae336ca564b01e0510
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame CB64 233 KB
82 KB 175ms
49ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6B70JBQEWN

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9647fd3ccc6edfbbb2829bf415c6b4fb3e6317f275fd4cab5c949942109a9165

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83403
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 05 Jul 2023 13:12:19 GMT

GET
H2 200 WebResource.axd Show response
ye-mek.net/ Frame CB64 23 KB
23 KB 46ms
45ms Script
application/x-javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/WebResource.axd?d=9fTb-JTvAffUIcZWnYKXK9eNXMCMDvuYNGDyrmH6FR_RacydbbCcPpjLjGuCvuDohJ5KpnABInPqTTA9ZSVomqdpMV3eyeBxE7MBO4gYAQY1&t=637811837229275428
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Wed, 05 Jul 2023 13:12:18 GMT
last-modified: Wed, 23 Feb 2022 00:28:42 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: application/x-javascript
cache-control: public
content-length: 23063
expires: Wed, 03 Jul 2024 08:26:52 GMT

GET
H2 200 searchButton.png
cdn.ye-mek.net/App_UI/Img/ Frame CB64 542 B
896 B 21ms
21ms Image
image/png 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/searchButton.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6753349
x-accel-date: 1681809390
content-length: 542
x-77-nzt: AZySIYi69n7/RQxnAA
x-accel-expires: @1713345390
last-modified: Sat, 22 Oct 2022 20:00:57 GMT
server: CDN77-Turbo
etag: "63544bf9-21e"
x-77-nzt-ray: f6587a1de2d022ae336ca56483348b15
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ara.png
cdn.ye-mek.net/App_UI/Img/ Frame CB64 2 KB
2 KB 63ms
39ms Image
image/png 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/ara.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6753297
x-accel-date: 1681809442
content-length: 1651
x-77-nzt: AZySIYjLN/b/EQxnAA
x-accel-expires: @1713345442
last-modified: Mon, 14 May 2018 22:41:08 GMT
server: CDN77-Turbo
etag: "5afa1084-673"
x-77-nzt-ray: f6587a1de2d022ae336ca56432de4b1a
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 lokanta-usulu-taze-fasulye-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/07/ Frame CB64 13 KB
14 KB 65ms
41ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/07/lokanta-usulu-taze-fasulye-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: dc63503c3f3c59f9996f4ceee5ed9bfeff55f0714094188f7a9174e6a15a2a47

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 53713
x-accel-date: 1688509026
content-length: 13770
x-77-nzt: AZySIYgkLXj/0dEAAA
x-accel-expires: @1720045026
last-modified: Tue, 04 Jul 2023 21:39:20 GMT
server: CDN77-Turbo
etag: "64a49188-35ca"
x-77-nzt-ray: f6587a1de2d022ae336ca564c4fa4f1a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-taze-fasulye-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/07/ Frame CB64 14 KB
15 KB 67ms
43ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/07/firinda-taze-fasulye-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2180f29f86c7567e451861d1c1db1df4e665191dbc790c421a2b168138336f3f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 135560
x-accel-date: 1688427179
content-length: 14484
x-77-nzt: AZySIYgld6f/iBECAA
x-accel-expires: @1719963179
last-modified: Mon, 03 Jul 2023 23:14:30 GMT
server: CDN77-Turbo
etag: "64a35656-3894"
x-77-nzt-ray: f6587a1de2d022ae336ca564d330571a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 visneli-dondurma-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/07/ Frame CB64 13 KB
14 KB 72ms
48ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/07/visneli-dondurma-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e7d8342248029f1df308d3f2cb02a6a7a87714307aca80532eb853c198cc92f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 225266
x-accel-date: 1688337473
content-length: 13657
x-77-nzt: AZySIYgL3CL/8m8DAA
x-accel-expires: @1719873473
last-modified: Sun, 02 Jul 2023 22:22:54 GMT
server: CDN77-Turbo
etag: "64a1f8be-3559"
x-77-nzt-ray: f6587a1de2d022ae336ca5645d145b1a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 bezelye-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/07/ Frame CB64 14 KB
14 KB 74ms
50ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/07/bezelye-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: dd7419ac2c04d1920350f6b486f662f299717fb2b16b14a824f61cc4a362ad0d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 310886
x-accel-date: 1688251853
content-length: 14413
x-77-nzt: AZySIYi/ZDL/Zr4EAA
x-accel-expires: @1719787853
last-modified: Sat, 01 Jul 2023 22:15:24 GMT
server: CDN77-Turbo
etag: "64a0a57c-384d"
x-77-nzt-ray: f6587a1de2d022ae336ca564ae715f1a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-kiymali-patates-yemegi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/07/ Frame CB64 11 KB
11 KB 80ms
58ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/07/firinda-kiymali-patates-yemegi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: c7bb3478b0d96694781181456adc8e338e27432ca3e53dd805da648ec62d7fe3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6752911
x-accel-date: 1681809828
content-length: 11402
x-77-nzt: AZySIYi7Tob/jwpnAA
x-accel-expires: @1713345828
last-modified: Wed, 01 May 2019 23:02:47 GMT
server: CDN77-Turbo
etag: "5cca2597-2c8a"
x-77-nzt-ray: f6587a1de2d022ae336ca56420d1631a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sebzeli-yahni-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/11/ Frame CB64 11 KB
12 KB 82ms
60ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/11/sebzeli-yahni-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 89aaa0ce1877279f39fc4f3451e07fbbbafadc7a46827a4d56e88fcc98a7c3c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 253109
x-accel-date: 1688309630
content-length: 11422
x-77-nzt: AZySIYiGUYn/tdwDAA
x-accel-expires: @1719845630
last-modified: Thu, 28 Nov 2019 21:35:18 GMT
server: CDN77-Turbo
etag: "5de03d96-2c9e"
x-77-nzt-ray: f6587a1de2d022ae336ca56419a9681a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yogurt-soslu-tavuk-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/06/ Frame CB64 16 KB
17 KB 82ms
61ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/06/yogurt-soslu-tavuk-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 772de1eb224033fdc2d4f895698a95d01249b3e95be8f99991e8f9099c985df0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6739504
x-accel-date: 1681823235
content-length: 16582
x-77-nzt: AZySIYiWWoH/MNZmAA
x-accel-expires: @1713359235
last-modified: Thu, 09 Jun 2022 23:02:22 GMT
server: CDN77-Turbo
etag: "62a27bfe-40c6"
x-77-nzt-ray: f6587a1de2d022ae336ca56477ef6a1a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-porsiyon-musakka-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/05/ Frame CB64 18 KB
18 KB 82ms
61ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/05/firinda-porsiyon-musakka-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9edb23e141fe20aa066d445f9933b24561e461ab1f90a02d40dd2027023a94cc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6752942
x-accel-date: 1681809797
content-length: 17964
x-77-nzt: AZySIYh6P+T/rgpnAA
x-accel-expires: @1713345797
last-modified: Thu, 14 May 2020 23:54:34 GMT
server: CDN77-Turbo
etag: "5ebdda3a-462c"
x-77-nzt-ray: f6587a1de2d022ae336ca5646eec6d1a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 hashasli-corek-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/09/ Frame CB64 16 KB
16 KB 83ms
61ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/09/hashasli-corek-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: edcba838a24962cd51dc7fa5b127ce32471d5290ac4d9f1cbf79a5237b21f62e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 70218
x-accel-date: 1688492521
content-length: 16277
x-77-nzt: AZySIYi+9VT/ShIBAA
x-accel-expires: @1720028521
last-modified: Wed, 01 May 2019 23:05:08 GMT
server: CDN77-Turbo
etag: "5cca2624-3f95"
x-77-nzt-ray: f6587a1de2d022ae336ca5646d4b701a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 pirasa-diblesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/01/ Frame CB64 13 KB
13 KB 83ms
62ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/01/pirasa-diblesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7d9fcac1fb7114def5ff3d03c471a461834e48dd9bdeb94f803a76bfe01a3a37

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 254570
x-accel-date: 1688308169
content-length: 13230
x-77-nzt: AZySIYgsW0D/auIDAA
x-accel-expires: @1719844169
last-modified: Sun, 01 Jan 2023 20:33:18 GMT
server: CDN77-Turbo
etag: "63b1ee0e-33ae"
x-77-nzt-ray: f6587a1de2d022ae336ca5649045731a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 dugurcuk-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/04/ Frame CB64 13 KB
13 KB 83ms
62ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/04/dugurcuk-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: f3c0e9aa85ab23c407a04c53e45855e60ad2b70159adf46b69143ef7d87da645

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6751464
x-accel-date: 1681811275
content-length: 13093
x-77-nzt: AZySIYiNiB3/6ARnAA
x-accel-expires: @1713347275
last-modified: Wed, 01 May 2019 23:33:51 GMT
server: CDN77-Turbo
etag: "5cca2cdf-3325"
x-77-nzt-ray: f6587a1de2d022ae336ca5642662751a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tabule-salatasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/10/ Frame CB64 19 KB
20 KB 83ms
62ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/10/tabule-salatasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 255ea71d0db08ee9f59ac769752bd268c16f3ff96ac6999e891ea9caedb65c2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 170984
x-accel-date: 1688391755
content-length: 19834
x-77-nzt: AZySIYgjS7z/6JsCAA
x-accel-expires: @1719927755
last-modified: Sun, 23 Oct 2022 22:00:49 GMT
server: CDN77-Turbo
etag: "6355b991-4d7a"
x-77-nzt-ray: f6587a1de2d022ae336ca5644d7c771a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kirmizi-et-marinesi-terbiyesi-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/09/ Frame CB64 13 KB
14 KB 83ms
62ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/09/kirmizi-et-marinesi-terbiyesi-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: be0c8346ffda26948856770034cf143c5aed0530f870ebfddb218f8e895954c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 690115
x-accel-date: 1687872624
content-length: 13718
x-77-nzt: AZySIYjkfVb/w4cKAA
x-accel-expires: @1719408624
last-modified: Wed, 01 May 2019 23:04:57 GMT
server: CDN77-Turbo
etag: "5cca2619-3596"
x-77-nzt-ray: f6587a1de2d022ae336ca56407e4791a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tencerede-izmir-kofte-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/04/ Frame CB64 13 KB
14 KB 83ms
62ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/04/tencerede-izmir-kofte-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 68f8702c1d3fb44f6df07969952f51be1ce1a0be2dbf71c1831f0ccca70085d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6753030
x-accel-date: 1681809709
content-length: 13539
x-77-nzt: AZySIYhOeMj/BgtnAA
x-accel-expires: @1713345709
last-modified: Wed, 01 May 2019 23:47:34 GMT
server: CDN77-Turbo
etag: "5cca3016-34e3"
x-77-nzt-ray: f6587a1de2d022ae336ca564b7027c1a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kislik-kavurma-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/03/ Frame CB64 11 KB
12 KB 83ms
63ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/03/kislik-kavurma-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 34036b7ceed88b75d9cf9fcc6b414372042896bcc28954b304766f6f1bf8e8bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6752911
x-accel-date: 1681809828
content-length: 11517
x-77-nzt: AZySIYhl7c3/jwpnAA
x-accel-expires: @1713345828
last-modified: Tue, 17 Mar 2020 20:22:46 GMT
server: CDN77-Turbo
etag: "5e713196-2cfd"
x-77-nzt-ray: f6587a1de2d022ae336ca564c0737e1a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kusbasi-et-terbiyesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/10/ Frame CB64 15 KB
16 KB 83ms
63ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/10/kusbasi-et-terbiyesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9fcb1f44c662d22fb6145cba631fe848dc79bc290cc3fd00dac9c4f2c8ac69bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6751023
x-accel-date: 1681811716
content-length: 15760
x-77-nzt: AZySIYioPbH/LwNnAA
x-accel-expires: @1713347716
last-modified: Wed, 01 May 2019 22:30:26 GMT
server: CDN77-Turbo
etag: "5cca1e02-3d90"
x-77-nzt-ray: f6587a1de2d022ae336ca564385a801a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 baharatli-tavuk-sogus-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/03/ Frame CB64 16 KB
16 KB 84ms
63ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/03/baharatli-tavuk-sogus-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 935047a1d73e19fc544d4b60ef6332708fc62549be853f0ef54a8072d7a50397

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 249999
x-accel-date: 1688312740
content-length: 16413
x-77-nzt: AZySIYizbgv/j9ADAA
x-accel-expires: @1719848740
last-modified: Thu, 04 Mar 2021 22:47:39 GMT
server: CDN77-Turbo
etag: "6041638b-401d"
x-77-nzt-ray: f6587a1de2d022ae336ca5641532821a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 misoriz-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/04/ Frame CB64 18 KB
18 KB 84ms
63ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/04/misoriz-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4729a15791a374bfdb0f0fb0e1f19f5fe0657483ad7eab3d56dd849626ae4726

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6753028
x-accel-date: 1681809711
content-length: 18498
x-77-nzt: AZySIYhpnFb/BAtnAA
x-accel-expires: @1713345711
last-modified: Sat, 08 Apr 2023 21:49:25 GMT
server: CDN77-Turbo
etag: "6431e165-4842"
x-77-nzt-ray: f6587a1de2d022ae336ca5646147841a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-besamel-soslu-tavuklu-brokoli-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/12/ Frame CB64 11 KB
12 KB 84ms
64ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/12/firinda-besamel-soslu-tavuklu-brokoli-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9d3e1f63cb9af3441911ffa72bf09eddacabf139270f046400954486fd1b4170

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6751554
x-accel-date: 1681811185
content-length: 11573
x-77-nzt: AZySIYjNs5r/QgVnAA
x-accel-expires: @1713347185
last-modified: Wed, 01 May 2019 22:51:45 GMT
server: CDN77-Turbo
etag: "5cca2301-2d35"
x-77-nzt-ray: f6587a1de2d022ae336ca564542a861a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-tavuk-baget-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/02/ Frame CB64 15 KB
16 KB 84ms
64ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/02/firinda-tavuk-baget-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d762b12d714bf9b12f394a890ac29237047526b0bf3afadba6b053fbe70145ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6751711
x-accel-date: 1681811028
content-length: 15634
x-77-nzt: AZySIYgRlZT/3wVnAA
x-accel-expires: @1713347028
last-modified: Thu, 04 Feb 2021 22:52:18 GMT
server: CDN77-Turbo
etag: "601c7aa2-3d12"
x-77-nzt-ray: f6587a1de2d022ae336ca564fc4f881a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sebze-spagetti-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/07/ Frame CB64 17 KB
17 KB 84ms
65ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/07/sebze-spagetti-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: bbf4bab0fe1a508686c9dc3bcd400a86bfea7389ea09b9d241ee7ce342f925d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6751314
x-accel-date: 1681811425
content-length: 17445
x-77-nzt: AZySIYgAur7/UgRnAA
x-accel-expires: @1713347425
last-modified: Tue, 14 Jul 2020 23:30:44 GMT
server: CDN77-Turbo
etag: "5f0e4024-4425"
x-77-nzt-ray: f6587a1de2d022ae336ca56440788a1a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 zeytinyagli-kabak-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/08/ Frame CB64 12 KB
12 KB 85ms
65ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/08/zeytinyagli-kabak-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4da4b2dbcb075d53b1f00b57f6d48feab4e0b340f3eac0030f3ddb7626b8d732

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6751001
x-accel-date: 1681811738
content-length: 11940
x-77-nzt: AZySIYhCSA3/GQNnAA
x-accel-expires: @1713347738
last-modified: Sun, 04 Aug 2019 22:44:22 GMT
server: CDN77-Turbo
etag: "5d475fc6-2ea4"
x-77-nzt-ray: f6587a1de2d022ae336ca5645f968c1a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mercimekli-pirasa-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/03/ Frame CB64 17 KB
17 KB 85ms
65ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/03/mercimekli-pirasa-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 0d8812f5547b313d30ae9c9b712b8fc50eafb19ab00a1658b484a35de8f78fba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6752200
x-accel-date: 1681810539
content-length: 17093
x-77-nzt: AZySIYhmQ1r/yAdnAA
x-accel-expires: @1713346539
last-modified: Sun, 05 Mar 2023 21:20:02 GMT
server: CDN77-Turbo
etag: "64050782-42c5"
x-77-nzt-ray: f6587a1de2d022ae336ca564db4e8e1a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yesil-mercimekli-semizotu-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/08/ Frame CB64 15 KB
15 KB 85ms
65ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/08/yesil-mercimekli-semizotu-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: f1cbe3e130c7b17d34cc1dd06b316bfd37a7023c7d3ea7e72b6b8c29a4360b3d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6751394
x-accel-date: 1681811345
content-length: 15501
x-77-nzt: AZySIYjTlP7/ogRnAA
x-accel-expires: @1713347345
last-modified: Sat, 31 Jul 2021 21:10:23 GMT
server: CDN77-Turbo
etag: "6105bc3f-3c8d"
x-77-nzt-ray: f6587a1de2d022ae336ca564b11a901a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 karamelize-soganli-corba-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/06/ Frame CB64 11 KB
11 KB 85ms
66ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/06/karamelize-soganli-corba-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 96da7cbd165c265c74e140817dda609aab677ad3738efac98ce863665dc3512b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6751248
x-accel-date: 1681811491
content-length: 10908
x-77-nzt: AZySIYhTVDj/EARnAA
x-accel-expires: @1713347491
last-modified: Sat, 04 Jun 2022 21:55:07 GMT
server: CDN77-Turbo
etag: "629bd4bb-2a9c"
x-77-nzt-ray: f6587a1de2d022ae336ca5649c1e931a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mulayim-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/05/ Frame CB64 11 KB
11 KB 85ms
66ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/05/mulayim-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e99b7c0ba127e7fd8f4112c7c8fbc3f0aa0582d4f33c703d7651eb6375d9b36a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6752616
x-accel-date: 1681810123
content-length: 10929
x-77-nzt: AZySIYhlFQ7/aAlnAA
x-accel-expires: @1713346123
last-modified: Fri, 01 May 2020 23:34:23 GMT
server: CDN77-Turbo
etag: "5eacb1ff-2ab1"
x-77-nzt-ray: f6587a1de2d022ae336ca5644365951a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ascibasi-corbasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/05/ Frame CB64 11 KB
12 KB 86ms
66ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/05/ascibasi-corbasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 78c6990c53b90a8b6b84a0a5febfa414377cd043d1013b275389584171783a25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6752610
x-accel-date: 1681810129
content-length: 11562
x-77-nzt: AZySIYhhLuT/YglnAA
x-accel-expires: @1713346129
last-modified: Thu, 21 May 2020 00:48:27 GMT
server: CDN77-Turbo
etag: "5ec5cfdb-2d2a"
x-77-nzt-ray: f6587a1de2d022ae336ca5648a9a971a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 salcali-karnabahar-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/12/ Frame CB64 9 KB
9 KB 86ms
67ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/12/salcali-karnabahar-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b5343e342183c9d48f9abe8eaf2cc0885268be08bd24bd3b8855a2b2ebf27180

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6752604
x-accel-date: 1681810135
content-length: 9137
x-77-nzt: AZySIYg71u3/XAlnAA
x-accel-expires: @1713346135
last-modified: Wed, 02 Dec 2020 13:58:22 GMT
server: CDN77-Turbo
etag: "5fc79d7e-23b1"
x-77-nzt-ray: f6587a1de2d022ae336ca5642478991a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yogurtlu-dondurma-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/06/ Frame CB64 11 KB
11 KB 86ms
67ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/06/yogurtlu-dondurma-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: dbb11da54b4c2c184bf84b455f4ff7943f88a8469b49d7ac559d26048035ab77

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 85791
x-accel-date: 1688476948
content-length: 11385
x-77-nzt: AZySIYhh8tDvH08BAA
x-accel-expires: @1720012948
last-modified: Wed, 01 May 2019 23:35:29 GMT
server: CDN77-Turbo
etag: "5cca2d41-2c79"
x-77-nzt-ray: f6587a1de2d022ae336ca564825b9b1a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 biskuvili-parfe-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/04/ Frame CB64 16 KB
16 KB 86ms
67ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/04/biskuvili-parfe-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: cb3888bc0ed610a53397f4d8a1ce594d1ec2cd7f9aa432dfe2284bd562f3c229

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6752143
x-accel-date: 1681810596
content-length: 16068
x-77-nzt: AZySIYhiS/3/jwdnAA
x-accel-expires: @1713346596
last-modified: Wed, 01 May 2019 22:58:00 GMT
server: CDN77-Turbo
etag: "5cca2478-3ec4"
x-77-nzt-ray: f6587a1de2d022ae336ca564367d9d1a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 istiridye-tatlisi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/11/ Frame CB64 14 KB
14 KB 86ms
68ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/11/istiridye-tatlisi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b051db9511dc29e804cacb729965ce83a3bc4d377539b7371bbe9577a0f57b67

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6753104
x-accel-date: 1681809635
content-length: 14200
x-77-nzt: AZySIYg3Wlb/UAtnAA
x-accel-expires: @1713345635
last-modified: Wed, 01 May 2019 23:41:51 GMT
server: CDN77-Turbo
etag: "5cca2ebf-3778"
x-77-nzt-ray: f6587a1de2d022ae336ca564cf6a9f1a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mozaik-toplari-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/04/ Frame CB64 16 KB
16 KB 86ms
68ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/04/mozaik-toplari-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 878de60769bec438439f67e4a6facea40f500e79c90118ab9137415159f0f003

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 326221
x-accel-date: 1688236518
content-length: 15973
x-77-nzt: AZySIYiteOD/TfoEAA
x-accel-expires: @1719772518
last-modified: Wed, 01 May 2019 23:47:04 GMT
server: CDN77-Turbo
etag: "5cca2ff8-3e65"
x-77-nzt-ray: f6587a1de2d022ae336ca564d3c6a11a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 karistirma-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/02/ Frame CB64 16 KB
16 KB 87ms
68ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/02/karistirma-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 461c3ff23ae6154d6e7d2638ec9c22869a6418bb6276f15512c01bbe17487737

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 51813
x-accel-date: 1688510926
content-length: 16245
x-77-nzt: AZySIYjymMv/ZcoAAA
x-accel-expires: @1720046926
last-modified: Wed, 22 Feb 2023 21:17:57 GMT
server: CDN77-Turbo
etag: "63f68685-3f75"
x-77-nzt-ray: f6587a1de2d022ae336ca564a374a61a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yumurtasiz-pisi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/07/ Frame CB64 12 KB
13 KB 87ms
69ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/07/yumurtasiz-pisi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b9decd0e176c4b80ea45ab0977570bbffa1b817fcc6c1b9cd2724b30dbf851ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6751383
x-accel-date: 1681811356
content-length: 12485
x-77-nzt: AZySIYgx+H7/lwRnAA
x-accel-expires: @1713347356
last-modified: Wed, 06 Jul 2022 22:58:05 GMT
server: CDN77-Turbo
etag: "62c6137d-30c5"
x-77-nzt-ray: f6587a1de2d022ae336ca56405bda81a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 misir-ekmegi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/04/ Frame CB64 11 KB
12 KB 88ms
69ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/04/misir-ekmegi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 63d492638d445ece5c5162c245202c7a7a8db0fcc12c438e020c5128bd2164cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6750845
x-accel-date: 1681811894
content-length: 11439
x-77-nzt: AZySIYhRmXb/fQJnAA
x-accel-expires: @1713347894
last-modified: Fri, 10 Apr 2020 01:33:58 GMT
server: CDN77-Turbo
etag: "5e8fcd06-2caf"
x-77-nzt-ray: f6587a1de2d022ae336ca564dcc2aa1a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ispanyol-omleti-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/07/ Frame CB64 9 KB
9 KB 88ms
70ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/07/ispanyol-omleti-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 032d6b62e0c227635ed9778096b422f7e09c9686c3ca267c092b4dec728e3c8e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6746204
x-accel-date: 1681816535
content-length: 9109
x-77-nzt: AZySIYiOENL/XPBmAA
x-accel-expires: @1713352535
last-modified: Wed, 01 May 2019 23:37:08 GMT
server: CDN77-Turbo
etag: "5cca2da4-2395"
x-77-nzt-ray: f6587a1de2d022ae336ca564aeaaac1a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 _dmca_premi_badge_5.png
images.dmca.com/Badges/ Frame CB64 5 KB
6 KB 71ms
17ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_5.png?ID=da1d399b-5fd3-4da3-b5cd-8af692c19999
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:19 GMT
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: Microsoft-IIS/10.0
etag: "8ae3cdbd420cc1:0"
x-powered-by: ASP.NET
x-hw: 1688562739.cds232.am5.hn,1688562739.cds292.am5.c
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/_dmca_premi_badge_5.png>; rel="canonical"
content-length: 5605

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ Frame CB64 56 B
360 B 155ms
24ms Script
text/javascript 2.16.96.119
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.96.119 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-16-96-119.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 05 Jul 2023 13:12:19 GMT
server: Oracle API Gateway
opc-request-id: /216A816B2E594CCA64A0C5CD56F7A932/763902A3D7704CE7C236BC1640C61FB6
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H2 200 DMCABadgeHelper.min.js Show response
images.dmca.com/Badges/ Frame CB64 465 B
585 B 72ms
18ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://images.dmca.com/Badges/DMCABadgeHelper.min.js
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:19 GMT
content-encoding: gzip
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
server: Microsoft-IIS/10.0
etag: "26b181f16d28d51:0"
x-powered-by: ASP.NET
x-hw: 1688562739.cds232.am5.hn,1688562739.cds214.am5.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/DMCABadgeHelper.min.js>; rel="canonical"
content-length: 395

GET
H2 200 outside.js Show response
static.virgul.com/theme/mockups/adcode/ Frame CB64 75 KB
26 KB 259ms
61ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19543
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:19 GMT
content-encoding: gzip
last-modified: Fri, 23 Jun 2023 06:55:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=43200

GET
H2 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame CB64 3 KB
2 KB 48ms
8ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

db2db745a65a4d671ac6c0fdccf99adc010606f26d747b8dcb9ab2021fd294e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 05 Jul 2023 13:12:19 GMT
content-md5: PlEv+PdGuNMARKkghJ3KDw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
x-fb-debug: nIc00Te3Y7crzZbCKvlejaOjzABlnGfGeiabsBtKKQ48GV5KlEYff9gcZpma33U8ntSbenn1XYESvxkqVmJ8Zg==
x-fb-content-md5: 29fee92a1e6478068953c8459fc0f635
cross-origin-opener-policy: same-origin-allow-popups
etag: "6002ca5b5bbf46141d7ea2061925ea78"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Wed, 05 Jul 2023 13:21:37 GMT

GET
H2 200 sprite_3.png
cdn.ye-mek.net/grafik/ Frame CB64 21 KB
21 KB 75ms
70ms Image
image/png 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/grafik/sprite_3.png
Requested by: Host: cdn.ye-mek.net
URL: https://cdn.ye-mek.net/maincss.css?v=434
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.ye-mek.net/maincss.css?v=434
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 05 Jul 2023 13:12:19 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6753297
x-accel-date: 1681809442
content-length: 21525
x-77-nzt: AZySIYhAYU3/EQxnAA
x-accel-expires: @1713345442
last-modified: Mon, 14 May 2018 20:55:05 GMT
server: CDN77-Turbo
etag: "5af9f7a9-5415"
x-77-nzt-ray: f6587a1de2d022ae336ca564a2a2ae1a
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H3 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame CB64 302 KB
85 KB 38ms
27ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js?hash=7d651e79ae13a89b4efc9e75b6748ada

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/tr_TR/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

dc794e3f7d391de2957bb4472a0b811f4267d594a643f9c6c985372c9083e44f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 05 Jul 2023 13:12:19 GMT
content-md5: M3dgSPuodK59UtJbR+6klA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87394
x-fb-debug: GBl//zRZAkZRZqzpWwLG27qY1z1Mxx61rllkc5bAD1CpPUHLGYs2jDMokdRA18d7uz2zB8GwwbMeWvUprHPc6g==
x-fb-content-md5: 4649fc953a2140e9c75c77e8e38f763b
cross-origin-opener-policy: same-origin-allow-popups
etag: "3739166ac586d7a308b71e6f55830b8d"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Thu, 04 Jul 2024 11:56:35 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame CB64 75 KB
26 KB 219ms
98ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19543

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fb0e0373dab851bbf3abef68e472ce3700a7d0dde896cfeac2aca6a026785d5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26096
x-xss-protection: 0
server: cafe
etag: 312 / 19543 / 31075788 / config-hash: 15434707230489346505
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 05 Jul 2023 13:12:19 GMT

GET
H2 200 ads.js Show response
static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ Frame CB64 120 B
306 B 48ms
47ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ads.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19543
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:19 GMT
last-modified: Wed, 21 Dec 2022 18:47:42 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 120

GET
H2 200 str.html Show response
static.virgul.com/theme/mockups/outside/ Frame CBB8 891 B
1 KB 52ms
52ms Document
text/html 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19543
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
content-length: 891
content-type: text/html
date: Wed, 05 Jul 2023 13:12:19 GMT
last-modified: Wed, 28 Sep 2022 10:07:57 GMT
server: openresty/1.15.8.3

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame CB64 141 KB
49 KB 179ms
91ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19543

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9327cb84416afc4de171edfb91f5cc0b2723823823fff95b3c9325207a76b9a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49518
x-xss-protection: 0
server: cafe
etag: 4156936525739223652
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 05 Jul 2023 13:12:19 GMT

GET
H2 200 prebid7.38.0.js Show response
static.virgul.com/theme/mockups/outside/ Frame CB64 489 KB
182 KB 55ms
54ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19543
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:19 GMT
content-encoding: gzip
last-modified: Mon, 27 Mar 2023 14:56:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame CB64 236 KB
58 KB 79ms
20ms Script
application/javascript 13.225.30.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19543
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.30.130 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-30-130.cdg3.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 12:35:04 GMT
content-encoding: gzip
via: 1.1 006e53d1925d4d044125ff497c18b3b4.cloudfront.net (CloudFront), 1.1 95a1a2515bcfe82199fde4e864c4e6f0.cloudfront.net (CloudFront)
last-modified: Thu, 29 Jun 2023 21:03:20 GMT
server: AmazonS3
x-amz-cf-pop: LHR62-C4, CDG3-C2
age: 2236
etag: W/"9352f20e556bff9fea6fd0461aac850d"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: vP0QneNwM0t5A7RnL0m2w_pWAW4ttNSLdBDLEPxGtjhkAe85cdi4mg==

GET
H2 200 pageview Show response
ng.virgul.com/ Frame CB64 32 KB
5 KB 146ms
75ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/pageview?c=site_geneli&mt=1688562739708&v=https%3A%2F%2Fye-mek.net%2F&r=yemek_net:site_geneli&userId=&tp=&os=&call=noktaad.ads.vvad&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc0,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.9505702843180242
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19543
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 9119b383bbe64fd09563d6eebe837c561ea8ad2919d1e14e60d3c93ea1abfc24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:19 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/fallback/ Frame CB64 12 KB
2 KB 51ms
50ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/fallback/yemek_net.js?dts=19543
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19543
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:19 GMT
content-encoding: gzip
last-modified: Tue, 20 Jun 2023 21:45:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 hb Show response
ng.virgul.com/ Frame CB64 50 KB
5 KB 142ms
74ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/hb?call=noktaad.setHbParameters&site=yemek_net&dts=469045
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19543
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 57eeda5ab33b42f65c84916d3c2a402e82ebd1b40f894387d9de8867bf6c9174

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:19 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
cache-control: max-age=3600
access-control-allow-credentials: true

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame CB64 0
305 B 17ms
16ms XHR
text/plain 13.225.30.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fye-mek.net&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.30.130 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-30-130.cdg3.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 12:08:09 GMT
via: 1.1 95a1a2515bcfe82199fde4e864c4e6f0.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: CDG3-C2
age: 3849
x-cache: Hit from cloudfront
access-control-allow-origin: https://ye-mek.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: aIG-psrvrsQihKgB9faGlHvmXyC9sS2InucUDR5nMAikMJpAA2BQZw==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame CB64 6 KB
3 KB 51ms
15ms XHR
application/javascript 13.225.30.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.30.130 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-30-130.cdg3.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: rBtfgJUMGYsy5fZuQwMAU7hSD.fVdF76
content-encoding: gzip
via: 1.1 ed56cfaa883e0c10b610c3cdd45acb40.cloudfront.net (CloudFront)
date: Wed, 05 Jul 2023 00:01:49 GMT
x-amz-cf-pop: CDG3-C2
age: 48744
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sat, 24 Jun 2023 09:19:11 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: Gbfwbp9cNeJmV16wI3S5vHnWaxl1n4bahKlPzV_a2iPKmb0g19Zmww==

