pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Submission: On June 15 via api (June 15th 2023, 10:13:49 pm UTC) from TR — Scanned from DE

Summary HTTP 361 Redirects Behaviour Indicators

Summary

This website contacted 58 IPs in 11 countries across 49 domains to perform 361 HTTP transactions. The main IP is 20.60.220.36, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pcloak.blob.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on March 22nd 2023. Valid for: a year.

This is the only time pcloak.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	20.60.220.36 20.60.220.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NIOBEBILI...) (NIOBEBILISIMHIZMETLERI)
3	94.138.206.83 94.138.206.83	49126 (AS49126) (AS49126)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
40	2a02:6ea0:c70... 2a02:6ea0:c700::10	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
2	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	104.75.88.126 104.75.88.126	16625 (AKAMAI-AS) (AKAMAI-AS)
19	185.7.176.222 185.7.176.222	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
62	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
3	108.138.1.25 108.138.1.25	16509 (AMAZON-02) (AMAZON-02)
12	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	13.32.119.77 13.32.119.77	16509 (AMAZON-02) (AMAZON-02)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
2	185.7.176.223 185.7.176.223	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1 35	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
1 8	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
2 4	52.31.224.54 52.31.224.54	16509 (AMAZON-02) (AMAZON-02)
11 44	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
4 6	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2 3	37.252.171.84 37.252.171.84	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2600:9000:20c... 2600:9000:20c3:b400:3:4706:a6c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:218... 2600:9000:218d:f200:1b:f040:3600:93a1	16509 (AMAZON-02) (AMAZON-02)
1	154.58.197.185 154.58.197.185	174 (COGENT-174) (COGENT-174)
4	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1 6	104.111.217.42 104.111.217.42	16625 (AKAMAI-AS) (AKAMAI-AS)
3 4	185.94.180.125 185.94.180.125	35220 (SPOTX-AMS) (SPOTX-AMS)
4 4	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
32	2a00:1450:400... 2a00:1450:4001:82a::2006	15169 (GOOGLE) (GOOGLE)
1	3.125.31.31 3.125.31.31	16509 (AMAZON-02) (AMAZON-02)
8	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
2	64.233.184.156 64.233.184.156	15169 (GOOGLE) (GOOGLE)
2	2600:9000:245... 2600:9000:2450:5e00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a02:fa8:8806... 2a02:fa8:8806:13::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2 2	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
2 2	35.204.74.118 35.204.74.118	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
6 6	216.52.2.86 216.52.2.86	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
2 2	18.193.240.217 18.193.240.217	16509 (AMAZON-02) (AMAZON-02)
11	2600:1f18:1ac... 2600:1f18:1aca:4281:ab69:b866:4b22:2f96	14618 (AMAZON-AES) (AMAZON-AES)
2 4	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1	2620:116:800d... 2620:116:800d:21:de2e:c7b3:55c0:d5a0	16509 (AMAZON-02) (AMAZON-02)
3 3	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
3 3	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
1 2	52.57.130.34 52.57.130.34	16509 (AMAZON-02) (AMAZON-02)
1 2	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	213.155.156.183 213.155.156.183	1299 (TWELVE99 ...) (TWELVE99 Arelion)
2 2	63.35.204.225 63.35.204.225	16509 (AMAZON-02) (AMAZON-02)
1 1	20.127.253.7 20.127.253.7	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	162.19.138.120 162.19.138.120	16276 (OVH) (OVH)
1 1	37.252.171.149 37.252.171.149	29990 (ASN-APPNEX) (ASN-APPNEX)
2	85.14.248.91 85.14.248.91	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
1 1	51.89.9.253 51.89.9.253	16276 (OVH) (OVH)
1	185.86.139.103 185.86.139.103	201081 (SMARTADSE...) (SMARTADSERVER)
361	58

4 20.60.220.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pcloak.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NIOBEBILISIMHIZMETLERI, TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 94.138.206.83 (Turkey)

ASN49126 (AS49126, TR)

ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a02:6ea0:c700::10 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

cdn.ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.75.88.126 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-126.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 185.7.176.222 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

static.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng2.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

62 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.138.1.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-1-25.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.119.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-119-77.fra60.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.7.176.223 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

c1.imgiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

feed.pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.31.224.54 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-224-54.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 142.250.186.162 (United States) 11 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.80.39.216 (Canada) 4 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.171.84 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20c3:b400:3:4706:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cti.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:218d:f200:1b:f040:3600:93a1 (United States)

ASN16509 (AMAZON-02, US)

ads.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 154.58.197.185 (Indonesia)

ASN174 (COGENT-174, US)
PTR: staticip-hv4m185.hispavista.com

t.hspvst.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.111.217.42 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-217-42.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.94.180.125 (Amsterdam, Netherlands) 3 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.75.62.37 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a00:1450:4001:82a::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.125.31.31 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-31-31.eu-central-1.compute.amazonaws.com

i.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.233.184.156 (United States)

ASN15169 (GOOGLE, US)
PTR: wa-in-f156.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2450:5e00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:13::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.130.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.204.74.118 (Groningen, Netherlands) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 118.74.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 216.52.2.86 (United States) 6 redirects

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.193.240.217 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-240-217.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2600:1f18:1aca:4281:ab69:b866:4b22:2f96 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:678:cb4:bbbb::11 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:de2e:c7b3:55c0:d5a0 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.193.173 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.248.245.213 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.130.34 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-130-34.eu-central-1.compute.amazonaws.com

d.adtriba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.105.8 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.183 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.35.204.225 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-35-204-225.eu-west-1.compute.amazonaws.com

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.127.253.7 (Tappahannock, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

sync.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.120 (France)

ASN16276 (OVH, FR)
PTR: ns31533571.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.171.149 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.14.248.91 (Mülheim, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Bad Durrheim, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.253 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip253.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.103 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
104	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 133 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 155	757 KB
78	doubleclick.net 11 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 219 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 cm.g.doubleclick.net — Cisco Umbrella Rank: 244 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 359 bid.g.doubleclick.net — Cisco Umbrella Rank: 807	425 KB
43	ye-mek.net ye-mek.net — Cisco Umbrella Rank: 858491 cdn.ye-mek.net	650 KB
32	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 338	2 MB
19	virgul.com static.virgul.com — Cisco Umbrella Rank: 63446 ng.virgul.com — Cisco Umbrella Rank: 55403 ng2.virgul.com — Cisco Umbrella Rank: 60888	233 KB
17	adsafeprotected.com 2 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 957 static.adsafeprotected.com — Cisco Umbrella Rank: 628 dt.adsafeprotected.com — Cisco Umbrella Rank: 557	208 KB
10	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 107 www.google.com — Cisco Umbrella Rank: 3	2 KB
9	gstatic.com www.gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com fonts.gstatic.com	244 KB
6	lijit.com 6 redirects ap.lijit.com — Cisco Umbrella Rank: 772	4 KB
6	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1404	1 KB
6	openx.net us-u.openx.net — Cisco Umbrella Rank: 492 rtb.openx.net — Cisco Umbrella Rank: 1042	992 B
6	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 621 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 486	4 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 207	335 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 387	110 KB
4	turn.com 2 redirects ad.turn.com — Cisco Umbrella Rank: 1039 r.turn.com — Cisco Umbrella Rank: 3929	2 KB
4	yahoo.com 4 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 340	1 KB
4	spotxchange.com 3 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 785	2 KB
4	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 249 secure.adnxs.com — Cisco Umbrella Rank: 476	4 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 357 aax.amazon-adsystem.com — Cisco Umbrella Rank: 444	62 KB
4	windows.net pcloak.blob.core.windows.net	3 KB
3	3lift.com 3 redirects eb2.3lift.com — Cisco Umbrella Rank: 421	1 KB
3	ctnsnet.com 3 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 44520	1 KB
3	w55c.net cti.w55c.net — Cisco Umbrella Rank: 4138 ads.w55c.net — Cisco Umbrella Rank: 10479 i.w55c.net — Cisco Umbrella Rank: 2530	33 KB
3	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 422 imasdk.googleapis.com — Cisco Umbrella Rank: 495 fonts.googleapis.com — Cisco Umbrella Rank: 80	155 KB
2	exactag.com m.exactag.com — Cisco Umbrella Rank: 11611	3 KB
2	360yield.com 2 redirects match.360yield.com — Cisco Umbrella Rank: 2458	815 B
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4988	651 B
2	blismedia.com 1 redirects tr.blismedia.com — Cisco Umbrella Rank: 2376	569 B
2	adtriba.com 1 redirects d.adtriba.com — Cisco Umbrella Rank: 77411	757 B
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 361	1 KB
2	simpli.fi 2 redirects um.simpli.fi — Cisco Umbrella Rank: 976	1 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 778	814 B
2	imgiz.com c1.imgiz.com — Cisco Umbrella Rank: 102765	131 KB
2	pghub.io pghub.io — Cisco Umbrella Rank: 1964 feed.pghub.io — Cisco Umbrella Rank: 2174	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 176	89 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 13184	6 KB
2	cloakan.co www.cloakan.co	1 KB
1	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 867	45 B
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 874	334 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 6896	555 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1651	582 B
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 434	1 KB
1	inmobi.com 1 redirects sync.inmobi.com — Cisco Umbrella Rank: 1487	711 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 846	464 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 3231	104 B
1	hspvst.com t.hspvst.com — Cisco Umbrella Rank: 177167	918 B
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 60	21 KB
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2353	361 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 82	47 KB
361	49

	Domain	Requested by
62	pagead2.googlesyndication.com	static.virgul.com pagead2.googlesyndication.com tpc.googlesyndication.com pcloak.blob.core.windows.net 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com googleads.g.doubleclick.net fw.adsafeprotected.com s0.2mdn.net www.googletagservices.com
44	cm.g.doubleclick.net	11 redirects googleads.g.doubleclick.net 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
40	cdn.ye-mek.net	ye-mek.net cdn.ye-mek.net
35	tpc.googlesyndication.com	1 redirects 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com ye-mek.net googleads.g.doubleclick.net pcloak.blob.core.windows.net cdn.ampproject.org s0.2mdn.net
32	s0.2mdn.net	ye-mek.net pcloak.blob.core.windows.net 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com cdn.ampproject.org s0.2mdn.net
12	googleads.g.doubleclick.net	pagead2.googlesyndication.com 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com ye-mek.net
12	securepubads.g.doubleclick.net	static.virgul.com securepubads.g.doubleclick.net pcloak.blob.core.windows.net ye-mek.net 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
11	dt.adsafeprotected.com	9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
8	googleads4.g.doubleclick.net	googleads.g.doubleclick.net pcloak.blob.core.windows.net
8	www.google.com	1 redirects tpc.googlesyndication.com 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com ye-mek.net
8	ng.virgul.com	static.virgul.com ye-mek.net
7	9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
7	static.virgul.com	ye-mek.net static.virgul.com pcloak.blob.core.windows.net
6	ap.lijit.com	6 redirects
6	sync.teads.tv	1 redirects googleads.g.doubleclick.net 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
6	www.googletagservices.com	9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
4	ups.analytics.yahoo.com	4 redirects
4	sync.search.spotxchange.com	3 redirects googleads.g.doubleclick.net
4	us-u.openx.net	googleads.g.doubleclick.net
4	ng2.virgul.com
4	fw.adsafeprotected.com	2 redirects 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
4	pcloak.blob.core.windows.net	pcloak.blob.core.windows.net
3	eb2.3lift.com	3 redirects
3	gcm.ctnsnet.com	3 redirects
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	encrypted-tbn3.gstatic.com	9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
3	c.amazon-adsystem.com	static.virgul.com c.amazon-adsystem.com
3	ye-mek.net	www.cloakan.co ye-mek.net
2	m.exactag.com	9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
2	match.360yield.com	2 redirects
2	d5p.de17a.com	2 redirects
2	tr.blismedia.com	1 redirects 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
2	d.adtriba.com	1 redirects 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
2	rtb.openx.net	9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
2	r.turn.com	9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
2	ad.turn.com	2 redirects
2	x.bidswitch.net	2 redirects
2	um.simpli.fi	2 redirects
2	sync-tm.everesttech.net	2 redirects
2	static.adsafeprotected.com	9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
2	bid.g.doubleclick.net	9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
2	encrypted-tbn2.gstatic.com	9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
2	encrypted-tbn0.gstatic.com	9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
2	c1.imgiz.com	static.virgul.com c1.imgiz.com
2	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
2	connect.facebook.net	ye-mek.net connect.facebook.net
2	images.dmca.com	ye-mek.net
2	www.cloakan.co	pcloak.blob.core.windows.net
1	ssbsync.smartadserver.com	9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
1	onetag-sys.com	1 redirects
1	ads.travelaudience.com	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	secure.adnxs.com	1 redirects
1	id5-sync.com
1	sync.inmobi.com	1 redirects
1	cms.quantserve.com	9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
1	ssum-sec.casalemedia.com	1 redirects
1	dclk-match.dotomi.com	9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
1	i.w55c.net	9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
1	t.hspvst.com	9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
1	ads.w55c.net	9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
1	cti.w55c.net	9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
1	fonts.gstatic.com	fonts.googleapis.com
1	www.gstatic.com	9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
1	fonts.googleapis.com	9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
1	imasdk.googleapis.com	c1.imgiz.com
1	feed.pghub.io	pghub.io
1	pghub.io	static.virgul.com
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	www.google-analytics.com	www.googletagmanager.com
1	s7.addthis.com	ye-mek.net
1	www.googletagmanager.com	ye-mek.net
1	ajax.googleapis.com	ye-mek.net
361	75

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2023-03-22` - `2024-03-22`	a year	crt.sh
cpanel.cloakan.co R3	`2023-05-03` - `2023-08-01`	3 months	crt.sh
www.ye-mek.net RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-11-29` - `2023-07-07`	7 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
1099124734.rsc.cdn77.org R3	`2023-06-13` - `2023-09-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
images.dmca.com R3	`2023-05-13` - `2023-08-11`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
*.virgul.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-24` - `2023-09-28`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-03-25` - `2023-06-23`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
*.imgiz.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-27` - `2023-09-09`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.w55c.net Amazon RSA 2048 M02	`2023-05-29` - `2024-06-25`	a year	crt.sh
*.hspvst.com Gandi Standard SSL CA 2	`2022-12-12` - `2023-12-09`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
teads.tv R3	`2023-05-11` - `2023-08-09`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M01	`2023-02-24` - `2023-09-04`	6 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M02	`2023-05-09` - `2024-06-07`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-06-09` - `2023-09-07`	3 months	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2023-04-03` - `2024-05-03`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh

This page contains 38 frames:

Primary Page: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Frame ID: A24BC6A14F990DB05517B5BC371D673E
Requests: 6 HTTP requests in this frame

Frame: https://ye-mek.net/
Frame ID: EADA6EAEB6440905EF90834336FF444C
Requests: 93 HTTP requests in this frame