GET
H2 200 empowerwebplayer3.js Show response
static.virgul.com/theme/mockups/outside/ Frame CB64 10 KB
3 KB 49ms
49ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:19 GMT
content-encoding: gzip
last-modified: Tue, 13 Jun 2023 13:36:40 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/sites/ Frame CB64 11 KB
5 KB 58ms
58ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/sites/yemek_net.js?dts=469045
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19543
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:19 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 09:08:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ Frame CB64 17 KB
5 KB 61ms
16ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19543
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 12:40:51 GMT
content-encoding: gzip
age: 1888
x-guploader-uploadid: ADPycdu9Huuf6Wy8kpR7QthL09tEnKNMjioAJK1JyowGHsveuPV88r7Y-S09kBgu_26SJ6McQFo-UE2bDS47ZJ64tyycIzvkMpw-
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5009
last-modified: Mon, 05 Jun 2023 16:36:50 GMT
server: UploadServer
etag: "47a886353056caf33a998c6041e20896"
vary: Accept-Encoding
x-goog-generation: 1685983010517890
x-goog-hash: crc32c=aHj4lg==, md5=R6iGNTBWyvM6mYxgQeIIlg==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 5009
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 zoneview
ng.virgul.com/ Frame CB64 0
209 B 58ms
58ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1688562739871&v=https%3A%2F%2Fye-mek.net%2F&r=153366@153377@153378@153379@153379@153382@153383:yemek_net&userId=vnetb69ea35f-3eea-493c-b1e2-516faf59eb08&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.5352982452606632
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 05 Jul 2023 13:12:19 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ Frame CB64 7 KB
3 KB 243ms
48ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19543
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:20 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Wed, 12 Jul 2023 13:12:20 GMT

GET
H2 200 zoneview
ng.virgul.com/ Frame CB64 0
209 B 71ms
70ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1688562739948&v=https%3A%2F%2Fye-mek.net%2F&r=153394@153493:yemek_net&userId=vnetb69ea35f-3eea-493c-b1e2-516faf59eb08&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.27713612127670006
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 05 Jul 2023 13:12:19 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306220101/ Frame CB64 346 KB
119 KB 187ms
96ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306220101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net&bust=31075623

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9eb13d95afd544e4e6f97992f4c7a8da941c2cdb9d0b622ac874b04c21c0a997

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121737
x-xss-protection: 0
server: cafe
etag: 10183534008447957807
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 05 Jul 2023 13:12:20 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230627/r20190131/ Frame FC89 10 KB
5 KB 131ms
39ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230627/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 73271
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4544
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 04 Jul 2023 16:51:09 GMT
etag: 12368291122986407432
expires: Tue, 18 Jul 2023 16:51:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/ Frame CB64 391 KB
125 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075788

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8187dcb05ebcfc94502aeec0524c23c7d22afbafe17aff1d39acc1d59a3a52db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 18:00:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 69106
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127464
x-xss-protection: 0
server: cafe
etag: 4704578582152062329
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 03 Jul 2024 18:00:34 GMT

GET
H2 200 tag Show response
feed.pghub.io/ Frame B3BC 13 B
257 B 79ms
27ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Wed, 05 Jul 2023 13:12:20 GMT
strict-transport-security: max-age=31536000
via: 1.1 google

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ Frame CB64 23 B
458 B 314ms
120ms XHR
text/javascript 52.222.253.136
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pr=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pid=C4b412LrfPSpN&cb=0&ws=1600x1200&v=23.612.1758&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338221728129623web_yemeknet_right_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_right_tower%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15336621728129623web_yemeknet_masthead%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%2C%22300x250%22%2C%22200x200%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_masthead%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338321728129623web_yemeknet_left_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_left_tower%22%7D%5D&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.253.136 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-253-136.fra60.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:20 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 ca8cb14c76df16342491237cea8cfed6.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA60-P3
x-amz-rid: GB0TMJVYCV1YQERJK7PE
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: aoBXequKRVyULJzimoiPed0C-b7nDYz1aspBtn9PGfHKm-xVvzR64Q==

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame CB64 107 B
456 B 235ms
47ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075788

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame CB64 28 KB
12 KB 380ms
380ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3355809029795402&correlator=3288627781925817&eid=31075763%2C31075788%2C31075028&output=ldjh&gdfp_req=1&vrg=202306290101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=2&adks=3733009076&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688562739708%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetb69ea35f-3eea-493c-b1e2-516faf59eb08%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetb69ea35f3eea493cb1e2516faf59eb08&sc=1&cdm=ye-mek.net&abxe=1&dt=1688562740200&lmt=1688562740&dlt=1688562739191&idt=953&adxs=436&adys=2665&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=w3irtcrvaxpd&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1330345952.1688562740&ga_sid=1688562740&ga_hid=1757646299&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075788

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b88943ef2d09de7d535e8b8631db5b08561a2e4e11e45e75715e56e3ef0d6e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:20 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11881
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425219174
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5CA4 6 KB
3 KB 181ms
45ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075788

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 13:12:20 GMT
expires: Thu, 04 Jul 2024 13:12:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame CB64 361 KB
121 KB 174ms
48ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19543

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123120
x-xss-protection: 0
expires: Wed, 05 Jul 2023 13:12:20 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ Frame CB64 398 KB
128 KB 50ms
50ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/5/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19543
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:20 GMT
content-encoding: gzip
last-modified: Mon, 29 May 2023 18:51:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Wed, 12 Jul 2023 13:12:20 GMT

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame EA36 603 B
218 B 92ms
89ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688562739967&bpp=5&bdt=777&idt=344&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&nras=1&correlator=2282535237193&frm=24&ife=1&pv=2&ga_vid=1330345952.1688562740&ga_sid=1688562740&ga_hid=1757646299&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C44759842%2C31071259%2C31075623%2C44788442&oid=2&pvsid=3355809029795402&tmod=1149460829&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.dy08tawkzvo7&fsb=1&dtd=367

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306220101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net&bust=31075623

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 13:12:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame CB64 107 B
165 B 48ms
47ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075788

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame CB64 36 KB
15 KB 510ms
509ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3355809029795402&correlator=1273150035794870&eid=31075763%2C31075788%2C31075028&output=ldjh&gdfp_req=1&vrg=202306290101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=3&adks=345722362&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688562739708%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetb69ea35f-3eea-493c-b1e2-516faf59eb08%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetb69ea35f3eea493cb1e2516faf59eb08&sc=1&cdm=ye-mek.net&abxe=1&dt=1688562740517&lmt=1688562740&dlt=1688562739191&idt=953&adxs=436&adys=1389&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=emsyiu6qwrre&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1330345952.1688562740&ga_sid=1688562740&ga_hid=1757646299&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075788

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

26e5c420fb81bd24c3b958846a56a8ba27018979f4eadca5add8dc1df6dae129

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14866
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame CB64 36 KB
15 KB 433ms
432ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3355809029795402&correlator=229951025781133&eid=31075763%2C31075788%2C31075028&output=ldjh&gdfp_req=1&vrg=202306290101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_left_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=4&adks=3299242717&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688562739708%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetb69ea35f-3eea-493c-b1e2-516faf59eb08%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetb69ea35f3eea493cb1e2516faf59eb08&sc=1&cdm=ye-mek.net&abxe=1&dt=1688562740523&lmt=1688562740&dlt=1688562739191&idt=953&adxs=122&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=trtowdslsai&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=1330345952.1688562740&ga_sid=1688562740&ga_hid=1757646299&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075788

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9add85c4bf4794a1c9cf954e07a8e8809e8a884628864cb509d734351e255d3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:20 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15135
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame CB64 36 KB
15 KB 486ms
485ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3355809029795402&correlator=1258126923341489&eid=31075763%2C31075788%2C31075028&output=ldjh&gdfp_req=1&vrg=202306290101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C970x250%7C970x90%7C728x90%7C300x250%7C468x60%7C250x250%7C200x200%7C160x160%7C640x205&fluid=height&ifi=5&adks=3050045420&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688562739708%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetb69ea35f-3eea-493c-b1e2-516faf59eb08%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetb69ea35f3eea493cb1e2516faf59eb08&sc=1&cdm=ye-mek.net&abxe=1&dt=1688562740529&lmt=1688562740&dlt=1688562739191&idt=953&adxs=315&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=8luvpwvz18qx&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=996x0&msz=996x0&fws=388&ohw=1600&ga_vid=1330345952.1688562740&ga_sid=1688562740&ga_hid=1757646299&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075788

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1c1129e5eded1eb65a7043f7445185fbfc17ce1aa10f1d79427774d443964b5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14978
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame CB64 23 KB
11 KB 448ms
447ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3355809029795402&correlator=1007928135626749&eid=31075763%2C31075788%2C31075028&output=ldjh&gdfp_req=1&vrg=202306290101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=6&adks=2157304621&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688562739708%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetb69ea35f-3eea-493c-b1e2-516faf59eb08%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetb69ea35f3eea493cb1e2516faf59eb08&sc=1&cdm=ye-mek.net&abxe=1&dt=1688562740534&lmt=1688562740&dlt=1688562739191&idt=953&adxs=436&adys=2027&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=99ograx9xoqk&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1330345952.1688562740&ga_sid=1688562740&ga_hid=1757646299&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075788

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7109c07e8885c66df1c967349697c398ba84624afa165ba13f59cfc4b0de107a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:20 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11381
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame CB64 39 KB
16 KB 420ms
419ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3355809029795402&correlator=2227773230653489&eid=31075763%2C31075788%2C31075028&output=ldjh&gdfp_req=1&vrg=202306290101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_ust_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=7&adks=456810305&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688562739708%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetb69ea35f-3eea-493c-b1e2-516faf59eb08%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetb69ea35f3eea493cb1e2516faf59eb08&sc=1&cdm=ye-mek.net&abxe=1&dt=1688562740539&lmt=1688562740&dlt=1688562739191&idt=953&adxs=436&adys=751&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=1yeinjvlzuin&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1330345952.1688562740&ga_sid=1688562740&ga_hid=1757646299&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075788

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

44094ac4e7a475eee158eef123e251dac33e3739f413c13943ba95f5580a3a51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:20 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16379
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame CB64 36 KB
15 KB 393ms
392ms XHR
text/plain 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3355809029795402&correlator=2741512983539414&eid=31075763%2C31075788%2C31075028&output=ldjh&gdfp_req=1&vrg=202306290101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_right_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=8&adks=3203893797&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688562739708%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetb69ea35f-3eea-493c-b1e2-516faf59eb08%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetb69ea35f3eea493cb1e2516faf59eb08&sc=1&cdm=ye-mek.net&abxe=1&dt=1688562740547&lmt=1688562740&dlt=1688562739191&idt=953&adxs=1318&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=f4skp8de3zca&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=1330345952.1688562740&ga_sid=1688562740&ga_hid=1757646299&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075788

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bfed6f874526db1b23c22fce157ca9ce327e41bfa85da2906c3ebb97bcab4f0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:20 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15023
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame CDB8 6 KB
3 KB 47ms
39ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075788

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 13:12:20 GMT
expires: Thu, 04 Jul 2024 13:12:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 5ed7638be4b07a92411bbffe
ng2.virgul.com/tck/imp/ Frame CB64 0
209 B 53ms
46ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7638be4b07a92411bbffe?g=1&t=gb&r=153366@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688562739708&userId=vnetb69ea35f-3eea-493c-b1e2-516faf59eb08
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 05 Jul 2023 13:12:20 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame CDB8 24 KB
7 KB 129ms
38ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 19:05:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 324411
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 30 Jun 2024 19:05:29 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame CDB8 140 KB
48 KB 97ms
96ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

639ec2d580a593b9d4802dc11926b1bd04aadb515d83abde4a328d6f7dbe5594

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
Origin: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49222
x-xss-protection: 0
server: cafe
etag: 9351000644100125131
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 05 Jul 2023 13:12:20 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CDB8 179 KB
57 KB 657ms
567ms Script
text/javascript 2a00:1450:4001:80e::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Jul 2023 13:12:21 GMT

GET
H3 200 container.html Show response
f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8417 6 KB
3 KB 40ms
39ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075788

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 13:12:20 GMT
expires: Thu, 04 Jul 2024 13:12:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame CDB8 0
0 81ms
80ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvcBHZotoBy-00t2HwSG7sdbVtKfrTjTX4lzr9jk7kmqGYcFNYjvbZsA5Dc0YiQ7VZu49Ko_bdNarzhevTKOgpqNsv4EHZOQSRqDjLTuxtxTa_ek0yYpu8wNLbX7MiPF_39KqrN2g8BEjmeViYd85gH5b95UDzWINUlssyAYbuUWLWIc2q1o69sPCOfebK5jNw6VQGZOLsPXXmF4GgxRzMiHMeQewaAZgL5-TYzAt98Ie2DyGzkc1DgUm1bRF0lCDXQqklM0THApNV3XT1SC-MttInRKNmW4JiT4bpa9pWQyGaCCz_fnCE3jwFYQbLRjUnuF3X3eq2kmhgrZGC46Wq3FvPetCiCvLYPGRwtpQIvuuNk1mgji3GFUg&sai=AMfl-YQ7RR7t71u6-ex2R1LQJGE-GvSI3LsrOIJHUoQZ7IK4mbEIN4UDypRsYGKtNAWkwbqG7PtxVvArZAH-MVVCj5xSIdhFDltHEUBUW8TGBew&sig=Cg0ArKJSzHsdenOLEurOEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 container.html Show response
f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D7E9 6 KB
3 KB 39ms
38ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075788

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 13:12:20 GMT
expires: Thu, 04 Jul 2024 13:12:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306220101/ Frame CDB8 346 KB
119 KB 99ms
99ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306220101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

77e00e1f2a238cf50cb6170d2bb91fdb9d5922d449211f93f70345e152876f8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121738
x-xss-protection: 0
server: cafe
etag: 15529776770941228691
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 05 Jul 2023 13:12:21 GMT

GET
H3 200 container.html Show response
f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame FB0C 6 KB
3 KB 195ms
38ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075788

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 13:12:20 GMT
expires: Thu, 04 Jul 2024 13:12:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 59DD 6 KB
3 KB 57ms
44ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075788

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 13:12:20 GMT
expires: Thu, 04 Jul 2024 13:12:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8417 0
0 81ms
81ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C2nR9NGylZOSeJtC9lgT1zqrYAbqItI9cnNfu7qkIwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBOYBT9BXBLRLY2Vig9mUbu4PUZGb77Z3kJJMLnbaFeROGE-oI15c2VHMC7X_KWS41pQCFQmyMPATs9Ym54B7QEZ2cVgN7cGtNBJ4Qz-FqeccgSXOf_m4GRKp87HK9Td-Q3uWlJyHao4oOm4GC9aAaQUPG3PL4Rv8sIIZ9TJtnRdT4BS_fKFIg2Dxj37m_uziYqhHAgTZzV7txLX-EJJVwNFC8BEmf-1i26aO22WQXe0BlfnADLSB-D5DC86f0_XJMtOTsXi9q4lMb8PyZWXII2y9gSSzLFWlKgcDIQyujON6axy5Rc9waJfgBAGABqC9t8TOi4GQA6AGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOYAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi03OTgzNjUxMjU3ODM4MjgyGOrBbQ&sigh=oHS_GNsdJl0&uach_m=[UACH]&cid=CAQSOwBygQiDZAuKeKjIb5F2rL5Atr8lk9TkH8MGY8ZN4naSLkurnVjBwdO3ry8Xpbk6Z8dUy4bYja41ODhDGAE
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H/1.1 200 a.gif Show response
i.w55c.net/ Frame 8417 42 B
582 B 145ms
10ms Fetch
image/gif 52.29.25.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://i.w55c.net/a.gif?t=0&rtbhost=conf01-europe-west1.rtb.roku.com&rts=1&btid=OUREMTJFMDAwRTY0QTAzNzc3N0EwQTM5MDhFQzEwOEZ8R0ZzYmpGUnpGdHwxNjg4NTYyNzQwNzE0fDF8WG1FS1o4a2t0eHxYUmtnOTdnQmVWfC0zMTcwNzQzMzhfRVh8MTA0MDY1fHx8fC4wUHxVU0Q&ei=GOOGLE&wp_exchange=ZKVsNAAJj2QKhZ7QAAqndYGcPC3nfP9f1v8mlQ&ac=WFM2YVdYQTl2bjpYU2YwU29uZW43fDB8MHxFVVI7&psid=NTkzOTA4MTEyNTc&js=0&ob=0&ccw=SUFCOCMwLjgyMDM4NTh8SUFCOC04IzAuNjI3NjE0MnxJQUI4LTcjMC4wOTcyMjg0Mg&ci=Xmwo1n97Q8&fiu=WG1FS1o4a2t0eA&fid=XmEKZ8kktx&sd=ye-mek.net&s=https%3A%2F%2Fye-mek.net&ts=1688562740718&dvdp=i.w55c.net/dv.jpg&ai=0DaDXCcU00&c=DE&r=G-HE&rnd=5724013269275761&epid=R0wxNTIyMg&ct=b126c92c760c4964ba6058483a07fa14&os=Mm8wMDAy&dc=NzI4NWEyMmNjZmE2NGM1Y2JmMzBmYzExNmQzNGFhNGU&dv=MUxWSXJn&dm=MU1udVZVV21Ndg&l=dHJ8fA&ri=2rxtlU&cip=1&alg=TGcwMDA4&v=0&euid=Q0FFU0VMR0U3TkVzTm8tS2hYMURNamlYZ25r&mt=2cmt0001&mi=d2Vi&dt=2dt0005&tz=RXVyb3BlL0Jlcmxpbg&sg=zTExLVAPUukcfuyjxfS5dg&buid=Xdb4DXiaK1Q&hmt=1&hmdp=s.h.w55c.net/2/948461/analytics.gif&hmtiu=9484611643830741015000&uidu=CAESELGE7NEsNo-KhX1DMjiXgnk&spidu=GOOGLE&pidu=15222&hmpvu=fa088600-3047-4471-a878-7932a4ccbe91&hmtsu=3&odtu=2&mtfu=1&crdmu=160x600&cridu=XRkg97gBeV&naoh=i.w55c.net/na.gif&ndgh=i.w55c.net/ng.gif

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.29.25.103 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-29-25-103.eu-central-1.compute.amazonaws.com

Software

PixelTracking/v2.0.30-782-g97d928b#rel-ec2-master i-0afa2568184f9f5d2@eu-central-1b@dxedge-app-eu-central-1-prod-asg /

Resource Hash

47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Jul 2023 13:12:20 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PixelTracking/v2.0.30-782-g97d928b#rel-ec2-master i-0afa2568184f9f5d2@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Content-Type: image/gif
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 42
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 creative_add_on.js Show response
cti.w55c.net/ct/ Frame 8417 5 KB
2 KB 137ms
8ms Script
application/javascript 2600:9000:2251:8600:3:4706:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cti.w55c.net/ct/creative_add_on.js?w=160&h=600&zindex=0&ci=Xmwo1n97Q8&ei=GOOGLE&ob=0&ai=0DaDXCcU00&epid=R0wxNTIyMg&fiu=WG1FS1o4a2t0eA&s=https%3A%2F%2Fye-mek.net&ciu=XRkg97gBeV&btid=OUREMTJFMDAwRTY0QTAzNzc3N0EwQTM5MDhFQzEwOEZ8R0ZzYmpGUnpGdHwxNjg4NTYyNzQwNzE0fDF8WG1FS1o4a2t0eHxYUmtnOTdnQmVWfC0zMTcwNzQzMzhfRVh8MTA0MDY1fHx8fC4wUHxVU0Q&c=DE&dt=2dt0005&sd=ye-mek.net&cip=1&hmt=1&uidu=CAESELGE7NEsNo-KhX1DMjiXgnk&spidu=GOOGLE&pidu=15222&hmpvu=fa088600-3047-4471-a878-7932a4ccbe91&hmtsu=3&odtu=2&mtfu=1&crdmu=160x600&cridu=XRkg97gBeV&

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2251:8600:3:4706:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e8090651b52c256938df2fb0582f24521fe0476939aab81d01b7f31a7ac75beb

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 23:00:35 GMT
x-amz-version-id: 0IYa12QvFdrNK.CC2JhaeEJAYjkhUjCe
content-encoding: br
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 c80ae6bd97b709ed6e4747f0d5ea4efc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
age: 569507
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 17 Sep 2021 21:17:39 GMT
server: AmazonS3
etag: W/"a6c8a5bdec77729759b220b95bf503f9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: must-revalidate
x-amz-cf-id: 2oyM6Deq_SkwI3GRz-ewtoCrlgXVb9hLfpBIrhNy0pqSBbKxZv3rnA==

GET
H2 200 XassetbR4KDBjT.png
ads.w55c.net/t/d/ Frame 8417 59 KB
60 KB 135ms
7ms Image
image/png 2600:9000:2491:1200:1b:f040:3600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.w55c.net/t/d/XassetbR4KDBjT.png?at=0&rtbhost=conf01-europe-west1.rtb.roku.com&btid=OUREMTJFMDAwRTY0QTAzNzc3N0EwQTM5MDhFQzEwOEZ8R0ZzYmpGUnpGdHwxNjg4NTYyNzQwNzE0fDF8WG1FS1o4a2t0eHxYUmtnOTdnQmVWfC0zMTcwNzQzMzhfRVh8MTA0MDY1fHx8fC4wUHxVU0Q&ei=GOOGLE&ac=WFM2YVdYQTl2bjpYU2YwU29uZW43fDB8MHxFVVI7&js=0&ob=0&ccw=SUFCOCMwLjgyMDM4NTh8SUFCOC04IzAuNjI3NjE0MnxJQUI4LTcjMC4wOTcyMjg0Mg&ci=Xmwo1n97Q8&psid=NTkzOTA4MTEyNTc&s=https%3A%2F%2Fye-mek.net&ts=1688562740718&c=DE&r=G-HE&epid=R0wxNTIyMg&mi=d2Vi&wp_exchange=NWP
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2491:1200:1b:f040:3600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: eb50c92ff5b15a922bd4589fac6c472fe6623a63e0e5b66ba764318e07d805a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: ZQ_Y_OC2.z1iwUiDy527qkSSqS932SXT
date: Wed, 05 Jul 2023 05:17:22 GMT
via: 1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
age: 28500
x-amz-server-side-encryption: AES256
x-amz-meta-width: 160
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-meta-filesize: 60596
x-amz-meta-height: 600
content-length: 60596
last-modified: Wed, 03 May 2023 17:26:36 GMT
server: AmazonS3
etag: "3c112769d53f6f92ebc24ae9949cc3ce"
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: XsUxgQDT0nGJOfRjE4T2CsrlfgdeYAKDm2a2oE37jBvRvm40KGjN9w==

GET
H/1.1 200
OK pixel.php
t.hspvst.com/ Frame 8417 95 B
918 B 194ms
36ms Image
image/png 154.58.197.185

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.hspvst.com/pixel.php?id=2677&t=P&cb=5724013269275761
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 154.58.197.185 -, , ASN (),
Reverse DNS
Software: Apache / PHP/5.4.45-1~dotdeb+7.1
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 05 Jul 2023 13:12:20 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-1~dotdeb+7.1
Transfer-Encoding: chunked
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Content-Type: image/png
Cache-Control: max-age=315360000
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Keep-Alive: timeout=3, max=1000
Expires: Sat, 02 Jul 2033 13:12:20 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 8417 3 KB
1 KB 51ms
49ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 18:53:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65929
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jul 2023 18:53:32 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 8417 20 KB
8 KB 40ms
38ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 17:33:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70719
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jul 2023 17:33:42 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 8417 0
0 177ms
50ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQhFDKIpRccasyn6tybObenrrXKlGaJOk_5JOU5I6IhVwjD7I1q4X-lVbWY7jTBWRHSDmdjY1xJRdtKy90QFxRsgkg2Ug
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 8417 24 KB
6 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 19:05:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 324412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 30 Jun 2024 19:05:29 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8417 179 KB
56 KB 534ms
533ms Script
text/javascript 2a00:1450:4001:80e::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Jul 2023 13:12:21 GMT

GET
H3 200 container.html Show response
f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 828A 6 KB
3 KB 56ms
44ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075788

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 13:12:20 GMT
expires: Thu, 04 Jul 2024 13:12:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B2F9 6 KB
3 KB 56ms
46ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075788

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 13:12:20 GMT
expires: Thu, 04 Jul 2024 13:12:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 creative_add_on.js Show response
cti.w55c.net/ct/ Frame D7E9 5 KB
2 KB 12ms
8ms Script
application/javascript 2600:9000:2251:8600:3:4706:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cti.w55c.net/ct/creative_add_on.js?w=728&h=90&zindex=0&ci=Xmwo1n97Q8&ei=GOOGLE&ob=0&ai=0DaDXCcU00&epid=R0wxNTIyMg&fiu=WG1FS1o4a2t0eA&s=https%3A%2F%2Fye-mek.net&ciu=XRzobPsLhV&btid=MDUwRjg2MzYwNjU4RkFEMDM4QTg2MDcwNzE4NUU2OTF8R0ZTUUdFN1A3SXwxNjg4NTYyNzQwNzczfDF8WG1FS1o4a2t0eHxYUnpvYlBzTGhWfC0xODEwMjQ0OTM4X0VYfDEwNDQzMXx8fHwuMFB8VVNE&c=DE&dt=2dt0005&sd=ye-mek.net&cip=1&hmt=1&uidu=CAESEAZXwYKpu058-D_rmnPMksw&spidu=GOOGLE&pidu=15222&hmpvu=bd098194-8f8d-4ec0-b97e-5966ae23a186&hmtsu=3&odtu=2&mtfu=1&crdmu=728x90&cridu=XRzobPsLhV&

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2251:8600:3:4706:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e8090651b52c256938df2fb0582f24521fe0476939aab81d01b7f31a7ac75beb

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 23:00:35 GMT
x-amz-version-id: 0IYa12QvFdrNK.CC2JhaeEJAYjkhUjCe
content-encoding: br
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 c80ae6bd97b709ed6e4747f0d5ea4efc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
age: 569507
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 17 Sep 2021 21:17:39 GMT
server: AmazonS3
etag: W/"a6c8a5bdec77729759b220b95bf503f9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: must-revalidate
x-amz-cf-id: BmeCSJs3gMSMsLRfMu1TNSmYuERrNBeXNBtpdho0IhzF37tVSLmsPw==

GET
H2 200 XassetrGVaWW53.png
ads.w55c.net/t/d/ Frame D7E9 43 KB
44 KB 11ms
8ms Image
image/png 2600:9000:2491:1200:1b:f040:3600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.w55c.net/t/d/XassetrGVaWW53.png?at=0&rtbhost=conf01-europe-west1.rtb.roku.com&btid=MDUwRjg2MzYwNjU4RkFEMDM4QTg2MDcwNzE4NUU2OTF8R0ZTUUdFN1A3SXwxNjg4NTYyNzQwNzczfDF8WG1FS1o4a2t0eHxYUnpvYlBzTGhWfC0xODEwMjQ0OTM4X0VYfDEwNDQzMXx8fHwuMFB8VVNE&ei=GOOGLE&ac=WFMwUE56aXZTMTpYU2YwU29uZW43fDB8MHxFVVI7&js=0&ob=0&ccw=SUFCOCMwLjgyMDM4NTh8SUFCOC04IzAuNjI3NjE0MnxJQUI4LTcjMC4wOTcyMjg0Mg&ci=Xmwo1n97Q8&psid=NTkzOTA4MTEyNTc&s=https%3A%2F%2Fye-mek.net&ts=1688562740777&c=DE&r=G-HE&epid=R0wxNTIyMg&mi=d2Vi&wp_exchange=NWP
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2491:1200:1b:f040:3600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 96e22a33f827f042ac4b239c21f468a17c87545df3f6b90e100d3a91b253a1e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: 77muH8mujF9NEC9ipS.55iMMWqUaEtvK
date: Wed, 05 Jul 2023 08:13:13 GMT
via: 1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
age: 17948
x-amz-server-side-encryption: AES256
x-amz-meta-width: 728
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-meta-filesize: 44534
x-amz-meta-height: 90
content-length: 44534
last-modified: Wed, 03 May 2023 17:26:36 GMT
server: AmazonS3
etag: "ccf751b21647e448aa5dadd8c05f5ac6"
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: 5nybn9NWutUNvglYLRKukgmwzP4VX6UeJ8kWmiJXbd1McyH29-Ax3w==

GET
H/1.1 200
OK pixel.php
t.hspvst.com/ Frame D7E9 95 B
917 B 92ms
39ms Image
image/png 154.58.197.185

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.hspvst.com/pixel.php?id=2677&t=P&cb=5572207104344787
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 154.58.197.185 -, , ASN (),
Reverse DNS
Software: Apache / PHP/5.4.45-1~dotdeb+7.1
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 05 Jul 2023 13:12:20 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-1~dotdeb+7.1
Transfer-Encoding: chunked
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Content-Type: image/png
Cache-Control: max-age=315360000
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Keep-Alive: timeout=3, max=999
Expires: Sat, 02 Jul 2033 13:12:20 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame D7E9 3 KB
1 KB 42ms
39ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 18:53:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65929
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jul 2023 18:53:32 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame D7E9 20 KB
8 KB 43ms
41ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 17:33:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70719
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jul 2023 17:33:42 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame D7E9 0
0 46ms
44ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQrznfnmVaMFxRRCQHCCruTqQwJghEHtf62_vLyj4BCVlHNc5LkB0R4VZDAGTdDP6Uun-Hi5RDWGav-hn-yh90zkGJ8xw
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame D7E9 24 KB
6 KB 51ms
48ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 19:05:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 324412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 30 Jun 2024 19:05:29 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D7E9 179 KB
56 KB 351ms
349ms Script
text/javascript 2a00:1450:4001:80e::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Jul 2023 13:12:21 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame CDB8 107 B
122 B 61ms
53ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 22C4 0
16 B 174ms
169ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407250215&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688562741007&bpp=10&bdt=169&idt=209&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&nras=1&correlator=7044068159677&frm=8&ife=1&pv=2&ga_vid=670432806.1688562741&ga_sid=1688562741&ga_hid=571393246&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=819287971&scr_x=-12245933&scr_y=-12245933&eid=42532277%2C42532279%2C44759842%2C44759875%2C44759926%2C31075645%2C44788442%2C21065724&oid=2&pvsid=3029861226246386&tmod=922379705&uas=0&nvt=1&fsapi=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.8bjligus8d4v&fsb=1&dtd=244

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 13:12:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CF39 33 KB
14 KB 260ms
259ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688562741017&bpp=3&bdt=179&idt=258&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7044068159677&frm=8&ife=1&pv=1&ga_vid=670432806.1688562741&ga_sid=1688562741&ga_hid=571393246&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=819287971&scr_x=-12245933&scr_y=-12245933&eid=42532277%2C42532279%2C44759842%2C44759875%2C44759926%2C31075645%2C44788442%2C21065724&oid=2&pvsid=3029861226246386&tmod=922379705&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3jlrkcjgj8ak&fsb=1&dtd=264

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5ce67c3741a175e57c05fa03d1a1c2bc635ccae96d11b006fe44590153a6889

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 14009
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 13:12:21 GMT
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 15B5 1 KB
643 B 51ms
51ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 20169
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 07:36:12 GMT
etag: 48472445140208031
expires: Thu, 06 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame FB0C 0
0 89ms
88ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CfMQXNGylZPifJraW9fgPw4mV8Au6iLSPXJzX7u6pCMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMBqgTlAU_Q-7WwDLEZbxbJipKQKMxBG29Q1i9iP_JJqEp_7H-7cJlghhJzXce1c8nzr4hML7vS6Jyx80UQbsVOgZp_odPkHy8bWRGSJIR75c1l2a2ARy63l_3brSfIm8MhrRhgjsugh_14QiOZ8MZaLM9fdcl3XJOTLXggMmEZZvEFdRH8cbA6NSvB8MOFPNjepuVkqvodc0-2bnt-5iOPNb3FnUISIshajTXfnMRq3NxRYpWgymnUYCDUcTEiGaD-J3AdnPWz4_IBAMq8NzIpUoggydgPuuSMyi4l5s5SRbMGHA84zMfLkqzgBAGABqC9t8TOi4GQA6AGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOYAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi03OTgzNjUxMjU3ODM4MjgyGOrBbQ&sigh=bSwg91GQHYU&uach_m=[UACH]&cid=CAQSOwBygQiDMFnwOdpfANXVvxW38NsN-MErEbu9_G39HNKDJc0aiUfeQikKl-EMJ7QuGB2sA-nv_7H7jvbMGAE
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H/1.1 200 a.gif Show response
i.w55c.net/ Frame FB0C 42 B
582 B 13ms
13ms Fetch
image/gif 52.29.25.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://i.w55c.net/a.gif?t=0&rtbhost=conf01-europe-west1.rtb.roku.com&rts=1&btid=N0UwRkYzMTNEQjQwQkVBRjk1OTlENUNFNzNGMEQ5NTV8R0ZJdm81MXJuZnwxNjg4NTYyNzQwNzE4fDF8WG1FS1o4a2t0eHxYUmtnOTdnQmVWfDE5MDQ0MzQyNF9FWHwxMDQ2ODh8fHx8LjBQfFVTRA&ei=GOOGLE&wp_exchange=ZKVsNAAJj_gJHUs2AAVEwzYEtnrEDrHAlHta_A&ac=WFM2YVdYQTl2bjpYU1pHTkNKTWpzfDB8MHxFVVI7&psid=NTkzOTA4MTEyNTc&js=0&ob=0&ccw=SUFCOCMwLjgyMDM4NTh8SUFCOC04IzAuNjI3NjE0MnxJQUI4LTcjMC4wOTcyMjg0Mg&ci=Xmwo1n97Q8&fiu=WG1FS1o4a2t0eA&fid=XmEKZ8kktx&sd=ye-mek.net&s=https%3A%2F%2Fye-mek.net&ts=1688562740722&dvdp=i.w55c.net/dv.jpg&ai=0DaDXCcU00&c=DE&r=G-HE&rnd=1447274174127222&epid=R0wxNTIyMg&ct=b126c92c760c4964ba6058483a07fa14&os=Mm8wMDAy&dc=NzI4NWEyMmNjZmE2NGM1Y2JmMzBmYzExNmQzNGFhNGU&dv=MUxWSXJn&dm=MU1udVZVV21Ndg&l=dHJ8fA&ri=2rxtlU&cip=1&alg=TGcwMDA4&v=0&euid=Q0FFU0VOWEo3WVRscGYwdnpPdXc2Unkwb29F&mt=2cmt0001&mi=d2Vi&dt=2dt0005&tz=RXVyb3BlL0Jlcmxpbg&sg=7V-MfJ2SJk5Aiw_mBg_Yeg&buid=Xdb4DXiaK1Q&hmt=1&hmdp=s.h.w55c.net/2/948461/analytics.gif&hmtiu=9484611643830741015000&uidu=CAESENXJ7YTlpf0vzOuw6Ry0ooE&spidu=GOOGLE&pidu=15222&hmpvu=f46631e2-c227-49ab-888e-46e54c3f755a&hmtsu=3&odtu=2&mtfu=1&crdmu=160x600&cridu=XRkg97gBeV&naoh=i.w55c.net/na.gif&ndgh=i.w55c.net/ng.gif

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.29.25.103 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-29-25-103.eu-central-1.compute.amazonaws.com

Software

PixelTracking/v2.0.30-782-g97d928b#rel-ec2-master i-0afa2568184f9f5d2@eu-central-1b@dxedge-app-eu-central-1-prod-asg /

Resource Hash

47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Jul 2023 13:12:20 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PixelTracking/v2.0.30-782-g97d928b#rel-ec2-master i-0afa2568184f9f5d2@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Content-Type: image/gif
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 42
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 creative_add_on.js Show response
cti.w55c.net/ct/ Frame FB0C 5 KB
2 KB 12ms
12ms Script
application/javascript 2600:9000:2251:8600:3:4706:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cti.w55c.net/ct/creative_add_on.js?w=160&h=600&zindex=0&ci=Xmwo1n97Q8&ei=GOOGLE&ob=0&ai=0DaDXCcU00&epid=R0wxNTIyMg&fiu=WG1FS1o4a2t0eA&s=https%3A%2F%2Fye-mek.net&ciu=XRkg97gBeV&btid=N0UwRkYzMTNEQjQwQkVBRjk1OTlENUNFNzNGMEQ5NTV8R0ZJdm81MXJuZnwxNjg4NTYyNzQwNzE4fDF8WG1FS1o4a2t0eHxYUmtnOTdnQmVWfDE5MDQ0MzQyNF9FWHwxMDQ2ODh8fHx8LjBQfFVTRA&c=DE&dt=2dt0005&sd=ye-mek.net&cip=1&hmt=1&uidu=CAESENXJ7YTlpf0vzOuw6Ry0ooE&spidu=GOOGLE&pidu=15222&hmpvu=f46631e2-c227-49ab-888e-46e54c3f755a&hmtsu=3&odtu=2&mtfu=1&crdmu=160x600&cridu=XRkg97gBeV&

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2251:8600:3:4706:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e8090651b52c256938df2fb0582f24521fe0476939aab81d01b7f31a7ac75beb

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 23:00:35 GMT
x-amz-version-id: 0IYa12QvFdrNK.CC2JhaeEJAYjkhUjCe
content-encoding: br
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 c80ae6bd97b709ed6e4747f0d5ea4efc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
age: 569507
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 17 Sep 2021 21:17:39 GMT
server: AmazonS3
etag: W/"a6c8a5bdec77729759b220b95bf503f9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: must-revalidate
x-amz-cf-id: 9OZcIuqOHDJUo8Uywf7-9j1iJHOHq4LgZs_-VkM0TvlM0uCJMNg5Hw==

GET
H2 200 XassetbR4KDBjT.png
ads.w55c.net/t/d/ Frame FB0C 59 KB
60 KB 11ms
9ms Image
image/png 2600:9000:2491:1200:1b:f040:3600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.w55c.net/t/d/XassetbR4KDBjT.png?at=0&rtbhost=conf01-europe-west1.rtb.roku.com&btid=N0UwRkYzMTNEQjQwQkVBRjk1OTlENUNFNzNGMEQ5NTV8R0ZJdm81MXJuZnwxNjg4NTYyNzQwNzE4fDF8WG1FS1o4a2t0eHxYUmtnOTdnQmVWfDE5MDQ0MzQyNF9FWHwxMDQ2ODh8fHx8LjBQfFVTRA&ei=GOOGLE&ac=WFM2YVdYQTl2bjpYU1pHTkNKTWpzfDB8MHxFVVI7&js=0&ob=0&ccw=SUFCOCMwLjgyMDM4NTh8SUFCOC04IzAuNjI3NjE0MnxJQUI4LTcjMC4wOTcyMjg0Mg&ci=Xmwo1n97Q8&psid=NTkzOTA4MTEyNTc&s=https%3A%2F%2Fye-mek.net&ts=1688562740722&c=DE&r=G-HE&epid=R0wxNTIyMg&mi=d2Vi&wp_exchange=NWP
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2491:1200:1b:f040:3600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: eb50c92ff5b15a922bd4589fac6c472fe6623a63e0e5b66ba764318e07d805a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: ZQ_Y_OC2.z1iwUiDy527qkSSqS932SXT
date: Wed, 05 Jul 2023 05:17:22 GMT
via: 1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
age: 28500
x-amz-server-side-encryption: AES256
x-amz-meta-width: 160
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-meta-filesize: 60596
x-amz-meta-height: 600
content-length: 60596
last-modified: Wed, 03 May 2023 17:26:36 GMT
server: AmazonS3
etag: "3c112769d53f6f92ebc24ae9949cc3ce"
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: T3t8Bt2TMjYXzg_V9zUFQkuOISRm6FV_dc5B88uJzUhel3tSF91uAg==

GET
H/1.1 200
OK pixel.php
t.hspvst.com/ Frame FB0C 95 B
917 B 41ms
39ms Image
image/png 154.58.197.185

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.hspvst.com/pixel.php?id=2677&t=P&cb=1447274174127222
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 154.58.197.185 -, , ASN (),
Reverse DNS
Software: Apache / PHP/5.4.45-1~dotdeb+7.1
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 05 Jul 2023 13:12:20 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-1~dotdeb+7.1
Transfer-Encoding: chunked
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Content-Type: image/png
Cache-Control: max-age=315360000
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Keep-Alive: timeout=3, max=998
Expires: Sat, 02 Jul 2033 13:12:20 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame FB0C 3 KB
1 KB 44ms
42ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 18:53:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65929
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jul 2023 18:53:32 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame FB0C 20 KB
8 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 17:33:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70719
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jul 2023 17:33:42 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame FB0C 0
0 45ms
43ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSwBHGBLkIu9WOcrvOUAKvscL48mEsM1hx9ECCr03qwO0PS-9XFjC4Xfgkl8-c67CI6EBkYUgVmkyGNHwlSe0Olv9-ndA
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame FB0C 24 KB
6 KB 47ms
45ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 19:05:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 324412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 30 Jun 2024 19:05:29 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FB0C 179 KB
56 KB 280ms
278ms Script
text/javascript 2a00:1450:4001:80e::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Jul 2023 13:12:21 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 81C7 624 B
242 B 82ms
79ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNEDENWYWRjzjcnuATAB&v=APEucNXN4qwrUmarwoIH7-6AXUns0NpTzzaYVxXJ-pkKtzNH5jhFE-uYhi-7ufD8THkb_xJ2IcYyOGcre_UpbpdYis_m9khXZpgcsgF1GKcDneUus2szQW3VfrvdbLcBUqd_Ret-eOR7T4wqZIdmy0tfdpCAWpfpG5Y2A35RcHjbBMxEj7eZAgg

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 13:12:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 59DD 78 KB
27 KB 111ms
111ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 05 Jul 2023 13:12:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 59DD 42 B
63 B 85ms
84ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AIsRDimYL4I52DeYD9_aemyqEWGRhtnygddP8VszpvrBfoLfv7F6FRVv7syZYF0A6Ggrf8nIPypHB4nRpmbjAWbzTeS9ml50ZLUnEwzwxSdZAG5Lg

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 59DD 0
20 B 85ms
85ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=11988300799189827388&x=1&ct=76

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 59DD 3 KB
1 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 18:53:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65929
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jul 2023 18:53:32 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 59DD 20 KB
8 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 17:33:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70719
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jul 2023 17:33:42 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 59DD 0
0 47ms
47ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSeEjnvZZYFNGlzMje0VDjlM6hQaDgWPHmnP_lTuefSbOeP8B4pxy1BwAzLaR6--b3V_MaaPkSs2YNBH2kcRGlHQb9-Vw
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 59DD 179 KB
56 KB 298ms
298ms Script
text/javascript 2a00:1450:4001:80e::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Jul 2023 13:12:21 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 828A 0
0 84ms
84ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C1GauNGylZOS-JYLmbcSajeAIuoi0j1yc1-7uqQjAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNzk4MzY1MTI1NzgzODI4MsgBCeACAKgDAaoE4wFP0JY3Ahmlr0JWSAa-COL_WjfANqrEg48avkoqS9zzj0U8DMhF9wyj0AJ_jHJ32twB85fyVvqXC4goMFhMXusOT_14gKWZmm_6kMw7_1jThsHXBmzQ_0Z9l7D1SNPZlE2abTugrnPIuogrvnanRFtTdO0m1xMrNK6aHy7UJKmjbJf3M6fbTtE_I6E0PhectxiaIFAhrLvXI5EblgAt3e3VhUxMAnkn7T66BQalreqdls_nMnB6dHuKOper1sF6tA6Ge1pUgyvIeGO_oIZ2xDAPbH2YTIXqkzpGc_CfaN_OFKqAUOAEAYAGqtCz49CR94-5AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOYAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi03OTgzNjUxMjU3ODM4MjgyGOrBbQ&sigh=EpMeV9z6WfM&uach_m=[UACH]&cid=CAQSOwBygQiDJhh8qjAcKMRuqI_9qu9F72iAUsUnbpslGg0BRheuS3Jg1BzWQ9fYplvUPGoCQEO6d24xE4qGGAE
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H/1.1 200 a.gif Show response
i.w55c.net/ Frame 828A 42 B
582 B 19ms
9ms Fetch
image/gif 52.29.25.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://i.w55c.net/a.gif?t=0&rtbhost=conf01-europe-west1.rtb.roku.com&rts=1&btid=OUI4Q0M3OTA0RkFERUFEMkVDN0M5Q0EwNkZFMDk0MDN8R0ZDbGxKbmhicnwxNjg4NTYyNzQwNzIyfDF8WG1FS1o4a2t0eHxYUk9ocXNjZmdSfC00OTY0MDQ0MF9FWHwxMDQwNjV8fHx8LjBQfFVTRA&ei=GOOGLE&wp_exchange=ZKVsNAAJX2QKG3MCAANNRLQkb3OGU9q2wXNGSQ&ac=WFMwUE56aXZTMTpYU1pHTkNKTWpzfDB8MHxFVVI7&psid=NTkzOTA4MTEyNTc&js=0&ob=0&ccw=SUFCOCMwLjgyMDM4NTh8SUFCOC04IzAuNjI3NjE0MnxJQUI4LTcjMC4wOTcyMjg0Mg&ci=Xmwo1n97Q8&fiu=WG1FS1o4a2t0eA&fid=XmEKZ8kktx&sd=ye-mek.net&s=https%3A%2F%2Fye-mek.net&ts=1688562740725&dvdp=i.w55c.net/dv.jpg&ai=0DaDXCcU00&c=DE&r=G-HE&rnd=4534605548436326&epid=R0wxNTIyMg&ct=b126c92c760c4964ba6058483a07fa14&os=Mm8wMDAy&dc=NzI4NWEyMmNjZmE2NGM1Y2JmMzBmYzExNmQzNGFhNGU&dv=MUxWSXJn&dm=MU1udVZVV21Ndg&l=dHJ8fA&ri=2rxtlU&cip=1&alg=TGcwMDA4&v=0&euid=Q0FFU0VFZFZYSVdLMm8zY0NvVkJZcXZzZEdv&mt=2cmt0001&mi=d2Vi&dt=2dt0005&tz=RXVyb3BlL0Jlcmxpbg&sg=Rmr-iJ7hmZiqSRd1pSJXiQ&buid=Xdb4DXiaK1Q&hmt=1&hmdp=s.h.w55c.net/2/948461/analytics.gif&hmtiu=9484611643830741015000&uidu=CAESEEdVXIWK2o3cCoVBYqvsdGo&spidu=GOOGLE&pidu=15222&hmpvu=956376ed-65ab-4a74-ae34-02d56183055f&hmtsu=3&odtu=2&mtfu=1&crdmu=300x250&cridu=XROhqscfgR&naoh=i.w55c.net/na.gif&ndgh=i.w55c.net/ng.gif

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.29.25.103 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-29-25-103.eu-central-1.compute.amazonaws.com

Software

PixelTracking/v2.0.30-782-g97d928b#rel-ec2-master i-036c9e308bb7e39b5@eu-central-1b@dxedge-app-eu-central-1-prod-asg /

Resource Hash

47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Jul 2023 13:12:21 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PixelTracking/v2.0.30-782-g97d928b#rel-ec2-master i-036c9e308bb7e39b5@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Content-Type: image/gif
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 42
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 creative_add_on.js Show response
cti.w55c.net/ct/ Frame 828A 5 KB
2 KB 13ms
2ms Script
application/javascript 2600:9000:2251:8600:3:4706:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cti.w55c.net/ct/creative_add_on.js?w=300&h=250&zindex=0&ci=Xmwo1n97Q8&ei=GOOGLE&ob=0&ai=0DaDXCcU00&epid=R0wxNTIyMg&fiu=WG1FS1o4a2t0eA&s=https%3A%2F%2Fye-mek.net&ciu=XROhqscfgR&btid=OUI4Q0M3OTA0RkFERUFEMkVDN0M5Q0EwNkZFMDk0MDN8R0ZDbGxKbmhicnwxNjg4NTYyNzQwNzIyfDF8WG1FS1o4a2t0eHxYUk9ocXNjZmdSfC00OTY0MDQ0MF9FWHwxMDQwNjV8fHx8LjBQfFVTRA&c=DE&dt=2dt0005&sd=ye-mek.net&cip=1&hmt=1&uidu=CAESEEdVXIWK2o3cCoVBYqvsdGo&spidu=GOOGLE&pidu=15222&hmpvu=956376ed-65ab-4a74-ae34-02d56183055f&hmtsu=3&odtu=2&mtfu=1&crdmu=300x250&cridu=XROhqscfgR&

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2251:8600:3:4706:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e8090651b52c256938df2fb0582f24521fe0476939aab81d01b7f31a7ac75beb

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 23:00:35 GMT
x-amz-version-id: 0IYa12QvFdrNK.CC2JhaeEJAYjkhUjCe
content-encoding: br
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 c80ae6bd97b709ed6e4747f0d5ea4efc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
age: 569507
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 17 Sep 2021 21:17:39 GMT
server: AmazonS3
etag: W/"a6c8a5bdec77729759b220b95bf503f9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: must-revalidate
x-amz-cf-id: 9AGRmMphvY3KqIDvo_R5c1z5XHkAl76IifXGSc7ra9ZHNOB1guihpw==

GET
H2 200 XassetCEYbEcSW.png
ads.w55c.net/t/d/ Frame 828A 64 KB
64 KB 17ms
6ms Image
image/png 2600:9000:2491:1200:1b:f040:3600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.w55c.net/t/d/XassetCEYbEcSW.png?at=0&rtbhost=conf01-europe-west1.rtb.roku.com&btid=OUI4Q0M3OTA0RkFERUFEMkVDN0M5Q0EwNkZFMDk0MDN8R0ZDbGxKbmhicnwxNjg4NTYyNzQwNzIyfDF8WG1FS1o4a2t0eHxYUk9ocXNjZmdSfC00OTY0MDQ0MF9FWHwxMDQwNjV8fHx8LjBQfFVTRA&ei=GOOGLE&ac=WFMwUE56aXZTMTpYU1pHTkNKTWpzfDB8MHxFVVI7&js=0&ob=0&ccw=SUFCOCMwLjgyMDM4NTh8SUFCOC04IzAuNjI3NjE0MnxJQUI4LTcjMC4wOTcyMjg0Mg&ci=Xmwo1n97Q8&psid=NTkzOTA4MTEyNTc&s=https%3A%2F%2Fye-mek.net&ts=1688562740725&c=DE&r=G-HE&epid=R0wxNTIyMg&mi=d2Vi&wp_exchange=NWP
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2491:1200:1b:f040:3600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7cc53b9adf139d3c48666f76e1d316281c5e9065f7eeaa3fb329057c397f83e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: pTSK_3aD6MH1NhuW2vrruciFx4wLs9g_
date: Wed, 05 Jul 2023 05:15:41 GMT
via: 1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
age: 28603
x-amz-server-side-encryption: AES256
x-amz-meta-width: 300
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-meta-filesize: 65085
x-amz-meta-height: 250
content-length: 65085
last-modified: Wed, 03 May 2023 17:26:36 GMT
server: AmazonS3
etag: "38988cf71c0e9e66d0bb0693f05250c3"
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: RobXzV3IStcRQaGKpl_OkYXXqYPnv3XduIqCnWCAsAPEbBCxA4DRyA==

GET
H/1.1 200
OK pixel.php
t.hspvst.com/ Frame 828A 95 B
918 B 39ms
36ms Image
image/png 154.58.197.185

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.hspvst.com/pixel.php?id=2677&t=P&cb=4534605548436326
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 154.58.197.185 -, , ASN (),
Reverse DNS
Software: Apache / PHP/5.4.45-1~dotdeb+7.1
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 05 Jul 2023 13:12:21 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-1~dotdeb+7.1
Transfer-Encoding: chunked
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Content-Type: image/png
Cache-Control: max-age=315360000
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Keep-Alive: timeout=3, max=1000
Expires: Sat, 02 Jul 2033 13:12:21 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 828A 3 KB
1 KB 72ms
69ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 18:53:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65929
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jul 2023 18:53:32 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 828A 20 KB
8 KB 43ms
40ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 17:33:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70719
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jul 2023 17:33:42 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 828A 0
0 50ms
41ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaROLBanOl9GIoJvnUKnsLLo8P2EJOJbZnHMd5bRrHL2KQAUSbFPiXNd0D0Isrv_AyNM7YA-viIUgSjchmyItWoSzN7SqQ
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 828A 24 KB
6 KB 49ms
42ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 19:05:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 324412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 30 Jun 2024 19:05:29 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 828A 179 KB
56 KB 231ms
221ms Script
text/javascript 2a00:1450:4001:80e::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Jul 2023 13:12:21 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame B2F9 0
0 89ms
83ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C7Ov6NGylZIbFJpHcbPaGgJAHuoi0j1yc1-7uqQjAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNzk4MzY1MTI1NzgzODI4MsgBCeACAKgDAaoE9QFP0EFGHh0WJwMg9qKYESpN_sZXMasnc39M5s1JItvh98OmMTt8fumourG-V4cwvPToBW3AKvpXtyC5okBsSNKYMZZTZ5YTixU9gcVSDh9bjXAtU1U_uqRLEfvmkuh-lAzpLecj4KiO1mQ-jKyoniA-dCsE_Es7IJhoP_AwzpUX2WZ4JWayTyTEgdCrDPwAtVDxQP9PwNgAYRcoOlvbW8qV7bmO6wluTV9feYajvg8D2aUDGpDX9RFEy7MPTmU8aS_yZDfx1537UhN8kLKi503Ua0bLB2ysTeOC2hedvogQJnb-8wuZQysZZ7Nm-kL6T_3Ss9QkPeAEAYAG0cmll-ullpXrAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOYAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi03OTgzNjUxMjU3ODM4MjgyGOrBbQ&sigh=8u1B0TASE7Q&uach_m=[UACH]&cid=CAQSOwBygQiD6okycz8O6M-M_7tToSBVTba3ggWmvCt3T7e57XYtlQGNweWjPjcYHc2n6yFmrD63ZlRp4RpdGAE
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H/1.1 200 a.gif Show response
i.w55c.net/ Frame B2F9 42 B
582 B 23ms
12ms Fetch
image/gif 52.29.25.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://i.w55c.net/a.gif?t=0&rtbhost=conf01-europe-west1.rtb.roku.com&rts=1&btid=MzYxMzBBMDhDQzEyNTIyNEFBNEU5RTU2OTEzNUExNDB8R0ZyN2FrNkJsVnwxNjg4NTYyNzQwNzk4fDF8WG1FS1o4a2t0eHxYUnpvYlBzTGhWfDExNzQ0OTcwNTBfRVh8MTA0MzMwfHx8fC4wUHxVU0Q&ei=GOOGLE&wp_exchange=ZKVsNAAJooYKGy4RAAADdpjk5sJKwhYMWUEAdQ&ac=WFMwUE56aXZTMTpYU1pHTkNKTWpzfDB8MHxFVVI7&psid=NTkzOTA4MTEyNTc&js=0&ob=0&ccw=SUFCOCMwLjgyMDM4NTh8SUFCOC04IzAuNjI3NjE0MnxJQUI4LTcjMC4wOTcyMjg0Mg&ci=Xmwo1n97Q8&fiu=WG1FS1o4a2t0eA&fid=XmEKZ8kktx&sd=ye-mek.net&s=https%3A%2F%2Fye-mek.net&ts=1688562740801&dvdp=i.w55c.net/dv.jpg&ai=0DaDXCcU00&c=DE&r=G-HE&rnd=4653973783243144&epid=R0wxNTIyMg&ct=b126c92c760c4964ba6058483a07fa14&os=Mm8wMDAy&dc=NzI4NWEyMmNjZmE2NGM1Y2JmMzBmYzExNmQzNGFhNGU&dv=MUxWSXJn&dm=MU1udVZVV21Ndg&l=dHJ8fA&ri=2rxtlU&cip=1&alg=TGcwMDA4&v=0&euid=Q0FFU0VBSnlLajdGNFlBazl1ZWJxRzQ0akNF&mt=2cmt0001&mi=d2Vi&dt=2dt0005&tz=RXVyb3BlL0Jlcmxpbg&sg=MwFt1FaKOSnproAtdDm5Pg&buid=Xdb4DXiaK1Q&hmt=1&hmdp=s.h.w55c.net/2/948461/analytics.gif&hmtiu=9484611643830741015000&uidu=CAESEAJyKj7F4YAk9uebqG44jCE&spidu=GOOGLE&pidu=15222&hmpvu=586b56bf-36fb-48bf-8a7f-e7a6e02f5bb4&hmtsu=3&odtu=2&mtfu=1&crdmu=728x90&cridu=XRzobPsLhV&naoh=i.w55c.net/na.gif&ndgh=i.w55c.net/ng.gif

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.29.25.103 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-29-25-103.eu-central-1.compute.amazonaws.com

Software

PixelTracking/v2.0.30-782-g97d928b#rel-ec2-master i-036c9e308bb7e39b5@eu-central-1b@dxedge-app-eu-central-1-prod-asg /

Resource Hash

47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Jul 2023 13:12:21 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PixelTracking/v2.0.30-782-g97d928b#rel-ec2-master i-036c9e308bb7e39b5@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Content-Type: image/gif
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 42
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 creative_add_on.js Show response
cti.w55c.net/ct/ Frame B2F9 5 KB
2 KB 20ms
15ms Script
application/javascript 2600:9000:2251:8600:3:4706:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cti.w55c.net/ct/creative_add_on.js?w=728&h=90&zindex=0&ci=Xmwo1n97Q8&ei=GOOGLE&ob=0&ai=0DaDXCcU00&epid=R0wxNTIyMg&fiu=WG1FS1o4a2t0eA&s=https%3A%2F%2Fye-mek.net&ciu=XRzobPsLhV&btid=MzYxMzBBMDhDQzEyNTIyNEFBNEU5RTU2OTEzNUExNDB8R0ZyN2FrNkJsVnwxNjg4NTYyNzQwNzk4fDF8WG1FS1o4a2t0eHxYUnpvYlBzTGhWfDExNzQ0OTcwNTBfRVh8MTA0MzMwfHx8fC4wUHxVU0Q&c=DE&dt=2dt0005&sd=ye-mek.net&cip=1&hmt=1&uidu=CAESEAJyKj7F4YAk9uebqG44jCE&spidu=GOOGLE&pidu=15222&hmpvu=586b56bf-36fb-48bf-8a7f-e7a6e02f5bb4&hmtsu=3&odtu=2&mtfu=1&crdmu=728x90&cridu=XRzobPsLhV&

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2251:8600:3:4706:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e8090651b52c256938df2fb0582f24521fe0476939aab81d01b7f31a7ac75beb

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 23:00:35 GMT
x-amz-version-id: 0IYa12QvFdrNK.CC2JhaeEJAYjkhUjCe
content-encoding: br
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 c80ae6bd97b709ed6e4747f0d5ea4efc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
age: 569507
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 17 Sep 2021 21:17:39 GMT
server: AmazonS3
etag: W/"a6c8a5bdec77729759b220b95bf503f9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: must-revalidate
x-amz-cf-id: m9Ghk9k2TB-_vGmJGCFHT4D7HtYQS3sgg_cteCNS8w9FDTRdDOR_WQ==

GET
H2 200 XassetrGVaWW53.png
ads.w55c.net/t/d/ Frame B2F9 43 KB
44 KB 18ms
14ms Image
image/png 2600:9000:2491:1200:1b:f040:3600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.w55c.net/t/d/XassetrGVaWW53.png?at=0&rtbhost=conf01-europe-west1.rtb.roku.com&btid=MzYxMzBBMDhDQzEyNTIyNEFBNEU5RTU2OTEzNUExNDB8R0ZyN2FrNkJsVnwxNjg4NTYyNzQwNzk4fDF8WG1FS1o4a2t0eHxYUnpvYlBzTGhWfDExNzQ0OTcwNTBfRVh8MTA0MzMwfHx8fC4wUHxVU0Q&ei=GOOGLE&ac=WFMwUE56aXZTMTpYU1pHTkNKTWpzfDB8MHxFVVI7&js=0&ob=0&ccw=SUFCOCMwLjgyMDM4NTh8SUFCOC04IzAuNjI3NjE0MnxJQUI4LTcjMC4wOTcyMjg0Mg&ci=Xmwo1n97Q8&psid=NTkzOTA4MTEyNTc&s=https%3A%2F%2Fye-mek.net&ts=1688562740801&c=DE&r=G-HE&epid=R0wxNTIyMg&mi=d2Vi&wp_exchange=NWP
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2491:1200:1b:f040:3600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 96e22a33f827f042ac4b239c21f468a17c87545df3f6b90e100d3a91b253a1e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: 77muH8mujF9NEC9ipS.55iMMWqUaEtvK
date: Wed, 05 Jul 2023 08:13:13 GMT
via: 1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
age: 17948
x-amz-server-side-encryption: AES256
x-amz-meta-width: 728
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-meta-filesize: 44534
x-amz-meta-height: 90
content-length: 44534
last-modified: Wed, 03 May 2023 17:26:36 GMT
server: AmazonS3
etag: "ccf751b21647e448aa5dadd8c05f5ac6"
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: aOZPtM-pLxd2kjonvab4RoB22GvMr2XsCjC-ykUsA1S8proHR5_Vfw==

GET
H/1.1 200
OK pixel.php
t.hspvst.com/ Frame B2F9 95 B
917 B 67ms
35ms Image
image/png 154.58.197.185

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.hspvst.com/pixel.php?id=2677&t=P&cb=4653973783243144
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 154.58.197.185 -, , ASN (),
Reverse DNS
Software: Apache / PHP/5.4.45-1~dotdeb+7.1
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 05 Jul 2023 13:12:20 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-1~dotdeb+7.1
Transfer-Encoding: chunked
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Content-Type: image/png
Cache-Control: max-age=315360000
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Keep-Alive: timeout=3, max=997
Expires: Sat, 02 Jul 2033 13:12:20 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame B2F9 3 KB
1 KB 68ms
64ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 18:53:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65929
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jul 2023 18:53:32 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame B2F9 20 KB
8 KB 52ms
49ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 17:33:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70719
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jul 2023 17:33:42 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame B2F9 0
0 50ms
46ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQipt7WDA9jw7mvNenCniBUt3u9qRSFLBgzH9nOOiAT0aHspSV2XbWXS_Id-N620rfTKSp-bzZ_us4ehr3OA5km-3WdWg
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame B2F9 24 KB
6 KB 56ms
53ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 19:05:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 324412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 30 Jun 2024 19:05:29 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B2F9 179 KB
56 KB 250ms
246ms Script
text/javascript 2a00:1450:4001:80e::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Jul 2023 13:12:21 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2F84 1 KB
643 B 38ms
38ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 20169
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 07:36:12 GMT
etag: 48472445140208031
expires: Thu, 06 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 8417 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5fc880a3661f92a71e6eb4fd8f631163ce54b36da67818330c81c9cb95931828

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5806 1 KB
643 B 38ms
38ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 20169
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 07:36:12 GMT
etag: 48472445140208031
expires: Thu, 06 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame D7E9 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d76304237207d68453937c45c67f10edce375f7a3a45f6d0749b8b0d1fb13f30

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5CE5 1 KB
643 B 43ms
39ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 20169
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 07:36:12 GMT
etag: 48472445140208031
expires: Thu, 06 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame FB0C 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f77af93ce95818bb2c72cb06b3b946e090a099eb68d62c44a47288aa618f91ae

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D50D 1 KB
643 B 42ms
37ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 20169
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 07:36:12 GMT
etag: 48472445140208031
expires: Thu, 06 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 15B5
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEKSYfxeg4SxuqFgwEph5Igs&google_cver=1&google_push=AaAOQGFZEzN_bb_z11DXd2L4PaFs3WdblU3k5KYC66bcKgTk_rOdTZfWzNNXZ4z5VFw6142odE-LQqHEl6U1BP2L1khDo7XLfXxQ3...
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzI1NjQ1NTYzODE2MDg2MTgxNw==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHXCYoEUuxdb9AG5uFJwt8U&google_cver=1

43 B
398 B

61ms
13ms

Image
image/gif

2001:678:cb4:bbbb::11

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHXCYoEUuxdb9AG5uFJwt8U&google_cver=1
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2001:678:cb4:bbbb::11 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 05 Jul 2023 13:12:20 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHXCYoEUuxdb9AG5uFJwt8U&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 15B5
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESELmPvPPG3c9tRcUBD4P1LFo&google_push=AaAOQGECElmOLLVDqKR17qHYTm6nIuwDNvgAnERVZ0aOvAiz9sqJn8WM4T...

170 B
232 B

64ms
63ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESELmPvPPG3c9tRcUBD4P1LFo&google_push=AaAOQGECElmOLLVDqKR17qHYTm6nIuwDNvgAnERVZ0aOvAiz9sqJn8WM4TIkK7zItOm0MQAb5LNX-Vvfli67cwAuqfiVD9ecjoXOKJ68JJWY_fU-8DEO1G54e677Exta2ntpKHaGa_Uecm8cRQ

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230042-FRA
pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1688562741.463973,VS0,VE88
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESELmPvPPG3c9tRcUBD4P1LFo&google_push=AaAOQGECElmOLLVDqKR17qHYTm6nIuwDNvgAnERVZ0aOvAiz9sqJn8WM4TIkK7zItOm0MQAb5LNX-Vvfli67cwAuqfiVD9ecjoXOKJ68JJWY_fU-8DEO1G54e677Exta2ntpKHaGa_Uecm8cRQ
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 15B5 0
187 B 147ms
9ms Image
text/plain 98.98.134.242

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESELJV0oCKLgy2_5pN6rLt6NI&google_cver=1&google_push=AaAOQGHV46wvH2xoyyuDWaJMwNff4Va8mBuu9DQ6OH1w8BgdaxyBXkxwUDNSPv29CCslixJXkhdrtsjFCPgFArWfKjwK-g1Y_B2Q7-9_9J_3w2G1kq921Q8AOXWG9HHsph_MBI1guS4-OeZ_Cg
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.242 -, , ASN (),
Reverse DNS
Software: A /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
cache-control: max-age=0,no-cache,no-store
server: A
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 15B5 43 B
245 B 79ms
24ms Image
image/gif 35.186.253.211

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEDht-1Yj1zdB7xp1PbJgwAQ&google_cver=1&google_push=AaAOQGHiJJsobUsAyJ_7ZmyA6AZ07XYyAvDrrIdBRJqZekUk60pH7k2UGa7jLTK2ava8fZajqiMBYKq3plGBtP7xxHv6ZPdOzkxDx6ixIU1IDMsxc7zzsbAYHv9xp6-5HSkBXxpCpO8QtsMnEA
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 15B5
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPOKm3__FORGqkuRYxfhrrs&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEPOKm3__FORGqkuRYxfhrrs&google_push=Aa...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPOKm3__FORGqkuRYxfhrrs&google_hm=ZKVsNeQlRcaOsAk3li2-CgAACJsAAAAB&google_nid=index&google_push=AaAOQGECTaXpd1cJJg7O51RHGWN7TdR2QBjYY...