Frame: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Frame ID: 37E78357B47ED325A6936354B9249F07
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230614/r20190131/zrt_lookup.html
Frame ID: 580A3721152BBA6E2FA2CBA51BCE9E08
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686867225775&bpp=3&bdt=557&idt=110&shv=r20230614&mjsv=m202306080101&ptt=9&saldr=aa&nras=1&correlator=4172165922379&frm=24&ife=1&pv=2&ga_vid=1164401128.1686867225&ga_sid=1686867226&ga_hid=372826235&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759842%2C44759876%2C31075298%2C31075305%2C44788441%2C44793499&oid=2&pvsid=456909807881205&tmod=1579466775&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.4ficyttl0b37&fsb=1&dtd=123
Frame ID: 236D061DA07263431ABCFA2CA4462196
Requests: 1 HTTP requests in this frame

Frame: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: B931E001BA62853C9ABFFA96B0390967
Requests: 1 HTTP requests in this frame

Frame: https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D
Frame ID: A535898AB13F314AC7E92A20B3A41C07
Requests: 1 HTTP requests in this frame

Frame: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: C3CF6B537DCCC352FA9A5CF606694D32
Requests: 19 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 066E333382CC834D35F98BA584E310A9
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BE1F5DBFBBFA3FE1C3FDE65633ADD2CC
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/_gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js
Frame ID: C1A9BC4D421F63B8A4789A181927CED5
Requests: 1 HTTP requests in this frame

Frame: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: D62EB5BBFDE83BA15C21DDD3525422BD
Requests: 20 HTTP requests in this frame

Frame: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 51220CE839C84AC2CF844BC4F67EBC11
Requests: 26 HTTP requests in this frame

Frame: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 27F0C3CC3FE3E4696C0166C2D980DEA3
Requests: 30 HTTP requests in this frame

Frame: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: C337FC4F3FE5489B0B79CEEAC6AF3D91
Requests: 20 HTTP requests in this frame

Frame: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 47ED6321437BD9E96C4701CCCC506F32
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEYz62L7AEwAQ&v=APEucNW2H73CKuoOh2bgyuQ8QthzDxcz1nHnoD_iDYLA-IW6nGRAzJo-gypNMbBbkNLXRWY_u_STv-yJSbXkUJ_43R5lRc9qzKlbpRB_fhPAZmR4S3GeLmMDVO7tAXd5Lz7hUuUkLfP7M0VrM_N2JtTZXSd7DCYFj271TpSxO6iVAy70r6ofNC0
Frame ID: 2DB5D5FB36BF76765DC822346EE59BBB
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4no4gEwAQ&v=APEucNWs94VGVIzhY0RNscSCpeJoPSAmG4dSKhy-lMoqsTUbTsYGSXpJk47h4IKD63c3gQohwVzuECz91U2bsDWFMHNLORwYqPPrjX6h6vtJ3RKatLyAZJpOQBTOB1fy734bsE1785gkcLIAVoypbNZ_ZQ9CyOa-zQUDrayOcMYIkAHMmegdxuw
Frame ID: 6F436D7DECD1A4E5101D45A1A6D883D3
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4Lo4gEwAQ&v=APEucNVytZFeALAtdfo7Az6_j8CQxJBveglsicc42xzIv-Smid0_DOGLoJHsAPEru8_BXAkJspRhIHhooYPrEZ6lBOdXSr6alSWwFGk5tVvQ4-ouarFg3kzzAXR6FAVPtMmiUDFxd5qhv0mrrJlpI7aMmLc_UIdPoif8zlFEfs3UnRDWSAwgcas
Frame ID: 349989F978A198DE7F1E611FA83B2EDD
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CODOjZADEPD565ADGMGE8eYBMAE&v=APEucNWmVhX_4qljaCcnGaYnVOOP9Rj9qkfiKonh3HV-ZvDH9OqpTzvsY_yOu6lO6bmvpvt_VzXfbr7xaYkMh1AeinJb9hNdK27V_KbusGLIjAvIGWAiiupaFmPtfY9cVBuE4kf_OE7bi1MiPK3F9hGH_XkMyHQIUpJJ-j9aUFMj-1JjbdwdUVA
Frame ID: 0086224E11E467D47D33E0863FD7D788
Requests: 4 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012305252018000/amp4ads-v0.mjs
Frame ID: 9DDB817F53A9F387D4F5CB24607DCC4A
Requests: 19 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 659CFE71A2E47F72685D2548798D9CE6
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 168BFC0FCA76E6D28BFD4FE422790797
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 6BF1B4658C2432265C35A98CA8543710
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 661D02B807B6CDAD001C5CAAE206DD50
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 41A0526D7884CAC9EFAE43316BDA577C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4A7972B5FEA43ADC5A9BA4D7735DF47F
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/13151972954896785613/index.html?e=69&leftOffset=0&topOffset=0&c=w7uNkWV6ZV&t=1&renderingType=2&ev=01_250
Frame ID: 2FB46443B3183656AC21F7805EEA7ADA
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E20CF063098600FFBD7C0480DE76DDD4
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5D157FE951C9ED0B1B93ED954E66D19D
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 72CE5E8FD006E75CA0D8C2200464AED2
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A8D21C734A328FCF1214A6C7C3A3ADBA
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E417620133804C18B8B82DAAA99F3B34
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=6Lpq0vB1bw&t=1&renderingType=2&ev=01_250
Frame ID: 5FA54D81E23A442641E9999BBFE4BD55
Requests: 12 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=tAvOnLZTdC&t=1&renderingType=2&ev=01_250
Frame ID: 58E2BCEE68B2C8789C91F4FEC4E353BF
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/_gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js
Frame ID: 572FC1DAEC84FAF51525C009D995AC8C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/_gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js
Frame ID: 3D17CBACBBE4002140F9CF5BBB5BF92D
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/_gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js
Frame ID: 7F4897EDA18EDB5F02D4A0F86CA37520
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

361
Requests

88 %
HTTPS

41 %
IPv6

49
Domains

75
Subdomains

58
IPs

11
Countries

5324 kB
Transfer

11252 kB
Size

43
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 110

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKC3pPzvyAEQuAgYuAgyCP3K3VapmAd5 HTTP 301
https://tpc.googlesyndication.com/simgad/1214661526530726722

Request Chain 159

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJqyAoRspJgtNiu1XofO9y8&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJqyAoRspJgtNiu1XofO9y8&google_cver=1&C=1

Request Chain 160

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZIuNGhYoGw2jzSUYwPdRFgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK65ynRzwvnL6owwv69tivQ&google_cver=1

Request Chain 161

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEMnys_QL1WZpizgsPfQwd-4&google_cver=1

Request Chain 162

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg2MzE0OTI4NDkyMjkyMTU3NA%3D%3D

Request Chain 171

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMM9NU9Li1LBvltNYdctaug&google_cver=1

Request Chain 173

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEJG-yvOsHq-X7otRWM6TN-I&google_cver=1

Request Chain 175

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMM9NU9Li1LBvltNYdctaug&google_cver=1

Request Chain 177

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEJG-yvOsHq-X7otRWM6TN-I&google_cver=1

Request Chain 185

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEPub921lTByLXSDDbnteelA&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEPub921lTByLXSDDbnteelA&google_cver=1&__user_check__=1&sync_id=e6069779-0bc9-11ee-a9b2-1bce7de30306

Request Chain 186

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=e606a130-0bc9-11ee-ab02-1348667f0306 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZTYwNjk3MjMtMGJjOS0xMWVlLWE5YjItMWJjZTdkZTMwMzA2

Request Chain 187

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1oalB0bUFoRTJ1RnFuTnBpTHA4ZXY3U0hCZWtyNTRncX5B