170 B
232 B

66ms
51ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPOKm3__FORGqkuRYxfhrrs&google_hm=ZKVsNeQlRcaOsAk3li2-CgAACJsAAAAB&google_nid=index&google_push=AaAOQGECTaXpd1cJJg7O51RHGWN7TdR2QBjYY6OsZPgkiBL-rIFGm8CEhBee5moiwNM8rSmV30fpf8wrr94Rx4w-KCUze_xos2yU1VUMkdo9NlwbWM4DFaUOUpwor5jlgzocNAOghYeycBGR

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 05 Jul 2023 13:12:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEPOKm3__FORGqkuRYxfhrrs&google_hm=ZKVsNeQlRcaOsAk3li2-CgAACJsAAAAB&google_nid=index&google_push=AaAOQGECTaXpd1cJJg7O51RHGWN7TdR2QBjYY6OsZPgkiBL-rIFGm8CEhBee5moiwNM8rSmV30fpf8wrr94Rx4w-KCUze_xos2yU1VUMkdo9NlwbWM4DFaUOUpwor5jlgzocNAOghYeycBGR
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 0
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 15B5
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEDD9eJp_l54lbwd2WxOPxXM&google_cver=1&google_push=AaAOQGErFTbk2w_u1TcdUaEX01d_Iqax3VmIuSPKqN9JnJbuRL0DdoywC_QgYvw4tVuNYy1tW16NE8kEU9IslQuJSq_3iS...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEDD9eJp_l54lbwd2WxOPxXM&google_cver=1&google_push=AaAOQGErFTbk2w_u1TcdUaEX01d_Iqax3VmIuSPKqN9JnJbuRL0DdoywC_QgYvw4tVuNYy1tW16NE8kEU9IslQuJ...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aC08-LogQn2qwH6BbD37KQ&google_push=AaAOQGErFTbk2w_u1TcdUaEX01d_Iqax3VmIuSPKqN9JnJbuRL0DdoywC_QgYvw4tVuNYy1tW16NE8kEU9IslQu...

170 B
188 B

55ms
54ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aC08-LogQn2qwH6BbD37KQ&google_push=AaAOQGErFTbk2w_u1TcdUaEX01d_Iqax3VmIuSPKqN9JnJbuRL0DdoywC_QgYvw4tVuNYy1tW16NE8kEU9IslQuJSq_3iSmbOrLJ4JkDrLJjGQU7lg-hvDdAVrbKCPayQof4VrMfz1aEJNyo-Q

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aC08-LogQn2qwH6BbD37KQ&google_push=AaAOQGErFTbk2w_u1TcdUaEX01d_Iqax3VmIuSPKqN9JnJbuRL0DdoywC_QgYvw4tVuNYy1tW16NE8kEU9IslQuJSq_3iSmbOrLJ4JkDrLJjGQU7lg-hvDdAVrbKCPayQof4VrMfz1aEJNyo-Q
access-control-allow-origin: *
date: Wed, 05 Jul 2023 13:12:21 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

/
onetag-sys.com/match/ Frame 15B5
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEPa8TJOH2bRBg_hoY-y_ItQ&google_cver=1&google_push=AaAOQGG810mortbE1uzzXS0-TWPfRYDQHUsEK_0gHxMkPXmJxgRHzpqeLhlfR6Fo3VcRforrlpOQgaMzCBs...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGG810mortbE1uzzXS0-TWPfRYDQHUsEK_0gHxMkPXmJxgRHzpqeLhlfR6Fo3VcRforrlpOQgaMzCBsnd3l2TVarMI2MxM0tNzZIfYHEJXLMkw4UTkYy...
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

28ms
28ms

Image
text/plain

51.75.86.98

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

51.75.86.98 -, , ASN (),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 15B5 0
139 B 184ms
46ms Image
text/html 142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Ln0nCdk8pSErd1Ve2CHnyfEv0gUQbd50NmfQRfk-Osd6eV9p447V4ar6EP1YzA7DrN-NWAnA

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 81C7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN_lGS204E6DEfGfT_OcGB8&google_cver=1

43 B
632 B

18ms
8ms

Image
image/gif

185.80.39.216

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN_lGS204E6DEfGfT_OcGB8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNEDENWYWRjzjcnuATAB&v=APEucNXN4qwrUmarwoIH7-6AXUns0NpTzzaYVxXJ-pkKtzNH5jhFE-uYhi-7ufD8THkb_xJ2IcYyOGcre_UpbpdYis_m9khXZpgcsgF1GKcDneUus2szQW3VfrvdbLcBUqd_Ret-eOR7T4wqZIdmy0tfdpCAWpfpG5Y2A35RcHjbBMxEj7eZAgg
Protocol: HTTP/1.1
Server: 185.80.39.216 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Jul 2023 13:12:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN_lGS204E6DEfGfT_OcGB8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 81C7
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZKVsNeQlRcaOsAk3li2.CgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN_lGS204E6DEfGfT_OcGB8&google_cver=1&google_hm=2

43 B
632 B

15ms
7ms

Image
image/gif

185.80.39.216

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN_lGS204E6DEfGfT_OcGB8&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNEDENWYWRjzjcnuATAB&v=APEucNXN4qwrUmarwoIH7-6AXUns0NpTzzaYVxXJ-pkKtzNH5jhFE-uYhi-7ufD8THkb_xJ2IcYyOGcre_UpbpdYis_m9khXZpgcsgF1GKcDneUus2szQW3VfrvdbLcBUqd_Ret-eOR7T4wqZIdmy0tfdpCAWpfpG5Y2A35RcHjbBMxEj7eZAgg
Protocol: HTTP/1.1
Server: 185.80.39.216 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Jul 2023 13:12:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN_lGS204E6DEfGfT_OcGB8&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 81C7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPTBNOz_KdhMh7f5GhVi-l8&google_cver=1

43 B
1 KB

17ms
7ms

Image
image/gif

37.252.171.53

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPTBNOz_KdhMh7f5GhVi-l8&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNEDENWYWRjzjcnuATAB&v=APEucNXN4qwrUmarwoIH7-6AXUns0NpTzzaYVxXJ-pkKtzNH5jhFE-uYhi-7ufD8THkb_xJ2IcYyOGcre_UpbpdYis_m9khXZpgcsgF1GKcDneUus2szQW3VfrvdbLcBUqd_Ret-eOR7T4wqZIdmy0tfdpCAWpfpG5Y2A35RcHjbBMxEj7eZAgg

Protocol

HTTP/1.1

Server

37.252.171.53 -, , ASN (),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Jul 2023 13:12:21 GMT
AN-X-Request-Uuid: ea1a08a6-127c-410b-b7a6-4b7e3cf4f304
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 185.213.155.134; 185.213.155.134; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPTBNOz_KdhMh7f5GhVi-l8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 81C7
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzMxMjk0NjE4NzYwNTk2MjA1Ng%3D%3D

170 B
232 B

72ms
57ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzMxMjk0NjE4NzYwNTk2MjA1Ng%3D%3D

Requested by

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 05 Jul 2023 13:12:21 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.134; 185.213.155.134; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 582e9220-9b69-47df-88be-bab7018e3b4f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzMxMjk0NjE4NzYwNTk2MjA1Ng%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 2F84
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAZXwYKpu058-D_rmnPMksw&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SVpJMGNXTlgxUWgyaVY1&google_gid=CAESEAZXwYKpu058-D_rmnPMksw&google_cver=1&google_push=AaAOQGEj2TxVGOPsdZAwRuj93lKBADRiO5xecC_O6zydT_m...

170 B
243 B

72ms
57ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SVpJMGNXTlgxUWgyaVY1&google_gid=CAESEAZXwYKpu058-D_rmnPMksw&google_cver=1&google_push=AaAOQGEj2TxVGOPsdZAwRuj93lKBADRiO5xecC_O6zydT_mbk1wpTtm_cmYGI-8MHjXYDY7C_zBAxpfoj5ZKpODUyEyqChRdSz20xA

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 05 Jul 2023 13:12:21 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-782-g97d928b#rel-ec2-master i-036c9e308bb7e39b5@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SVpJMGNXTlgxUWgyaVY1&google_gid=CAESEAZXwYKpu058-D_rmnPMksw&google_cver=1&google_push=AaAOQGEj2TxVGOPsdZAwRuj93lKBADRiO5xecC_O6zydT_mbk1wpTtm_cmYGI-8MHjXYDY7C_zBAxpfoj5ZKpODUyEyqChRdSz20xA
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 2F84
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEJaQbbqnauCRJ6mxWcu3VCk&google_cver=1&google_push=AaAOQGENJ4sfrGhikd07nM5AZTH7u5sBxaUZAvK1T45FqvYRjjw-WYZwn9WjQOEdgaJEdpdRKmv9eyyuPrz_n5mn...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGENJ4sfrGhikd07nM5AZTH7u5sBxaUZAvK1T45FqvYRjjw-WYZwn9WjQOEdgaJEdpdRKmv9eyyuPrz_n5mnZmyB1f2VRvfUfw

170 B
232 B

73ms
60ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGENJ4sfrGhikd07nM5AZTH7u5sBxaUZAvK1T45FqvYRjjw-WYZwn9WjQOEdgaJEdpdRKmv9eyyuPrz_n5mnZmyB1f2VRvfUfw

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 05 Jul 2023 13:12:21 GMT
Server: MT3 1031 59fd23a master zrh zrh-pixel-x11 config_version:"1524"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGENJ4sfrGhikd07nM5AZTH7u5sBxaUZAvK1T45FqvYRjjw-WYZwn9WjQOEdgaJEdpdRKmv9eyyuPrz_n5mnZmyB1f2VRvfUfw
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 05 Jul 2023 13:12:20 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 2F84
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEIxgqLNEfnjPsHyDuoPdFqM&google_cver=1&google_push=AaAOQGE4gQpfBLZ2pAsJuKtF-E_z-r056KB-0zHj8zndkwaxAAwDxshr0M6qxGi7aS9HvXySnd5RNI1UOx4tA6WDxHQtSDQE2zrp
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=FE054351540E4ADC88C8D737F5E878DC&google_push=AaAOQGE4gQpfBLZ2pAsJuKtF-E_z-r056KB-0zHj8zndkwaxAAwDxshr0M6qxGi7aS9HvXySnd5RNI1UOx4tA6W...

170 B
232 B

64ms
49ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=FE054351540E4ADC88C8D737F5E878DC&google_push=AaAOQGE4gQpfBLZ2pAsJuKtF-E_z-r056KB-0zHj8zndkwaxAAwDxshr0M6qxGi7aS9HvXySnd5RNI1UOx4tA6WDxHQtSDQE2zrp

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 05 Jul 2023 13:12:21 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=FE054351540E4ADC88C8D737F5E878DC&google_push=AaAOQGE4gQpfBLZ2pAsJuKtF-E_z-r056KB-0zHj8zndkwaxAAwDxshr0M6qxGi7aS9HvXySnd5RNI1UOx4tA6WDxHQtSDQE2zrp
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Tue, 04 Jul 2023 13:12:21 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 2F84
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESELBFGrn3yxlSl3wdkJqvr10&google_cver=1&google_push=AaAOQGEkQn05v9244gebbMJ8nYkzVwUFvo8t45ZW3A9jDaqjjbKz8JCu4XR28e0xNPNI-mW-NKpi57jfQrh5SE...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MjMyMTc0OTg2MTMzMzE0Ng%3D%3D&google_push=AaAOQGEkQn05v9244gebbMJ8nYkzVwUFvo8t45ZW3A9jDaqjjbKz8JCu4XR28e0xNPNI-mW-NKpi57jfQrh5SEXsoh...

170 B
232 B

85ms
70ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MjMyMTc0OTg2MTMzMzE0Ng%3D%3D&google_push=AaAOQGEkQn05v9244gebbMJ8nYkzVwUFvo8t45ZW3A9jDaqjjbKz8JCu4XR28e0xNPNI-mW-NKpi57jfQrh5SEXsohRiC-oXH6Hq5Q

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MjMyMTc0OTg2MTMzMzE0Ng%3D%3D&google_push=AaAOQGEkQn05v9244gebbMJ8nYkzVwUFvo8t45ZW3A9jDaqjjbKz8JCu4XR28e0xNPNI-mW-NKpi57jfQrh5SEXsohRiC-oXH6Hq5Q
Date: Wed, 05 Jul 2023 13:12:21 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2F84
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEInTKUUO9G-F00zHmpMASyc&google_cver=1&google_push=AaAOQGF1Ie7U-5cOTO928MHoSuzUWpt0eeSLwMThNvzk2tV7He8xpc6aslRZRPLfusYSfolGNjjufPMt_AeZWqlV7rscN7l...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEInTKUUO9G-F00zHmpMASyc&google_cver=1&google_push=AaAOQGF1Ie7U-5cOTO928MHoSuzUWpt0eeSLwMThNvzk2tV7He8xpc6aslRZRPLfusYSfolGNjjufPMt_AeZWqlV7rscN...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGF1Ie7U-5cOTO928MHoSuzUWpt0eeSLwMThNvzk2tV7He8xpc6aslRZRPLfusYSfolGNjjufPMt_AeZWqlV7rscN7lRvo8VVA

170 B
188 B

51ms
50ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGF1Ie7U-5cOTO928MHoSuzUWpt0eeSLwMThNvzk2tV7He8xpc6aslRZRPLfusYSfolGNjjufPMt_AeZWqlV7rscN7lRvo8VVA

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGF1Ie7U-5cOTO928MHoSuzUWpt0eeSLwMThNvzk2tV7He8xpc6aslRZRPLfusYSfolGNjjufPMt_AeZWqlV7rscN7lRvo8VVA
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 2F84
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEO5U5rm_DUfgCsvjDhNXzq4&google_cver=1&google_push=AaAOQGFCbr9sbRmS05Gs-nEttOMQeT02NWvItaA1PmqUW4-sIev_iQrQkuGyHnHO41yD5qwEeb1...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpQUU5QWVItVC0xOFZI&google_push=AaAOQGFCbr9sbRmS05Gs-nEttOMQeT02NWvItaA1PmqUW4-sIev_iQrQkuGyHnHO41yD5qwEeb1segOHBfH4ME9VDB-iuIrimsPV

170 B
232 B

64ms
64ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpQUU5QWVItVC0xOFZI&google_push=AaAOQGFCbr9sbRmS05Gs-nEttOMQeT02NWvItaA1PmqUW4-sIev_iQrQkuGyHnHO41yD5qwEeb1segOHBfH4ME9VDB-iuIrimsPV

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpQUU5QWVItVC0xOFZI&google_push=AaAOQGFCbr9sbRmS05Gs-nEttOMQeT02NWvItaA1PmqUW4-sIev_iQrQkuGyHnHO41yD5qwEeb1segOHBfH4ME9VDB-iuIrimsPV
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: cc9654c54e9aa67bf2b10be1073297a8
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2F84
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEB...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AaAOQGHVxjkHR4l0msapweqEqaHMB4RhthiQalo2vYo-WhzT7iu1HOqtDKS2rdq7xHH79kQPhL1Qonda_0ItWDBFeXwHiruM5Aul_A&redir=https%3A%2F%2Fcm.g.dou...
https://sync.targeting.unrulymedia.com/csync/RX-a2b7bcfd-05a5-415d-afd3-9cb29b3c9502-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAaAOQGHVxjkHR4l0msapweqEq...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGHVxjkHR4l0msapweqEqaHMB4RhthiQalo2vYo-WhzT7iu1HOqtDKS2rdq7xHH79kQPhL1Qonda_0ItWDBFeXwHiruM5Aul_A&google_hm=A6K3vP0FpUFdr9Ocsps8lQI

170 B
188 B

48ms
48ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGHVxjkHR4l0msapweqEqaHMB4RhthiQalo2vYo-WhzT7iu1HOqtDKS2rdq7xHH79kQPhL1Qonda_0ItWDBFeXwHiruM5Aul_A&google_hm=A6K3vP0FpUFdr9Ocsps8lQI

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGHVxjkHR4l0msapweqEqaHMB4RhthiQalo2vYo-WhzT7iu1HOqtDKS2rdq7xHH79kQPhL1Qonda_0ItWDBFeXwHiruM5Aul_A&google_hm=A6K3vP0FpUFdr9Ocsps8lQI
date: Wed, 05 Jul 2023 13:12:21 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXa2b7bcfd05a5415dafd39cb29b3c9502003
content-type: text/html

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 2F84 0
49 B 163ms
46ms Image
text/html 142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jx1zItl2sPgdNb7XtfL_kTxhdDk3DpjqUHu7XvG65u7ENp32QD4BF5u0rgvmXmK4aa1xYB

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 828A 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4d3f992d7fe326e95bf1ae4cdc7b38f18fc31b63f0c7a6c0709cf3d47234a071

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame B2F9 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 84b9937e1a8bd45362bdf247522b48ed110c7b153ac816efaaeefd680c23e13c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 5806
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESENa7La73sgNUiE-AR-1t2Ac&google_cver=1&google_push=AaAOQGFK3wFxUKOMb33mVePdA6q3TAv3qMS9qU7etk0enS_QZrS3fHOXZAsPOl2FN67LDfH0bWAHXxwTLEh0pI5D0XU9p7Mcew0CV...
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzMyODUxMzIzMjE5ODc4OTc1Mw==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHXCYoEUuxdb9AG5uFJwt8U&google_cver=1

43 B
398 B

60ms
12ms

Image
image/gif

2001:678:cb4:bbbb::11

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHXCYoEUuxdb9AG5uFJwt8U&google_cver=1
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2001:678:cb4:bbbb::11 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 05 Jul 2023 13:12:20 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEHXCYoEUuxdb9AG5uFJwt8U&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 5806 35 B
462 B 125ms
15ms Image
image/gif 2620:116:800d:21:93ca:31d8:d86e:38f6

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEHkrcYOqGYIryd1pd0HVPK4&google_cver=1&google_push=AaAOQGGJOzg-0qeuYFbdl7HIb-kB-HoDlvzN2PYqoZhwZtzcILinMH94Hd0XWxUz90Eqf6eM1SBa638VBGPUYtN1CyM1jqUYuncKrUj4AeCR6URWB-Llhi8voi5Uv0DrxX4GHZL6sPdf2uQ

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:93ca:31d8:d86e:38f6 -, , ASN (),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 5806
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEPkmO4Xf6ijjbf5G2Mm0A1M&google_cver=1&google_push=AaAOQGH5mrF--WirJHI8hU2rXv3zHmbHbDhB3SNKupoVANvl9DYUYMkV5ke1VqzArB7nc6k02Bque3ayCb9SmK...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MjMyMTc0OTg2NDQxMzMzOA%3D%3D&google_push=AaAOQGH5mrF--WirJHI8hU2rXv3zHmbHbDhB3SNKupoVANvl9DYUYMkV5ke1VqzArB7nc6k02Bque3ayCb9SmKKaDN...

170 B
232 B

64ms
64ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MjMyMTc0OTg2NDQxMzMzOA%3D%3D&google_push=AaAOQGH5mrF--WirJHI8hU2rXv3zHmbHbDhB3SNKupoVANvl9DYUYMkV5ke1VqzArB7nc6k02Bque3ayCb9SmKKaDNyYCAyjymN054NZzcDtqP1HpOU44u4YuuyQ7CchSMs2tsbqbJm1Iw

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MjMyMTc0OTg2NDQxMzMzOA%3D%3D&google_push=AaAOQGH5mrF--WirJHI8hU2rXv3zHmbHbDhB3SNKupoVANvl9DYUYMkV5ke1VqzArB7nc6k02Bque3ayCb9SmKKaDNyYCAyjymN054NZzcDtqP1HpOU44u4YuuyQ7CchSMs2tsbqbJm1Iw
Date: Wed, 05 Jul 2023 13:12:21 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5806
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHVTIELkEY304vMES_1TLZE&google_cver=1&google_push=AaAOQGHE9SOkO7Y9gtsCDZBZBR37W4pOgQM0SKoEAJrHMjm59b5P08eglybwasFsOIYJZplyxT4uQvkHOfRODJXHc-5Gfa8...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGHE9SOkO7Y9gtsCDZBZBR37W4pOgQM0SKoEAJrHMjm59b5P08eglybwasFsOIYJZplyxT4uQvkHOfRODJXHc-5Gfa8Gu3hl4G3K8nS0YqcVLJd_4IFxyXytamTDUTvhm...

170 B
188 B

67ms
67ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGHE9SOkO7Y9gtsCDZBZBR37W4pOgQM0SKoEAJrHMjm59b5P08eglybwasFsOIYJZplyxT4uQvkHOfRODJXHc-5Gfa8Gu3hl4G3K8nS0YqcVLJd_4IFxyXytamTDUTvhmw3mflNa2Q&google_hm=eS1DTl9qcmJaRTJwSGJJTDY5di50RFhVV3lLa0lybW9RUX5B

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 05 Jul 2023 13:12:21 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGHE9SOkO7Y9gtsCDZBZBR37W4pOgQM0SKoEAJrHMjm59b5P08eglybwasFsOIYJZplyxT4uQvkHOfRODJXHc-5Gfa8Gu3hl4G3K8nS0YqcVLJd_4IFxyXytamTDUTvhmw3mflNa2Q&google_hm=eS1DTl9qcmJaRTJwSGJJTDY5di50RFhVV3lLa0lybW9RUX5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5806
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=lJY4gpmPQ-Kz8Xl1Z-xscw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

53ms
51ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=lJY4gpmPQ-Kz8Xl1Z-xscw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHu9cQY66ty0Lb2sARh4Y4D0DmUbNtwxghcbxA40pr5bFHUSeWRndQO72clZOIod95lJSfKaKA5B447qj0h8dWLESpNxfJeIX6BUvA6hIBZ6p3apxELr5GHiKXyirHaSddHx_5tQQ

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=lJY4gpmPQ-Kz8Xl1Z-xscw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHu9cQY66ty0Lb2sARh4Y4D0DmUbNtwxghcbxA40pr5bFHUSeWRndQO72clZOIod95lJSfKaKA5B447qj0h8dWLESpNxfJeIX6BUvA6hIBZ6p3apxELr5GHiKXyirHaSddHx_5tQQ
date: Wed, 05 Jul 2023 13:12:20 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame 5806 0
45 B 142ms
28ms Image
text/plain 185.86.139.104

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEIzFNE3wOlBpeWvREU6JVcw&google_cver=1&google_push=AaAOQGHhwUNT2BpWPVIb0_TDHlvB0MV-CEdDmkTnygiT9v8FeHjm3nkrDZLVuyCqSUPxci_S5QPFE_Dk1K9bNgSZnJAVLO5kAo30FnNUj6ueRT-d76zAP3rXkeelZgKXcHl_HTKgBVtgV0I
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.104 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:20 GMT
content-length: 0

GET
H/1.1

200

0.gif
id5-sync.com/i/495/ Frame 5806
Redirect Chain

https://sync.inmobi.com/gob?google_gid=CAESENu7rRa3S4FXEOZpadkLMDo&google_cver=1&google_push=AaAOQGFNhaHVt1gO-L2Sv-QKvtJ3bolUdbUgBrOHyYqLXJNH3it-f1IM0SdrZ_SLDkNyZftdjihg-cUfRlwVWzaFzgetrh1HzztTWHFX...
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAaAOQGFNhaHVt1gO-L2Sv-QKvtJ3bolUdbUgBrOHyYqLXJNH...

43 B
1 KB

41ms
11ms

Image
image/gif

141.95.33.111

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAaAOQGFNhaHVt1gO-L2Sv-QKvtJ3bolUdbUgBrOHyYqLXJNH3it-f1IM0SdrZ_SLDkNyZftdjihg-cUfRlwVWzaFzgetrh1HzztTWHFXZGrivFNN76mKAYFrHZHdIrfFHIhbev-QYELmdZ6-

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Server

141.95.33.111 -, , ASN (),

Reverse DNS

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Wed, 05 Jul 2023 13:12:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

Redirect headers

date: Wed, 05 Jul 2023 13:12:21 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
expect-ct: max-age=0
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=utf-8
location: https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAaAOQGFNhaHVt1gO-L2Sv-QKvtJ3bolUdbUgBrOHyYqLXJNH3it-f1IM0SdrZ_SLDkNyZftdjihg-cUfRlwVWzaFzgetrh1HzztTWHFXZGrivFNN76mKAYFrHZHdIrfFHIhbev-QYELmdZ6-
x-download-options: noopen
vary: Accept
content-length: 315
x-xss-protection: 0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 5806 0
40 B 136ms
47ms Image
text/html 142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KGiJXsRNNDc43U2mjfJzhVkF660Y9RuG5ZvHUAPA5y-OIs30JtdwPRXIJZ1PmKCCpBnzVxyA

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 59DD 0
20 B 128ms
85ms Ping
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2271048185304&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 59DD 0
20 B 124ms
85ms Ping
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2271048185304&version=m202301230201&ct=76&x=1&cor=11988300799189828000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 59DD 87 KB
36 KB 107ms
86ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-At63R1ndEM0cI1yg1lSodt7lt9YV7_8rVpUZ-aGfqAxUeoBGJ14j25birZUAMhhhgcLui1iVUyHE2pmJ_MO7XZn9tKxg&cry=1&dbm_d=AKAmf-BDtcNSGVuZacAtt57duTZ1YK_Oz3oWZ8SVrNaBzIt7NsIdqtmbxI_URNmBNBnvHUbiK1iSvsiloDGOAoptM2HL0MmqH2lOV9BZ-KJvqnbP_2OFHB7ofuhTwJzOo_A4pq4qPnKMxl643Vxkx2slX6J-WYbNzL0eI3d41M8IYqMlr_pRCCKgLYUtgzifJMgcJFb5FzMD314Xgw1CFTvHR4F4pOuh7og69bLsuG66MBxF9aC9Gk_V0eSyK6EBUFLGam211bw0SulIWrC7DpJlhnqIxXLzdPh4JSZNM_W9poOmVeQBQDzv5i-OeeXRk8rHcVIROvPPMmEAnABnhYxswNllPPDc-WIxyOo2tV5RKLpE6B3fOgZdhNxzFMOSkKWPnINDe5Y3p0N2_Ijq7xZF4JQSkdNxpPs3UI_u-VxhfXg6bjw0NfJ2YclIM8dHmTPidHh9YymUMcS_mTSh6tOw-Lrd378P1YLPwtyPtEDtJPbltEDs_cjlhleodOX1S3VnKh2A_jdV6IG-an9IpCRy5cz40UqnKLmouIzpitKZnT_hrsy9G_flm1ludRtUk27Ovn7QFeZSzRamQ01qT-qaUSF-qNmPmtY2h9LBOdObEVAORo-p-fnpR4k1ibiQVUqrFg8ScxsoYIrlgc-ne-qyPE4-_dpy6P1p57Q4ZpRmBeK_Kd84iC9cTjp8xIIywEUq96GyhLJ0dEKaD0bUDubSgtXJAMoaf0TU9Ob2DTBcwaejvD5MI0VZY67z8AlvWeVY63kKNJcWsjKHrJYPqa3RcLBNixv79PIG0DsdMxxP0UMub3wN1Jj1wxB4RkHDF4J3Y-4KsPagjO-_8LAsJB5qTlNdRCOIHunTwBZAW3N91oQCIBQndGhvk5QhwsRJRu0iQV7IctOMNa12t-vRyi-m4zi5QPthOqhiQ_2POGeX75flXjNR8sJQk6cxZDJlrfBI4gOXKqpsUvu9etLHVK4olkw9X89DXI58fxIx02Z4jS-tJMmZwnTIYGDeNu4wnCGcwwNaBSTwT0VsIn39FWdprnwWputITaO8En45PWDLOfHb7ygqUlokxr1sqfv2ikbPzGcaFCcysnzD4UJV9b8bQcFAobV0u9m00wTeJDBQ82C_7HSAJamt_fkIlGTCi7uZxnBm6goCObqpJH7nCuJTDtBLH8h4_J2dO-my3NOxJOpFZL9XraDsdWpV4huHz0fdiFgEI_eWapthlMKCWPX-iltXtr6axl6Tnb0P2sH4DnxwawBGVtBJevlDcmV2dvLAe9nmEOfm9U6v_Ukmu0-JYl5yXJvAD-kKND817AQYLx8Ya_ChK7yanF4JE92kZXiGT_wckp5iJNgg5bb-MkeMsyl9ZE6ZnyEZh5_J0ZxX0Zb_ANFL7FGJbD7-KubSD0fca5iA4om3pRB6lLta2l0SKr8ANuUQ3jS84Xops1z8qvDDt21Y-DaWld6nEIZdcbzGzW-K4e2FcOPKHzpzQxrTR34p5_WZNS6lnGhGuaPgWUYrIkeH9B8crmPAC1xf9pJDJpCzOI8d5GbM3pRFeb3R9sJvCtJWVr-argeoH4wW0oCl_lUe9aDhHNGlS3w1UuNUhVLE4Bvmv5ie1Jai8PQ97ZOk-Br2cGBLNqqDwjJjpwJQM8nCK3XaobiKK6yVE56evQou-SC-4jjMT3FHop3YAMcr7HACr0fQdN88eelN5bbAMjz5Kq3UdL1LpABbNItKe_qMu_EnqewzHyj-NtzCRoGKWCOx_WYS7y4yA_wul3LHDPS7j2z7jWok1DHWbCEqBj2lXKQzDxIJFUCT2Sh2QFkYVztn-IRFXhUXa-yCivRt4cXPQvkN1hlEOH48BPxjGQYEBgUi67SZ3EICLEhN4RWhCgsGCNl3txVp-c_9Dm9Ouey1wZopOR2J80g09bUKZUmsmAMlC6Yo66nh31Okw4WDy2UIXl8BFxoyTSwpZYEhlzryKVJnJuf6T70wEMGczbmAYBv2ahUz5n1B1oI00MO1_aVcw39HmXQUMhMg8zlNb1yUKyOjA1MJccGRS3MTwmxHTPCjkCqOZ3N33B89O5Y-rOB_WoE5yskNF7oZjTQJAOoFzyxA64lTEei-rEuM1DpcjfUQtCeBHRAVAJ1GaEJbl8B9HMGszvtHCRZRCvkac552wN6trXaTrzdAucPZ_A_YhSBud0Uwr3ClLc568E9AfhFT0PeLFcknD4gTwlEWcTt7QNSIrTFSXjcSm_JdQrcwGWHLMWJ3ZvksiFQaOAgal0o6tKz8dj5zZVaQDPj9WkCYLVqrHOy7Skbjc3FMsQJx1vDkFhRv8-IIMZVvxGA5ECZ6HxXJ_bPQxeQAAZp9vG-vdfzjjrYxH7YmOoPAGtquSPNreHHA2Iambnm1oR0desZfIj-WnQPwV5439ocOlYvdeLZWk-D91yWC7jKuscy_cELgPRuSl2qxGhVlOEqh6R0YPo8UWwN0ohmlJ6Qr4A3bi68FevkIMW26wknxuFswNCpY5MWeCBsc3lHiiwzOb1JYPX2lC77WPXbFpnbw3KdqBjmzhUh8WaZq-78B0UHBg4EUHUT57p4eNVLirVCa3b_ce1yTgwYjMmNllUY5xbs4rZNLPuHEVglcjAjU0ZZgturoJMc7ruCC2YRkPJSPeFROFTl_v4MKgiQNB5TmDcsPITuYALT1O8LgDPuV6sUyeUfuBMgIRVOjul9q1ptxgvsZ5d39wn90rLky5Kr_pWff2RkDfWvGySZS74FVdGC2AxK7NrYlp6Q579D9aJH6z1hH6llVJHH_eSC_XdKOsnx0mUI8puyVBt3KuBe4-kB7Hw6A4f10zO36V8VEjo3bJAwv50MyXBVHjmat3De98Z6O6ySNYlQzTz9vvyLcP89Hfjl0ROtSsMtDEHSxBIMD3vzo614XdZ8vGcVLVnk1skxE8SDFHzud9CP-CkqM00iwJKW_ssXM4LwmWRs5EzQB-4bf1IUTo4MgTh-vO4fQvp3O7OLMQs_kAVf9aEgkIo_YrSzkKlQZ3gsfNg-rYgJOJ_Rn60cSNXX20rlSkkLrb1O-Yl3KrhtcV6d4CJ_SbaxrkSNjaunahKxI536kT4o8EJLy-nJl2WHVRv-EFdWP533vZ-6whQVXCEq1UTnZCrW0AhaoIq3lYxEerQ_aPVDoMlIDUl4mfeCLO7-JERjUsbIa3g4VCSEmkb_g9hSslnHJGbR7eOThIonyPJ9g-k2lCuHtNJQysH0fA7uzTlfsyX3fTdtt7XyfuCNZIiqf5bR9qhn9r0rdFZHbuRrcu_J2exSFxzL6T-3PbtktVx20cjzX3HUH83LeLkmlp-ORXHASmYG8iMu10rh9LiYgQGN9-ofON8p3CXPJwC0HYEwlVwZb-CI&cid=CAQSOwBygQiDPu6F-Qk9yxTSUsmczJGKn27aImEaLM4NK-2AVEmbsaIanfdykzHcKU53BqLWISGP7eYWuk2dGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=11988300799189828000&adk=212707235&idt=118&cac=0&dtd=31

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b93bd6e86e2c588140677536b89109cd4f2d61690642291959e4885c2a85c22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36813
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 5CE5 35 B
464 B 61ms
14ms Image
image/gif 2620:116:800d:21:93ca:31d8:d86e:38f6

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEMLqjwuTfmD2Sdv_Z4UIWGw&google_cver=1&google_push=AaAOQGF5kMMwq1FMkP-FTKPQgWRsQu3164PYSw36E8X_byEdOjgCXo6YTCEOesHNFlZ3AOh1i55VzzZDp6IsFFHXpgWF9x-_oDWUlOGO1gcjWBwOSRnpdMbbesVGM81sMUWPdDFaHh6XEOk

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:93ca:31d8:d86e:38f6 -, , ASN (),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 5CE5 0
104 B 163ms
27ms Image
text/plain 2a02:fa8:8806:20::2010

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEOGftsy8ReBWycYXgLmPndg&google_cver=1&google_push=AaAOQGFNq4tq1kJ0nSHk7OK7G3GFBYpMw5lZutPVliQK6QU3Barq10BT4LEDylmrbIn_seOcDc8wPJpZ-wHbhgmLwidgN9m4173cj99vyy-MQWZLpnneD3RztYrsQGWMTo68MczGsJ_gI94
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2010 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 5CE5
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEEdVXIWK2o3cCoVBYqvsdGo&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SVpJMGNXTlgxUWgyaVY1&google_gid=CAESEEdVXIWK2o3cCoVBYqvsdGo&google_cver=1&google_push=AaAOQGHoF1qMYkvxQK2pIDVhdUcMDVvw8G6i8Mx9dK4NXEN...