Request Chain 225

https://fw.adsafeprotected.com/rfw/bgd/1352960/70224255/xbbe/creative/adj?p=APEucNWkcZqnkVmkesuUrqsTnH2tUrghoQk1-YLL4wGGgy8azDUzW5Q&d=CokBAKAmf-DfQ5tlPF7fVM8k8DFerrrAZ8goK_3ZbmF3PFClNE1KeYCaBAFJZKRlkp4phcgSMrECuX9384FpFYgrtpowGQrzpdRpCgv9p0eWHhL0zYazQ7XGF0Nu5FEo8tJ_IVt4Xmrz9pkchmEo_YEamV-6SNjKYtNivMA8mGD3cEL3pEmKdPvqooMSqRQAoCZ_4DeK8oWQfwwdXO8ESzjYo5NTtLMH6QTpKtJB_GPNBDYdPCWrMhY4FpM1RgEilWFBa0w4Lx8s_pXQZbhEW-iKOK1FmH6FSKI8ApgmIeE39tqbs24PafVr4CvfgiNzucXGZaFpionomLruwyhvEzeWkRvaTI-JWXENCHXximn0_aoWNAArO9JBR5gX0puGd9ky0nUj1cmVhaCJOdKawtJcFLHUJ4XQwmp_veaBHLZc07mOhDybNTQvzstP_lcJBYPtlVemEBF69KC8vfAjwoLXM1lJNYdWCmhrSIhRrm10I1ebtvA9tfQoBuxJLC3Zy2x6-E_AQQ8Mt_UtIEXPn1jquamTh_udz49NRGmS0nLCeB8ychsCSxWkQhHE5vEMEkWpYCS3ea2RDm84JFXkfHJymTjNilTSgnIw6aw2xg8xeqQdbtjbkLkJ7-q28sSbBDSLySPX9T6QJyzra9f8rgg45eM29jnLgot-9gtev2q4_Fa8ks8BrF6du21GTykmIwjlsCjwP9dDu4jymyc8Rg8WbPoXEbIJlz0c_UQJcoLZnvJ4DlmNdA9fGBr7_IUANiUaBPWTU5fhpokkoqzEE3Phr9xqtV2vWS8sdZ7iskaFxeAxwFMcsUJBvaL5Zihtf-mENxZL9LNg9FVq9f0xkpjLEoE0-ngj0E04mhgxidRKSJCS2YPX2tzuTV0jRKZEmBzg-x_UHVD9geLe1sjRj9zy6c6K7dE29GqNPHiMmkXEd81LLI79nu6A-coTblIe8NGP44rJpZMK1tc-FN6dMHmzfI2srk5uKHr6XGDXpWG5cMs6sL_w4ZNSWykDP-z2JjyVtFY4hox17Csz773uhgTNC366dDaEnW6cITjug56FnloUThcWy-0G_ODn6cK3UldKbfGaTKZWDGONGlf3KgkCGPO1jnzDhLKjnHXQCHtLHo3ONDcCqyLu7JMyVgpsIIa1CEAKpOcVgmVZqf_1vBHMjNzDM6grR5jLGeUPEq7DAOosFcBH-DHcHCbMzA2-L0KFh0RkAgoHr07i_BxhcxbxZPwzmWQJGIpNdXk5w2f08DvLlIY6neZe7OdlRtuBjlW_9VcYgb5qdMB76OU28Y8Lm7anaPVelLWa8RTO0PW39Omkv6hEcYj9Bf0Im6xuBgb_IjoOF_NuKyULNR3As6T0eRlNmX09UIWQTcf4yEfZKS2qLzEkIh2HxcJ-KYpMio-glyKe2DSsaUEfTNrY7vrgDi1zjQ-PSq6oFtH-su9sx-aIkN0pykJnsRSuoVeM9asYyDdFReMHsK8Qx-VqWH8aBzT-D6FmYK5lo7IY-cFlnbUsY6_96qmLIyPLlptxLEmAAJCwEblwA865t_S1KrB_UQf13gQUNHqvCl7k6ykRcFvmzu4-0R4Mim_7xSBu4-dFit_LB_D0Ve9KJAm62mjAiKn5RMXJgXhlWrQUaAyZUyR5KbWMAzWWqcE426VZM_GiY7uh7ZB_igcJFeDXjfDmvlh_sgJEGPOS6wpAXpHnS6flKa7hCmwGL4bkUDRqS1OQTCxpnmSqpmVT3pmbHjtFYiqq3PE5Bk5hb2EUakL4SSwFA3JKxw41Lcjwnq9nTviya0rKngfGVi6t7QxFNujBp83hIenxhv1bNEu1v5ZrQoes6-5lBM6VQnOvW2k7VwS4OIi6o7zbQFX7g1bpax3hemvpuMhWnKFlpyTSVu5NmsBPgOCg4drUeV6rU3cWwBwgtxpwudRtDCeVlfzm1gE4AwLOwb26vgTNSMQAc8owdgMKlHM0851E73G16AaOL74XXt61gcqE92b_wetsvP1gISuu-slrEAtHjfcOWCZYg4tKB2TvNGeGPh9IISCtdZZzGRkjaRqA3LwTrkYQy9sYaMSRkxtxsavdONhV6ZZctzTtGV0sFePCJFl4FHw6U3HXGo4u5npVloiD7nNWo6s8bCaphCIJff-yNibpy_sqe-ELlOoarKiSF53Q2FzTSihsQ4-qQoZByY71D6xGl8tunoZwtsxrOWYsFpGD_xlKAelFCPk4WdNfibn_iAH0qs5ixArS1Oh9Mc5yKsi7AA-w__QI9bjXND73SrjUEzZCGRww2srYwk84bFsEPTvEzku79oRy9smB6-SdsuOLq2gkCi3_3xyY3UveKVOi5qFQJmW3wvnikPWvwbwrBM8Nhy4b1VpPvkkFfHxfZLYYizv2Apj9ufjR8cgDXlnHPWoMqnul2XN_xQg-J_tay0jrMEYyiT8tnjUv46DyBU6zlX4htQM_JSibWbcEweGHYCNcDnff78Q39vmQwg886ZVqf-z-KVHEKrgZVrSQIfJsw5LsMU4FtKuS2rnul6iG773tfHAyF1PQrLIm2epgnQAPdbXpC5WSDQsNIbHUZF5uHkqIteFrfw3mkqbaXkuzxqADpMP1HcH908YLTBIWZEN9sHMgB9MZoF_Vc2LZoiH1xZKHZzOuCjr4-Ki9B7Te5i7Pn7AYF-lqB_WVKodqW2MGwiM8nEmNqnVKm0_LYrvt1c6KvzZHJYLbw-8aO-wk6QBzIeZLJ7ep0Pc1ohg5yLPqnzsJRoNexcmXyYu_zCVfQpXmpbUhl3pJWjEvPd2RqaCp0O97-h-9mY8lgdDZBcoT-FrSsdV2FzcNyjg4qKw4XQONgEAJb8_M_m9qmZMAEqfNvznK9tWUDp6HaqBIAII-k0DCobVtakGikx8mA6v0M9uUrSqN6HF1ZhgWxSfUn7D4Wm8b-e585PXUNPZ5TRFOHIs0SIHzgD1zZTopin4vHC02lQRvamaJ0fPbgfEsZsGg18Sled3WQbzGleQZ6kya381X637bp6HYYcKSqHosWD6gZmHvkI0Ev6dChC5_l78s9_RibnnY3SIqbsedhb29cxngD7vkdvCcyy2Q1aCWNyt3IqG7v8p7VYFqz0_LlCfrHg3AILHloemkdhQbfBc4joZmytnG2xMc2_mJXfJNY00-uvQ1n3rgi6lkVBgCtpzZBwUcWA3YPHjjX-yGwbTn2GvbC47JIXJdifEcjFwMLhBy6tOjRisrDuxZEsRMv2uaDMsvusfyKVS5mrdU8C8Nm5ebKlNV7ZFQytmX32KchxEMbo4bZmU0QlrrWPP2WUpQUEuhHAhmXjawUbzngvkKZti4Zi0qWHxIDRdU7ICobJ0JyXn4yCP_NYx-KXjFM4BUFhpIa7OXj5mK44zF4wZqNeMwaKkwbI56QPRa9LKkEmz2xbUgCU3JTNqqNtXHeBCY_Tzyl6v3DC8RWgK527CEcDvKFSnu_14EurJvMfjiaC0e_EMicLRvNvPxm9nnql8iPawefMrHm5eNb8XxKdaFM57ACiqFeBlTPlrC7XawVQomRsVrX9gA0kMNxGg7OzuNP4fipIaeKxYeHDWnEb85vLcs3NiQeAVEwjz-XCM3HZ7iNrsovEV0035sTcHOf3SzdIPHYT02wmkQyWF-QGWGj3pNaiYkk4oaQQgEEjsAcoEIg6lCQNRkG0TexMsucctSixIMiNRXdCy49SU-wOhBAIWSTa2SStBqOvYK9W32ES9CxpEV_deeNBgBYAE&cry=1&bundleId=&ias_dspID=3&ias_campId=25458251&ias_pubId=pub-7983651257838282&ias_chanId=1&ias_placementId=18513634021&bidurl=https://ye-mek.net/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iAjcyzvlIWtUhMS89eTIKW&adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:5484cf98-b562-595a-3428-0f1be2d6b4b6,c:fEcvyz,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-6c5d9cf586-p2xxx,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:4,mot:0,app:0,maw:0,fm:tHi2Yxx+111%7C112%7C113%7C114%7C115%7C1161%7C117%7C118%7C1191%7C1192%7C11a1%7C11a2%7C11b*.1352960-70224255%7C11b1%7C11c1%7C11d1%7C11e,idMap:11b*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,tt:rjss,et:29,oid:e5f8bd91-0bc9-11ee-b72f-5aebb75fcf3e,v:19.8.417,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWkcZqnkVmkesuUrqsTnH2tUrghoQk1-YLL4wGGgy8azDUzW5Q&d=CokBAKAmf-DfQ5tlPF7fVM8k8DFerrrAZ8goK_3ZbmF3PFClNE1KeYCaBAFJZKRlkp4phcgSMrECuX9384FpFYgrtpowGQrzpdRpCgv9p0eWHhL0zYazQ7XGF0Nu5FEo8tJ_IVt4Xmrz9pkchmEo_YEamV-6SNjKYtNivMA8mGD3cEL3pEmKdPvqooMSqRQAoCZ_4DeK8oWQfwwdXO8ESzjYo5NTtLMH6QTpKtJB_GPNBDYdPCWrMhY4FpM1RgEilWFBa0w4Lx8s_pXQZbhEW-iKOK1FmH6FSKI8ApgmIeE39tqbs24PafVr4CvfgiNzucXGZaFpionomLruwyhvEzeWkRvaTI-JWXENCHXximn0_aoWNAArO9JBR5gX0puGd9ky0nUj1cmVhaCJOdKawtJcFLHUJ4XQwmp_veaBHLZc07mOhDybNTQvzstP_lcJBYPtlVemEBF69KC8vfAjwoLXM1lJNYdWCmhrSIhRrm10I1ebtvA9tfQoBuxJLC3Zy2x6-E_AQQ8Mt_UtIEXPn1jquamTh_udz49NRGmS0nLCeB8ychsCSxWkQhHE5vEMEkWpYCS3ea2RDm84JFXkfHJymTjNilTSgnIw6aw2xg8xeqQdbtjbkLkJ7-q28sSbBDSLySPX9T6QJyzra9f8rgg45eM29jnLgot-9gtev2q4_Fa8ks8BrF6du21GTykmIwjlsCjwP9dDu4jymyc8Rg8WbPoXEbIJlz0c_UQJcoLZnvJ4DlmNdA9fGBr7_IUANiUaBPWTU5fhpokkoqzEE3Phr9xqtV2vWS8sdZ7iskaFxeAxwFMcsUJBvaL5Zihtf-mENxZL9LNg9FVq9f0xkpjLEoE0-ngj0E04mhgxidRKSJCS2YPX2tzuTV0jRKZEmBzg-x_UHVD9geLe1sjRj9zy6c6K7dE29GqNPHiMmkXEd81LLI79nu6A-coTblIe8NGP44rJpZMK1tc-FN6dMHmzfI2srk5uKHr6XGDXpWG5cMs6sL_w4ZNSWykDP-z2JjyVtFY4hox17Csz773uhgTNC366dDaEnW6cITjug56FnloUThcWy-0G_ODn6cK3UldKbfGaTKZWDGONGlf3KgkCGPO1jnzDhLKjnHXQCHtLHo3ONDcCqyLu7JMyVgpsIIa1CEAKpOcVgmVZqf_1vBHMjNzDM6grR5jLGeUPEq7DAOosFcBH-DHcHCbMzA2-L0KFh0RkAgoHr07i_BxhcxbxZPwzmWQJGIpNdXk5w2f08DvLlIY6neZe7OdlRtuBjlW_9VcYgb5qdMB76OU28Y8Lm7anaPVelLWa8RTO0PW39Omkv6hEcYj9Bf0Im6xuBgb_IjoOF_NuKyULNR3As6T0eRlNmX09UIWQTcf4yEfZKS2qLzEkIh2HxcJ-KYpMio-glyKe2DSsaUEfTNrY7vrgDi1zjQ-PSq6oFtH-su9sx-aIkN0pykJnsRSuoVeM9asYyDdFReMHsK8Qx-VqWH8aBzT-D6FmYK5lo7IY-cFlnbUsY6_96qmLIyPLlptxLEmAAJCwEblwA865t_S1KrB_UQf13gQUNHqvCl7k6ykRcFvmzu4-0R4Mim_7xSBu4-dFit_LB_D0Ve9KJAm62mjAiKn5RMXJgXhlWrQUaAyZUyR5KbWMAzWWqcE426VZM_GiY7uh7ZB_igcJFeDXjfDmvlh_sgJEGPOS6wpAXpHnS6flKa7hCmwGL4bkUDRqS1OQTCxpnmSqpmVT3pmbHjtFYiqq3PE5Bk5hb2EUakL4SSwFA3JKxw41Lcjwnq9nTviya0rKngfGVi6t7QxFNujBp83hIenxhv1bNEu1v5ZrQoes6-5lBM6VQnOvW2k7VwS4OIi6o7zbQFX7g1bpax3hemvpuMhWnKFlpyTSVu5NmsBPgOCg4drUeV6rU3cWwBwgtxpwudRtDCeVlfzm1gE4AwLOwb26vgTNSMQAc8owdgMKlHM0851E73G16AaOL74XXt61gcqE92b_wetsvP1gISuu-slrEAtHjfcOWCZYg4tKB2TvNGeGPh9IISCtdZZzGRkjaRqA3LwTrkYQy9sYaMSRkxtxsavdONhV6ZZctzTtGV0sFePCJFl4FHw6U3HXGo4u5npVloiD7nNWo6s8bCaphCIJff-yNibpy_sqe-ELlOoarKiSF53Q2FzTSihsQ4-qQoZByY71D6xGl8tunoZwtsxrOWYsFpGD_xlKAelFCPk4WdNfibn_iAH0qs5ixArS1Oh9Mc5yKsi7AA-w__QI9bjXND73SrjUEzZCGRww2srYwk84bFsEPTvEzku79oRy9smB6-SdsuOLq2gkCi3_3xyY3UveKVOi5qFQJmW3wvnikPWvwbwrBM8Nhy4b1VpPvkkFfHxfZLYYizv2Apj9ufjR8cgDXlnHPWoMqnul2XN_xQg-J_tay0jrMEYyiT8tnjUv46DyBU6zlX4htQM_JSibWbcEweGHYCNcDnff78Q39vmQwg886ZVqf-z-KVHEKrgZVrSQIfJsw5LsMU4FtKuS2rnul6iG773tfHAyF1PQrLIm2epgnQAPdbXpC5WSDQsNIbHUZF5uHkqIteFrfw3mkqbaXkuzxqADpMP1HcH908YLTBIWZEN9sHMgB9MZoF_Vc2LZoiH1xZKHZzOuCjr4-Ki9B7Te5i7Pn7AYF-lqB_WVKodqW2MGwiM8nEmNqnVKm0_LYrvt1c6KvzZHJYLbw-8aO-wk6QBzIeZLJ7ep0Pc1ohg5yLPqnzsJRoNexcmXyYu_zCVfQpXmpbUhl3pJWjEvPd2RqaCp0O97-h-9mY8lgdDZBcoT-FrSsdV2FzcNyjg4qKw4XQONgEAJb8_M_m9qmZMAEqfNvznK9tWUDp6HaqBIAII-k0DCobVtakGikx8mA6v0M9uUrSqN6HF1ZhgWxSfUn7D4Wm8b-e585PXUNPZ5TRFOHIs0SIHzgD1zZTopin4vHC02lQRvamaJ0fPbgfEsZsGg18Sled3WQbzGleQZ6kya381X637bp6HYYcKSqHosWD6gZmHvkI0Ev6dChC5_l78s9_RibnnY3SIqbsedhb29cxngD7vkdvCcyy2Q1aCWNyt3IqG7v8p7VYFqz0_LlCfrHg3AILHloemkdhQbfBc4joZmytnG2xMc2_mJXfJNY00-uvQ1n3rgi6lkVBgCtpzZBwUcWA3YPHjjX-yGwbTn2GvbC47JIXJdifEcjFwMLhBy6tOjRisrDuxZEsRMv2uaDMsvusfyKVS5mrdU8C8Nm5ebKlNV7ZFQytmX32KchxEMbo4bZmU0QlrrWPP2WUpQUEuhHAhmXjawUbzngvkKZti4Zi0qWHxIDRdU7ICobJ0JyXn4yCP_NYx-KXjFM4BUFhpIa7OXj5mK44zF4wZqNeMwaKkwbI56QPRa9LKkEmz2xbUgCU3JTNqqNtXHeBCY_Tzyl6v3DC8RWgK527CEcDvKFSnu_14EurJvMfjiaC0e_EMicLRvNvPxm9nnql8iPawefMrHm5eNb8XxKdaFM57ACiqFeBlTPlrC7XawVQomRsVrX9gA0kMNxGg7OzuNP4fipIaeKxYeHDWnEb85vLcs3NiQeAVEwjz-XCM3HZ7iNrsovEV0035sTcHOf3SzdIPHYT02wmkQyWF-QGWGj3pNaiYkk4oaQQgEEjsAcoEIg6lCQNRkG0TexMsucctSixIMiNRXdCy49SU-wOhBAIWSTa2SStBqOvYK9W32ES9CxpEV_deeNBgBYAE&cry=1&bundleId=

Request Chain 228

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEOA95SU41_v8GHwPMBQJWLM&google_cver=1&google_push=ATf1kGO8E5BLZEs0oH__GDxjpODOZMDwqC-sHQ93GsQ0HvPMnL0nEVIF2eiAjg3oxR51xh9nsRyzYXl9T6NSL2aIoPh-fsIpWbY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEOA95SU41_v8GHwPMBQJWLM&google_push=ATf1kGO8E5BLZEs0oH__GDxjpODOZMDwqC-sHQ93GsQ0HvPMnL0nEVIF2eiAjg3oxR51xh9nsRyzYXl9T6NSL2aIoPh-fsIpWbY

Request Chain 229

https://um.simpli.fi/gp_match?google_gid=CAESEENJ0M78p4f9QV3kESMVADk&google_cver=1&google_push=ATf1kGMMgLutaCMf-y__zy2SK5YOa4lan4s4Yd6sQMFGELLHcahVwFFiu0Ba7qCrmEIzWZLDz88ITDO_fsMPMP0H8UGfUbeDhspx HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=539A861253744BCD899BC955B7C801FC&google_push=ATf1kGMMgLutaCMf-y__zy2SK5YOa4lan4s4Yd6sQMFGELLHcahVwFFiu0Ba7qCrmEIzWZLDz88ITDO_fsMPMP0H8UGfUbeDhspx

Request Chain 230

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEEVeOc3KSvDcgU8o-qpOzjw&google_cver=1&google_push=ATf1kGOHlmz28uo2RGFd-5P1tBbrUjI01pZPdcSCxdKkF8HNl0dQM1ngkX7G2weQBPVFWhM57T5K6Pv4o2DcoUSE1jGRi8GFL9s HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEEVeOc3KSvDcgU8o-qpOzjw&google_hm=ZIuNGhYoGw2jzSUYwPdRFgAAFHgAAAAB&google_nid=index&google_push=ATf1kGOHlmz28uo2RGFd-5P1tBbrUjI01pZPdcSCxdKkF8HNl0dQM1ngkX7G2weQBPVFWhM57T5K6Pv4o2DcoUSE1jGRi8GFL9s

Request Chain 231

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEKtyvjiv3kDnZ0aC7W5Q0zk&google_cver=1&google_push=ATf1kGPH_7nGF-AVgV3tq9dDiN6kJfygM7gyhObpYyTlDmgEcunS5r9b8k4u3m4olLUFW_EfKGgCr12K2vbEWyMR6UTO9PMf6ykG HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEKtyvjiv3kDnZ0aC7W5Q0zk&google_cver=1&google_push=ATf1kGPH_7nGF-AVgV3tq9dDiN6kJfygM7gyhObpYyTlDmgEcunS5r9b8k4u3m4olLUFW_EfKGgCr12K2vbEWyMR6UTO9PMf6ykG&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGPH_7nGF-AVgV3tq9dDiN6kJfygM7gyhObpYyTlDmgEcunS5r9b8k4u3m4olLUFW_EfKGgCr12K2vbEWyMR6UTO9PMf6ykG&google_hm=G0nVsGZH6hYwA1PSQPm-Dvgw

Request Chain 232

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEC6BNX11Uy5cUHIEDpqFvqo&google_cver=1&google_push=ATf1kGMLOeuz9OvaGZjWQ4HWQ8B5kYP93fCI5EDmcGtuy-0bPbUzKmqECWLfXPwEmPgWj4O6Dmn3PQoUDLJGianDgiErusKMWQ4E0g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1VUTNpb2g1RTJ1R1RaRVpWOG8ua0tSbTJ3OGVELlJXc35B&google_push=ATf1kGMLOeuz9OvaGZjWQ4HWQ8B5kYP93fCI5EDmcGtuy-0bPbUzKmqECWLfXPwEmPgWj4O6Dmn3PQoUDLJGianDgiErusKMWQ4E0g