170 B
232 B

79ms
69ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SVpJMGNXTlgxUWgyaVY1&google_gid=CAESEEdVXIWK2o3cCoVBYqvsdGo&google_cver=1&google_push=AaAOQGHoF1qMYkvxQK2pIDVhdUcMDVvw8G6i8Mx9dK4NXENhw627kdj6zqF6n2uf7dQ1B3bkhHm3D2sT8eRGGUz2QiwiR2m4kyX0ZCN5df7Au2etxGWgDX0QebxZEfeYFnL72JD9DEnvRxpn

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 05 Jul 2023 13:12:21 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-782-g97d928b#rel-ec2-master i-008a7b4f528d14c6d@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SVpJMGNXTlgxUWgyaVY1&google_gid=CAESEEdVXIWK2o3cCoVBYqvsdGo&google_cver=1&google_push=AaAOQGHoF1qMYkvxQK2pIDVhdUcMDVvw8G6i8Mx9dK4NXENhw627kdj6zqF6n2uf7dQ1B3bkhHm3D2sT8eRGGUz2QiwiR2m4kyX0ZCN5df7Au2etxGWgDX0QebxZEfeYFnL72JD9DEnvRxpn
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 5CE5
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEHgP-JImZcifNRiqmSVwu2Y&google_cver=1&google_push=AaAOQGEENM5J5sFBG9_VqsOVLbq94TBKl835BDPAMZa-H9m3fBvXoFhu8tE75tLedyUSbZYmgzrozFmo0ha...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGEENM5J5sFBG9_VqsOVLbq94TBKl835BDPAMZa-H9m3fBvXoFhu8tE75tLedyUSbZYmgzrozFmo0haxUzM7CMmbsytCMgMoxdZmw3QXYMAsRb-hDnm2l-uede5hy64...

170 B
232 B

70ms
58ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGEENM5J5sFBG9_VqsOVLbq94TBKl835BDPAMZa-H9m3fBvXoFhu8tE75tLedyUSbZYmgzrozFmo0haxUzM7CMmbsytCMgMoxdZmw3QXYMAsRb-hDnm2l-uede5hy641bMe3FrutPT9R&google_hm=a1H8iV0QRWmxuafoPtntyIY

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGEENM5J5sFBG9_VqsOVLbq94TBKl835BDPAMZa-H9m3fBvXoFhu8tE75tLedyUSbZYmgzrozFmo0haxUzM7CMmbsytCMgMoxdZmw3QXYMAsRb-hDnm2l-uede5hy641bMe3FrutPT9R&google_hm=a1H8iV0QRWmxuafoPtntyIY
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5CE5
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESELK4nbOmTmDk9PX2D72AZKA&google_cver=1&google_push=AaAOQGEvc-wi7WmVF2wRLPm4Y27obdLM9VeNY47O92SVg6HmD-3evQfXr8LtSXFFzj_GwAQSEtrqrIDkbfRlNnSLeJjHQi...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESELK4nbOmTmDk9PX2D72AZKA&google_cver=1&google_push=AaAOQGEvc-wi7WmVF2wRLPm4Y27obdLM9VeNY47O92SVg6HmD-3evQfXr8LtSXFFzj_GwAQSEtrqrIDkbfRlNnSL...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aC08-LogQn2qwH6BbD37KQ&google_push=AaAOQGEvc-wi7WmVF2wRLPm4Y27obdLM9VeNY47O92SVg6HmD-3evQfXr8LtSXFFzj_GwAQSEtrqrIDkbfRlNnS...

170 B
188 B

57ms
55ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aC08-LogQn2qwH6BbD37KQ&google_push=AaAOQGEvc-wi7WmVF2wRLPm4Y27obdLM9VeNY47O92SVg6HmD-3evQfXr8LtSXFFzj_GwAQSEtrqrIDkbfRlNnSLeJjHQiUXxsCMvGsGRmOiF3nQaGcqxSTBa_gy-mWd5zw5NpBR-cpTtLtW

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aC08-LogQn2qwH6BbD37KQ&google_push=AaAOQGEvc-wi7WmVF2wRLPm4Y27obdLM9VeNY47O92SVg6HmD-3evQfXr8LtSXFFzj_GwAQSEtrqrIDkbfRlNnSLeJjHQiUXxsCMvGsGRmOiF3nQaGcqxSTBa_gy-mWd5zw5NpBR-cpTtLtW
access-control-allow-origin: *
date: Wed, 05 Jul 2023 13:12:21 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5CE5
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEF2_mgGifA2lJH8Yk_WqG64&google_cver=1&google_push=AaAOQGHvarMu3J3YI8pR2P3p-oA-Rg-VUhOkowpfbliFLyI7z7XixmgUCR_EIUY_d5MUFkHE4R_S0ieKqKqLz6ESghYR70SqSf...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AaAOQGHvarMu3J3YI8pR2P3p-oA-Rg-VUhOkowpfbliFLyI7z7XixmgUCR_EIUY_d5MUFkHE4R_S0ieKqKqLz6ESghYR70SqSf0...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NjMwOTg2NTY2MTIxNTk3MDMwNjk0&google_push=AaAOQGHvarMu3J3YI8pR2P3p-oA-Rg-VUhOkowpfbliFLyI7z7XixmgUCR_EIUY_...

170 B
188 B

48ms
47ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NjMwOTg2NTY2MTIxNTk3MDMwNjk0&google_push=AaAOQGHvarMu3J3YI8pR2P3p-oA-Rg-VUhOkowpfbliFLyI7z7XixmgUCR_EIUY_d5MUFkHE4R_S0ieKqKqLz6ESghYR70SqSf061WpXh9LB8CFLnXwKhXkEaqIJSkdnGOKDQyRkUYDLKWkP

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NjMwOTg2NTY2MTIxNTk3MDMwNjk0&google_push=AaAOQGHvarMu3J3YI8pR2P3p-oA-Rg-VUhOkowpfbliFLyI7z7XixmgUCR_EIUY_d5MUFkHE4R_S0ieKqKqLz6ESghYR70SqSf061WpXh9LB8CFLnXwKhXkEaqIJSkdnGOKDQyRkUYDLKWkP
date: Wed, 05 Jul 2023 13:12:21 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58281/ Frame 5CE5 0
125 B 69ms
18ms Image
text/plain 3.75.62.37

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEOYnogy4mKDrPGLn-vozIcY&google_cver=1&google_push=AaAOQGEzyh8tcmnlXh7TOMqnBkRJF4yHTd2HZk29Kl8xwyz22p9Hu7T6pDsnHkJvSzZWpOWNM-sTsbWjMh3tSU8Z7_3xqPtpvnbtOdHPQi7wrvDitdu9hI9BQIRyJCZlMZWCX_UEnJoGPPALtw

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 -, , ASN (),

Reverse DNS

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 5CE5 0
40 B 73ms
47ms Image
text/html 142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IBV7Nw5PsvCHeXbamrACJU647lIUYoD5_cNLXbRYyTuejT-9aax8syORAY9MjrG4X9DbdaSQ

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D50D
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEBjnjz18RNGWeae9HJ9gn2w&google_cver=1&google_push=AaAOQGHI1oh-iy7nVIEJAgisSRBFxoiyxazFp4_1_onw3_KjFLN5CXAn3BJHxbBPmOpU-Ezkbps8l6XfAns3f0b3GtP9...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEBjnjz18RNGWeae9HJ9gn2w&google_cver=1&google_push=AaAOQGHI1oh-iy7nVIEJAgisSRBFxoiyxazFp4_1_onw3_KjFLN5CXAn3BJHxbBPmOpU-Ezkbps8l6XfAns3f0...
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=google&bsw_custom_parameter=4f16c4b7-1059-45ef-abeb-bc613163751c&gdpr=&gdpr_consent=
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=google&bsw_custom_parameter=4f16c4b7-1059-45ef-abeb-bc613163751c&gdpr=&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=4&user_id=d11a9a8d-d635-4cc5-af25-8640abe4d635&ssp=google&expires=30&user_group=5&bsw_param=4f16c4b7-1059-45ef-abeb-bc613163751c
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGHI1oh-iy7nVIEJAgisSRBFxoiyxazFp4_1_onw3_KjFLN5CXAn3BJHxbBPmOpU-Ezkbps8l6XfAns3f0b3GtP91voHXQ&google_hm=TxbEtxBZRe-r67xhMWN1HA==

170 B
188 B

48ms
48ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGHI1oh-iy7nVIEJAgisSRBFxoiyxazFp4_1_onw3_KjFLN5CXAn3BJHxbBPmOpU-Ezkbps8l6XfAns3f0b3GtP91voHXQ&google_hm=TxbEtxBZRe-r67xhMWN1HA==

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGHI1oh-iy7nVIEJAgisSRBFxoiyxazFp4_1_onw3_KjFLN5CXAn3BJHxbBPmOpU-Ezkbps8l6XfAns3f0b3GtP91voHXQ&google_hm=TxbEtxBZRe-r67xhMWN1HA==
date: Wed, 05 Jul 2023 13:12:22 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame D50D
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEO8sphUJC7-dUMMg5nUiluo&google_cver=1&google_push=AaAOQGG_upe6SDp9mRO8oGHyzp9G_8KQ8AJizTWowtmfKsZG41hsu44Zmf2Rp6VoRtPxASkv0MOfV5zJaPXAOf8wleHVUsz...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGG_upe6SDp9mRO8oGHyzp9G_8KQ8AJizTWowtmfKsZG41hsu44Zmf2Rp6VoRtPxASkv0MOfV5zJaPXAOf8wleHVUszc8gU&google_hm=eS1WNXh4ZHhwRTJwRW4zdlV...

170 B
232 B

55ms
54ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGG_upe6SDp9mRO8oGHyzp9G_8KQ8AJizTWowtmfKsZG41hsu44Zmf2Rp6VoRtPxASkv0MOfV5zJaPXAOf8wleHVUszc8gU&google_hm=eS1WNXh4ZHhwRTJwRW4zdlVwNXN1dVFxaFVmTXhZUmJZdH5B

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 05 Jul 2023 13:12:21 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGG_upe6SDp9mRO8oGHyzp9G_8KQ8AJizTWowtmfKsZG41hsu44Zmf2Rp6VoRtPxASkv0MOfV5zJaPXAOf8wleHVUszc8gU&google_hm=eS1WNXh4ZHhwRTJwRW4zdlVwNXN1dVFxaFVmTXhZUmJZdH5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D50D
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHZjDfbycMxEyf1P1owCqqU&google_cver=1&google_push=AaAOQGFydgDbBDXBfZMWVeZl4awEGVw9kPCzSbUOIVPxK8Cfn_1oMOCaFvQphvNmTGTZm5UDVueB3l_v...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEHZjDfbycMxEyf1P1owCqqU&google_cver=1&google_push=AaAOQGFydgDbBDXBfZMWVeZl4awEGVw9kPCzSbUOIVPxK8Cfn_1oMOCaFvQphvNmTGTZm5UDVue...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODMxNjE3MDUwMDQ2NDMyMDMzMA&google_push=AaAOQGFydgDbBDXBfZMWVeZl4awEGVw9kPCzSbUOIVPxK8Cfn_1oMOCaFvQphvNmTGTZm5UDVueB3l...

170 B
188 B

57ms
55ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODMxNjE3MDUwMDQ2NDMyMDMzMA&google_push=AaAOQGFydgDbBDXBfZMWVeZl4awEGVw9kPCzSbUOIVPxK8Cfn_1oMOCaFvQphvNmTGTZm5UDVueB3l_vVl16Ug828xabJoQj0yc

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODMxNjE3MDUwMDQ2NDMyMDMzMA&google_push=AaAOQGFydgDbBDXBfZMWVeZl4awEGVw9kPCzSbUOIVPxK8Cfn_1oMOCaFvQphvNmTGTZm5UDVueB3l_vVl16Ug828xabJoQj0yc
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 dds
rtb.openx.net/sync/ Frame D50D 43 B
103 B 42ms
18ms Image
image/gif 35.186.253.211

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEL4wDX7KqswUibKiW3WcKCA&google_cver=1&google_push=AaAOQGF4aR526VnMdGhOt6OS2wFBoC4q9sRvXAKLYKhjDMpEiLPS_A9l9GhxuS0Sqeymn6g0deSOIT4MdPV4lB7SOiRNCcXUHak
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D50D
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=maaEuEb3TnCzZKEwiCv6QA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

49ms
48ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=maaEuEb3TnCzZKEwiCv6QA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHJOnDP_riVysc-0IcCkp2cTiM67sdphQ-l5fVYT1B1Sr-kdrpvGZN7QAsYHEnO_BepDB_0OFlkmA7ABmGkJpfdqk0Ti0s

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=maaEuEb3TnCzZKEwiCv6QA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHJOnDP_riVysc-0IcCkp2cTiM67sdphQ-l5fVYT1B1Sr-kdrpvGZN7QAsYHEnO_BepDB_0OFlkmA7ABmGkJpfdqk0Ti0s
date: Wed, 05 Jul 2023 13:12:20 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame D50D
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGj2wUJgsyp-otEZMvUFMLI&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGj2wUJgsyp-otEZMvUFMLI&google_hm=ZKVsNeQlRcaOsAk3li2-CgAACJsAAAAB&google_nid=index&google_push=AaAOQGGgJor8CssLQYIaexSFVANeUQcalXjN4...

170 B
232 B

74ms
68ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGj2wUJgsyp-otEZMvUFMLI&google_hm=ZKVsNeQlRcaOsAk3li2-CgAACJsAAAAB&google_nid=index&google_push=AaAOQGGgJor8CssLQYIaexSFVANeUQcalXjN4jOpkD4sqs96QhqmcTylxIgXEeSY5lIhFc72Ef-oh8trPOWNKSUOnq3xRMTQnw

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 05 Jul 2023 13:12:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGj2wUJgsyp-otEZMvUFMLI&google_hm=ZKVsNeQlRcaOsAk3li2-CgAACJsAAAAB&google_nid=index&google_push=AaAOQGGgJor8CssLQYIaexSFVANeUQcalXjN4jOpkD4sqs96QhqmcTylxIgXEeSY5lIhFc72Ef-oh8trPOWNKSUOnq3xRMTQnw
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D50D
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEJ5mwhb0z6tizIp8-4CLbjA&google_cver=1&google_push=AaAOQGG1iMBxmy-mAsp9OoH4wEFJMSF31CRjFefxoB0CrVfjkmHxEK7Ud9e7cq7zcMaEJz79a70_AGf2aYmycBOHPkbbJl...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEJ5mwhb0z6tizIp8-4CLbjA&google_cver=1&google_push=AaAOQGG1iMBxmy-mAsp9OoH4wEFJMSF31CRjFefxoB0CrVfjkmHxEK7Ud9e7cq7zcMaEJz79a70_AGf2aYmycBOH...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aC08-LogQn2qwH6BbD37KQ&google_push=AaAOQGG1iMBxmy-mAsp9OoH4wEFJMSF31CRjFefxoB0CrVfjkmHxEK7Ud9e7cq7zcMaEJz79a70_AGf2aYmycBO...

170 B
188 B

58ms
56ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aC08-LogQn2qwH6BbD37KQ&google_push=AaAOQGG1iMBxmy-mAsp9OoH4wEFJMSF31CRjFefxoB0CrVfjkmHxEK7Ud9e7cq7zcMaEJz79a70_AGf2aYmycBOHPkbbJl1lEQ

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aC08-LogQn2qwH6BbD37KQ&google_push=AaAOQGG1iMBxmy-mAsp9OoH4wEFJMSF31CRjFefxoB0CrVfjkmHxEK7Ud9e7cq7zcMaEJz79a70_AGf2aYmycBOHPkbbJl1lEQ
access-control-allow-origin: *
date: Wed, 05 Jul 2023 13:12:21 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame D50D 0
40 B 70ms
47ms Image
text/html 142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lk0EvV0IS0mmnMCwQTBXSfokaWAbvYTbZdeA6RBLl9Bdl-myWfBZECB0OwjLYyZYs-zWtN

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame CF39 3 KB
1 KB 51ms
42ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688562741017&bpp=3&bdt=179&idt=258&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7044068159677&frm=8&ife=1&pv=1&ga_vid=670432806.1688562741&ga_sid=1688562741&ga_hid=571393246&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=819287971&scr_x=-12245933&scr_y=-12245933&eid=42532277%2C42532279%2C44759842%2C44759875%2C44759926%2C31075645%2C44788442%2C21065724&oid=2&pvsid=3029861226246386&tmod=922379705&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3jlrkcjgj8ak&fsb=1&dtd=264

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 18:53:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65929
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jul 2023 18:53:32 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame CF39 20 KB
8 KB 53ms
44ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 17:33:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70719
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jul 2023 17:33:42 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame CF39 0
0 68ms
60ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTPtO9Ff_qISlHDMp6jqVF3l0F0Rsmur1zpDtpD7lCc9BF5yr2TAcSca58YGEkVVSATko0w0MmP-A_kwh09exlQthoowQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688562741017&bpp=3&bdt=179&idt=258&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7044068159677&frm=8&ife=1&pv=1&ga_vid=670432806.1688562741&ga_sid=1688562741&ga_hid=571393246&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=819287971&scr_x=-12245933&scr_y=-12245933&eid=42532277%2C42532279%2C44759842%2C44759875%2C44759926%2C31075645%2C44788442%2C21065724&oid=2&pvsid=3029861226246386&tmod=922379705&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3jlrkcjgj8ak&fsb=1&dtd=264
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CF39 179 KB
56 KB 116ms
107ms Script
text/javascript 2a00:1450:4001:80e::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Jul 2023 13:12:21 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame CF39 0
0 106ms
100ms Fetch
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cj6kINWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSuAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRxs1-cA5phYECWvOPIahI6NrBsN3zF5-DIibZkE-1x1TWtCZpMBJYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOoAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi02NTkzNTIzMjEwMDEwMTU0GAA&sigh=KjX09pa1M6c&uach_m=[UACH]&cid=CAQSKQBygQiDTrrVJPGpZTqaZaZd8kS6NE8nsoJpnsaGUb6hvydCvZVR6YZxGAE

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688562741017&bpp=3&bdt=179&idt=258&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7044068159677&frm=8&ife=1&pv=1&ga_vid=670432806.1688562741&ga_sid=1688562741&ga_hid=571393246&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=819287971&scr_x=-12245933&scr_y=-12245933&eid=42532277%2C42532279%2C44759842%2C44759875%2C44759926%2C31075645%2C44788442%2C21065724&oid=2&pvsid=3029861226246386&tmod=922379705&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3jlrkcjgj8ak&fsb=1&dtd=264
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 05 Jul 2023 13:12:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame CF39 0
0 101ms
27ms Fetch
image/gif 2600:1901:0:76b9::

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1g13jdaaewd8vqpxcy3xph27bg06rn2y906zhk57vne8b0yy05svwn5zh566rkkkcba5reg49g0vsetmadmdmzmwxtfrwgvebkm1xaxtjf7v3d45p73qwc224bhkrp6h588p7rdhpwzpcwx9xqyfwzdjktpfg5pf9200hx79fbhb7cbgv8d0p710zn6g5aptfm5j3gvkqy887e6k0ks1r4wtphyxktxba4vmadt1b83zqbdxa32csvzw6nsqyvtj55phahqwy79gymv9t41ffen06zbdatjjy7sssm0racnb99ktqeyzbqam6z9kf6vxcb4e47he493fcgh32sw6n57g7w1s40gxvsghsdm3ymj14gwxfmqb6afbt1ydepcx4j0p01pentp6dsgq&b=ZKVsNQAFDn0KsohFAAvTJrBQi8Oy-a48h3FIWw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688562741017&bpp=3&bdt=179&idt=258&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7044068159677&frm=8&ife=1&pv=1&ga_vid=670432806.1688562741&ga_sid=1688562741&ga_hid=571393246&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=819287971&scr_x=-12245933&scr_y=-12245933&eid=42532277%2C42532279%2C44759842%2C44759875%2C44759926%2C31075645%2C44788442%2C21065724&oid=2&pvsid=3029861226246386&tmod=922379705&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3jlrkcjgj8ak&fsb=1&dtd=264
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 05 Jul 2023 13:12:21 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame DE53 2 KB
2 KB 144ms
45ms Document
text/html 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1gv2sr9b3zvksvxvxzckv3sjcb19fz0cpy257j11tyzyacbxeerb0m76731vcfz761ztc2ftxmh9pmcgtzh1afv5zk6m6jyrvsf3qqs9c8sxmanygpfh25cmqdpe7gyyf59qg5c1qhzq7bjtqxpwgjcb7rh3vcaw3qpbrv1qnce7yjn9pdmxgn0p930khhz98xc2wya5y9vgf1wsnszg0qqb5g6dm5xwdxbdna5nqvdm22tvraszehff629ta76m8xjer5wcs57v1ffhxykk20hkyj59gkq14x5sthkpj0zxjzjqv20t1nta87d43r591s6f9tjf5q7rrdf4cy9nzw8b3dbvhppk9akxvqx7fejjz8xdyzkkvb7kwh3fxm2xkf5ka75rv326qkkwxbvrnd2h99y0wfksbv6c9k3pz661nzbjmhpyt08ky3wx9zpk9djw2b9wzm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%26client%3Dca-pub-6593523210010154%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:ad1 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

547b4eaa8989b413e1d8efd63f9c50854efeb29a0c75bf2a4d1123225bf3e12e

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7e1fdbef796ebb7f-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 13:12:21 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame CBB3 1 KB
643 B 50ms
48ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 20169
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 07:36:12 GMT
etag: 48472445140208031
expires: Thu, 06 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame CDB8 0
0 164ms
83ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsswf4hY0d_KWbAzk2TCPw0zmOR5bGnsu1136UyIPc3rYycPsfrsHZ-sW-IHq3lWKuX8wnorgL2cnnULQ6WpxIPCS164t0JjewJMtwqM9EopRcAUHu33VmPm6QytnBF6TA44RFfgQOTEaXfOj833aauxKhWppIkEAcJFckrtXP6ZJh7RtEMnkA05uU4ULGvYdQpZSWJZ-4mbjgEOQDCjkDzSLE_IYNWkD0gqeAR6zoKrPcgmE20blI1CNcYJ7mJkp4BqxRQd4YGri5WPfUmhiqS9pgYZK21usTmHFSobavof6AeAKu7aoJzA1PK5jMCyolDe1wE1LDHiPIVyaZHL4qrgXgqnGf8TeI0C0l9gE7Dl0XjSIVNS5i5bU3Z1&sai=AMfl-YTI-QunCtqjB8noylxmfsjxPz_kUGQOyjYvIq-y7RDcqjQy1Gh0vRQLoYUOhbPHBP1yuev7gCFoDmDx2G4qR5KT8NTAQPxZO03oSe0mYTQ&sig=Cg0ArKJSzJKTy_x-zNQrEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 05 Jul 2023 13:12:21 GMT

GET
DATA 200
OK truncated
/ Frame CDB8 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a7cb2ae473808b320aee335658c427e4f360252c74d3f1fcf0c041a05e61292e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 5ed76f76e4b07a92411bc03a
ng2.virgul.com/tck/imp/ Frame CB64 0
209 B 46ms
46ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed76f76e4b07a92411bc03a?g=1&t=gb&r=153377@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688562739708&userId=vnetb69ea35f-3eea-493c-b1e2-516faf59eb08
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 05 Jul 2023 13:12:21 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 59DD 111 KB
39 KB 180ms
39ms Script
text/javascript 2a00:1450:4001:830::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
Origin: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 13:52:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83967
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 05 Jul 2023 13:52:54 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame 59DD 11 KB
4 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-At63R1ndEM0cI1yg1lSodt7lt9YV7_8rVpUZ-aGfqAxUeoBGJ14j25birZUAMhhhgcLui1iVUyHE2pmJ_MO7XZn9tKxg&cry=1&dbm_d=AKAmf-BDtcNSGVuZacAtt57duTZ1YK_Oz3oWZ8SVrNaBzIt7NsIdqtmbxI_URNmBNBnvHUbiK1iSvsiloDGOAoptM2HL0MmqH2lOV9BZ-KJvqnbP_2OFHB7ofuhTwJzOo_A4pq4qPnKMxl643Vxkx2slX6J-WYbNzL0eI3d41M8IYqMlr_pRCCKgLYUtgzifJMgcJFb5FzMD314Xgw1CFTvHR4F4pOuh7og69bLsuG66MBxF9aC9Gk_V0eSyK6EBUFLGam211bw0SulIWrC7DpJlhnqIxXLzdPh4JSZNM_W9poOmVeQBQDzv5i-OeeXRk8rHcVIROvPPMmEAnABnhYxswNllPPDc-WIxyOo2tV5RKLpE6B3fOgZdhNxzFMOSkKWPnINDe5Y3p0N2_Ijq7xZF4JQSkdNxpPs3UI_u-VxhfXg6bjw0NfJ2YclIM8dHmTPidHh9YymUMcS_mTSh6tOw-Lrd378P1YLPwtyPtEDtJPbltEDs_cjlhleodOX1S3VnKh2A_jdV6IG-an9IpCRy5cz40UqnKLmouIzpitKZnT_hrsy9G_flm1ludRtUk27Ovn7QFeZSzRamQ01qT-qaUSF-qNmPmtY2h9LBOdObEVAORo-p-fnpR4k1ibiQVUqrFg8ScxsoYIrlgc-ne-qyPE4-_dpy6P1p57Q4ZpRmBeK_Kd84iC9cTjp8xIIywEUq96GyhLJ0dEKaD0bUDubSgtXJAMoaf0TU9Ob2DTBcwaejvD5MI0VZY67z8AlvWeVY63kKNJcWsjKHrJYPqa3RcLBNixv79PIG0DsdMxxP0UMub3wN1Jj1wxB4RkHDF4J3Y-4KsPagjO-_8LAsJB5qTlNdRCOIHunTwBZAW3N91oQCIBQndGhvk5QhwsRJRu0iQV7IctOMNa12t-vRyi-m4zi5QPthOqhiQ_2POGeX75flXjNR8sJQk6cxZDJlrfBI4gOXKqpsUvu9etLHVK4olkw9X89DXI58fxIx02Z4jS-tJMmZwnTIYGDeNu4wnCGcwwNaBSTwT0VsIn39FWdprnwWputITaO8En45PWDLOfHb7ygqUlokxr1sqfv2ikbPzGcaFCcysnzD4UJV9b8bQcFAobV0u9m00wTeJDBQ82C_7HSAJamt_fkIlGTCi7uZxnBm6goCObqpJH7nCuJTDtBLH8h4_J2dO-my3NOxJOpFZL9XraDsdWpV4huHz0fdiFgEI_eWapthlMKCWPX-iltXtr6axl6Tnb0P2sH4DnxwawBGVtBJevlDcmV2dvLAe9nmEOfm9U6v_Ukmu0-JYl5yXJvAD-kKND817AQYLx8Ya_ChK7yanF4JE92kZXiGT_wckp5iJNgg5bb-MkeMsyl9ZE6ZnyEZh5_J0ZxX0Zb_ANFL7FGJbD7-KubSD0fca5iA4om3pRB6lLta2l0SKr8ANuUQ3jS84Xops1z8qvDDt21Y-DaWld6nEIZdcbzGzW-K4e2FcOPKHzpzQxrTR34p5_WZNS6lnGhGuaPgWUYrIkeH9B8crmPAC1xf9pJDJpCzOI8d5GbM3pRFeb3R9sJvCtJWVr-argeoH4wW0oCl_lUe9aDhHNGlS3w1UuNUhVLE4Bvmv5ie1Jai8PQ97ZOk-Br2cGBLNqqDwjJjpwJQM8nCK3XaobiKK6yVE56evQou-SC-4jjMT3FHop3YAMcr7HACr0fQdN88eelN5bbAMjz5Kq3UdL1LpABbNItKe_qMu_EnqewzHyj-NtzCRoGKWCOx_WYS7y4yA_wul3LHDPS7j2z7jWok1DHWbCEqBj2lXKQzDxIJFUCT2Sh2QFkYVztn-IRFXhUXa-yCivRt4cXPQvkN1hlEOH48BPxjGQYEBgUi67SZ3EICLEhN4RWhCgsGCNl3txVp-c_9Dm9Ouey1wZopOR2J80g09bUKZUmsmAMlC6Yo66nh31Okw4WDy2UIXl8BFxoyTSwpZYEhlzryKVJnJuf6T70wEMGczbmAYBv2ahUz5n1B1oI00MO1_aVcw39HmXQUMhMg8zlNb1yUKyOjA1MJccGRS3MTwmxHTPCjkCqOZ3N33B89O5Y-rOB_WoE5yskNF7oZjTQJAOoFzyxA64lTEei-rEuM1DpcjfUQtCeBHRAVAJ1GaEJbl8B9HMGszvtHCRZRCvkac552wN6trXaTrzdAucPZ_A_YhSBud0Uwr3ClLc568E9AfhFT0PeLFcknD4gTwlEWcTt7QNSIrTFSXjcSm_JdQrcwGWHLMWJ3ZvksiFQaOAgal0o6tKz8dj5zZVaQDPj9WkCYLVqrHOy7Skbjc3FMsQJx1vDkFhRv8-IIMZVvxGA5ECZ6HxXJ_bPQxeQAAZp9vG-vdfzjjrYxH7YmOoPAGtquSPNreHHA2Iambnm1oR0desZfIj-WnQPwV5439ocOlYvdeLZWk-D91yWC7jKuscy_cELgPRuSl2qxGhVlOEqh6R0YPo8UWwN0ohmlJ6Qr4A3bi68FevkIMW26wknxuFswNCpY5MWeCBsc3lHiiwzOb1JYPX2lC77WPXbFpnbw3KdqBjmzhUh8WaZq-78B0UHBg4EUHUT57p4eNVLirVCa3b_ce1yTgwYjMmNllUY5xbs4rZNLPuHEVglcjAjU0ZZgturoJMc7ruCC2YRkPJSPeFROFTl_v4MKgiQNB5TmDcsPITuYALT1O8LgDPuV6sUyeUfuBMgIRVOjul9q1ptxgvsZ5d39wn90rLky5Kr_pWff2RkDfWvGySZS74FVdGC2AxK7NrYlp6Q579D9aJH6z1hH6llVJHH_eSC_XdKOsnx0mUI8puyVBt3KuBe4-kB7Hw6A4f10zO36V8VEjo3bJAwv50MyXBVHjmat3De98Z6O6ySNYlQzTz9vvyLcP89Hfjl0ROtSsMtDEHSxBIMD3vzo614XdZ8vGcVLVnk1skxE8SDFHzud9CP-CkqM00iwJKW_ssXM4LwmWRs5EzQB-4bf1IUTo4MgTh-vO4fQvp3O7OLMQs_kAVf9aEgkIo_YrSzkKlQZ3gsfNg-rYgJOJ_Rn60cSNXX20rlSkkLrb1O-Yl3KrhtcV6d4CJ_SbaxrkSNjaunahKxI536kT4o8EJLy-nJl2WHVRv-EFdWP533vZ-6whQVXCEq1UTnZCrW0AhaoIq3lYxEerQ_aPVDoMlIDUl4mfeCLO7-JERjUsbIa3g4VCSEmkb_g9hSslnHJGbR7eOThIonyPJ9g-k2lCuHtNJQysH0fA7uzTlfsyX3fTdtt7XyfuCNZIiqf5bR9qhn9r0rdFZHbuRrcu_J2exSFxzL6T-3PbtktVx20cjzX3HUH83LeLkmlp-ORXHASmYG8iMu10rh9LiYgQGN9-ofON8p3CXPJwC0HYEwlVwZb-CI&cid=CAQSOwBygQiDPu6F-Qk9yxTSUsmczJGKn27aImEaLM4NK-2AVEmbsaIanfdykzHcKU53BqLWISGP7eYWuk2dGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=11988300799189828000&adk=212707235&idt=118&cac=0&dtd=31

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 17:55:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 69415
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jul 2023 17:55:26 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 59DD 30 KB
11 KB 51ms
49ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 17:57:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 69289
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 18 Jul 2023 17:57:32 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 59DD 41 KB
13 KB 52ms
50ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 07:09:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21772
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Jul 2024 07:09:29 GMT

GET
DATA 200
OK truncated
/ Frame CF39 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 86e91e0394209851cd6ad2415842fca20fd29fd29e9ab228bb2c251c5a8af265

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CBB3
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WktWc05RQVczdGltR1FCTA==&google_gid=CAESEHdNlMVDN7ibe8IQovwc7Cw&google_cver=1&google_push=AaAOQGFsCvP5Hh5X_UAe0s8LXkhHyjOLJ3...