Request Chain 233

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEK8BASJmkFSUXuqp7Sf7nRg&google_cver=1&google_push=ATf1kGOfpYIsRgnXoH_3GhILDShmAT_3AQOGxFLTaZRWBsM5sVz1EmcU7R0m_z5cpdSLDb9M_Fauh2X5-f_0lBC514AENdUCpMcdmA HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEK8BASJmkFSUXuqp7Sf7nRg&google_cver=1&google_push=ATf1kGOfpYIsRgnXoH_3GhILDShmAT_3AQOGxFLTaZRWBsM5sVz1EmcU7R0m_z5cpdSLDb9M_Fauh2X5-f_0lBC514AENdUCpMcdmA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=7d2ef4b3-13ef-4009-9dce-49bc870ecb0e&%%GOOGLE_PUSH_PAIR%%

Request Chain 235

https://fw.adsafeprotected.com/rfw/bgd/1352960/70224197/xbbe/creative/adj?p=APEucNW5q_G8hIbLWmehTiKKPN6Ac3moJXXJ2u8rNvh9kN_Zmb6gOUY&d=CokBAKAmf-CDSTp6ebVaPw1RFmGub3VYYZtvh2IzWSwtqGivKwZBXmV7_mRwXbW3Ob7q7Ew1ZY_hiXSdMHRvm-lz4NT33LiH_wJKXXr6oDWEMy-ZFdWiL0XMwoAgbvNp4_KC3I29bcYk8VpYSwW_h9SEUA6XS9LOrsQX_-5uMPuF-I8BoAgEEvaMk4USqRQAoCZ_4N6j0BbXtBz1sTxUFM2v-jKsDhJtqTn9Zb5lcxIuDrNhuLLir8XdJfbqeiGdX0hBHjTfWc31od4XCduBfsuZwVTPAjLAEUq8bAU8OWDSOKqhI2r31s6FpPHy_vtGD4WBTMuTdfLRGs_7s1U4PkVVLYp5ixWQVzOhvW_t6v6GyvDIc_ULxlBtLbUC_WfmXyml-dZTNBIZWauezifZmZUO_Jf-a6XpsnXeo_OVByQnIssTF8se_VwMS46tbhAATAQhBdkHAfrlE1fhthNtjM9kgI74rCNL5d4kp_hXcx7QL3zEq6ShIgG8x4yDmJR4kU0IIPeGq_881gy48OXG1C_jHdgSLF8G2-8ieHodtb3jH-odF9VOt66Dhk3o1Aw2h80LO6y8GbED3rdoLiQ90PnRsFo3JGxIXNLggb2dx6CRxuOxiihBcMdNBKmtEXj61TWWLv4K4JcZFG85Q7t3O8d4jPEHZcec77-b8LNgRO7ynEokm_sgEJ_xYstSirujNCMSLP91TMY4CTu3WQq3C07AuPbl-3gfdJz6HsvSBIWzkYIXzzEcShM3WqUkTh7xj8d97_5JphUlAzO_XGIxEJOMY2ioGDXe6opGZGT4m88GJov6MqWIJ2e9ii0EM_-6CZRrgIQX-B4_T6p1okBd7F8WmomI1dfCwxODu8RMWWt5XfkuqBwMMTgLbOPVwhXjkZ4M-xtS5EeetOl7Tg90tYNT2KRscsme3cIPU1EVQ4F0LIcQITpFVBXUEMJ-TnBUs-CfW-gfoQ3_xEy-mO_MKcJvIlAWU_8NS9dJQ-LbESi-Szjcq0ljovgSqS4GWfMKhNTw_20l9xGtNO7yd3GQfZbVDIL4Dix2_lYhIUDMLziKvdlNrkeuAyBmWHlEriSd669uucYy_ZDwIFP_bklE0C_MnzM5xg4Fi7VrGLkIy_9nFJMukfGuRCQnJJdfVjTDAAZnfYVgOSozCg9cNZa69wb-KpWlap6q5jf-x0XK5SJRh9--S23f6F9mwix5KvWBq7LMlTLhoiJg4k4awbYYbG8VYLI2v10eDR9ny5rU1tlUV-JLgz-ybQkcRh029Rgub-atcRVM-y1lZXFrpJYKNdEyaZa1mn7YCYvkH-RFINMT8sDE9YoUrCz0TQqmEtLEWu4NfdJPteDRvUHqcvsx8QQPqFF55kUdTOyo01y3VBo5JPe7hX2TgaGU6DjD2kVRMIEm1MXBUC40GUSqcHqj4ILn5VHMsJQQsuF21VUIvvDQAFQwGFuEd5DCt7ZvDU-031p4V7qTDIv1AoXkgvJ-3m5chfCmbopTncCchybdoS8QBAlREgEUH8YCdvw8JDHc75Myz_coV2o_62NKDKpM-VvsOFg22A82DEoJgR0blIoKSCeV5ptk-TZZ6wrtH9mLyYtDU4IzoCrXnsxnNbh_J4xIMbCS8a0cnxnj7jW7u6VDHZqycDLRCGwLCQz2pQfelxXTF0DKQY7kAP46l6nnIxpeh5v_c5OEnAG0-LtqAcMOiGSIY7-bhMmtcr9AkEkEGf9vF-k-pQfnH9Eaz7H7s60J6-ewKwUIU5ufe4jGYtT6y0oJkokxFFPecJNc5a1S-UOAKeke-rKxrd2mygX43C9QSxkP9XuVCJY9FoGPxujJaDtPA9ZElb9xqAqbkPj15I2K0yFrP8BDWNHZtfRD0WxOfLBYmRjBu7FJZe2BQQwLATtrVdiMZLxAsaK4AeSgvosF5WlO3rjcR9cQDOdPiw-juT9PBXqW4Hjjpph3jS7VhrDR97KV4RawZO_ZnMJn5d6SSMrhgpeEt7N1546D2NW3MTuNal_9rCTTMA3LJKQfQFzirW2NuELdHe1pfD1n2sTCKex_T_B40dI4WCVblCUrRf5pK5tI-cNe7-xqo5WiB6QpC9-1xzq0W59wFVzk2uF8rRu6o0DdGwDQDAdv2-PtYD9c-xAlMx4hZ8JgVmJDU-QO1hPKoz4veaxgrzxeiY02mpFNeiUT3kNmoJq-w1a4dVFPYFqUzaQwZF8mxKeX8nwP52Y2DOFmm8lfZRGoS_o_bY6b1Q8AkeVAmXZCXWYRG3E4ilN6Ajltcq-suUObVMX_p8xCOgU2EoyQMvQYK_5y5LlV-tK1GWAISm0FYas4eO2eOB38JyNLseViHYewJ7Js-WX1b9524Vnjoh84T5158UxVqXkN2BRM_lJIykUns6AclRZ3tx6eydqjFMpQxPNKfHXbJTqOQcKoSuTRhiQJymeieFkn4J6prxa15XPi7KMBI4PYDT0-sHvmk48eOFU0QZSVlygCGISJPXfb2dF-wjqnYsXRYtwp8LvoSIswxBoX2S1F2hliMD8UlgXEEIEil2SAvZ5p0Mkj2VAmr7MhRGxq6Vq2AneY353-A6nTeIOgY9DOh7djmUPS7a-sWBCQIzi729V6NnNvqsBH56mnP_A7DTfFqdh7EfyS7lrVET4fxTjinzFGIjP-OhMUbojgmowVQbbil9oc39uYsf3V9U6DZlcnzPHdCnKFWq9fksXXCSO6OoQKFqCPGwnJTf2Jn1NClmmuo7APpESJsnz6vB--hnENMIlAZLRkm-x4dHOHot7OV8gKcIuel9hy-3SlwwHTHxTHFAxS3y31WM_czx-0Tt7cvilKATL5LqFu6kE5u-ZeGhF1w8OX3lBbqFU503nINjfwJCtmdcymoqZUhIP1tpLSLlA9R-5RMDKTTJCrCVUwiygnWOcZtO749QtbQCl9T2BNWHS6-LMBmz5LvLUAzcl7KzIcAj7GGpdlCCWY4G80Hv8cbmv3ePDqiRW70MaE4B23xQmziWuI5-FDwHsfh_vHpc6jhQuTndIHJvvWU1oaIi4O0gzfeg15LEiBQPPnxt6YP-AfyvyyEXyUNh4TO0Ypavgddtq-uW2I0wdTVSYUWkLpCl8WLsVwmoWjl7FUpGpst8xEOHMC_rI87WK9EBZrVEIVTvzChQ5k-YTnnJkc9A5cHCb0uDlvOTqDM9hRJy80Vfx-Itj9Myg_U3TNreLm4moWczuAR1cAmNx-7SydbSSPWAByyQ2YXs0Qu-U5NrOQtHQ_JKdPkzZzy-oOGzriMqsQYrofvJ-J7353Fp3UN2tPtdUF5l2x_nShDpNKOxm4o_69CTv9CQ1bxcaixYNN9Y8BbqFNzoPu8HT-LQAedPByejF2KNP59IF0f5SGjJrPpd41EM5lrfz9o_VWV7CS4NndLvjepWUr4v8VNI4omjwCzEJ1gy3MjnEa3e378zKp_7uTILBh-My9vrZW_sXnKwdpN2BtgH8rmoBdHD26yell5OC_KNCsXj2V3BmXU8X06GJAj83mvswWBZZFs5AdWPCkm0I-GC4Fd7ETx-Jvs6mpMh10KNHdXP8n3AG6uZuS2nvjuitjK3dw6O3CmtIB37BlLIj1Jp0QxPCd-laj86FbbeGHwx3-DhStLWG7A6RzGfTCpZPgtYi8D3bKPiQaQQgEEjsAcoEIg84qAUWrFg13YVfwPK3Wcdg8_ZMjeU8mb4QvsT4nNWwzujzONmMuyA21ZmK-VTcts3M3XDhhFBgBYAE&cry=1&bundleId=&ias_dspID=3&ias_campId=25458251&ias_pubId=pub-7983651257838282&ias_chanId=1&ias_placementId=18513634021&bidurl=https://ye-mek.net/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0jiNUqV0X3tL98KmpQzs5bK&adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:923b4705-9d8d-98db-689a-40abd9d5f61b,c:fEcvzk,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-6c5d9cf586-6phmg,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:4,mot:0,app:0,maw:0,fm:tHi2Yyp+111%7C112%7C113%7C114%7C115%7C1161%7C117%7C118%7C1191%7C1192%7C11a*.1352960-70224197%7C11a1%7C11a2%7C11b1%7C11b2%7C11c1%7C11d1%7C11e,idMap:11a*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,tt:rjss,et:21,oid:e5f8bdc4-0bc9-11ee-b5e8-ca6a80b6612a,v:19.8.417,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNW5q_G8hIbLWmehTiKKPN6Ac3moJXXJ2u8rNvh9kN_Zmb6gOUY&d=CokBAKAmf-CDSTp6ebVaPw1RFmGub3VYYZtvh2IzWSwtqGivKwZBXmV7_mRwXbW3Ob7q7Ew1ZY_hiXSdMHRvm-lz4NT33LiH_wJKXXr6oDWEMy-ZFdWiL0XMwoAgbvNp4_KC3I29bcYk8VpYSwW_h9SEUA6XS9LOrsQX_-5uMPuF-I8BoAgEEvaMk4USqRQAoCZ_4N6j0BbXtBz1sTxUFM2v-jKsDhJtqTn9Zb5lcxIuDrNhuLLir8XdJfbqeiGdX0hBHjTfWc31od4XCduBfsuZwVTPAjLAEUq8bAU8OWDSOKqhI2r31s6FpPHy_vtGD4WBTMuTdfLRGs_7s1U4PkVVLYp5ixWQVzOhvW_t6v6GyvDIc_ULxlBtLbUC_WfmXyml-dZTNBIZWauezifZmZUO_Jf-a6XpsnXeo_OVByQnIssTF8se_VwMS46tbhAATAQhBdkHAfrlE1fhthNtjM9kgI74rCNL5d4kp_hXcx7QL3zEq6ShIgG8x4yDmJR4kU0IIPeGq_881gy48OXG1C_jHdgSLF8G2-8ieHodtb3jH-odF9VOt66Dhk3o1Aw2h80LO6y8GbED3rdoLiQ90PnRsFo3JGxIXNLggb2dx6CRxuOxiihBcMdNBKmtEXj61TWWLv4K4JcZFG85Q7t3O8d4jPEHZcec77-b8LNgRO7ynEokm_sgEJ_xYstSirujNCMSLP91TMY4CTu3WQq3C07AuPbl-3gfdJz6HsvSBIWzkYIXzzEcShM3WqUkTh7xj8d97_5JphUlAzO_XGIxEJOMY2ioGDXe6opGZGT4m88GJov6MqWIJ2e9ii0EM_-6CZRrgIQX-B4_T6p1okBd7F8WmomI1dfCwxODu8RMWWt5XfkuqBwMMTgLbOPVwhXjkZ4M-xtS5EeetOl7Tg90tYNT2KRscsme3cIPU1EVQ4F0LIcQITpFVBXUEMJ-TnBUs-CfW-gfoQ3_xEy-mO_MKcJvIlAWU_8NS9dJQ-LbESi-Szjcq0ljovgSqS4GWfMKhNTw_20l9xGtNO7yd3GQfZbVDIL4Dix2_lYhIUDMLziKvdlNrkeuAyBmWHlEriSd669uucYy_ZDwIFP_bklE0C_MnzM5xg4Fi7VrGLkIy_9nFJMukfGuRCQnJJdfVjTDAAZnfYVgOSozCg9cNZa69wb-KpWlap6q5jf-x0XK5SJRh9--S23f6F9mwix5KvWBq7LMlTLhoiJg4k4awbYYbG8VYLI2v10eDR9ny5rU1tlUV-JLgz-ybQkcRh029Rgub-atcRVM-y1lZXFrpJYKNdEyaZa1mn7YCYvkH-RFINMT8sDE9YoUrCz0TQqmEtLEWu4NfdJPteDRvUHqcvsx8QQPqFF55kUdTOyo01y3VBo5JPe7hX2TgaGU6DjD2kVRMIEm1MXBUC40GUSqcHqj4ILn5VHMsJQQsuF21VUIvvDQAFQwGFuEd5DCt7ZvDU-031p4V7qTDIv1AoXkgvJ-3m5chfCmbopTncCchybdoS8QBAlREgEUH8YCdvw8JDHc75Myz_coV2o_62NKDKpM-VvsOFg22A82DEoJgR0blIoKSCeV5ptk-TZZ6wrtH9mLyYtDU4IzoCrXnsxnNbh_J4xIMbCS8a0cnxnj7jW7u6VDHZqycDLRCGwLCQz2pQfelxXTF0DKQY7kAP46l6nnIxpeh5v_c5OEnAG0-LtqAcMOiGSIY7-bhMmtcr9AkEkEGf9vF-k-pQfnH9Eaz7H7s60J6-ewKwUIU5ufe4jGYtT6y0oJkokxFFPecJNc5a1S-UOAKeke-rKxrd2mygX43C9QSxkP9XuVCJY9FoGPxujJaDtPA9ZElb9xqAqbkPj15I2K0yFrP8BDWNHZtfRD0WxOfLBYmRjBu7FJZe2BQQwLATtrVdiMZLxAsaK4AeSgvosF5WlO3rjcR9cQDOdPiw-juT9PBXqW4Hjjpph3jS7VhrDR97KV4RawZO_ZnMJn5d6SSMrhgpeEt7N1546D2NW3MTuNal_9rCTTMA3LJKQfQFzirW2NuELdHe1pfD1n2sTCKex_T_B40dI4WCVblCUrRf5pK5tI-cNe7-xqo5WiB6QpC9-1xzq0W59wFVzk2uF8rRu6o0DdGwDQDAdv2-PtYD9c-xAlMx4hZ8JgVmJDU-QO1hPKoz4veaxgrzxeiY02mpFNeiUT3kNmoJq-w1a4dVFPYFqUzaQwZF8mxKeX8nwP52Y2DOFmm8lfZRGoS_o_bY6b1Q8AkeVAmXZCXWYRG3E4ilN6Ajltcq-suUObVMX_p8xCOgU2EoyQMvQYK_5y5LlV-tK1GWAISm0FYas4eO2eOB38JyNLseViHYewJ7Js-WX1b9524Vnjoh84T5158UxVqXkN2BRM_lJIykUns6AclRZ3tx6eydqjFMpQxPNKfHXbJTqOQcKoSuTRhiQJymeieFkn4J6prxa15XPi7KMBI4PYDT0-sHvmk48eOFU0QZSVlygCGISJPXfb2dF-wjqnYsXRYtwp8LvoSIswxBoX2S1F2hliMD8UlgXEEIEil2SAvZ5p0Mkj2VAmr7MhRGxq6Vq2AneY353-A6nTeIOgY9DOh7djmUPS7a-sWBCQIzi729V6NnNvqsBH56mnP_A7DTfFqdh7EfyS7lrVET4fxTjinzFGIjP-OhMUbojgmowVQbbil9oc39uYsf3V9U6DZlcnzPHdCnKFWq9fksXXCSO6OoQKFqCPGwnJTf2Jn1NClmmuo7APpESJsnz6vB--hnENMIlAZLRkm-x4dHOHot7OV8gKcIuel9hy-3SlwwHTHxTHFAxS3y31WM_czx-0Tt7cvilKATL5LqFu6kE5u-ZeGhF1w8OX3lBbqFU503nINjfwJCtmdcymoqZUhIP1tpLSLlA9R-5RMDKTTJCrCVUwiygnWOcZtO749QtbQCl9T2BNWHS6-LMBmz5LvLUAzcl7KzIcAj7GGpdlCCWY4G80Hv8cbmv3ePDqiRW70MaE4B23xQmziWuI5-FDwHsfh_vHpc6jhQuTndIHJvvWU1oaIi4O0gzfeg15LEiBQPPnxt6YP-AfyvyyEXyUNh4TO0Ypavgddtq-uW2I0wdTVSYUWkLpCl8WLsVwmoWjl7FUpGpst8xEOHMC_rI87WK9EBZrVEIVTvzChQ5k-YTnnJkc9A5cHCb0uDlvOTqDM9hRJy80Vfx-Itj9Myg_U3TNreLm4moWczuAR1cAmNx-7SydbSSPWAByyQ2YXs0Qu-U5NrOQtHQ_JKdPkzZzy-oOGzriMqsQYrofvJ-J7353Fp3UN2tPtdUF5l2x_nShDpNKOxm4o_69CTv9CQ1bxcaixYNN9Y8BbqFNzoPu8HT-LQAedPByejF2KNP59IF0f5SGjJrPpd41EM5lrfz9o_VWV7CS4NndLvjepWUr4v8VNI4omjwCzEJ1gy3MjnEa3e378zKp_7uTILBh-My9vrZW_sXnKwdpN2BtgH8rmoBdHD26yell5OC_KNCsXj2V3BmXU8X06GJAj83mvswWBZZFs5AdWPCkm0I-GC4Fd7ETx-Jvs6mpMh10KNHdXP8n3AG6uZuS2nvjuitjK3dw6O3CmtIB37BlLIj1Jp0QxPCd-laj86FbbeGHwx3-DhStLWG7A6RzGfTCpZPgtYi8D3bKPiQaQQgEEjsAcoEIg84qAUWrFg13YVfwPK3Wcdg8_ZMjeU8mb4QvsT4nNWwzujzONmMuyA21ZmK-VTcts3M3XDhhFBgBYAE&cry=1&bundleId=