170 B
188 B

51ms
50ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WktWc05RQVczdGltR1FCTA==&google_gid=CAESEHdNlMVDN7ibe8IQovwc7Cw&google_cver=1&google_push=AaAOQGFsCvP5Hh5X_UAe0s8LXkhHyjOLJ3HlRRIC5ZdJ464hugkYzRktOB5S6-pY7crh9R6FmCstjh2w2gXwaeIcQe29rl7__IlDWg

Requested by

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230042-FRA
pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1688562742.903482,VS0,VE0
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WktWc05RQVczdGltR1FCTA==&google_gid=CAESEHdNlMVDN7ibe8IQovwc7Cw&google_cver=1&google_push=AaAOQGFsCvP5Hh5X_UAe0s8LXkhHyjOLJ3HlRRIC5ZdJ464hugkYzRktOB5S6-pY7crh9R6FmCstjh2w2gXwaeIcQe29rl7__IlDWg
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame CBB3 70 B
265 B 109ms
34ms Image
image/gif 52.223.40.198

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEBTeRcSIYQfSLD0jc_0UveY&google_cver=1&google_push=AaAOQGGUy3G-tI-zoZrstuXbnNarXXtzbLStYvkXI9LrOMsPMc85v5po0cnCZi1_epqPiOmZamRaIPyd3iYWMXCmnSlK08SyUdb-4IQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688562741017&bpp=3&bdt=179&idt=258&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7044068159677&frm=8&ife=1&pv=1&ga_vid=670432806.1688562741&ga_sid=1688562741&ga_hid=571393246&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=819287971&scr_x=-12245933&scr_y=-12245933&eid=42532277%2C42532279%2C44759842%2C44759875%2C44759926%2C31075645%2C44788442%2C21065724&oid=2&pvsid=3029861226246386&tmod=922379705&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3jlrkcjgj8ak&fsb=1&dtd=264
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CBB3
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEChz9Cx0AinaEoAczXgVSzA&google_cver=1&google_push=AaAOQGHGajQKSsg3wDEdg3ALI_EhyJtqXyX98Lflp1Qc_25VnZAKbUiBZxU95OeSLnI6RQpeziWXncJ4kFV...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGHGajQKSsg3wDEdg3ALI_EhyJtqXyX98Lflp1Qc_25VnZAKbUiBZxU95OeSLnI6RQpeziWXncJ4kFVNcbRMsqNblEbE8lvSB6E&google_hm=a1H8iV0QRWmxuafoP...

170 B
188 B

52ms
52ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGHGajQKSsg3wDEdg3ALI_EhyJtqXyX98Lflp1Qc_25VnZAKbUiBZxU95OeSLnI6RQpeziWXncJ4kFVNcbRMsqNblEbE8lvSB6E&google_hm=a1H8iV0QRWmxuafoPtntyIY

Requested by

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGHGajQKSsg3wDEdg3ALI_EhyJtqXyX98Lflp1Qc_25VnZAKbUiBZxU95OeSLnI6RQpeziWXncJ4kFVNcbRMsqNblEbE8lvSB6E&google_hm=a1H8iV0QRWmxuafoPtntyIY
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CBB3
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEFS6TDNLj9n1IP8D1qah7YE&google_cver=1&google_push=AaAOQGHTETdnIb5x4clfPQX9awTdFbnPjLDpqVPCROKsUY19Qyat4hupZ-VZCtmSICNf-k8zek96vh4tJWvhL7...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MjMyMTc0OTg2NDQxMzMzOA%3D%3D&google_push=AaAOQGHTETdnIb5x4clfPQX9awTdFbnPjLDpqVPCROKsUY19Qyat4hupZ-VZCtmSICNf-k8zek96vh4tJWvhL7TFi7...

170 B
188 B

51ms
51ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MjMyMTc0OTg2NDQxMzMzOA%3D%3D&google_push=AaAOQGHTETdnIb5x4clfPQX9awTdFbnPjLDpqVPCROKsUY19Qyat4hupZ-VZCtmSICNf-k8zek96vh4tJWvhL7TFi7oKslVHIKbtrSk

Requested by

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MjMyMTc0OTg2NDQxMzMzOA%3D%3D&google_push=AaAOQGHTETdnIb5x4clfPQX9awTdFbnPjLDpqVPCROKsUY19Qyat4hupZ-VZCtmSICNf-k8zek96vh4tJWvhL7TFi7oKslVHIKbtrSk
Date: Wed, 05 Jul 2023 13:12:21 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame CBB3 43 B
363 B 62ms
14ms Image
image/gif 178.250.1.9

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEPZm3tNMjoZxpwQHCzcxUJQ&google_cver=1&google_push=AaAOQGGhRMEu2e4nvWyzZf9_7_aOQY8fCDwlOfQdj-eX-tc9aep_wYBxZDZfCDNTHvcw4EO8_FFA2b4VlNASKEGNCdp8Foj2YUS81QU

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 236633
expires: Wed, 05 Jul 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CBB3
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHZjDfbycMxEyf1P1owCqqU&google_cver=1&google_push=AaAOQGHdOXy1Q2ysbU30-iLql2-PE_4uZi8_yhyVRecSM6dL4RQSWGh6y6bQxjfrArshHCro1TuedqzO...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODMxNjE3MDUwMDQ2NDMyMDMzMA&google_push=AaAOQGHdOXy1Q2ysbU30-iLql2-PE_4uZi8_yhyVRecSM6dL4RQSWGh6y6bQxjfrArshHCro1Tuedq...

170 B
188 B

50ms
50ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODMxNjE3MDUwMDQ2NDMyMDMzMA&google_push=AaAOQGHdOXy1Q2ysbU30-iLql2-PE_4uZi8_yhyVRecSM6dL4RQSWGh6y6bQxjfrArshHCro1TuedqzOvHkydMCccMUMkghNmrUkUBQ

Requested by

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODMxNjE3MDUwMDQ2NDMyMDMzMA&google_push=AaAOQGHdOXy1Q2ysbU30-iLql2-PE_4uZi8_yhyVRecSM6dL4RQSWGh6y6bQxjfrArshHCro1TuedqzOvHkydMCccMUMkghNmrUkUBQ
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

report
sync.teads.tv/um/ Frame CBB3
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEAIoXrvtrOQ_...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AaAOQGGPvrErQ0FMmLNJnxUrsqs0dsbjB90B-YxlpFlhbNGfObvaYVBRhkEJhz7fT4wqdHfVVNU6M8SId4VlNDwuJ9-X9bqboBQ0jWwO
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

32ms
31ms

Image
image/gif

104.75.89.75

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688562741017&bpp=3&bdt=179&idt=258&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=7044068159677&frm=8&ife=1&pv=1&ga_vid=670432806.1688562741&ga_sid=1688562741&ga_hid=571393246&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=819287971&scr_x=-12245933&scr_y=-12245933&eid=42532277%2C42532279%2C44759842%2C44759875%2C44759926%2C31075645%2C44788442%2C21065724&oid=2&pvsid=3029861226246386&tmod=922379705&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.3jlrkcjgj8ak&fsb=1&dtd=264
Protocol: H2
Server: 104.75.89.75 -, , ASN (),
Reverse DNS
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Wed, 05 Jul 2023 13:12:22 GMT
pragma: no-cache
date: Wed, 05 Jul 2023 13:12:22 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame CBB3 0
12 B 50ms
48ms Image
text/html 142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IlNwFmEw2BljodYli_z55fVgNu190Zg7tSdPNviDPxklx9GtXYXLoiOJa7bFEoAgWbreEk4w

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 default.css
as.ad4m.at/ad/style/0.1.48/one-ad/ Frame DE53 114 KB
14 KB 27ms
26ms Stylesheet
text/css 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1gv2sr9b3zvksvxvxzckv3sjcb19fz0cpy257j11tyzyacbxeerb0m76731vcfz761ztc2ftxmh9pmcgtzh1afv5zk6m6jyrvsf3qqs9c8sxmanygpfh25cmqdpe7gyyf59qg5c1qhzq7bjtqxpwgjcb7rh3vcaw3qpbrv1qnce7yjn9pdmxgn0p930khhz98xc2wya5y9vgf1wsnszg0qqb5g6dm5xwdxbdna5nqvdm22tvraszehff629ta76m8xjer5wcs57v1ffhxykk20hkyj59gkq14x5sthkpj0zxjzjqv20t1nta87d43r591s6f9tjf5q7rrdf4cy9nzw8b3dbvhppk9akxvqx7fejjz8xdyzkkvb7kwh3fxm2xkf5ka75rv326qkkwxbvrnd2h99y0wfksbv6c9k3pz661nzbjmhpyt08ky3wx9zpk9djw2b9wzm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1gv2sr9b3zvksvxvxzckv3sjcb19fz0cpy257j11tyzyacbxeerb0m76731vcfz761ztc2ftxmh9pmcgtzh1afv5zk6m6jyrvsf3qqs9c8sxmanygpfh25cmqdpe7gyyf59qg5c1qhzq7bjtqxpwgjcb7rh3vcaw3qpbrv1qnce7yjn9pdmxgn0p930khhz98xc2wya5y9vgf1wsnszg0qqb5g6dm5xwdxbdna5nqvdm22tvraszehff629ta76m8xjer5wcs57v1ffhxykk20hkyj59gkq14x5sthkpj0zxjzjqv20t1nta87d43r591s6f9tjf5q7rrdf4cy9nzw8b3dbvhppk9akxvqx7fejjz8xdyzkkvb7kwh3fxm2xkf5ka75rv326qkkwxbvrnd2h99y0wfksbv6c9k3pz661nzbjmhpyt08ky3wx9zpk9djw2b9wzm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%26client%3Dca-pub-6593523210010154%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1687950287
age: 611955
cf-polished: origSize=117335
x-guploader-uploadid: ADPycdu7Pb84Y6vCPqpUShyJrQGb98f4yuF1LiyC2B7DeEN9kG_1SbpI2iXm6tsp7d5fI22nNzf0l66mXGhEIUVspATbXw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 28 Jun 2023 11:05:15 GMT
server: cloudflare
etag: W/"5d49535c2a84a9762127b3d9e77d7e02"
vary: Accept-Encoding
x-goog-generation: 1687950315098833
content-type: text/css
x-goog-hash: crc32c=aWAnwg==, md5=XUlTXCqEqXYhJ7PZ531+Ag==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LBRFsiC8mkATp11G3lGQ8yOH3H9fM9q5LK7T0DVB76aOUSiMqOqR4PVoYCfupLC7Pix2fLtjY%2BsjWpymaRzA4MWGu%2BNxeXZHfaa%2BFW1RPG6gJEXVO9I3D0KrAudcMbxwhLj4vtp16rU%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 117335
cf-ray: 7e1fdbf0eba9bb7f-FRA
expires: Wed, 05 Jul 2023 14:12:21 GMT

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame DE53 25 KB
10 KB 36ms
26ms Script
application/javascript 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1gv2sr9b3zvksvxvxzckv3sjcb19fz0cpy257j11tyzyacbxeerb0m76731vcfz761ztc2ftxmh9pmcgtzh1afv5zk6m6jyrvsf3qqs9c8sxmanygpfh25cmqdpe7gyyf59qg5c1qhzq7bjtqxpwgjcb7rh3vcaw3qpbrv1qnce7yjn9pdmxgn0p930khhz98xc2wya5y9vgf1wsnszg0qqb5g6dm5xwdxbdna5nqvdm22tvraszehff629ta76m8xjer5wcs57v1ffhxykk20hkyj59gkq14x5sthkpj0zxjzjqv20t1nta87d43r591s6f9tjf5q7rrdf4cy9nzw8b3dbvhppk9akxvqx7fejjz8xdyzkkvb7kwh3fxm2xkf5ka75rv326qkkwxbvrnd2h99y0wfksbv6c9k3pz661nzbjmhpyt08ky3wx9zpk9djw2b9wzm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Mar 2023 13:45:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 52692
etag: W/"fcb2a26b07bd76d9a925cae661d6d94d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L6hn1NUjibVU%2BNjtnwM2CmhgXvbTULNfAeUIoxk3cpYBxQkVFUnBXV9A6wHlhQ09aT0fYfv976%2BrsCTop7z%2FuAVKtHslGFTfl9X%2FN1UJ0Yt2tK%2FRbAL2mJLcoXKivkj4%2FG%2BOKMA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 7e1fdbf0fbb6bb7f-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 04 Jul 2023 13:46:27 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5033 1 KB
643 B 39ms
39ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 20169
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 07:36:12 GMT
etag: 48472445140208031
expires: Thu, 06 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 59DD 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e79284e365177ba6ba5584c4b81fc9386a04cf5be4b3548cb88ac4329b15a019

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D7E9 0
0 85ms
85ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CzeAENGylZPGqJvWU9fgPsauLuAi6iLSPXJzX7u6pCMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMBqgT3AU_QpUbhVJ70tFk9OxPSG1eEfZPaPXYEFLuoJxTamdJvHbYobmIsZWL0Fmw5yiqKKoZ2krBGLYv2QwGyoBUbZSWFVpIQLYTRtNEFBoR2w9D5fAbl9C35SJvbg3bWGhMrJtkCW8lXkKOIohs5L2eUa2LDqP-EIWrFVEuKZ3py6rSELXxWu15A5SavNseXJeKM9lprAxCGTeYqHVuHWot8hBumv9-64QnM7MxkekI8Hoh2G5XqWJ912bl38ieOaed-koJvNtB6Kf2XINt_tvoQp-1dPOY-ql7V2jfUeS5H19JWc33i8Kd4yruY3_evF4joqkpud3j3HaDgBAGABtHJpZfrpZaV6wGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNzk4MzY1MTI1NzgzODI4MhjqwW0&sigh=HabqCAjox3M&uach_m=[UACH]&cid=CAQSOwBygQiDiT3hEICd8vLzWQ2ln7jr5ArKqrdb-ZlElLP5Cjg8dIQ05P8qLU1LIjVY226SfCvpTRo5pQh_GAE&cbvp=2&vis=1
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H/1.1 200 a.gif
i.w55c.net/ Frame D7E9 42 B
582 B 14ms
13ms Image
image/gif 52.29.25.103
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.w55c.net/a.gif?t=0&rtbhost=conf01-europe-west1.rtb.roku.com&rts=1&btid=MDUwRjg2MzYwNjU4RkFEMDM4QTg2MDcwNzE4NUU2OTF8R0ZTUUdFN1A3SXwxNjg4NTYyNzQwNzczfDF8WG1FS1o4a2t0eHxYUnpvYlBzTGhWfC0xODEwMjQ0OTM4X0VYfDEwNDQzMXx8fHwuMFB8VVNE&ei=GOOGLE&wp_exchange=ZKVsNAAJlXEJHUp1AALVsd9FaA4S3hzDq_0ypQ&ac=WFMwUE56aXZTMTpYU2YwU29uZW43fDB8MHxFVVI7&psid=NTkzOTA4MTEyNTc&js=0&ob=0&ccw=SUFCOCMwLjgyMDM4NTh8SUFCOC04IzAuNjI3NjE0MnxJQUI4LTcjMC4wOTcyMjg0Mg&ci=Xmwo1n97Q8&fiu=WG1FS1o4a2t0eA&fid=XmEKZ8kktx&sd=ye-mek.net&s=https%3A%2F%2Fye-mek.net&ts=1688562740777&dvdp=i.w55c.net/dv.jpg&ai=0DaDXCcU00&c=DE&r=G-HE&rnd=5572207104344787&epid=R0wxNTIyMg&ct=b126c92c760c4964ba6058483a07fa14&os=Mm8wMDAy&dc=NzI4NWEyMmNjZmE2NGM1Y2JmMzBmYzExNmQzNGFhNGU&dv=MUxWSXJn&dm=MU1udVZVV21Ndg&l=dHJ8fA&ri=2rxtlU&cip=1&alg=TGcwMDA4&v=0&euid=Q0FFU0VBWlh3WUtwdTA1OC1EX3JtblBNa3N3&mt=2cmt0001&mi=d2Vi&dt=2dt0005&tz=RXVyb3BlL0Jlcmxpbg&sg=4Sc0rNJqWKDU5WrdIb1iaw&buid=Xdb4DXiaK1Q&hmt=1&hmdp=s.h.w55c.net/2/948461/analytics.gif&hmtiu=9484611643830741015000&uidu=CAESEAZXwYKpu058-D_rmnPMksw&spidu=GOOGLE&pidu=15222&hmpvu=bd098194-8f8d-4ec0-b97e-5966ae23a186&hmtsu=3&odtu=2&mtfu=1&crdmu=728x90&cridu=XRzobPsLhV&naoh=i.w55c.net/na.gif&ndgh=i.w55c.net/ng.gif&cbvp=2

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.29.25.103 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-29-25-103.eu-central-1.compute.amazonaws.com

Software

PixelTracking/v2.0.30-782-g97d928b#rel-ec2-master i-036c9e308bb7e39b5@eu-central-1b@dxedge-app-eu-central-1-prod-asg /

Resource Hash

47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Jul 2023 13:12:21 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PixelTracking/v2.0.30-782-g97d928b#rel-ec2-master i-036c9e308bb7e39b5@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Content-Type: image/gif
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 42
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 5033 0
173 B 56ms
19ms Image
text/plain 34.96.105.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESECORd7VMl4Tht8DVZiBdrv4&google_cver=1&google_push=AaAOQGG12PDll4SS4hrYXbCqwbvi7unrs3VXHARzPpwKnZJ4XJistmHApbJSbsVKIZVvFM3EZPiwOkkViSkPeM3QdhC644AfNX3QmpphJlV_uqgiCcywFfMEwemlqG39AhGcpkUAXkgGxgS5
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:22 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5033
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEJ28nz2cQb3i02sZjpq0zk4&google_cver=1&google_push=AaAOQGEKDxKqLhxvQiqWQMSsHpZbQFBbeQS2lj6eIOzSZmvdtUtZzLati3SNKwHOWBMDZsD0mBq8qa3JleSWobtHAWV2uTj...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGEKDxKqLhxvQiqWQMSsHpZbQFBbeQS2lj6eIOzSZmvdtUtZzLati3SNKwHOWBMDZsD0mBq8qa3JleSWobtHAWV2uTji3CKFFmI...

170 B
188 B

51ms
50ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGEKDxKqLhxvQiqWQMSsHpZbQFBbeQS2lj6eIOzSZmvdtUtZzLati3SNKwHOWBMDZsD0mBq8qa3JleSWobtHAWV2uTji3CKFFmIj7Rr2tl0Y_DbaUL6lmGdavImeKtVCg0JUhk0XIeU

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGEKDxKqLhxvQiqWQMSsHpZbQFBbeQS2lj6eIOzSZmvdtUtZzLati3SNKwHOWBMDZsD0mBq8qa3JleSWobtHAWV2uTji3CKFFmIj7Rr2tl0Y_DbaUL6lmGdavImeKtVCg0JUhk0XIeU
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3 200 dds
rtb.openx.net/sync/ Frame 5033 43 B
58 B 20ms
19ms Image
image/gif 35.186.253.211

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEMwWQquMt97rZ8pLlOLH15U&google_cver=1&google_push=AaAOQGHBYwmhrUElr9q0oJwFgVethkv3TUOa3HT6jFmAw5SnY53JbgdWtmW9lWzGnPZzXYFbwCTRJcd01hfyNTuSTsATmR7v9lhUlmirAv8wawwF5hyyhHslNKFAjnfKE5y7HaytG3Cjmsgm
Requested by: Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.253.211 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:22 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5033
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMIdgRlGYtMrvsn9EBFns3A&google_cver=1&google_push=AaAOQGG3Juzl4RBV8HMlM1q0YP7gUpZh_t8CE2GV4gDN-KmWeyzhXa6IYJm8g9ZSJ9nkbOgG2kl...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpQUU5RQk8tMTQtNDVVNg==&google_push=AaAOQGG3Juzl4RBV8HMlM1q0YP7gUpZh_t8CE2GV4gDN-KmWeyzhXa6IYJm8g9ZSJ9nkbOgG2kldhvItNGOKTr3wiIa7vna3vFPzD...

170 B
188 B

48ms
48ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpQUU5RQk8tMTQtNDVVNg==&google_push=AaAOQGG3Juzl4RBV8HMlM1q0YP7gUpZh_t8CE2GV4gDN-KmWeyzhXa6IYJm8g9ZSJ9nkbOgG2kldhvItNGOKTr3wiIa7vna3vFPzDhJvLc-Dhq1kpmYjoIAZia6Jw3j70lGZJ5WGgPl-gmQ

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpQUU5RQk8tMTQtNDVVNg==&google_push=AaAOQGG3Juzl4RBV8HMlM1q0YP7gUpZh_t8CE2GV4gDN-KmWeyzhXa6IYJm8g9ZSJ9nkbOgG2kldhvItNGOKTr3wiIa7vna3vFPzDhJvLc-Dhq1kpmYjoIAZia6Jw3j70lGZJ5WGgPl-gmQ
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: cc9654c54e9aa67bf2b10be1073297a8
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5033
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENwTH1SxS1PlipZuN89vSzk&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESENwTH1SxS1PlipZuN89vSzk&google_hm=ZKVsNeQlRcaOsAk3li2-CgAACJsAAAAB&google_nid=index&google_push=AaAOQGHFi7RNYOKWin8K1mmkFjNxrHnrlRFfW...

170 B
188 B

52ms
51ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESENwTH1SxS1PlipZuN89vSzk&google_hm=ZKVsNeQlRcaOsAk3li2-CgAACJsAAAAB&google_nid=index&google_push=AaAOQGHFi7RNYOKWin8K1mmkFjNxrHnrlRFfWjXgqgU05m0Xr--3NiaG2K9zieJ4plQB7P-Uv0QEJaBHTgTbiDp0p4h5f7xwEDOxRvhCS0mkgIG6cjfrTQEJ_NB-TiP3ux2d7SnRdY-Caa6T

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 05 Jul 2023 13:12:22 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESENwTH1SxS1PlipZuN89vSzk&google_hm=ZKVsNeQlRcaOsAk3li2-CgAACJsAAAAB&google_nid=index&google_push=AaAOQGHFi7RNYOKWin8K1mmkFjNxrHnrlRFfWjXgqgU05m0Xr--3NiaG2K9zieJ4plQB7P-Uv0QEJaBHTgTbiDp0p4h5f7xwEDOxRvhCS0mkgIG6cjfrTQEJ_NB-TiP3ux2d7SnRdY-Caa6T
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 0
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5033
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEKVZcfJmkNeM9h0SEaliYcY&google_cver=1&google_push=AaAOQGEkdJqYo3G6zf6x1O2iA-54HGASpCsevHSUuPnLTWO3Rc_yK7wBSADye-EISj-KdehVopMGraR9gVfttWYcT...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEKVZcfJmkNeM9h0SEaliYcY&google_cver=1&google_push=AaAOQGEkdJqYo3G6zf6x1O2iA-54HGASpCsevHSUuPnLTWO3Rc_yK7wBSADye-EISj-KdehVopMGraR9gVfttWYcT...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGEkdJqYo3G6zf6x1O2iA-54HGASpCsevHSUuPnLTWO3Rc_yK7wBSADye-EISj-KdehVopMGraR9gVfttWYcTSLa7Rzdsc7WMReTt_nawmQmEFdux3Ue0iNka5Je3-KXP...

170 B
188 B

51ms
51ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGEkdJqYo3G6zf6x1O2iA-54HGASpCsevHSUuPnLTWO3Rc_yK7wBSADye-EISj-KdehVopMGraR9gVfttWYcTSLa7Rzdsc7WMReTt_nawmQmEFdux3Ue0iNka5Je3-KXPoBVTnBbXMmT&google_hm=G7g4tGZHoII28zE7RKeNcaP2

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 05 Jul 2023 13:12:22 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGEkdJqYo3G6zf6x1O2iA-54HGASpCsevHSUuPnLTWO3Rc_yK7wBSADye-EISj-KdehVopMGraR9gVfttWYcTSLa7Rzdsc7WMReTt_nawmQmEFdux3Ue0iNka5Je3-KXPoBVTnBbXMmT&google_hm=G7g4tGZHoII28zE7RKeNcaP2
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5033
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEJAwyu8LNr9M1zOmKKAhXh0&google_cver=1&google_push=AaAOQGFRRrX5JjLPZ...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MzMxMjk0NjE4NzYwNTk2MjA1Ng%3D%3D&google_gid=CAESEJAwyu8LNr9M1zOmKKAhXh0&google_cver=1&google_push=AaAOQGFRRrX5JjLPZcP6qpCjphNQ3VreYX...

170 B
188 B

48ms
48ms

Image
image/png

142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MzMxMjk0NjE4NzYwNTk2MjA1Ng%3D%3D&google_gid=CAESEJAwyu8LNr9M1zOmKKAhXh0&google_cver=1&google_push=AaAOQGFRRrX5JjLPZcP6qpCjphNQ3VreYXJHQ5mG5RIrEKfISQdeMegi6eHqXrvo2TzI5HNX6VU7NzLXRjhhvlVwEhzCKw64iRLCSkxpIqRhrMD4qwIAn04FX1mQEZT9FKW7P6142ca3Te3GZw

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 05 Jul 2023 13:12:22 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.134; 185.213.155.134; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: fa8dddef-6709-4d21-9b17-68105ca32bc1
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MzMxMjk0NjE4NzYwNTk2MjA1Ng%3D%3D&google_gid=CAESEJAwyu8LNr9M1zOmKKAhXh0&google_cver=1&google_push=AaAOQGFRRrX5JjLPZcP6qpCjphNQ3VreYXJHQ5mG5RIrEKfISQdeMegi6eHqXrvo2TzI5HNX6VU7NzLXRjhhvlVwEhzCKw64iRLCSkxpIqRhrMD4qwIAn04FX1mQEZT9FKW7P6142ca3Te3GZw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 5033 0
12 B 48ms
47ms Image
text/html 142.250.181.226

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LyMo4dG-rNlvSldyA2bxJWxQb_V46f1XbP1-MX-cIGcjp20VKS-VetmzVCTm93SEiwHjcYjg

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:22 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 728x90.html Show response
s0.2mdn.net/sadbundle/18225457952125459833/728x90/ Frame 00C5 7 KB
3 KB 117ms
38ms Document
text/html 2a00:1450:4001:830::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/18225457952125459833/728x90/728x90.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4dbaa435b487c92bd9f52afd8d33be34806c95d15cf3c782a001962806cdc976

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 248700
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2625
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 02 Jul 2023 16:07:22 GMT
expires: Mon, 01 Jul 2024 16:07:22 GMT
last-modified: Wed, 21 Jun 2023 08:55:44 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 59DD 0
0 208ms
85ms Fetch
image/gif 142.250.181.226

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsulat_u0BRtoOeivOrUcAbLfgEcXnoGeWS6kmKdZ1kVgqxS_DgSnj_8uVuiNGPC4ENPG_JkAxM68hK3PfBqyJ_wuUIwylSaHJjG5ZL-qMGIhIKHTaydfJ0chPsjZYfN2gA6TqpWloisSEpwf_gSFW8WX6yT2JdqiBt79JMzSe41zftfi6dSR0r6mzfuHo_Z7-7nCvne77HWHBp5L3srU5Vztp8MRv2JgelowpA-gtduHxUcilpgWvBYxnxT2yJ64dEAn1spaWiZ9OGzoQXrixaA4mE8LRpBg039sIAzFhJrIGVb-wA-e8NNEd4ZQnGtcMrOHqW8221G9Lw1xnjsn0kMHPp5nIV-EAWIzQlv1SVvS8R1rPa3juF4aWZ4mMDVrgaaXuwrSUgDwsg05sD27NIURKMc-cI1kV4a7u2Rfuc53tYcmcM3ZZZESKBwdbUj_-RuzE2RuTMdYrMOvqztpXgZI5paLcWNR1E0qe8CrOZDVRWfqRwpqw6PHlvVy5yrGqDf4L0-a0t5MQHxNUTJWKS9ICu2VgJzhI2LsB8nVSiTMmoGN6lqKCjbHTRPyqSzeE4v5bLS2YKi5FKI18yZ6uZsW0V2wNQJaxpVulELKr32zuXbyvZD3gdQT7W0FT9-0ZK8XgvCYFigVzYfriODxjAtDsgt7YXYSJ3lNQZ6GW-G0RbyoShXesAOyNdfednWfHiHuneC1Xxv-Ywb52PxcTD7hJk7vrZ6E9GSUa9pXuWGWvecjUMrbXCTa1xkbyLVDTCLKJKaDrFWxmWNrHKRJidXuRpH1sIjbDbUHQs-MORQ6Jdi_1UaI8LZLXMMunFE0gCJXb64iNj6icsHxFOPYgeVF0x8EP1SNJKJVKQC2Cd95LQqKFEzeW7Do4abibKDu2s5PbFh5vsf3F43gRfVrmfUmZ8e5CexS44CdPQUUXZi8MC0OtaB3avhJl2WKhk2QofThSxE-gS-nB4tDbDlrWxp6iEmNX-J9RdgKbfyGv99nx1FWdVaOP3M45vqwNjO_LYcsZ2soQOrF46grSHHflghe6koCky9-8cofi_Bp0af8jXpi-j84qwrdBSFFDFpaleWeo819FTYivYDtd4GkIjvATE3tfAAA4q-EOzT8YZFHixCRTnnac2hCr49EJhuaoAduJY2qbrtrpcSuDI4qupHsClMgXbVT0_6DpJ4oRSbbqXRNqJhoF7brh0-I5ehOMGcNgpm-yvGPrvjkzojFylOvlsXIRx-Iu48GoDIc_JWinTPGG1j2OtojT7nwpo&sai=AMfl-YS9CUDKZ-6dVQkj_SdW-LTfNbFifdFVgLzRTTDU84e1R8ZueWRAczvWkJRURdOcWhafyQ_CLqlsaBIMfS0Nh7N0RoRLsfITA1oSsxCYWbiicvimYnpJQa5ZTVkAB84s2k-5oxg_1Y1DK_d3Ez7XLRgnTXlSCweZI7qqf0fumcnjL3tGGxcNyzyMVxaGSjnHEO8jRhWzciETYpyWlSMX39_d8MkhhSuZEG5_MVLKarZfTfABWRPZeTAZ_mdYCpB42IZu&sig=Cg0ArKJSzClrykYpvW2wEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=269&cbvp=1&cstd=265&cisv=r20230627.68871&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 05 Jul 2023 13:12:22 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 05 Jul 2023 13:12:22 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 13AC 22 KB
8 KB 41ms
39ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 21709
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 07:10:33 GMT
expires: Thu, 04 Jul 2024 07:10:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame DE53 3 KB
4 KB 60ms
17ms Image
image/png 2606:4700:20::681a:61b