Request Chain 237

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 243

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEP9LB5G-pq-bMnHGvve-mQs&google_cver=1&google_push=ATf1kGN0rSR6zQ9KhgW4J-AB0XhjQ2prNBCAK_UqELFtPxm049mquQpiHAZz_4Q_bLkEtcTS0ghMde9hvvcWHbGdjuzKtdBLkoaoPw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzYxMDAyODg3NTM3NjI1NTk4MQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEA1UPJZLNed9BN29Ll56vKc&google_cver=1

Request Chain 245

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEHnGn8zGKKgRbenanx99Chs&google_cver=1&google_push=ATf1kGOju4337NEVsdx5oTAq74NN0-1nDKVvhhBA1r93RrtvhaT75ObFENDmr80pyJ8IQzJ9Y09riHf6xbM3nplpQ_ZjwJu0wLoEWQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGOju4337NEVsdx5oTAq74NN0-1nDKVvhhBA1r93RrtvhaT75ObFENDmr80pyJ8IQzJ9Y09riHf6xbM3nplpQ_ZjwJu0wLoEWQ&google_hm=Md20Luu9TXKkuYW2kti6MvQ

Request Chain 247

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEDpEA01aNdJU70si_S2yXEM&google_cver=1&google_push=ATf1kGN_WXsAFVhUazzZHnfO9Rpn_6GxnJPdEozBP3YQLsX7Q_MsUw7wht0qnvqqzv2AEbycFFkCHYa724JjbL4fAQCTKVz53Na7LA HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGN_WXsAFVhUazzZHnfO9Rpn_6GxnJPdEozBP3YQLsX7Q_MsUw7wht0qnvqqzv2AEbycFFkCHYa724JjbL4fAQCTKVz53Na7LA&google_hm=G0nVsGZH6hYwA1PSQPm-Dvgw

Request Chain 248

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEOfoQjqnXay2NwCej4SQ9hk&google_cver=1&google_push=ATf1kGMF075wvIzpxaH0quiOeavKkwRyUIYJXGzNCUWgwGll1K3M-cvc8N97NSWHCbtDhUbDDnVG3QMCq2UnSV7CnhzxAZmtHvD7 HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=ATf1kGMF075wvIzpxaH0quiOeavKkwRyUIYJXGzNCUWgwGll1K3M-cvc8N97NSWHCbtDhUbDDnVG3QMCq2UnSV7CnhzxAZmtHvD7&google_gid=CAESEOfoQjqnXay2NwCej4SQ9hk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTIxMTE0MjM2NjY0NzkyMzI3NDA2OQ%3D%3D&google_push=ATf1kGMF075wvIzpxaH0quiOeavKkwRyUIYJXGzNCUWgwGll1K3M-cvc8N97NSWHCbtDhUbDDnVG3QMCq2UnSV7CnhzxAZmtHvD7

Request Chain 249

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEAkotIUe4xXRna0-kzwIQYo&google_cver=1&google_push=ATf1kGMgScwZRgw_5LYqqYzLG90rskweVIbtkKGjbMRn7YYyy0fjOaHF11tdlut7zYw3gjAKXKjoYHjJF_zcxSocxPtQxDSmlq3JrA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=ATf1kGMgScwZRgw_5LYqqYzLG90rskweVIbtkKGjbMRn7YYyy0fjOaHF11tdlut7zYw3gjAKXKjoYHjJF_zcxSocxPtQxDSmlq3JrA HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 259

https://d.adtriba.com/collect?atb_ptid=f65079e0&atb_dcaid=202305_es_nothilfe_dv_pros_367777976&atb_dpuid=di_dv&gdpr=&gdpr_consent= HTTP 302
https://d.adtriba.com/px.gif

Request Chain 266

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEO1qMVT-vCwQoV9ccx1Op60&google_cver=1&google_push=ATf1kGOkzileWYetgH_9YcpjHXBAajsZhVOydoAQ8ORStfu_fdGPtJtE2Pvgk-vNQEgloBRR_kty4rQG8vQDm1NKQ1vWUFFpSDJBhw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGOkzileWYetgH_9YcpjHXBAajsZhVOydoAQ8ORStfu_fdGPtJtE2Pvgk-vNQEgloBRR_kty4rQG8vQDm1NKQ1vWUFFpSDJBhw&google_hm=Md20Luu9TXKkuYW2kti6MvQ

Request Chain 268

https://d5p.de17a.com/cookies/google?google_gid=CAESEAF1VpIOU_KF2isYXeDmY9Y&google_cver=1&google_push=ATf1kGOYzRl2D6cSg-ZHIpfXvna8Y4wF4oOO5HyBOU1NTwC3NCR3N_DRvMO6zmhe6cxCdHChbH6ZcWDgOcVhvC0u9SfxDCA9Ra7-qQ HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEAF1VpIOU_KF2isYXeDmY9Y&google_cver=1&google_push=ATf1kGOYzRl2D6cSg-ZHIpfXvna8Y4wF4oOO5HyBOU1NTwC3NCR3N_DRvMO6zmhe6cxCdHChbH6ZcWDgOcVhvC0u9SfxDCA9Ra7-qQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGOYzRl2D6cSg-ZHIpfXvna8Y4wF4oOO5HyBOU1NTwC3NCR3N_DRvMO6zmhe6cxCdHChbH6ZcWDgOcVhvC0u9SfxDCA9Ra7-qQ

Request Chain 269

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENUPHEEhwy5s97QoCU0a2rk&google_cver=1&google_push=ATf1kGPSTWvyXhbMTMYDUD_Gel41YTnK1YFHWFIe1jOpXfHg6kyvJvjQJphNDCtNkrmsUFLNwMMz2VEabdowviE0gV5y33k1Nrbw HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGPSTWvyXhbMTMYDUD_Gel41YTnK1YFHWFIe1jOpXfHg6kyvJvjQJphNDCtNkrmsUFLNwMMz2VEabdowviE0gV5y33k1Nrbw&google_hm=G0nVsGZH6hYwA1PSQPm-Dvgw

Request Chain 270

https://match.360yield.com/match/ebda?google_gid=CAESED8q20c4erkODqgL0VPHsh0&google_cver=1&google_push=ATf1kGNYpNopAIvv76HAKjMTpvVmgoeqi7p6KhqmvpTX5TzELLNAsFiPgsTVBOF2xS2lLH3JtIzYueqzfoz2XGcJYTVgCsvsDEPsLg HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESED8q20c4erkODqgL0VPHsh0&google_cver=1&google_push=ATf1kGNYpNopAIvv76HAKjMTpvVmgoeqi7p6KhqmvpTX5TzELLNAsFiPgsTVBOF2xS2lLH3JtIzYueqzfoz2XGcJYTVgCsvsDEPsLg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=gyvz6t6dRYKKgBqk9v4FDQ&google_push=ATf1kGNYpNopAIvv76HAKjMTpvVmgoeqi7p6KhqmvpTX5TzELLNAsFiPgsTVBOF2xS2lLH3JtIzYueqzfoz2XGcJYTVgCsvsDEPsLg

Request Chain 271

https://sync.inmobi.com/gob?google_gid=CAESEJaFU-zlzYf-1-pbALPV7C0&google_cver=1&google_push=ATf1kGOZfPlDbowkQQbSp2SAjkaOAgTpmS_cwuftM_a5nKtXY9cwniPnP3SbUijhWyxAHS93DGm8AW4H_J1bfyw8Mbmjp5bNLTjRZIw HTTP 302
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DATf1kGOZfPlDbowkQQbSp2SAjkaOAgTpmS_cwuftM_a5nKtXY9cwniPnP3SbUijhWyxAHS93DGm8AW4H_J1bfyw8Mbmjp5bNLTjRZIw

Request Chain 272

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESELWsrl-ZXen260m3zHoQzVU&google_cver=1&google_push=ATf1kGNxZcts8TRKhFsD7H9BNSiy2osj58Qa2SmJwrnB_nOO6OvShk80-KLeBjUl_1ue1ybT48D3YNVMPcI7VXuOY52b-lmI4xCd2w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=Njg2MzE0OTI4NDkyMjkyMTU3NA%3D%3D&google_gid=CAESELWsrl-ZXen260m3zHoQzVU&google_cver=1&google_push=ATf1kGNxZcts8TRKhFsD7H9BNSiy2osj58Qa2SmJwrnB_nOO6OvShk80-KLeBjUl_1ue1ybT48D3YNVMPcI7VXuOY52b-lmI4xCd2w

Request Chain 296

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESENkYv6nuR2GW0h588uyOU5I&google_cver=1&google_push=ATf1kGPOEN44s30bfcK993lNiEtFGOLbVO2tbwWhTjfZp6A5Ld9Rw9e_lUAUDFDjq2G-20Kn1K3QQlTnCOta1cj99RZ_iEveHmg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=Wkl1Tkd3QUgwQXNnTkFBRA==&google_gid=CAESENkYv6nuR2GW0h588uyOU5I&google_cver=1&google_push=ATf1kGPOEN44s30bfcK993lNiEtFGOLbVO2tbwWhTjfZp6A5Ld9Rw9e_lUAUDFDjq2G-20Kn1K3QQlTnCOta1cj99RZ_iEveHmg

Request Chain 297

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEFgir9IVCEDkzNNEGXYxJqI&google_cver=1&google_push=ATf1kGMXYWNCjFVYrIAJMRqxManp6Te9W3_j1yAfBHNSze144G4GEg2bitPuiGOr7CJXvJvbjmUEESiMSfAYIasGCNL-lYMvdQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGMXYWNCjFVYrIAJMRqxManp6Te9W3_j1yAfBHNSze144G4GEg2bitPuiGOr7CJXvJvbjmUEESiMSfAYIasGCNL-lYMvdQ&google_hm=Md20Luu9TXKkuYW2kti6MvQ

Request Chain 298

https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEDS69tv8bhtwajLRsoVwITU&google_cver=1&google_push=ATf1kGO-M4KnppP6mtY_NhUVxnqE-g2lExtNjl9syfMMx6CgbaECnRMofdNRT7YMeW9O12BPFh18vN75-ylAh8fevk5zLFtgQQo HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=ATf1kGO-M4KnppP6mtY_NhUVxnqE-g2lExtNjl9syfMMx6CgbaECnRMofdNRT7YMeW9O12BPFh18vN75-ylAh8fevk5zLFtgQQo&google_hm=hmSLjRvUK4gI7If0kQ&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D648B8D1BD42B8808EC87F491BLIS

Request Chain 299

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEFsDS6nkexvzebJZdQFJaAw&google_cver=1&google_push=ATf1kGPedN7BrPPGiZBtqixJ4idaBhXS0ZE-BMqDy3OUsC07LL_r5ODRY9weu3xDolhid5bDRDwJPWSByARYGahdljuN2SOxeQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0NTAzOTU3MjY3NTUyNDc1OA%3D%3D&google_push=ATf1kGPedN7BrPPGiZBtqixJ4idaBhXS0ZE-BMqDy3OUsC07LL_r5ODRY9weu3xDolhid5bDRDwJPWSByARYGahdljuN2SOxeQ

Request Chain 301

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMmL7VfDg_dAExPdzEV3mYA&google_cver=1&google_push=ATf1kGMKV5zy6lD2tAIY9vIOPwqXoP13tvAQ4P-9W_0iPicVwn66brld1stKffeyCQ0DSjxSlF016IrvGhZbTZ0FOqe_KP64Xpo HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGMKV5zy6lD2tAIY9vIOPwqXoP13tvAQ4P-9W_0iPicVwn66brld1stKffeyCQ0DSjxSlF016IrvGhZbTZ0FOqe_KP64Xpo&google_hm=G0nVsGZH6hYwA1PSQPm-Dvgw

Request Chain 302

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEGi8glbwvSkihEQBZCKikAo&google_cver=1&google_push=ATf1kGODa2oCP4uy27cv27DyYkzbr5TPbuFFtVKu2x2G_WdLNkfog_bAGYntlr_T4bvOaI9wEWq_pkOA-xHs8Z0Ziw95AdgYJd8v HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1VUTNpb2g1RTJ1R1RaRVpWOG8ua0tSbTJ3OGVELlJXc35B&google_push=ATf1kGODa2oCP4uy27cv27DyYkzbr5TPbuFFtVKu2x2G_WdLNkfog_bAGYntlr_T4bvOaI9wEWq_pkOA-xHs8Z0Ziw95AdgYJd8v

Request Chain 304

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEKmxJ4fv5xzjDf1pJFyo868&google_cver=1&google_push=ATf1kGO-pRFa_rr4USSVducWy_vYtboZmkuC7Jb9bJdW23lyB_92vgNvaJPZCmF-uqEh2RLcVEy4n78IWS2UFCGm5r7WFZIwHv0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzYxMDAyODg3NTM3NjI1NTk4MQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEA1UPJZLNed9BN29Ll56vKc&google_cver=1

Request Chain 305

https://um.simpli.fi/gp_match?google_gid=CAESECic0H4X-_thqLh8SDFTf5s&google_cver=1&google_push=ATf1kGPe1ZAYMuLrCC77D-Im44wFxNIxN_FPWXHxX_MXTM09jrqp8IKYueF1dAb0oNz3o2jg_ZYqiw_TDNZDi03XNo5jOOhYDqE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=539A861253744BCD899BC955B7C801FC&google_push=ATf1kGPe1ZAYMuLrCC77D-Im44wFxNIxN_FPWXHxX_MXTM09jrqp8IKYueF1dAb0oNz3o2jg_ZYqiw_TDNZDi03XNo5jOOhYDqE

Request Chain 306

https://ads.travelaudience.com/google_pixel?google_gid=CAESEDNOsJPTv-zF9rMM9U5Z2YI&google_cver=1&google_push=ATf1kGPN05ogWIDuu6NGXXujUlJ-XCEV2NT6R19WpGvpJzqGM5v3z2wZ5zdLwgZwySTGPxmtNeTuK5oRy_TZeU5yWlIwE0hXwgM HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=WDOn1tF-Tr2-kKb6dPzUbA2&google_push=ATf1kGPN05ogWIDuu6NGXXujUlJ-XCEV2NT6R19WpGvpJzqGM5v3z2wZ5zdLwgZwySTGPxmtNeTuK5oRy_TZeU5yWlIwE0hXwgM

Request Chain 307

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENsTVV0-cmu1-h9YRqcPQjw&google_cver=1&google_push=ATf1kGM7X0ty0LYxxFpyBEkeqYQ7MVjKMD0bQxyDH-juLkxKhSPjR937iTLeb_-ozIoA_OsvtRaUOCKO1sJSs4eF3aeNTY1fNvI HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGM7X0ty0LYxxFpyBEkeqYQ7MVjKMD0bQxyDH-juLkxKhSPjR937iTLeb_-ozIoA_OsvtRaUOCKO1sJSs4eF3aeNTY1fNvI&google_hm=G0nVsGZH6hYwA1PSQPm-Dvgw

Request Chain 308

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEHyYVfXkvZP5nYSpcQCYNIU&google_cver=1&google_push=ATf1kGO9pgPhwPXu5yCNeIPrtRDNNyC3ctKzFXklBRigV6UuTiZCppqMRudr2yOuxrZ7u0JzClC2CFfI3maDWhko7LHtyChmsQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGO9pgPhwPXu5yCNeIPrtRDNNyC3ctKzFXklBRigV6UuTiZCppqMRudr2yOuxrZ7u0JzClC2CFfI3maDWhko7LHtyChmsQ

Request Chain 309

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEHXHkpqDM2bYPbFPQOMr2_8&google_cver=1&google_push=ATf1kGOUGgEFR6jqHb0RaP8DWVYY-ACjE83eKNCQVGJGfpuFcrgbJaeY-uWzXiwzotAOoXBFBpWdoecQ7qiCbUff8ZdFhwTrrMs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTIxMTE0MjM2NjY0NzkyMzI3NDA2OQ%3D%3D&google_push=ATf1kGOUGgEFR6jqHb0RaP8DWVYY-ACjE83eKNCQVGJGfpuFcrgbJaeY-uWzXiwzotAOoXBFBpWdoecQ7qiCbUff8ZdFhwTrrMs

361 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 6x69807j0b5.html Show response
pcloak.blob.core.windows.net/web/ 1 KB
2 KB 425ms
107ms Document
text/html 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: d469330093a2cebd898628a339df6abaf5edcb89e85769ff79840371195a7d1f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 1318
Content-MD5: +Dz/d7Mp2GQfilgWrAkqiw==
Content-Type: text/html
Date: Thu, 15 Jun 2023 22:13:43 GMT
ETag: 0x8DB5ED0599CC10C
Last-Modified: Sat, 27 May 2023 16:35:15 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: f4d9b707-901e-0061-48d6-9f614e000000
x-ms-version: 2009-09-19

GET
H/1.1 404
The specified blob does not exist. jquery.min.js
pcloak.blob.core.windows.net/web/ 0
0 97ms
97ms Script
application/xml 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/jquery.min.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-request-id: f4d9b7b0-901e-0061-63d6-9f614e000000
Date: Thu, 15 Jun 2023 22:13:43 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 200
OK cloakan.js Show response
pcloak.blob.core.windows.net/web/ 308 B
717 B 301ms
96ms Script
text/javascript 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 15 Jun 2023 22:13:43 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: zPiKctHo6j8i1UGOFPpInw==
ETag: 0x8DA4D4A263C11C2
Content-Type: text/javascript
x-ms-request-id: f4d9b8d3-901e-0061-6fd6-9f614e000000
x-ms-version: 2009-09-19
Content-Length: 308

GET
H/1.1 200
OK style.css
pcloak.blob.core.windows.net/web/ 166 B
568 B 202ms
105ms Stylesheet
text/css 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/style.css
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 15 Jun 2023 22:13:43 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 9ruAIrm4XHnQO3/sM8J0AQ==
ETag: 0x8DA4D4A26527CA0
Content-Type: text/css
x-ms-request-id: f4d9b838-901e-0061-63d6-9f614e000000
x-ms-version: 2009-09-19
Content-Length: 166

GET
H2 200 px.php Show response
www.cloakan.co/ 743 B
681 B 291ms
152ms XHR
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/px.php?id=6x69807j0b5
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:44 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 404

GET
H2 200 nv.php Show response
www.cloakan.co/ 232 B
385 B 276ms
172ms Script
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/nv.php?id=6x69807j0b5-m
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:44 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 112

GET
H2 200 / Show response
ye-mek.net/ Frame EADA 77 KB
77 KB 169ms
58ms Document
text/html 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/
Requested by: Host: www.cloakan.co
URL: https://www.cloakan.co/nv.php?id=6x69807j0b5-m
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b62c5e6e7f015c810ea23b3cbb9bfb652540ddc3a00f2aea404239a6ddc547e8

Request headers

Referer: https://pcloak.blob.core.windows.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-length: 78992
content-type: text/html; charset=utf-8
date: Thu, 15 Jun 2023 22:13:44 GMT
expires: -1
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame EADA 90 KB
33 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:18:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17692
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33018
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Jun 2024 17:18:53 GMT

GET
H2 200 yemeknet.js Show response
ye-mek.net/js/ Frame EADA 10 KB
2 KB 88ms
87ms Script
application/javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/js/yemeknet.js?v=1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Thu, 15 Jun 2023 22:13:44 GMT
content-encoding: br
last-modified: Tue, 20 Aug 2019 13:15:54 GMT
server: Microsoft-IIS/10.0
etag: "0a144655957d51:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=691200
accept-ranges: bytes
content-length: 2179

GET
H2 200 maincss.css
cdn.ye-mek.net/ Frame EADA 40 KB
12 KB 154ms
12ms Stylesheet
text/css 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ye-mek.net/maincss.css?v=434
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 5057823
x-accel-date: 1681809402
x-77-nzt: AcO1rw7qn1//Hy1NAA
x-accel-expires: @1713345402
last-modified: Tue, 24 Nov 2020 00:00:32 GMT
server: CDN77-Turbo
etag: W/"5fbc4d20-9e5b"
x-77-nzt-ray: 90833930687b9487198d8b64d5915315
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame EADA 120 KB
47 KB 42ms
19ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-38733763-1

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0a21246ce99123e0b692a241953ba4480bac476330267f87370e61b88d53bedd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47519
x-xss-protection: 0
last-modified: Thu, 15 Jun 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 15 Jun 2023 22:13:45 GMT

GET
H2 200 WebResource.axd Show response
ye-mek.net/ Frame EADA 23 KB
23 KB 47ms
47ms Script
application/x-javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/WebResource.axd?d=YeedoL8dFzo5gymDuarFXngFaaXpLN8jYlixY-HzMyr_r8lEwXsCQefYQgi2kFzYfrVacpu_9us1eVTBWQamZuI0ynrH9LDfafZF-A5wZF41&t=637811837229275428
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Thu, 15 Jun 2023 22:13:44 GMT
last-modified: Wed, 23 Feb 2022 00:28:42 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: application/x-javascript
cache-control: public
content-length: 23063
expires: Sat, 04 May 2024 23:14:43 GMT

GET
H2 200 searchButton.png
cdn.ye-mek.net/App_UI/Img/ Frame EADA 542 B
895 B 13ms
12ms Image
image/png 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/searchButton.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5057822
x-accel-date: 1681809403
content-length: 542
x-77-nzt: AcO1rw7zSdL/Hi1NAA
x-accel-expires: @1713345403
last-modified: Sat, 22 Oct 2022 20:00:57 GMT
server: CDN77-Turbo
etag: "63544bf9-21e"
x-77-nzt-ray: 90833930687b9487198d8b64ec846016
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ara.png
cdn.ye-mek.net/App_UI/Img/ Frame EADA 2 KB
2 KB 23ms
18ms Image
image/png 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/ara.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5057813
x-accel-date: 1681809412
content-length: 1651
x-77-nzt: AcO1rw7di2P/FS1NAA
x-accel-expires: @1713345412
last-modified: Mon, 14 May 2018 22:41:08 GMT
server: CDN77-Turbo
etag: "5afa1084-673"
x-77-nzt-ray: 90833930687b9487198d8b6468891917
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 karadut-peltesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame EADA 14 KB
14 KB 27ms
21ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/karadut-peltesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 75a654ce513996dc8f544619cc1c99b2361261bb6f38d51c619833d68d0a6a72

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 85218
x-accel-date: 1686782007
content-length: 14137
x-77-nzt: AcO1rw75oD3/4kwBAA
x-accel-expires: @1718318007
last-modified: Wed, 14 Jun 2023 21:56:43 GMT
server: CDN77-Turbo
etag: "648a379b-3739"
x-77-nzt-ray: 90833930687b9487198d8b64fc6e1d17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 buzlukta-mantar-saklama-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame EADA 14 KB
14 KB 32ms
26ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/buzlukta-mantar-saklama-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 605b3f81cae22e511a6b284368d863e9da83d4c50680a9eb4527718e9146fe00

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 129744
x-accel-date: 1686737481
content-length: 14099
x-77-nzt: AcO1rw4ZaIr/0PoBAA
x-accel-expires: @1718273481
last-modified: Wed, 14 Jun 2023 09:52:59 GMT
server: CDN77-Turbo
etag: "64898dfb-3713"
x-77-nzt-ray: 90833930687b9487198d8b64c4b72117
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuk-suyuna-corba-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame EADA 14 KB
14 KB 37ms
31ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/tavuk-suyuna-corba-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 1bd029574063760669a424ed0c20f70f18fb595f1e3769f9bb5c6a64e4bdf622

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 258846
x-accel-date: 1686608379
content-length: 13832
x-77-nzt: AcO1rw5XHIT/HvMDAA
x-accel-expires: @1718144379
last-modified: Mon, 12 Jun 2023 22:07:00 GMT
server: CDN77-Turbo
etag: "64879704-3608"
x-77-nzt-ray: 90833930687b9487198d8b64f37d2517
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 arasi-elmali-kek-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame EADA 14 KB
14 KB 38ms
32ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/arasi-elmali-kek-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 0403acf352d97f4125629cb0d42e156490c93962f561f94d7f3c2f4816c8f415

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 345942
x-accel-date: 1686521283
content-length: 14260
x-77-nzt: AcO1rw4qsmTvVkcFAA
x-accel-expires: @1718057283
last-modified: Sun, 11 Jun 2023 21:40:09 GMT
server: CDN77-Turbo
etag: "64863f39-37b4"
x-77-nzt-ray: 90833930687b9487198d8b64c34d2917
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 patates-puresinde-tavuk-sote-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/04/ Frame EADA 16 KB
17 KB 38ms
32ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/04/patates-puresinde-tavuk-sote-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3bc501087c297a6f3d740843828eabab1f7f9de9787718f2ec63952faedbec0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5057736
x-accel-date: 1681809489
content-length: 16839
x-77-nzt: AcO1rw4ApJr/yCxNAA
x-accel-expires: @1713345489
last-modified: Tue, 04 Apr 2023 21:50:39 GMT
server: CDN77-Turbo
etag: "642c9baf-41c7"
x-77-nzt-ray: 90833930687b9487198d8b64bfb62b17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavada-tavuk-sis-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/07/ Frame EADA 15 KB
16 KB 38ms
32ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/07/tavada-tavuk-sis-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4bff962fb085bc7a7d81b7a59a2dceb2a6dd7f44a6d25af7040fd62f86393a05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5057736
x-accel-date: 1681809489
content-length: 15765
x-77-nzt: AcO1rw4+3LL/yCxNAA
x-accel-expires: @1713345489
last-modified: Wed, 01 May 2019 22:26:43 GMT
server: CDN77-Turbo
etag: "5cca1d23-3d95"
x-77-nzt-ray: 90833930687b9487198d8b6437382d17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuklu-bamya-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/08/ Frame EADA 12 KB
12 KB 38ms
33ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/08/tavuklu-bamya-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 94dc350acb3e491e883e23665acdfe801c1559d67026fbcd533dfce70d5a6270