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:61b -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3291
x-guploader-uploadid: ADPycduTog6A2JPifmWwDYui9vUCCU5W1ZNEVFDzlBRMT9l9xNdgptaa0KpBuLLbjaWfVX7sXot7cGI-Oc2HEQNQ3r-JUA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
content-length: 3262
last-modified: Tue, 21 Jun 2022 12:31:17 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
vary: Accept-Encoding
x-goog-generation: 1655814677405990
content-type: image/png
content-language: en
x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
cache-control: public, max-age=7200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nyE%2FMMeroZI5VLBEsG7lofiZkAIA%2B9fgUdoMeUsPoTuC%2F3L7T4kcOlIS0%2BfMe%2Fb%2B1DHj3uURxSRVwMa78nXna7e0uMd%2F%2B4dV2lNujBxL03Hxjnte4Nci8u5ZfX2gs2oR7eg5ZO8cLnlYFgIq%2BGpLzLVG"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 7e1fdbf2095d9ba7-FRA
expires: Wed, 05 Jul 2023 12:39:30 GMT

GET
H3 200 frame.html Show response
ad4m.at/ Frame 6BF3 2 KB
1 KB 27ms
27ms Document
text/html 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 584079
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 7e1fdbf1c93e1c9b-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Wed, 05 Jul 2023 13:12:22 GMT
expires: Thu, 08 Jun 2023 00:41:56 GMT
last-modified: Thu, 25 Aug 2022 14:12:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mcpyHL03y%2BwkPDQUk3ljddB25sC7guwgnGaqU%2Fwl7urRKad1eamhqa%2BPcWZ%2Br3J0CDUR3LAOrw6MBkAdAOCCy9GH%2Bi5yMLwlcZEjqWnCwNFx1kU8m1a6pzfeMzviH7q5geh1pNs%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame CDB8 15 KB
11 KB 87ms
86ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230627&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9cd13937c596d2fecae3b6fc680b915a0b881b99e3cbd89508c842ba6af80c8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11263
x-xss-protection: 0

GET
H3 200 AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js Show response
pagead2.googlesyndication.com/bg/ Frame 13AC 38 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00e8a28586e393b1b23d23dec44dcfa2b38a457a287d33c5f0d8ef9008257387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Jul 2023 17:33:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 157117
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14768
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 02 Jul 2024 17:33:45 GMT

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 45ms
34ms Preflight
text/plain 2606:4700:20::ac43:4a81

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7e1fdbf248af3675-FRA
content-length: 24
content-type: text/plain
date: Wed, 05 Jul 2023 13:12:22 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=whJK3fnVXev0ikf4gfkdEHjjl5Ekz30g5EH3dBYZouWM7Wt944THxK%2BCMTobB4QR9EOSRpvslEwmLJH4QKr9jEycF1cEndqBbfLz9Bab7258vAulTBHBkar4lIKk%2BKegyWOWs8Y%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-5z6c

POST
H3 200 rs Show response
ad4m.at/ Frame DE53 1 KB
2 KB 33ms
33ms XHR
text/plain 2606:4700:20::ac43:4a81

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 0302085edc6f3d11aa5ac85ec1b09ea360a39bc6de264ec663f9c3c1a1996621

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 05 Jul 2023 13:12:22 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5IJLuZMMVlzlXsCauQ4Nb%2BrJdyRYK81qBgZH1EOgvaxsRWM5hdqfOCVBE3C5wkNMziGFcUIy5VJUsRD62vU4kuyCj1yuysLCtsFPB2r3pgzhD5zEVpOt%2FJXpm9pI%2FZy%2BztSa2lc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 7e1fdbf278f73675-FRA
x-backend-server: aa-reachservice-group-europe-west1-5z6c
alt-svc: h3=":443"; ma=86400

GET
H3 200 createjs.min.js Show response
s0.2mdn.net/sadbundle/18225457952125459833/728x90/ Frame 00C5 236 KB
63 KB 40ms
39ms Script
application/x-javascript 2a00:1450:4001:830::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/18225457952125459833/728x90/createjs.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18225457952125459833/728x90/728x90.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18225457952125459833/728x90/728x90.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 02 Jul 2023 16:07:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 248699
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64184
x-xss-protection: 0
last-modified: Wed, 21 Jun 2023 08:55:44 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 01 Jul 2024 16:07:23 GMT

GET
H3 200 728x90.js Show response
s0.2mdn.net/sadbundle/18225457952125459833/728x90/ Frame 00C5 79 KB
14 KB 60ms
59ms Script
application/x-javascript 2a00:1450:4001:830::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/18225457952125459833/728x90/728x90.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18225457952125459833/728x90/728x90.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

cba6dfe95093aa26c582e805d0afa44f0d2e33036ef0f3ae35bd175345fe652f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18225457952125459833/728x90/728x90.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 02 Jul 2023 16:07:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 248699
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13870
x-xss-protection: 0
last-modified: Wed, 21 Jun 2023 08:55:44 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 01 Jul 2024 16:07:23 GMT

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame 0DD0 10 KB
4 KB 42ms
41ms Document
text/html 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=fbca34843907381617b7cefcbbc278bf%2F9256271693418598238&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688562742155&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j39e8wnx88e0bs8wj7419kb3dwsmrpc8nm7t29v16td3s9cjz007g732m076fyqa1tx72xqdpxxk36nmrwjk2xrf0p20j62z8ase30vmw196pez4m0tj6nk9g0bhsbwdkex0y7yjdc62kd5y59x8hq7mvw4h5hjyq7srpvm7vvjyj9wx3bbhacb5zjs3khbyzx92ke8cbxvmfeh63efts8d5bgb7bjs0gfxejwmkvp9241r0183z74hxz0d7gjfzsb7vk34rm5zqg7c1gfcvh6hnw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:ad1 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

d40233bcb7f0efc82aa2418fff3d6a5f8276fee62dd2f7305cd27025dedd176d

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1gv2sr9b3zvksvxvxzckv3sjcb19fz0cpy257j11tyzyacbxeerb0m76731vcfz761ztc2ftxmh9pmcgtzh1afv5zk6m6jyrvsf3qqs9c8sxmanygpfh25cmqdpe7gyyf59qg5c1qhzq7bjtqxpwgjcb7rh3vcaw3qpbrv1qnce7yjn9pdmxgn0p930khhz98xc2wya5y9vgf1wsnszg0qqb5g6dm5xwdxbdna5nqvdm22tvraszehff629ta76m8xjer5wcs57v1ffhxykk20hkyj59gkq14x5sthkpj0zxjzjqv20t1nta87d43r591s6f9tjf5q7rrdf4cy9nzw8b3dbvhppk9akxvqx7fejjz8xdyzkkvb7kwh3fxm2xkf5ka75rv326qkkwxbvrnd2h99y0wfksbv6c9k3pz661nzbjmhpyt08ky3wx9zpk9djw2b9wzm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%26client%3Dca-pub-6593523210010154%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7e1fdbf2cace1c9b-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 13:12:22 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET sodar2.js
tpc.googlesyndication.com/sodar/ Frame CDB8 0
0

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.48/one-ad/ Frame 0DD0 114 KB
14 KB 32ms
32ms Stylesheet
text/css 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=fbca34843907381617b7cefcbbc278bf%2F9256271693418598238&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688562742155&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j39e8wnx88e0bs8wj7419kb3dwsmrpc8nm7t29v16td3s9cjz007g732m076fyqa1tx72xqdpxxk36nmrwjk2xrf0p20j62z8ase30vmw196pez4m0tj6nk9g0bhsbwdkex0y7yjdc62kd5y59x8hq7mvw4h5hjyq7srpvm7vvjyj9wx3bbhacb5zjs3khbyzx92ke8cbxvmfeh63efts8d5bgb7bjs0gfxejwmkvp9241r0183z74hxz0d7gjfzsb7vk34rm5zqg7c1gfcvh6hnw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=fbca34843907381617b7cefcbbc278bf%2F9256271693418598238&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688562742155&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j39e8wnx88e0bs8wj7419kb3dwsmrpc8nm7t29v16td3s9cjz007g732m076fyqa1tx72xqdpxxk36nmrwjk2xrf0p20j62z8ase30vmw196pez4m0tj6nk9g0bhsbwdkex0y7yjdc62kd5y59x8hq7mvw4h5hjyq7srpvm7vvjyj9wx3bbhacb5zjs3khbyzx92ke8cbxvmfeh63efts8d5bgb7bjs0gfxejwmkvp9241r0183z74hxz0d7gjfzsb7vk34rm5zqg7c1gfcvh6hnw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1687950287
age: 611956
cf-polished: origSize=117335
x-guploader-uploadid: ADPycdu7Pb84Y6vCPqpUShyJrQGb98f4yuF1LiyC2B7DeEN9kG_1SbpI2iXm6tsp7d5fI22nNzf0l66mXGhEIUVspATbXw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 28 Jun 2023 11:05:15 GMT
server: cloudflare
etag: W/"5d49535c2a84a9762127b3d9e77d7e02"
vary: Accept-Encoding
x-goog-generation: 1687950315098833
content-type: text/css
x-goog-hash: crc32c=aWAnwg==, md5=XUlTXCqEqXYhJ7PZ531+Ag==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BWeIK8AyVzBXIhOmbCdPlMdgd49i%2Fs47iCfLRK0%2FjpWOGvEsTI8FuZKzjaLFIbra9rgqQiCGYqfcKg8ouLmjJnx7DsJrF%2FNNq9ffKr6yDsz5ZJDLvHfz8Y1v62vVDJ9rAwxeRrj%2Bcng%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 117335
cf-ray: 7e1fdbf34b6b1c9b-FRA
expires: Wed, 05 Jul 2023 14:12:22 GMT

GET
H2 200 C3FCB3AB04505A8F1D79D1D5953F5207FE6F49EF4C517E920A79B423A52F9E2DCCD658FDD21E3D8209A640CEE47D02AAD52D272924710EAE6BAB80FD9B483022
assets.ad4m.at/logo/ Frame 0DD0 5 KB
5 KB 61ms
38ms Image
image/webp 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/C3FCB3AB04505A8F1D79D1D5953F5207FE6F49EF4C517E920A79B423A52F9E2DCCD658FDD21E3D8209A640CEE47D02AAD52D272924710EAE6BAB80FD9B483022
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=fbca34843907381617b7cefcbbc278bf%2F9256271693418598238&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688562742155&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j39e8wnx88e0bs8wj7419kb3dwsmrpc8nm7t29v16td3s9cjz007g732m076fyqa1tx72xqdpxxk36nmrwjk2xrf0p20j62z8ase30vmw196pez4m0tj6nk9g0bhsbwdkex0y7yjdc62kd5y59x8hq7mvw4h5hjyq7srpvm7vvjyj9wx3bbhacb5zjs3khbyzx92ke8cbxvmfeh63efts8d5bgb7bjs0gfxejwmkvp9241r0183z74hxz0d7gjfzsb7vk34rm5zqg7c1gfcvh6hnw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 9c63890b7f3f2e513fa085cd7b198f9ab91721a9e8aa7180806ff4aa7b4089a4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1067771
cf-polished: origFmt=png, origSize=10283
alt-svc: h3=":443"; ma=86400
content-length: 4736
cf-bgj: imgq:85,h2pri
last-modified: Thu, 06 Apr 2023 12:21:02 GMT
server: cloudflare
etag: "b90d04a587c2a1ab6749e51d8bb195d1"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AJzZEOdvGjTg0q9Ap%2BW86EUU1tthRWCouBZoF4ZthjSoY556wcbd9jzfdl2jfCfFGgA4Ip3R1jDv55CimJeemsuntMDOMb9WXqQMgxhsbTycysRR%2BUdOEqSgF5mnEXJlgITKfTG7khenxH0p"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e1fdbf36f8dbb7f-FRA
expires: Thu, 06 Jul 2023 13:12:22 GMT

GET
H2 200 A36DAD0D440985CF6ABFA23492945CE5BC6D94350A66B19418CB771AFE823AD9B48ADE8E2F007546F0A50A710172EEFC2CAC1468E38852CE2028C22592AAFB75
assets.ad4m.at/product_image/ Frame 0DD0 54 KB
55 KB 32ms
24ms Image
image/webp 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/A36DAD0D440985CF6ABFA23492945CE5BC6D94350A66B19418CB771AFE823AD9B48ADE8E2F007546F0A50A710172EEFC2CAC1468E38852CE2028C22592AAFB75
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=fbca34843907381617b7cefcbbc278bf%2F9256271693418598238&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688562742155&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j39e8wnx88e0bs8wj7419kb3dwsmrpc8nm7t29v16td3s9cjz007g732m076fyqa1tx72xqdpxxk36nmrwjk2xrf0p20j62z8ase30vmw196pez4m0tj6nk9g0bhsbwdkex0y7yjdc62kd5y59x8hq7mvw4h5hjyq7srpvm7vvjyj9wx3bbhacb5zjs3khbyzx92ke8cbxvmfeh63efts8d5bgb7bjs0gfxejwmkvp9241r0183z74hxz0d7gjfzsb7vk34rm5zqg7c1gfcvh6hnw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: d8928a20b6d9520af9bfb5e9748259fc3c1ed52ee4e430920d7e70897af5c065

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2269316
cf-polished: origFmt=png, origSize=105738
alt-svc: h3=":443"; ma=86400
content-length: 55798
cf-bgj: imgq:85,h2pri
last-modified: Mon, 04 Jul 2022 08:55:40 GMT
server: cloudflare
etag: "147be38db57f89c69c9e65b05983ff0e"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9QS5I83B%2FBgBMXE0t81ahthkFKBA4PMMmT%2FzfgL2072hC%2BZexfBFFqHvMICrn7HBhPDehx9B8%2Bc%2F9MOxOEOkNQztvukXi%2FvRWbQF27197tAxeq%2FIxT4elWl6kLDaS61iFT4LcjVk3AOzpm1w"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e1fdbf36f89bb7f-FRA
expires: Thu, 06 Jul 2023 13:12:22 GMT

GET
H2 200 A0843E9156C9D7335C02FDBAB8781B4AFFEEE9E59ABD085E1EDF62037D970710A817E95DBBFD727CE4E28B26524C9A8F4A33EB1E826BD3A7B2541F094E39D266
assets.ad4m.at/logo/ Frame 0DD0 2 KB
3 KB 46ms
38ms Image
image/webp 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/A0843E9156C9D7335C02FDBAB8781B4AFFEEE9E59ABD085E1EDF62037D970710A817E95DBBFD727CE4E28B26524C9A8F4A33EB1E826BD3A7B2541F094E39D266
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=fbca34843907381617b7cefcbbc278bf%2F9256271693418598238&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688562742155&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j39e8wnx88e0bs8wj7419kb3dwsmrpc8nm7t29v16td3s9cjz007g732m076fyqa1tx72xqdpxxk36nmrwjk2xrf0p20j62z8ase30vmw196pez4m0tj6nk9g0bhsbwdkex0y7yjdc62kd5y59x8hq7mvw4h5hjyq7srpvm7vvjyj9wx3bbhacb5zjs3khbyzx92ke8cbxvmfeh63efts8d5bgb7bjs0gfxejwmkvp9241r0183z74hxz0d7gjfzsb7vk34rm5zqg7c1gfcvh6hnw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: af7a66542220ecfb2b8fa0286b60ffa95c1c8047df094654a90e1ff75f848ef5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2132545
cf-polished: origFmt=png, origSize=9357
alt-svc: h3=":443"; ma=86400
content-length: 2330
cf-bgj: imgq:85,h2pri
last-modified: Thu, 08 Apr 2021 14:26:03 GMT
server: cloudflare
etag: "8cc161b392f5744da5319a4da549b763"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EH011mQB42NB9FlslbMOJzoA9VioBxHyI%2FT1%2FLL4%2F%2B6ew3hdAtYmhDfVyvWd08FLBZnxV58p%2BE1rTMsDad02t52HJtD%2BfGxeBykPHWisjhlBFXJIwDifGgX7TeQbMyQPkPXErl4U0KN4%2Fyzx"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e1fdbf36f85bb7f-FRA
expires: Thu, 06 Jul 2023 13:12:22 GMT

GET
H2 200 B4A4D4AE24A1FC5067FA06DB00E21DA5A143F663CF3153C1D2812B519806D793E1E07140C733352966C6C7C037FF39882FAEB141999BF28A93837E2C21DB35B1
assets.ad4m.at/ Frame 0DD0 253 KB
254 KB 47ms
38ms Image
image/webp 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/B4A4D4AE24A1FC5067FA06DB00E21DA5A143F663CF3153C1D2812B519806D793E1E07140C733352966C6C7C037FF39882FAEB141999BF28A93837E2C21DB35B1
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=fbca34843907381617b7cefcbbc278bf%2F9256271693418598238&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688562742155&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j39e8wnx88e0bs8wj7419kb3dwsmrpc8nm7t29v16td3s9cjz007g732m076fyqa1tx72xqdpxxk36nmrwjk2xrf0p20j62z8ase30vmw196pez4m0tj6nk9g0bhsbwdkex0y7yjdc62kd5y59x8hq7mvw4h5hjyq7srpvm7vvjyj9wx3bbhacb5zjs3khbyzx92ke8cbxvmfeh63efts8d5bgb7bjs0gfxejwmkvp9241r0183z74hxz0d7gjfzsb7vk34rm5zqg7c1gfcvh6hnw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 2754d47be946d2394bce4008332826d0491b510a2a624ae6609d042b143732d1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1091576
cf-polished: origFmt=png, origSize=431531
alt-svc: h3=":443"; ma=86400
content-length: 259252
cf-bgj: imgq:85,h2pri
last-modified: Fri, 16 Jun 2023 10:20:07 GMT
server: cloudflare
etag: "16f7fe8ce7119ba0f513f8179ecb2d3a"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZYHPDcs1gDRqxCOy%2FbhP%2BThAzvsZic%2BFUF4DWH1xpRwtmxF6zQgNVxhuE%2FHWpfJemtLs%2Fi0fCD3LY%2FyNjy%2BZqJhKtOgdcXrtbUcrEJol77n44%2BZKjEkKHMvBW7na4PazLnk60lS0XFnDulx1"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e1fdbf36f92bb7f-FRA
expires: Thu, 06 Jul 2023 13:12:22 GMT

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 0DD0 43 B
702 B 524ms
121ms Image
image/gif 104.103.93.163

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2904924&v=20044&q=415363&r=412871&pv=1&pref3=oneidk7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6oneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=fbca34843907381617b7cefcbbc278bf%2F9256271693418598238&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688562742155&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j39e8wnx88e0bs8wj7419kb3dwsmrpc8nm7t29v16td3s9cjz007g732m076fyqa1tx72xqdpxxk36nmrwjk2xrf0p20j62z8ase30vmw196pez4m0tj6nk9g0bhsbwdkex0y7yjdc62kd5y59x8hq7mvw4h5hjyq7srpvm7vvjyj9wx3bbhacb5zjs3khbyzx92ke8cbxvmfeh63efts8d5bgb7bjs0gfxejwmkvp9241r0183z74hxz0d7gjfzsb7vk34rm5zqg7c1gfcvh6hnw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.103.93.163 -, , ASN (),

Reverse DNS

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Jul 2023 13:12:22 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H2 200 90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
assets.ad4m.at/logo/ Frame 0DD0 36 KB
36 KB 46ms
38ms Image
image/webp 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=fbca34843907381617b7cefcbbc278bf%2F9256271693418598238&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688562742155&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j39e8wnx88e0bs8wj7419kb3dwsmrpc8nm7t29v16td3s9cjz007g732m076fyqa1tx72xqdpxxk36nmrwjk2xrf0p20j62z8ase30vmw196pez4m0tj6nk9g0bhsbwdkex0y7yjdc62kd5y59x8hq7mvw4h5hjyq7srpvm7vvjyj9wx3bbhacb5zjs3khbyzx92ke8cbxvmfeh63efts8d5bgb7bjs0gfxejwmkvp9241r0183z74hxz0d7gjfzsb7vk34rm5zqg7c1gfcvh6hnw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: a2b9eefee68fa18c6be3c3bbe11d769b5affc01b84ea94c7ec68ae4ffacd858a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1261922
cf-polished: origFmt=png, origSize=62828
alt-svc: h3=":443"; ma=86400
content-length: 36446
cf-bgj: imgq:85,h2pri
last-modified: Tue, 18 Oct 2022 15:02:47 GMT
server: cloudflare
etag: "e12c1a9f1887c09d377658838eaaa06d"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F6jiIoX4bMaFGUUSUYXG642sDDurZfUJJegWdQJGH8lENEOi8vhsgRgBL9H0ZgvehCZ8Mk7a492O0589YzvrTEvMlsTgcBInZI5WnWS9njhanKtakAZUHsmN%2FxG7PSVxQt3yVrXK1QkOvm91"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e1fdbf36f8fbb7f-FRA
expires: Thu, 06 Jul 2023 13:12:22 GMT

GET
H2 200 287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
assets.ad4m.at/ Frame 0DD0 28 KB
28 KB 38ms
30ms Image
image/webp 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=fbca34843907381617b7cefcbbc278bf%2F9256271693418598238&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688562742155&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j39e8wnx88e0bs8wj7419kb3dwsmrpc8nm7t29v16td3s9cjz007g732m076fyqa1tx72xqdpxxk36nmrwjk2xrf0p20j62z8ase30vmw196pez4m0tj6nk9g0bhsbwdkex0y7yjdc62kd5y59x8hq7mvw4h5hjyq7srpvm7vvjyj9wx3bbhacb5zjs3khbyzx92ke8cbxvmfeh63efts8d5bgb7bjs0gfxejwmkvp9241r0183z74hxz0d7gjfzsb7vk34rm5zqg7c1gfcvh6hnw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e944aa2add7d89134400d6d51b9b0954ad0e988edd934eccff8907ab90e1c853

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2223071
cf-polished: qual=85, origFmt=jpeg, origSize=133780
alt-svc: h3=":443"; ma=86400
content-length: 28740
cf-bgj: imgq:85,h2pri
last-modified: Tue, 18 Feb 2020 10:22:01 GMT
server: cloudflare
etag: "d061ca155f758f490340e147604dc3ee"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fGfZCfdh0PQLbw7fqYNgsozGQdfpb%2BSBMXBxlw%2BPCAU9mIf4SP611u%2FIjBcMkuYWxoJGc5cYxY57RhMnU2u5n7Dkr57xMvw4kr4R%2Fqnk%2BDEg2DMNvLKnjqFB2va4T5xkMbweJPPvZXxUgGAP"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7e1fdbf36f8bbb7f-FRA
expires: Thu, 06 Jul 2023 13:12:22 GMT

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 0DD0 43 B
702 B 538ms
135ms Image
image/gif 104.103.93.163

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2531885&v=14702&q=365825&r=412871&pv=1&pref3=oneidppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkroneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.103.93.163 -, , ASN (),

Reverse DNS

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Jul 2023 13:12:22 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 200 image1.jpg
s0.2mdn.net/sadbundle/18225457952125459833/728x90/images/ Frame 00C5 10 KB
10 KB 41ms
40ms Image
image/jpeg 2a00:1450:4001:830::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18225457952125459833/728x90/images/image1.jpg

Requested by

Host: f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
URL: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

3b8fc5c21934d401d4da598cc6a483b220364c274ac3999bea8ab5f61d815e6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18225457952125459833/728x90/728x90.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 02 Jul 2023 16:07:23 GMT
x-content-type-options: nosniff
age: 248699
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10702
x-xss-protection: 0
last-modified: Wed, 21 Jun 2023 08:55:44 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 01 Jul 2024 16:07:23 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 59DD 0
0 78ms
76ms Fetch
image/gif 142.250.181.226

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsulat_u0BRtoOeivOrUcAbLfgEcXnoGeWS6kmKdZ1kVgqxS_DgSnj_8uVuiNGPC4ENPG_JkAxM68hK3PfBqyJ_wuUIwylSaHJjG5ZL-qMGIhIKHTaydfJ0chPsjZYfN2gA6TqpWloisSEpwf_gSFW8WX6yT2JdqiBt79JMzSe41zftfi6dSR0r6mzfuHo_Z7-7nCvne77HWHBp5L3srU5Vztp8MRv2JgelowpA-gtduHxUcilpgWvBYxnxT2yJ64dEAn1spaWiZ9OGzoQXrixaA4mE8LRpBg039sIAzFhJrIGVb-wA-e8NNEd4ZQnGtcMrOHqW8221G9Lw1xnjsn0kMHPp5nIV-EAWIzQlv1SVvS8R1rPa3juF4aWZ4mMDVrgaaXuwrSUgDwsg05sD27NIURKMc-cI1kV4a7u2Rfuc53tYcmcM3ZZZESKBwdbUj_-RuzE2RuTMdYrMOvqztpXgZI5paLcWNR1E0qe8CrOZDVRWfqRwpqw6PHlvVy5yrGqDf4L0-a0t5MQHxNUTJWKS9ICu2VgJzhI2LsB8nVSiTMmoGN6lqKCjbHTRPyqSzeE4v5bLS2YKi5FKI18yZ6uZsW0V2wNQJaxpVulELKr32zuXbyvZD3gdQT7W0FT9-0ZK8XgvCYFigVzYfriODxjAtDsgt7YXYSJ3lNQZ6GW-G0RbyoShXesAOyNdfednWfHiHuneC1Xxv-Ywb52PxcTD7hJk7vrZ6E9GSUa9pXuWGWvecjUMrbXCTa1xkbyLVDTCLKJKaDrFWxmWNrHKRJidXuRpH1sIjbDbUHQs-MORQ6Jdi_1UaI8LZLXMMunFE0gCJXb64iNj6icsHxFOPYgeVF0x8EP1SNJKJVKQC2Cd95LQqKFEzeW7Do4abibKDu2s5PbFh5vsf3F43gRfVrmfUmZ8e5CexS44CdPQUUXZi8MC0OtaB3avhJl2WKhk2QofThSxE-gS-nB4tDbDlrWxp6iEmNX-J9RdgKbfyGv99nx1FWdVaOP3M45vqwNjO_LYcsZ2soQOrF46grSHHflghe6koCky9-8cofi_Bp0af8jXpi-j84qwrdBSFFDFpaleWeo819FTYivYDtd4GkIjvATE3tfAAA4q-EOzT8YZFHixCRTnnac2hCr49EJhuaoAduJY2qbrtrpcSuDI4qupHsClMgXbVT0_6DpJ4oRSbbqXRNqJhoF7brh0-I5ehOMGcNgpm-yvGPrvjkzojFylOvlsXIRx-Iu48GoDIc_JWinTPGG1j2OtojT7nwpo&sai=AMfl-YS9CUDKZ-6dVQkj_SdW-LTfNbFifdFVgLzRTTDU84e1R8ZueWRAczvWkJRURdOcWhafyQ_CLqlsaBIMfS0Nh7N0RoRLsfITA1oSsxCYWbiicvimYnpJQa5ZTVkAB84s2k-5oxg_1Y1DK_d3Ez7XLRgnTXlSCweZI7qqf0fumcnjL3tGGxcNyzyMVxaGSjnHEO8jRhWzciETYpyWlSMX39_d8MkhhSuZEG5_MVLKarZfTfABWRPZeTAZ_mdYCpB42IZu&sig=Cg0ArKJSzClrykYpvW2wEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=543&vt=11&dtpt=274&dett=3&cstd=265&cisv=r20230627.68871&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:22 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 05 Jul 2023 13:12:22 GMT

GET
H2 200 link.html Show response
track.webgains.com/ Frame 0DD0 2 KB
2 KB 437ms
66ms Script
text/html 13.42.188.208

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=3641431&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1g4t3tyrb3genwxqafc22ka6byp9jvhc8hmcpn4bhta786mw07wckdvjtjf3dmbwwtc618gj243w2mxaz9dwm5e3awsyxc82vw5ncb82209fazhgvwj6ant3exgedxxcyt10z2xvjph1v228edtbhz5jw258h7ntn4mgfwb3z4q8vv3nskvxhpbrt4qbm7w02mygtzea031mzvwc5mgzxfw1dn5t8g4tx2htsjxne0etjftcbcthyxm2n6es2vb1gdjg%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j39e8wnx88e0bs8wj7419kb3dwsmrpc8nm7t29v16td3s9cjz007g732m076fyqa1tx72xqdpxxk36nmrwjk2xrf0p20j62z8ase30vmw196pez4m0tj6nk9g0bhsbwdkex0y7yjdc62kd5y59x8hq7mvw4h5hjyq7srpvm7vvjyj9wx3bbhacb5zjs3khbyzx92ke8cbxvmfeh63efts8d5bgb7bjs0gfxejwmkvp9241r0183z74hxz0d7gjfzsb7vk34rm5zqg7c1gfcvh6hnw%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%252526client%25253Dca-pub-6593523210010154%252526adurl%25253D&clickref=oneidDXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjWoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&viewref=oneideYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpboneid__suite_Netmix_Reach128_WEBGAINSMOSTLY
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=fbca34843907381617b7cefcbbc278bf%2F9256271693418598238&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688562742155&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j39e8wnx88e0bs8wj7419kb3dwsmrpc8nm7t29v16td3s9cjz007g732m076fyqa1tx72xqdpxxk36nmrwjk2xrf0p20j62z8ase30vmw196pez4m0tj6nk9g0bhsbwdkex0y7yjdc62kd5y59x8hq7mvw4h5hjyq7srpvm7vvjyj9wx3bbhacb5zjs3khbyzx92ke8cbxvmfeh63efts8d5bgb7bjs0gfxejwmkvp9241r0183z74hxz0d7gjfzsb7vk34rm5zqg7c1gfcvh6hnw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.42.188.208 -, , ASN (),
Reverse DNS
Software: nginx / PHP/7.4.26
Resource Hash: 99fc0c96e4693f31570d215d9989c0b5acca33f55151fc2f85a9d2d0f82d1b84

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:22 GMT
last-modified: Wed, 05 Jul 2023 13:12:22 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 05 Jul 2023 13:13:22 GMT

GET
H2 200 5ed7702fe4b07a92411bc03e
ng2.virgul.com/tck/imp/ Frame CB64 0
209 B 47ms
46ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7702fe4b07a92411bc03e?g=1&t=gb&r=153378@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688562739708&userId=vnetb69ea35f-3eea-493c-b1e2-516faf59eb08
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 05 Jul 2023 13:12:22 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 image2.jpg
s0.2mdn.net/sadbundle/18225457952125459833/728x90/images/ Frame 00C5 24 KB
24 KB 39ms
39ms Image
image/jpeg 2a00:1450:4001:830::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18225457952125459833/728x90/images/image2.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

6fe535bc5086db2633b2e247fdf1d1768ec3f75de9b02acfaec6d0711092d9b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18225457952125459833/728x90/728x90.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 02 Jul 2023 16:07:23 GMT
x-content-type-options: nosniff
age: 248699
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24106
x-xss-protection: 0
last-modified: Wed, 21 Jun 2023 08:55:44 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 01 Jul 2024 16:07:23 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 13AC 0
20 B 78ms
77ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BY2faNWylZLDOI6e79u8PnsmXiAsAAAAAOAHgBAI&bg=!5uWl5bHNAAb90kgr3dI7ADkAdvg8Wtc5nKY0ISxjeKLjADauNDqgs50zYrH08HnJZTwmruTDdCPGuhA6ICFkbOemOJN04ykW8R0CAAACTVIAAAAEaAEHmQMCNo3aDNH7GTbARZJ1AD2bwrAIzgBChWBtsgbLOcVm-05yvGIbWzZGPS4XpavrwaYOOWKmF77e6x38UxIPiTkqaaRVszNvNHI9txY0v8vM8G_CeR1Wbvk2X_QvHHzNmYI17F0YFMY1Iqg-ynVDGWy6y5JJDA7oUZCknO_Pe4zOZf6mALC8xilYbInG9EScLC-WqQ734oPNN57mv6BULYhde7M7AYajDg5a4_3SvZ0IakXz98qB1uB_Q_WS-BEk1q-yiHx6q2Qx9qjAJ8X2FI3DVt-iTqV7D_2CcHx4x8ndCpy3C4jKgSH_Qhfw7l4pPpZKA5sAqwTRrDlsg7xJ8mhI6BS41VrKvbD6R8CUaoHCYxm9NZLCHjZWwLIkl6a_QBp7xig6M4C9VdMEylTfcXGYAY3nJ9T9g7VLZvGc9G2c4pDfwfxEtZca-3_FjCwoZeUC_T7WLDfUdy4LEVPqyl4A70Fx6IgMdC7mXhDAjgh-e_KmYatt1bqycfZyk8rK0emnMoL35M1wyGPtTPHxTUMXkN7BkhKtnq50DOMXLSo30r7ckWZ3b4cQSl3H6ERgTjbDfU7AVXXL5SBkHA2yhbUzUOUbcQDliuRUADz-FmpSBFkyFhRqPQZ0LvStOOe4zmW02wk5bKjC8Nluv8PXlOBX2s-qOa6PImJnbrlPLMudm3cGFxkXvr4QrI6zZDReK4AeeONNIK_id6ipns0XdIITI0oXWJA_2HBAh1lbbvVBzN2fgtcf52W1FflGeXHE3WUDmQ7X8h1EeO3BYS5tZpJX21JhPPde0YYhwXaR1-iJ0R2_Wzgs1kLzyIt3YUpBehtsXyP5vO8nkF8cM80DIK28Kunm9hH00F2XtsTRDpDFSNWg7iXuWCFW_4MOBkMHiH-BKSWJxBM8LxV12c_ZxX_MK7ttTWj55Ps0-Cnq3E8cYLbu6Hb884Aj1J_evBdEbQpPVd3AdlttombPlMTnRDNXWEnc6yJiAEkTE9BLrvxQELMDkdwp9e5gAFYldULUPNhMg1w