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 299200
x-accel-date: 1686568025
content-length: 12328
x-77-nzt: AcO1rw60QhP/wJAEAA
x-accel-expires: @1718104025
last-modified: Wed, 21 Aug 2019 22:20:01 GMT
server: CDN77-Turbo
etag: "5d5dc391-3028"
x-77-nzt-ray: 90833930687b9487198d8b64ebbe2e17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tencerede-etli-patlican-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/08/ Frame EADA 13 KB
13 KB 38ms
33ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/08/tencerede-etli-patlican-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8e2b2033aae5f2ebbc9b92291c3cdfa7a084429d21d85b382e39dfbd875b5f55

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 4436885
x-accel-date: 1682430340
content-length: 13086
x-77-nzt: AcO1rw4OaA//lbNDAA
x-accel-expires: @1713966340
last-modified: Wed, 01 May 2019 23:03:11 GMT
server: CDN77-Turbo
etag: "5cca25af-331e"
x-77-nzt-ray: 90833930687b9487198d8b644f423017
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 toyga-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/03/ Frame EADA 13 KB
13 KB 38ms
33ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/03/toyga-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 147c0a445950fa29f9fc3784910f112bdc6dc232412915e1162da9e7ea36ad51

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5057781
x-accel-date: 1681809444
content-length: 13360
x-77-nzt: AcO1rw7+b+3/9SxNAA
x-accel-expires: @1713345444
last-modified: Wed, 01 May 2019 23:45:46 GMT
server: CDN77-Turbo
etag: "5cca2faa-3430"
x-77-nzt-ray: 90833930687b9487198d8b646fba3117
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 atom-meze-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/04/ Frame EADA 15 KB
16 KB 42ms
37ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/04/atom-meze-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 0052f42a0eb025590c4a2c324f65ddac213225b383aed8a10687d4250138cc6c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5057294
x-accel-date: 1681809931
content-length: 15669
x-77-nzt: AcO1rw4e8JD/DitNAA
x-accel-expires: @1713345931
last-modified: Wed, 15 Apr 2020 00:26:30 GMT
server: CDN77-Turbo
etag: "5e9654b6-3d35"
x-77-nzt-ray: 90833930687b9487198d8b64a5223317
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yagli-kofte-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/12/ Frame EADA 15 KB
15 KB 42ms
37ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/12/yagli-kofte-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 61ef244a7f7b27ce2c69ff28e1bb69f7bac2e6be7fe6dbbbcb82feeb11db7d84

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5052670
x-accel-date: 1681814555
content-length: 15394
x-77-nzt: AcO1rw7A/LT//hhNAA
x-accel-expires: @1713350555
last-modified: Fri, 17 Dec 2021 23:00:27 GMT
server: CDN77-Turbo
etag: "61bd168b-3c22"
x-77-nzt-ray: 90833930687b9487198d8b64d1803417
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kaygana-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/03/ Frame EADA 12 KB
12 KB 42ms
37ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/03/kaygana-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7db39f0b9931b338e9cd0eabeef7fd618ace0e5bc5990061ce13a0a2ed8e8a0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5052232
x-accel-date: 1681814993
content-length: 11893
x-77-nzt: AcO1rw7SdRj/SBdNAA
x-accel-expires: @1713350993
last-modified: Wed, 01 May 2019 23:14:01 GMT
server: CDN77-Turbo
etag: "5cca2839-2e75"
x-77-nzt-ray: 90833930687b9487198d8b6420d63517
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kabak-kebabi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/05/ Frame EADA 15 KB
16 KB 43ms
38ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/05/kabak-kebabi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b2614739e5032eef7a58aa35faf7010861d20c62b93b0e8d42a1e8d0a2a7ffa2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5056964
x-accel-date: 1681810261
content-length: 15726
x-77-nzt: AcO1rw5+PZ7/xClNAA
x-accel-expires: @1713346261
last-modified: Mon, 04 May 2020 23:42:37 GMT
server: CDN77-Turbo
etag: "5eb0a86d-3d6e"
x-77-nzt-ray: 90833930687b9487198d8b64ad883717
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-kazan-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/06/ Frame EADA 13 KB
13 KB 43ms
38ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/06/firinda-kazan-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8696856d40a33bb1143b9f31c9d507fccab76523f0f3e431bf6e03997017950e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5054609
x-accel-date: 1681812616
content-length: 13223
x-77-nzt: AcO1rw687f3/kSBNAA
x-accel-expires: @1713348616
last-modified: Wed, 01 May 2019 23:36:40 GMT
server: CDN77-Turbo
etag: "5cca2d88-33a7"
x-77-nzt-ray: 90833930687b9487198d8b6490fb3817
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 lokanta-usulu-kavurma-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/04/ Frame EADA 15 KB
15 KB 43ms
38ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/04/lokanta-usulu-kavurma-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 27b62f116d3964364a5054f01a59e237c576d204d47cded37d221f39beed4397

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5057634
x-accel-date: 1681809591
content-length: 15361
x-77-nzt: AcO1rw4NoqL/YixNAA
x-accel-expires: @1713345591
last-modified: Wed, 12 Apr 2023 22:36:34 GMT
server: CDN77-Turbo
etag: "64373272-3c01"
x-77-nzt-ray: 90833930687b9487198d8b6469773a17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sultan-kebabi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/08/ Frame EADA 13 KB
14 KB 43ms
38ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/08/sultan-kebabi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 479da794610042c07a692cc82df9f0dcd96e46dd83b103761d7f0387f2ac2f1e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5057667
x-accel-date: 1681809558
content-length: 13608
x-77-nzt: AcO1rw5seLv/gyxNAA
x-accel-expires: @1713345558
last-modified: Wed, 01 May 2019 22:27:29 GMT
server: CDN77-Turbo
etag: "5cca1d51-3528"
x-77-nzt-ray: 90833930687b9487198d8b64da053c17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 balli-susamli-tavuk-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/09/ Frame EADA 17 KB
17 KB 43ms
38ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/09/balli-susamli-tavuk-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9a24dc75b4b3c4341c1c671f96141dfd1183c66c6281791cd2b5d74fe9b257b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5056754
x-accel-date: 1681810471
content-length: 16948
x-77-nzt: AcO1rw7Itfj/8ihNAA
x-accel-expires: @1713346471
last-modified: Wed, 02 Sep 2020 23:28:10 GMT
server: CDN77-Turbo
etag: "5f502a8a-4234"
x-77-nzt-ray: 90833930687b9487198d8b64d6823d17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuk-burger-koftesi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/02/ Frame EADA 11 KB
11 KB 43ms
39ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/02/tavuk-burger-koftesi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 78aa3d973a83de17d8b856934f19a2613483fbfd3cd2b6c5bc50865014924659

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 349300
x-accel-date: 1686517925
content-length: 11304
x-77-nzt: AcO1rw67pGn/dFQFAA
x-accel-expires: @1718053925
last-modified: Mon, 28 Feb 2022 17:23:23 GMT
server: CDN77-Turbo
etag: "621d050b-2c28"
x-77-nzt-ray: 90833930687b9487198d8b64edfb3e17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavada-kalcali-but-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame EADA 15 KB
15 KB 43ms
39ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/tavada-kalcali-but-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e95ae6bc878c84c98ce8435e7546c02b847773de6053b098709bd28fce89dc0c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 599649
x-accel-date: 1686267576
content-length: 15133
x-77-nzt: AcO1rw7fs9z/YSYJAA
x-accel-expires: @1717803576
last-modified: Thu, 08 Jun 2023 23:19:39 GMT
server: CDN77-Turbo
etag: "6482620b-3b1d"
x-77-nzt-ray: 90833930687b9487198d8b64545b4017
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuk-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/11/ Frame EADA 12 KB
13 KB 43ms
39ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/11/tavuk-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5d867d8101d7d263052fd7656e7e10f585b485c3c38cb96e2c7bca172f579491

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5054479
x-accel-date: 1681812746
content-length: 12499
x-77-nzt: AcO1rw6khrT/DyBNAA
x-accel-expires: @1713348746
last-modified: Wed, 01 May 2019 23:26:22 GMT
server: CDN77-Turbo
etag: "5cca2b1e-30d3"
x-77-nzt-ray: 90833930687b9487198d8b64f64a7a17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mantar-diblesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/02/ Frame EADA 17 KB
17 KB 44ms
39ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/02/mantar-diblesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 24466e81baccf62dbd8cda0cc4e8b4dc2f1f4cd55c7591dbc798901697783fbf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5057636
x-accel-date: 1681809589
content-length: 17100
x-77-nzt: AcO1rw6b7fD/ZCxNAA
x-accel-expires: @1713345589
last-modified: Sun, 26 Feb 2023 13:54:54 GMT
server: CDN77-Turbo
etag: "63fb64ae-42cc"
x-77-nzt-ray: 90833930687b9487198d8b64d5117d17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 patlican-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/01/ Frame EADA 11 KB
12 KB 44ms
39ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/01/patlican-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: dcaa4bf67ba1198b85332a0c4712f44448246e29eedafdd2e6e744a40bb44c35

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5056337
x-accel-date: 1681810888
content-length: 11504
x-77-nzt: AcO1rw4GQCj/USdNAA
x-accel-expires: @1713346888
last-modified: Wed, 01 May 2019 23:29:08 GMT
server: CDN77-Turbo
etag: "5cca2bc4-2cf0"
x-77-nzt-ray: 90833930687b9487198d8b64f0817f17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-sutlu-karnabahar-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/12/ Frame EADA 15 KB
15 KB 44ms
40ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/12/firinda-sutlu-karnabahar-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 598a8457413e85866a6501f257f380354f5dfb6f11ba2995668dc55d5c237bf5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 295660
x-accel-date: 1686571565
content-length: 15367
x-77-nzt: AcO1rw4c35r/7IIEAA
x-accel-expires: @1718107565
last-modified: Sat, 18 Dec 2021 21:47:33 GMT
server: CDN77-Turbo
etag: "61be56f5-3c07"
x-77-nzt-ray: 90833930687b9487198d8b6443418217
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 domatesli-patlican-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/04/ Frame EADA 14 KB
14 KB 44ms
40ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/04/domatesli-patlican-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8ceaff2dab6c10ad838fc8f93dc3b66b68485a557d810e2b501e45015a4bef33

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5054609
x-accel-date: 1681812616
content-length: 14135
x-77-nzt: AcO1rw51u13/kSBNAA
x-accel-expires: @1713348616
last-modified: Sun, 11 Apr 2021 23:10:56 GMT
server: CDN77-Turbo
etag: "60738200-3737"
x-77-nzt-ray: 90833930687b9487198d8b649c638417
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 terbiyeli-kavrulmus-sehriye-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/01/ Frame EADA 13 KB
13 KB 44ms
40ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/01/terbiyeli-kavrulmus-sehriye-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: c0d871d5f9d0fb4ddf16fffccba31fe0f9e933df787e2c45b361dc57a597fca2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5057392
x-accel-date: 1681809833
content-length: 13113
x-77-nzt: AcO1rw6TOLL/cCtNAA
x-accel-expires: @1713345833
last-modified: Wed, 01 May 2019 22:52:25 GMT
server: CDN77-Turbo
etag: "5cca2329-3339"
x-77-nzt-ray: 90833930687b9487198d8b6492708617
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 dort-4-kasik-corbasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/03/ Frame EADA 16 KB
16 KB 44ms
40ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/03/dort-4-kasik-corbasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 25f2cf0d92927ea6a032fa0eca112d4e69207864db577150d8bd82fd05a3ff7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5057781
x-accel-date: 1681809444
content-length: 15924
x-77-nzt: AcO1rw7Yc93/9SxNAA
x-accel-expires: @1713345444
last-modified: Wed, 15 Mar 2023 22:01:57 GMT
server: CDN77-Turbo
etag: "64124055-3e34"
x-77-nzt-ray: 90833930687b9487198d8b644e888917
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ipek-corbasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/04/ Frame EADA 9 KB
10 KB 44ms
40ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/04/ipek-corbasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b3fce6c522254e35e5dbbdd484afaacc4007ffc56c7cb235b9a6e7b15d3d6f5a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5057670
x-accel-date: 1681809555
content-length: 9371
x-77-nzt: AcO1rw5chEb/hixNAA
x-accel-expires: @1713345555
last-modified: Wed, 01 May 2019 23:47:22 GMT
server: CDN77-Turbo
etag: "5cca300a-249b"
x-77-nzt-ray: 90833930687b9487198d8b64aee68b17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 terbiyeli-pirasa-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/04/ Frame EADA 12 KB
12 KB 44ms
40ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/04/terbiyeli-pirasa-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: cb999f85fd1d501283263c9716367eb7fca38ef43777df0fa253ee71bdf19565

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5057226
x-accel-date: 1681809999
content-length: 12043
x-77-nzt: AcO1rw6S34v/yipNAA
x-accel-expires: @1713345999
last-modified: Wed, 20 Apr 2022 23:39:13 GMT
server: CDN77-Turbo
etag: "626099a1-2f0b"
x-77-nzt-ray: 90833930687b9487198d8b64c4ca8d17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 damla-cikolatali-pogaca-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/09/ Frame EADA 11 KB
12 KB 44ms
41ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/09/damla-cikolatali-pogaca-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 43bd9d6bbcd9a8c9742300bcb60c541f756427599656f3e0dc3d405509371ac1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5054887
x-accel-date: 1681812338
content-length: 11711
x-77-nzt: AcO1rw5teZf/pyFNAA
x-accel-expires: @1713348338
last-modified: Wed, 01 May 2019 23:05:23 GMT
server: CDN77-Turbo
etag: "5cca2633-2dbf"
x-77-nzt-ray: 90833930687b9487198d8b640dd88f17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 baklavalik-yufkadan-bulbul-yuvasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/05/ Frame EADA 16 KB
16 KB 44ms
41ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/05/baklavalik-yufkadan-bulbul-yuvasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a151cd0ce17efc76f5fe92c0721fa47031a36190c5ac7ee5f6512b9ac734d277