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 0DD0 85 KB
31 KB 73ms
9ms Script
text/javascript 18.66.147.98

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=3641431&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1g4t3tyrb3genwxqafc22ka6byp9jvhc8hmcpn4bhta786mw07wckdvjtjf3dmbwwtc618gj243w2mxaz9dwm5e3awsyxc82vw5ncb82209fazhgvwj6ant3exgedxxcyt10z2xvjph1v228edtbhz5jw258h7ntn4mgfwb3z4q8vv3nskvxhpbrt4qbm7w02mygtzea031mzvwc5mgzxfw1dn5t8g4tx2htsjxne0etjftcbcthyxm2n6es2vb1gdjg%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j39e8wnx88e0bs8wj7419kb3dwsmrpc8nm7t29v16td3s9cjz007g732m076fyqa1tx72xqdpxxk36nmrwjk2xrf0p20j62z8ase30vmw196pez4m0tj6nk9g0bhsbwdkex0y7yjdc62kd5y59x8hq7mvw4h5hjyq7srpvm7vvjyj9wx3bbhacb5zjs3khbyzx92ke8cbxvmfeh63efts8d5bgb7bjs0gfxejwmkvp9241r0183z74hxz0d7gjfzsb7vk34rm5zqg7c1gfcvh6hnw%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%252526client%25253Dca-pub-6593523210010154%252526adurl%25253D&clickref=oneidDXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjWoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&viewref=oneideYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpboneid__suite_Netmix_Reach128_WEBGAINSMOSTLY
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.98 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 12:41:10 GMT
content-encoding: gzip
via: 1.1 ad3c90e13b86d72e2a5e6bf65eab3450.cloudfront.net (CloudFront)
last-modified: Wed, 15 Mar 2023 17:26:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 1873
etag: W/"876c293e6c37046ecb0c11ce2e276942"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: k_Pv1iLVvxV_bFeYNGrQo_9f3i-QS7N96Ry7dYM1_8T0QG9Nte0Vsw==

GET
H2 200 1619604937_fPkEZHu3MNy3GC7XuV3lA1s9E5XlSAcF.png
cdn.track.production.webgains.team/286305/ Frame 0DD0 15 KB
15 KB 67ms
6ms Image
image/png 99.86.4.53

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/286305/1619604937_fPkEZHu3MNy3GC7XuV3lA1s9E5XlSAcF.png?Expires=1688563042&Signature=A4iJGl75SFUZKSTp2q1iZt~8QMTsJTa9V64r0QUNZqwDvWcKa2VkWB8Qzsxqvj5sxwaa83WevzC5Nm3j3DV91ChwooYWbWp-g5zA3yuSlaDWzZj01kGmM1LE3k636pVntQyG2oavgz~skAbLI2FuHrv5Sw7Hirr3rwkpyZBTt3BnjS-mpGiW0NK3gFBlI4ObhJfSxijPWDcQMxKE6oBKBjVViDhLy38jTvYhNKiY3LTsBypzgPKKxbfaa9r~lZJJABtYQA3rUdM7Pw9JqLjLwu41z6UT1ESqiRio6~SfB9AOPrDEeznMe3MoMD5~N4WmB03cQUwCpyEZc6glTl3a4A__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=fbca34843907381617b7cefcbbc278bf%2F9256271693418598238&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688562742155&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j39e8wnx88e0bs8wj7419kb3dwsmrpc8nm7t29v16td3s9cjz007g732m076fyqa1tx72xqdpxxk36nmrwjk2xrf0p20j62z8ase30vmw196pez4m0tj6nk9g0bhsbwdkex0y7yjdc62kd5y59x8hq7mvw4h5hjyq7srpvm7vvjyj9wx3bbhacb5zjs3khbyzx92ke8cbxvmfeh63efts8d5bgb7bjs0gfxejwmkvp9241r0183z74hxz0d7gjfzsb7vk34rm5zqg7c1gfcvh6hnw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.53 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 60bf02832688d14251ec1c7b8acfda233a91f927f26c7202bdaba781a1f0fcdf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: null
date: Wed, 05 Jul 2023 05:02:58 GMT
via: 1.1 1277de71b2472d19ca0bfc510db9ec54.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 10:41:35 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 29365
etag: "d4e8f970f24f6d19b53aa92b1907c1ef"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 15054
x-amz-cf-id: ta-NDPHDVIiIIlAFQqIU3m2_wroI76nKxqOhotlorPBD2ZQRqMrmlg==

GET
H3 200 image3.jpg
s0.2mdn.net/sadbundle/18225457952125459833/728x90/images/ Frame 00C5 11 KB
11 KB 44ms
43ms Image
image/jpeg 2a00:1450:4001:830::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/18225457952125459833/728x90/images/image3.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5b753f0ec2475f007e96746493c5292693d4abf074e018245ea5682adbefa276

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18225457952125459833/728x90/728x90.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 02 Jul 2023 16:07:23 GMT
x-content-type-options: nosniff
age: 248699
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11671
x-xss-protection: 0
last-modified: Wed, 21 Jun 2023 08:55:44 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 01 Jul 2024 16:07:23 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8417 42 B
64 B 74ms
74ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsscOmExrrT6MWfzLxrgyZiWvhpojCxosErrYYDCYNo-_TsVAbqrVA8FPF_Khi5BwgfO4T16X4jwRHIEA38myEFyUejc&sig=Cg0ArKJSzKxM-ON4p1HmEAE&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3203893797&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688562740951&rpt=796&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 828A 42 B
64 B 80ms
79ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuaMioYdH_ilHRl9lJrKzeHtPo0tUUdhaHvCqx3Tr2OaadrZIxI_CC8gQUIqQhrterKrW-S0EbbbCpPVfDiFFHzydjv&sig=Cg0ArKJSzLv9M5Dqf8uBEAE&id=lidar2&mcvt=1001&p=0,0,250,300&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3050045420&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688562741071&rpt=716&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5ed7638be4b07a92411bbffe
ng.virgul.com/tck/i_vb2/ Frame CB64 0
209 B 50ms
49ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed7638be4b07a92411bbffe?l=&r=153366@site_geneli@yemek_net:site_geneli&cs=1688562742885&userId=vnetb69ea35f-3eea-493c-b1e2-516faf59eb08
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 05 Jul 2023 13:12:22 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed76f76e4b07a92411bc03a
ng.virgul.com/tck/i_vb2/ Frame CB64 0
209 B 50ms
49ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed76f76e4b07a92411bc03a?l=&r=153377@site_geneli@yemek_net:site_geneli&cs=1688562742887&userId=vnetb69ea35f-3eea-493c-b1e2-516faf59eb08
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 05 Jul 2023 13:12:22 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771bae4b07a92411bc04c
ng.virgul.com/tck/i_vb2/ Frame CB64 0
209 B 48ms
48ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771bae4b07a92411bc04c?l=&r=153382@site_geneli@yemek_net:site_geneli&cs=1688562742888&userId=vnetb69ea35f-3eea-493c-b1e2-516faf59eb08
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 05 Jul 2023 13:12:22 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771e3e4b07a92411bc04e
ng.virgul.com/tck/i_vb2/ Frame CB64 0
209 B 49ms
49ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771e3e4b07a92411bc04e?l=&r=153383@site_geneli@yemek_net:site_geneli&cs=1688562742888&userId=vnetb69ea35f-3eea-493c-b1e2-516faf59eb08
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 05 Jul 2023 13:12:22 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FB0C 42 B
64 B 75ms
75ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssny8xzu_Sa_-lBHyP86wFv2rYnYyNL3xh9WfX7ryJpuIjoVoYcE7pPA3y_aG_NSWcOE_JHD8zoUWxzB5jZS6sSVGcB&sig=Cg0ArKJSzIaZf6JpMbRMEAE&id=lidar2&mcvt=1016&p=0,0,600,160&mtos=1016,1016,1016,1016,1016&tos=1016,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3299242717&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688562741031&rpt=829&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D7E9 42 B
64 B 73ms
73ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuMnIxXezc2IiCcWR_I1hifQPGW4jI8h90WrTz8dkBMlB8duzj5-ThumQIvl8Wx-C2Duppaa65TaJU4q-VzKTAqnUxX&sig=Cg0ArKJSzJzFbHKQLAUWEAE&id=lidar2&mcvt=1020&p=0,0,90,728&mtos=1020,1020,1020,1020,1020&tos=1020,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=456810305&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688562740992&rpt=833&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame CB64 15 KB
11 KB 87ms
86ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202306290101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075788

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c1198df7d45c3e2d5ee012dd12234f8bed22d0f49d8bf53875046da0c9924103

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 13:12:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11276
x-xss-protection: 0

GET sodar2.js
tpc.googlesyndication.com/sodar/ Frame CB64 0
0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 59DD 0
20 B 72ms
71ms Ping
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2271048185304&version=m202301230201&ct=76&x=1&cor=11988300799189828000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Jul 2023 13:12:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5ed7706de4b07a92411bc042
ng2.virgul.com/tck/imp/ Frame CB64 0
209 B 47ms
47ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7706de4b07a92411bc042?g=1&t=gb&r=153379@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688562739708&userId=vnetb69ea35f-3eea-493c-b1e2-516faf59eb08
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 05 Jul 2023 13:12:23 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 0DD0 16 B
209 B 66ms
66ms Fetch
application/json 13.40.20.169

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.40.20.169 -, , ASN (),

Reverse DNS

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 05 Jul 2023 13:12:23 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 87ms
24ms Preflight 13.40.20.169

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.40.20.169 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 05 Jul 2023 13:12:23 GMT
server: nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

45 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 22:24:18	Name: IDE Value: AHWqTUlCLqVmm1odTlF32205oeEMpbrOs4pZpDIClXPaET3oCpLzMkeeZBEv-Xj_l-o
.w55c.net/	1970-01-20 22:34:23	Name: wfivefivec Value: IZI0cWNX1Qh2iV5
.hspvst.com/	1969-12-31 23:59:59	Name: VIP2677 Value: 1
.hspvst.com/	1969-12-31 23:59:59	Name: VI2677 Value: %7B%22time%22%3A1688562740%2C%22utid%22%3A%2235160e0a7a5b3da3cec65d6070aca7c9%22%2C%22t%22%3A%22P%22%2C%22s%22%3A%22%22%7D
.w55c.net/	1970-01-20 13:45:54	Name: matchgoogle Value: 5
.casalemedia.com/	1970-01-20 21:48:18	Name: CMID Value: ZKVsNeQlRcaOsAk3li2.CgAA
.casalemedia.com/	1970-01-20 15:12:18	Name: CMPS Value: 2203
.casalemedia.com/	1970-01-20 15:12:18	Name: CMPRO Value: 2203
.adnxs.com/	1970-01-20 15:12:18	Name: uuid2 Value: 3312946187605962056
.mathtag.com/	1970-01-20 13:45:54	Name: mt_mop Value: 4:1688562742
.everesttech.net/	1970-01-20 21:48:18	Name: everest_g_v2 Value: g_surferid~ZKVsNQAW3timGQBL
.adfarm1.adition.com/	1970-01-20 15:12:18	Name: UserID1 Value: 7252321749864413338
.turn.com/	1970-01-20 17:21:54	Name: uid Value: 7328513232198789753
.pubmatic.com/	1970-01-20 13:04:09	Name: KTPCACOOKIE Value: YES
.simpli.fi/	1970-01-20 21:49:45	Name: suid Value: FE054351540E4ADC88C8D737F5E878DC
.de17a.com/	1970-01-20 21:41:06	Name: guid Value: 1.8732685749750333284
.quantserve.com/	1970-01-20 15:12:18	Name: d Value: EAMBCQGyKYEA
.quantserve.com/	1970-01-20 22:32:57	Name: mc Value: 64a56c35-8f7ce-13c92-bd582
.360yield.com/	1970-01-20 15:12:18	Name: tuuid_lu Value: 1688562741
.360yield.com/	1970-01-20 15:12:18	Name: tuuid Value: 682d3cf8-ba20-427d-aac0-7e816c3dfb29
.3lift.com/	1970-01-20 15:12:18	Name: tluid Value: 630986566121597030694
.bidswitch.net/	1970-01-20 21:48:18	Name: tuuid Value: 4f16c4b7-1059-45ef-abeb-bc613163751c
.bidswitch.net/	1970-01-20 21:48:18	Name: c Value: 1688562741
.bidswitch.net/	1970-01-20 21:48:18	Name: tuuid_lu Value: 1688562741
.1rx.io/	1970-01-20 21:48:18	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-a2b7bcfd-05a5-415d-afd3-9cb29b3c9502-003%22%7D
.ctnsnet.com/	1970-01-20 21:48:18	Name: gid_CAESEHgP-JImZcifNRiqmSVwu2Y Value: 1
.adform.net/	1970-01-20 13:47:21	Name: C Value: 1
.yahoo.com/	1970-01-20 21:48:40	Name: A3 Value: d=AQABBDVspWQCEKGQWShzJHem_SXLDbCXdekFEgEBAQG9pmSvZAAAAAAA_eMAAA&S=AQAAAjU-6aLK6Auliqxpcu9Ml5s
.adnxs.com/	1970-01-20 15:12:18	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Ilgdx42d!]tbPl1M>e)ZlrFUfJ+tGXvWBPr.La@T6RNP5ZkqVb4])ANkywOyz:^?o]ib3If)y3KL9D3I?+Ie#pL<
.pubmatic.com/	1970-01-20 21:48:18	Name: KADUSERCOOKIE Value: 94963882-998F-43E2-B3F1-797567EC6C73
.adform.net/	1970-01-20 14:29:06	Name: uid Value: 8316170500464320330
.targeting.unrulymedia.com/	1970-01-20 21:48:18	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-a2b7bcfd-05a5-415d-afd3-9cb29b3c9502-003%22%7D
.ctnsnet.com/	1970-01-20 21:48:18	Name: cid Value: 6b51fc895d104569b1b9a7e83ed9edc8
.ctnsnet.com/	1970-01-20 21:48:18	Name: gid_CAESEChz9Cx0AinaEoAczXgVSzA Value: 1
.creative-serving.com/	1970-01-20 22:24:18	Name: tuuid Value: d11a9a8d-d635-4cc5-af25-8640abe4d635
.creative-serving.com/	1970-01-20 22:24:18	Name: c Value: 1688562741
.creative-serving.com/	1970-01-20 22:24:18	Name: tuuid_lu Value: 1688562741
.id5-sync.com/	1970-01-20 13:02:43	Name: cf Value:
.id5-sync.com/	1970-01-20 13:02:43	Name: cip Value:
.id5-sync.com/	1970-01-20 13:02:43	Name: cnac Value:
.id5-sync.com/	1970-01-20 13:02:43	Name: car Value:
.id5-sync.com/	1970-01-20 13:02:43	Name: gdpr Value:
.id5-sync.com/	1970-01-20 13:02:43	Name: callback Value:
.blismedia.com/	1970-01-20 21:48:22	Name: b Value: 64A56C367B9B736FD071EE63BLIS
.lijit.com/	1970-01-20 21:48:18	Name: ljt_reader Value: G7g4tGZHoII28zE7RKeNcaP2

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pcloak.blob.core.windows.net/web/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
javascript	error	URL: https://ye-mek.net/(Line 39) Message: Unsafe attempt to initiate navigation for frame with URL 'https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html' from frame with URL 'https://ye-mek.net/'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/feature/5851021045661696.
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688562739967&bpp=5&bdt=777&idt=344&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&nras=1&correlator=2282535237193&frm=24&ife=1&pv=2&ga_vid=1330345952.1688562740&ga_sid=1688562740&ga_hid=1757646299&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759876%2C44759842%2C31071259%2C31075623%2C44788442&oid=2&pvsid=3355809029795402&tmod=1149460829&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.dy08tawkzvo7&fsb=1&dtd=367 Message: Failed to load resource: the server responded with a status of 403 ()
security	error	URL: https://as.ad4m.at/ad/dr?ed=1gv2sr9b3zvksvxvxzckv3sjcb19fz0cpy257j11tyzyacbxeerb0m76731vcfz761ztc2ftxmh9pmcgtzh1afv5zk6m6jyrvsf3qqs9c8sxmanygpfh25cmqdpe7gyyf59qg5c1qhzq7bjtqxpwgjcb7rh3vcaw3qpbrv1qnce7yjn9pdmxgn0p930khhz98xc2wya5y9vgf1wsnszg0qqb5g6dm5xwdxbdna5nqvdm22tvraszehff629ta76m8xjer5wcs57v1ffhxykk20hkyj59gkq14x5sthkpj0zxjzjqv20t1nta87d43r591s6f9tjf5q7rrdf4cy9nzw8b3dbvhppk9akxvqx7fejjz8xdyzkkvb7kwh3fxm2xkf5ka75rv326qkkwxbvrnd2h99y0wfksbv6c9k3pz661nzbjmhpyt08ky3wx9zpk9djw2b9wzm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%26client%3Dca-pub-6593523210010154%26adurl%3D Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=fbca34843907381617b7cefcbbc278bf%2F9256271693418598238&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1688562742155&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j39e8wnx88e0bs8wj7419kb3dwsmrpc8nm7t29v16td3s9cjz007g732m076fyqa1tx72xqdpxxk36nmrwjk2xrf0p20j62z8ase30vmw196pez4m0tj6nk9g0bhsbwdkex0y7yjdc62kd5y59x8hq7mvw4h5hjyq7srpvm7vvjyj9wx3bbhacb5zjs3khbyzx92ke8cbxvmfeh63efts8d5bgb7bjs0gfxejwmkvp9241r0183z74hxz0d7gjfzsb7vk34rm5zqg7c1gfcvh6hnw%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC7MGPNWylZP2cFMWQygWmpq_4ApDhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTY1OTM1MjMyMTAwMTAxNTTIAQmpAjqvAsuFQbI-qAMBqgSxAU_Q_IqyxmcUzIh7E8heJnk4m6JSGFkJj3ZdPIaDj2KOk1Q7P2z_E8e63IeY1mCFL-4cM6TiH_IBDCHz2SVxd3sACwMnpU9bDJbZJzHC3_ozj78CP3ulkfNev1v1x8bHREmRMyhBScGgC-VMaUf7fR4F2A4fnEB6e4NyI0ZtsSiFYVWfBZD3xRwu1caSMWHfUO0ocGTAzRx_lQ8HcjtX4O-ir9CWA8hrYXOXugxB7SeG7oAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_31Qc0_m3Qxm-iWf_mwkHn-cRNpxg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0 Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aax.amazon-adsystem.com
ad.turn.com
ad4m.at
ads.creative-serving.com
ads.w55c.net
adservice.google.com
ajax.googleapis.com
analytics.webgains.io
ap.lijit.com
api.webgains.io
as.ad4m.at
assets.ad4m.at
c.amazon-adsystem.com
c1.adform.net
c1.imgiz.com
cdn.track.production.webgains.team
cdn.ye-mek.net
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
cti.w55c.net
d5p.de17a.com
dclk-match.dotomi.com
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eb2.3lift.com
f6c5db77e014fae1aef2fe6748b979bc.safeframe.googlesyndication.com
feed.pghub.io
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
i.w55c.net
ib.adnxs.com
id5-sync.com
image6.pubmatic.com
images.dmca.com
imasdk.googleapis.com
match.360yield.com
match.adsrvr.org
ng.virgul.com
ng2.virgul.com
onetag-sys.com
pagead2.googlesyndication.com
pcloak.blob.core.windows.net
pghub.io
pixel-sync.sitescout.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prod-rtb.ad4mat.net
r.turn.com
rtb.openx.net
s0.2mdn.net
s7.addthis.com
secure.adnxs.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
static-de.ad4mat.net
static.virgul.com
sync-tm.everesttech.net
sync.1rx.io
sync.inmobi.com
sync.mathtag.com
sync.targeting.unrulymedia.com
sync.teads.tv
t.hspvst.com
tpc.googlesyndication.com
tr.blismedia.com
track.webgains.com
um.simpli.fi
ups.analytics.yahoo.com
www.awin1.com
www.cloakan.co
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
ye-mek.net
tpc.googlesyndication.com
104.103.93.163
104.75.89.75
13.225.30.130
13.248.245.213
13.40.20.169
13.42.188.208
141.95.33.111
142.250.181.226
151.101.194.49
151.139.128.10
154.58.197.185
178.250.1.9
18.66.147.98
185.29.132.241
185.7.176.221
185.7.176.223
185.80.39.216
185.86.139.104
198.47.127.19
2.16.96.119
20.127.253.7
20.60.220.36
2001:678:cb4:bbbb::11
213.155.156.169
216.52.2.48
2600:1901:0:76b9::
2600:9000:2251:8600:3:4706:a6c0:93a1
2600:9000:2491:1200:1b:f040:3600:93a1
2606:4700:20::681a:61b
2606:4700:20::681a:ad1
2606:4700:20::ac43:4a81
2620:116:800d:21:93ca:31d8:d86e:38f6
2a00:1450:4001:801::2001
2a00:1450:4001:803::2002
2a00:1450:4001:809::2001
2a00:1450:4001:80b::200a
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2002
2a00:1450:4001:827::2002
2a00:1450:4001:827::200a
2a00:1450:4001:830::2002
2a00:1450:4001:830::2004
2a00:1450:4001:830::2006
2a00:1450:4001:830::2008
2a02:6ea0:c700::17
2a02:fa8:8806:20::2010
2a03:2880:f084:105:face:b00c:0:3
2a05:d018:d29:3605:6cdc:9419:1549:d39d
3.121.27.216
3.75.62.37
34.102.243.38
34.96.105.8
35.157.132.87
35.186.193.173
35.186.253.211
35.204.74.118
35.241.45.217
37.157.6.237
37.252.171.53
46.228.174.117
51.75.86.98
52.17.208.101
52.222.253.136
52.223.40.198
52.29.25.103
69.173.144.138
77.245.159.14
85.114.159.93
94.138.206.83
98.98.134.242
99.86.4.53
00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
00e8a28586e393b1b23d23dec44dcfa2b38a457a287d33c5f0d8ef9008257387
0302085edc6f3d11aa5ac85ec1b09ea360a39bc6de264ec663f9c3c1a1996621
032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3
032d6b62e0c227635ed9778096b422f7e09c9686c3ca267c092b4dec728e3c8e
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d8812f5547b313d30ae9c9b712b8fc50eafb19ab00a1658b484a35de8f78fba
120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c
1c1129e5eded1eb65a7043f7445185fbfc17ce1aa10f1d79427774d443964b5c
2180f29f86c7567e451861d1c1db1df4e665191dbc790c421a2b168138336f3f
22fee539734d38c9e84e3982188b21bafc9457236279a136ce1b3b9d55667437
255ea71d0db08ee9f59ac769752bd268c16f3ff96ac6999e891ea9caedb65c2a
26e5c420fb81bd24c3b958846a56a8ba27018979f4eadca5add8dc1df6dae129
2754d47be946d2394bce4008332826d0491b510a2a624ae6609d042b143732d1
27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea
2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f
2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
34036b7ceed88b75d9cf9fcc6b414372042896bcc28954b304766f6f1bf8e8bd
3b8fc5c21934d401d4da598cc6a483b220364c274ac3999bea8ab5f61d815e6c
3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
44094ac4e7a475eee158eef123e251dac33e3739f413c13943ba95f5580a3a51
461c3ff23ae6154d6e7d2638ec9c22869a6418bb6276f15512c01bbe17487737
4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4729a15791a374bfdb0f0fb0e1f19f5fe0657483ad7eab3d56dd849626ae4726
484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d3f992d7fe326e95bf1ae4cdc7b38f18fc31b63f0c7a6c0709cf3d47234a071
4da4b2dbcb075d53b1f00b57f6d48feab4e0b340f3eac0030f3ddb7626b8d732
4dbaa435b487c92bd9f52afd8d33be34806c95d15cf3c782a001962806cdc976
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184
547b4eaa8989b413e1d8efd63f9c50854efeb29a0c75bf2a4d1123225bf3e12e
57eeda5ab33b42f65c84916d3c2a402e82ebd1b40f894387d9de8867bf6c9174
5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92
597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf
5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8
5b753f0ec2475f007e96746493c5292693d4abf074e018245ea5682adbefa276
5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab
5fc880a3661f92a71e6eb4fd8f631163ce54b36da67818330c81c9cb95931828
60bf02832688d14251ec1c7b8acfda233a91f927f26c7202bdaba781a1f0fcdf
613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50
639ec2d580a593b9d4802dc11926b1bd04aadb515d83abde4a328d6f7dbe5594
63d492638d445ece5c5162c245202c7a7a8db0fcc12c438e020c5128bd2164cf
66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492
68f8702c1d3fb44f6df07969952f51be1ce1a0be2dbf71c1831f0ccca70085d9
6b93bd6e86e2c588140677536b89109cd4f2d61690642291959e4885c2a85c22
6fe535bc5086db2633b2e247fdf1d1768ec3f75de9b02acfaec6d0711092d9b9
7109c07e8885c66df1c967349697c398ba84624afa165ba13f59cfc4b0de107a
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
772de1eb224033fdc2d4f895698a95d01249b3e95be8f99991e8f9099c985df0
77e00e1f2a238cf50cb6170d2bb91fdb9d5922d449211f93f70345e152876f8c
78c6990c53b90a8b6b84a0a5febfa414377cd043d1013b275389584171783a25
7cc53b9adf139d3c48666f76e1d316281c5e9065f7eeaa3fb329057c397f83e5
7d9fcac1fb7114def5ff3d03c471a461834e48dd9bdeb94f803a76bfe01a3a37
8187dcb05ebcfc94502aeec0524c23c7d22afbafe17aff1d39acc1d59a3a52db
8334d0f1bb1c8ca3b3afd2f4a20ffaf1d95c63bd2a6c80a9e6ee84a3c2ddbbfd
84b9937e1a8bd45362bdf247522b48ed110c7b153ac816efaaeefd680c23e13c
86e91e0394209851cd6ad2415842fca20fd29fd29e9ab228bb2c251c5a8af265
878de60769bec438439f67e4a6facea40f500e79c90118ab9137415159f0f003
89aaa0ce1877279f39fc4f3451e07fbbbafadc7a46827a4d56e88fcc98a7c3c1
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
9119b383bbe64fd09563d6eebe837c561ea8ad2919d1e14e60d3c93ea1abfc24
9327cb84416afc4de171edfb91f5cc0b2723823823fff95b3c9325207a76b9a4
935047a1d73e19fc544d4b60ef6332708fc62549be853f0ef54a8072d7a50397
9647fd3ccc6edfbbb2829bf415c6b4fb3e6317f275fd4cab5c949942109a9165
96da7cbd165c265c74e140817dda609aab677ad3738efac98ce863665dc3512b
96e22a33f827f042ac4b239c21f468a17c87545df3f6b90e100d3a91b253a1e7
99fc0c96e4693f31570d215d9989c0b5acca33f55151fc2f85a9d2d0f82d1b84
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9add85c4bf4794a1c9cf954e07a8e8809e8a884628864cb509d734351e255d3b
9c63890b7f3f2e513fa085cd7b198f9ab91721a9e8aa7180806ff4aa7b4089a4
9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86
9cd13937c596d2fecae3b6fc680b915a0b881b99e3cbd89508c842ba6af80c8c
9d3e1f63cb9af3441911ffa72bf09eddacabf139270f046400954486fd1b4170
9eb13d95afd544e4e6f97992f4c7a8da941c2cdb9d0b622ac874b04c21c0a997
9edb23e141fe20aa066d445f9933b24561e461ab1f90a02d40dd2027023a94cc
9fcb1f44c662d22fb6145cba631fe848dc79bc290cc3fd00dac9c4f2c8ac69bd
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a2b9eefee68fa18c6be3c3bbe11d769b5affc01b84ea94c7ec68ae4ffacd858a
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ce67c3741a175e57c05fa03d1a1c2bc635ccae96d11b006fe44590153a6889
a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1
a7cb2ae473808b320aee335658c427e4f360252c74d3f1fcf0c041a05e61292e
abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af
ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a
af7a66542220ecfb2b8fa0286b60ffa95c1c8047df094654a90e1ff75f848ef5
b051db9511dc29e804cacb729965ce83a3bc4d377539b7371bbe9577a0f57b67
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b5343e342183c9d48f9abe8eaf2cc0885268be08bd24bd3b8855a2b2ebf27180
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b88943ef2d09de7d535e8b8631db5b08561a2e4e11e45e75715e56e3ef0d6e34
b9decd0e176c4b80ea45ab0977570bbffa1b817fcc6c1b9cd2724b30dbf851ff
bbf4bab0fe1a508686c9dc3bcd400a86bfea7389ea09b9d241ee7ce342f925d6
be0c8346ffda26948856770034cf143c5aed0530f870ebfddb218f8e895954c8
bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c
bfed6f874526db1b23c22fce157ca9ce327e41bfa85da2906c3ebb97bcab4f0e
c1198df7d45c3e2d5ee012dd12234f8bed22d0f49d8bf53875046da0c9924103
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c7bb3478b0d96694781181456adc8e338e27432ca3e53dd805da648ec62d7fe3
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cb3888bc0ed610a53397f4d8a1ce594d1ec2cd7f9aa432dfe2284bd562f3c229
cba6dfe95093aa26c582e805d0afa44f0d2e33036ef0f3ae35bd175345fe652f
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5
cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101
d40233bcb7f0efc82aa2418fff3d6a5f8276fee62dd2f7305cd27025dedd176d
d762b12d714bf9b12f394a890ac29237047526b0bf3afadba6b053fbe70145ad
d76304237207d68453937c45c67f10edce375f7a3a45f6d0749b8b0d1fb13f30
d8928a20b6d9520af9bfb5e9748259fc3c1ed52ee4e430920d7e70897af5c065
d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60
db2db745a65a4d671ac6c0fdccf99adc010606f26d747b8dcb9ab2021fd294e2
dbb11da54b4c2c184bf84b455f4ff7943f88a8469b49d7ac559d26048035ab77
dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc
dc63503c3f3c59f9996f4ceee5ed9bfeff55f0714094188f7a9174e6a15a2a47
dc794e3f7d391de2957bb4472a0b811f4267d594a643f9c6c985372c9083e44f
dd7419ac2c04d1920350f6b486f662f299717fb2b16b14a824f61cc4a362ad0d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e79284e365177ba6ba5584c4b81fc9386a04cf5be4b3548cb88ac4329b15a019
e7d8342248029f1df308d3f2cb02a6a7a87714307aca80532eb853c198cc92f3
e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0
e8090651b52c256938df2fb0582f24521fe0476939aab81d01b7f31a7ac75beb
e944aa2add7d89134400d6d51b9b0954ad0e988edd934eccff8907ab90e1c853
e99b7c0ba127e7fd8f4112c7c8fbc3f0aa0582d4f33c703d7651eb6375d9b36a
eb50c92ff5b15a922bd4589fac6c472fe6623a63e0e5b66ba764318e07d805a8
ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361
edcba838a24962cd51dc7fa5b127ce32471d5290ac4d9f1cbf79a5237b21f62e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1cbe3e130c7b17d34cc1dd06b316bfd37a7023c7d3ea7e72b6b8c29a4360b3d
f3c0e9aa85ab23c407a04c53e45855e60ad2b70159adf46b69143ef7d87da645
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39
f77af93ce95818bb2c72cb06b3b946e090a099eb68d62c44a47288aa618f91ae
fb0e0373dab851bbf3abef68e472ce3700a7d0dde896cfeac2aca6a026785d5f

pcloak.blob.core.windows.net Open in urlscan Pro 20.60.220.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

296 Requests

85 %HTTPS

34 %IPv6

57 Domains

80 Subdomains

55 IPs

3 Countries

3676 kBTransfer

8376 kBSize

45 Cookies

0 Outgoing links

Redirected requests

296 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Screenshot
Live screenshot

Full Image

296
Requests

85 %
HTTPS

34 %
IPv6

57
Domains

80
Subdomains

55
IPs

3
Countries

3676 kB
Transfer

8376 kB
Size

45
Cookies

296 HTTP transactions
8 data transactions