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5057476
x-accel-date: 1681809749
content-length: 16001
x-77-nzt: AcO1rw60GVb/xCtNAA
x-accel-expires: @1713345749
last-modified: Tue, 19 May 2020 13:21:10 GMT
server: CDN77-Turbo
etag: "5ec3dd46-3e81"
x-77-nzt-ray: 90833930687b9487198d8b6468b99117
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cevizli-rulo-tatli-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/04/ Frame EADA 16 KB
16 KB 44ms
41ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/04/cevizli-rulo-tatli-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 31e774f0a5fc7ed9d95690a70e18132c3c36f0a4c2366d0d8886c639dc71780f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 4922353
x-accel-date: 1681944872
content-length: 15934
x-77-nzt: AcO1rw5t91n/8RtLAA
x-accel-expires: @1713480872
last-modified: Wed, 19 Apr 2023 22:21:44 GMT
server: CDN77-Turbo
etag: "64406978-3e3e"
x-77-nzt-ray: 90833930687b9487198d8b641eff9617
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 susamli-tepsi-keki-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/12/ Frame EADA 13 KB
14 KB 45ms
41ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/12/susamli-tepsi-keki-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 6a5c3836f01af05b52f926264495b7bac8dcef94acc6cfdbb3fbfa5054e941d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5047990
x-accel-date: 1681819235
content-length: 13737
x-77-nzt: AcO1rw5cHsr/tgZNAA
x-accel-expires: @1713355235
last-modified: Wed, 01 May 2019 23:09:05 GMT
server: CDN77-Turbo
etag: "5cca2711-35a9"
x-77-nzt-ray: 90833930687b9487198d8b6454989917
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cevizli-hashasli-citir-borek-resimli-yemek-tarifi(24).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/11/ Frame EADA 13 KB
13 KB 45ms
41ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/11/cevizli-hashasli-citir-borek-resimli-yemek-tarifi(24).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: aaca9feb9e33cf12a261bd3aa24977a549b72df3a723e8e8291ce8745c70ef0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5054750
x-accel-date: 1681812475
content-length: 13065
x-77-nzt: AcO1rw7j4Fr/HiFNAA
x-accel-expires: @1713348475
last-modified: Wed, 01 May 2019 23:08:36 GMT
server: CDN77-Turbo
etag: "5cca26f4-3309"
x-77-nzt-ray: 90833930687b9487198d8b6457079c17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ispanakli-gul-boregi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/01/ Frame EADA 15 KB
15 KB 45ms
41ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/01/ispanakli-gul-boregi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 31a2d1774f7bd443e5771952dcbe0a369aa5d1738f508a0c04de6189b372efcf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5055608
x-accel-date: 1681811617
content-length: 15051
x-77-nzt: AcO1rw79de3/eCRNAA
x-accel-expires: @1713347617
last-modified: Wed, 01 May 2019 23:29:26 GMT
server: CDN77-Turbo
etag: "5cca2bd6-3acb"
x-77-nzt-ray: 90833930687b9487198d8b6462399e17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 soganlama-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/11/ Frame EADA 15 KB
16 KB 45ms
41ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/11/soganlama-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 026b4a233a96cb33e867984ee3265a666c4f670685a19db68d5dfc9700498c6c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5057691
x-accel-date: 1681809534
content-length: 15832
x-77-nzt: AcO1rw6px1f/myxNAA
x-accel-expires: @1713345534
last-modified: Sat, 13 Nov 2021 22:20:22 GMT
server: CDN77-Turbo
etag: "61903a26-3dd8"
x-77-nzt-ray: 90833930687b9487198d8b644887a017
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 peynirli-muska-boregi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/11/ Frame EADA 16 KB
16 KB 45ms
42ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/11/peynirli-muska-boregi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: f9d27feb9e971002d29bf9918639f452ab7e92f53ca38e36d5fc38a6f32f01d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5052269
x-accel-date: 1681814956
content-length: 16256
x-77-nzt: AcO1rw6X78f/bRdNAA
x-accel-expires: @1713350956
last-modified: Sun, 20 Nov 2022 21:58:03 GMT
server: CDN77-Turbo
etag: "637aa2eb-3f80"
x-77-nzt-ray: 90833930687b9487198d8b64b126a217
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 _dmca_premi_badge_5.png
images.dmca.com/Badges/ Frame EADA 5 KB
6 KB 46ms
14ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_5.png?ID=da1d399b-5fd3-4da3-b5cd-8af692c19999
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:45 GMT
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: Microsoft-IIS/10.0
etag: "8ae3cdbd420cc1:0"
x-powered-by: ASP.NET
x-hw: 1686867225.cds259.fr8.hn,1686867225.cds153.fr8.c
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/_dmca_premi_badge_5.png>; rel="canonical"
content-length: 5605

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ Frame EADA 56 B
361 B 801ms
16ms Script
text/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 15 Jun 2023 22:13:46 GMT
server: Oracle API Gateway
opc-request-id: /2BB03BD381865A0A97EBFCD6A8FD4AFC/A4850C3D79FDF078202C8700A4DDB960
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H2 200 DMCABadgeHelper.min.js Show response
images.dmca.com/Badges/ Frame EADA 465 B
585 B 46ms
14ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://images.dmca.com/Badges/DMCABadgeHelper.min.js
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:45 GMT
content-encoding: gzip
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
server: Microsoft-IIS/10.0
etag: "26b181f16d28d51:0"
x-powered-by: ASP.NET
x-hw: 1686867225.cds259.fr8.hn,1686867225.cds057.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/DMCABadgeHelper.min.js>; rel="canonical"
content-length: 395

GET
H2 200 outside.js Show response
static.virgul.com/theme/mockups/adcode/ Frame EADA 74 KB
26 KB 262ms
47ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19523
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 6bc3d03f9d36b00c7c9e9480dc420908aaba03af664e60c3e09a12cc530a7436

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:45 GMT
content-encoding: gzip
last-modified: Thu, 15 Jun 2023 19:30:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=43200

GET
H2 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame EADA 3 KB
2 KB 33ms
8ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6b35721318dac7f2078f61535dd887a67724daccc15fe229dd043318b05bc80d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 15 Jun 2023 22:13:45 GMT
content-md5: dPMRs+nkiNQG4Y7G8pqeNw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
x-fb-debug: o9yEHrpFqpkb9Z7WtPMmnBRZ0FWAAchQ6Pxn7aErLUG5SYrSIrynGoS+okLOd040GU8d6pFs/u8yyE3d9eNhAQ==
x-fb-trip-id: 1679558926
x-fb-content-md5: 035585a622527f2cf11282a5fd632cfc
cross-origin-opener-policy: same-origin-allow-popups
etag: "87104fda574362aeb6f0f25c7286975b"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Thu, 15 Jun 2023 22:17:38 GMT

GET
H2 200 sprite_3.png
cdn.ye-mek.net/grafik/ Frame EADA 21 KB
21 KB 40ms
40ms Image
image/png 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/grafik/sprite_3.png
Requested by: Host: cdn.ye-mek.net
URL: https://cdn.ye-mek.net/maincss.css?v=434
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.ye-mek.net/maincss.css?v=434
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Thu, 15 Jun 2023 22:13:45 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5057823
x-accel-date: 1681809402
content-length: 21525
x-77-nzt: AcO1rw71w3v/Hy1NAA
x-accel-expires: @1713345402
last-modified: Mon, 14 May 2018 20:55:05 GMT
server: CDN77-Turbo
etag: "5af9f7a9-5415"
x-77-nzt-ray: 90833930687b9487198d8b647b9da417
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame EADA 51 KB
21 KB 43ms
7ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-38733763-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 15 Jun 2023 21:04:47 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 4138
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Thu, 15 Jun 2023 23:04:47 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame EADA 307 KB
87 KB 19ms
10ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js?hash=37ae28c751f00ce53b3890b3aa3840a1

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/tr_TR/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

31d067009b15c1649df4b4eeb6dc93cd049cd9f8c67a1a57e726f1afd20114e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 15 Jun 2023 22:13:45 GMT
content-md5: rFBzrPJo2hQQ7u5i6XC9yA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88757
x-fb-debug: +EZsRLXzPtSiIZTaSyJ6OsqSZDpUS7Wo1xUyU8qk9Sef1f5IfWZAibuYANPk7I+H2yM9NpPzZ3HwgIRjeVZo4w==
x-fb-content-md5: 3e9fdd81839bb1ba40ed42f577657468
cross-origin-opener-policy: same-origin-allow-popups
etag: "9d5e2a38b9901e3701db3c751122c0ab"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Fri, 14 Jun 2024 20:57:22 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame EADA 80 KB
26 KB 82ms
31ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19523

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cad4c9f9d1cb86fa9c63ffff5f75d98e72f669d27d045940eee183bbf3fea591

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26461
x-xss-protection: 0
server: cafe
etag: 764 / 19523 / 31075377 / config-hash: 17639771211870587372
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 15 Jun 2023 22:13:45 GMT

GET
H2 200 ads.js Show response
static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ Frame EADA 120 B
306 B 44ms
44ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ads.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19523
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:45 GMT
last-modified: Wed, 21 Dec 2022 18:47:42 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 120

GET
H2 200 str.html Show response
static.virgul.com/theme/mockups/outside/ Frame 37E7 891 B
1 KB 44ms
44ms Document
text/html 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19523
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
content-length: 891
content-type: text/html
date: Thu, 15 Jun 2023 22:13:45 GMT
last-modified: Wed, 28 Sep 2022 10:07:57 GMT
server: openresty/1.15.8.3

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame EADA 137 KB
47 KB 55ms
26ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19523

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ebd2ca9ffdae715422514a52cabb0852d1fc54c8f1f645a767f3d1089cb240c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47461
x-xss-protection: 0
server: cafe
etag: 4224286807466281124
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 15 Jun 2023 22:13:45 GMT

GET
H2 200 prebid7.38.0.js Show response
static.virgul.com/theme/mockups/outside/ Frame EADA 489 KB
182 KB 49ms
49ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19523
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:45 GMT
content-encoding: gzip
last-modified: Mon, 27 Mar 2023 14:56:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame EADA 236 KB
58 KB 31ms
8ms Script
application/javascript 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19523
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 21:19:30 GMT
content-encoding: gzip
via: 1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront), 1.1 c3fc8d1fb362a6655af993732c376dc4.cloudfront.net (CloudFront)
last-modified: Thu, 15 Jun 2023 18:14:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA56-P6
age: 3256
x-amz-server-side-encryption: AES256
etag: W/"9352f20e556bff9fea6fd0461aac850d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: cyc3EElIZEmDyC8woT8R-v53oEP794Qy-7YIduHeSox7bmJdjNqgEA==

GET
H2 200 pageview Show response
ng.virgul.com/ Frame EADA 37 KB
7 KB 200ms
81ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/pageview?c=site_geneli&mt=1686867225697&v=https%3A%2F%2Fye-mek.net%2F&r=yemek_net:site_geneli&userId=&tp=&os=&call=noktaad.ads.vvad&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc0,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.3037211546448175
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19523
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 87f9a87c97f320be2896eb3872bc5f256f0941fb848b5ecfbe7fc5fd08350a1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:45 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/fallback/ Frame EADA 12 KB
2 KB 44ms
44ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/fallback/yemek_net.js?dts=19523
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19523
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:45 GMT
content-encoding: gzip
last-modified: Wed, 31 May 2023 14:14:23 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 hb Show response
ng.virgul.com/ Frame EADA 50 KB
5 KB 170ms
54ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/hb?call=noktaad.setHbParameters&site=yemek_net&dts=468574
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19523
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 01f43c1e8487a28f744072c622cc1174f2c3455c3b413cc572f66c9258595bf8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:45 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
cache-control: max-age=3600
access-control-allow-credentials: true

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame EADA 0
306 B 8ms
8ms XHR
text/plain 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fye-mek.net&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 21:25:30 GMT
via: 1.1 c3fc8d1fb362a6655af993732c376dc4.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
age: 2894
x-cache: Hit from cloudfront
access-control-allow-origin: https://ye-mek.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: 9Sd8HeIq8rg6p8bF0mPS8IFmWvl1MgwXwUuNLTcMnUldLBlvfPJoUw==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame EADA 6 KB
3 KB 23ms
8ms XHR
application/javascript 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id: Zm_tZQQ808JKRizBfXGgSN2OWn8Z6JUU
content-encoding: gzip
via: 1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront)
date: Thu, 15 Jun 2023 05:44:41 GMT
x-amz-cf-pop: FRA56-P6
age: 59345
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 26 May 2023 01:35:48 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: BhSRyyNf2b0zjmVxgl14c-dRlr_AtED6w-AfBGnnddN1_j-LL3rsyQ==

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306080101/ Frame EADA 352 KB
118 KB 64ms
47ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306080101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95e4c6949ac204908fb72ad3572730075c51644b3683746e11cc1192108bf303

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120775
x-xss-protection: 0
server: cafe
etag: 14228053164752082401
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 15 Jun 2023 22:13:45 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230614/r20190131/ Frame 580A 10 KB
5 KB 66ms
14ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230614/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 14935
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 18:04:50 GMT
etag: 15057649708203361565
expires: Thu, 29 Jun 2023 18:04:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/ Frame EADA 408 KB
126 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075377

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e190fdf47cb7389e127605fc34bfb1bfc74281d5264501b79f2779008a2ae73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 13:04:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32948
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128933
x-xss-protection: 0
server: cafe
etag: 1396361306703029922
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Fri, 14 Jun 2024 13:04:37 GMT

GET
H2 200 empowerwebplayer3.js Show response
static.virgul.com/theme/mockups/outside/ Frame EADA 10 KB
3 KB 45ms
45ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:45 GMT
content-encoding: gzip
last-modified: Tue, 13 Jun 2023 13:36:40 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame EADA 107 B
456 B 44ms
16ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306080101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 236D 603 B
218 B 64ms
63ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686867225775&bpp=3&bdt=557&idt=110&shv=r20230614&mjsv=m202306080101&ptt=9&saldr=aa&nras=1&correlator=4172165922379&frm=24&ife=1&pv=2&ga_vid=1164401128.1686867225&ga_sid=1686867226&ga_hid=372826235&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759842%2C44759876%2C31075298%2C31075305%2C44788441%2C44793499&oid=2&pvsid=456909807881205&tmod=1579466775&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.4ficyttl0b37&fsb=1&dtd=123

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 22:13:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ Frame EADA 23 B
458 B 393ms
330ms XHR
text/javascript 13.32.119.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pr=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pid=RqYvGryAEREz1&cb=0&ws=1600x1200&v=23.612.1758&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338221728129623web_yemeknet_right_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_right_tower%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15336621728129623web_yemeknet_masthead%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%2C%22300x250%22%2C%22200x200%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_masthead%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338321728129623web_yemeknet_left_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_left_tower%22%7D%5D&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.119.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-119-77.fra60.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 8eee0c5143f92bd7600d25e3dc25ce5e.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA60-P1
x-amz-rid: 9PWHVGGP1EFNB70EN95R
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: jZ7npPBOneyEg0uAoRinc3gthgfMKWz7btY89l_7DCBOuUoHFJYWZA==

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/sites/ Frame EADA 11 KB
5 KB 44ms
44ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/sites/yemek_net.js?dts=468574
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19523
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:45 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 09:08:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ Frame EADA 17 KB
5 KB 58ms
13ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19523
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 21:35:10 GMT
content-encoding: gzip
age: 2315
x-guploader-uploadid: ADPycdv7I0W_qHOF_4T88Iv_Gupzk0Mfbgyg0-xPXeNrP2McSGii9HG2GSdpF8btsiNGjrs7ydconfN2Zyfk0QdPMV8M5K6vrAOe
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5009
last-modified: Mon, 05 Jun 2023 16:36:50 GMT
server: UploadServer
etag: "47a886353056caf33a998c6041e20896"
vary: Accept-Encoding
x-goog-generation: 1685983010517890
x-goog-hash: crc32c=aHj4lg==, md5=R6iGNTBWyvM6mYxgQeIIlg==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 5009
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 zoneview
ng.virgul.com/ Frame EADA 0
209 B 44ms
44ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1686867225915&v=https%3A%2F%2Fye-mek.net%2F&r=153366@153377@153378@153379@153379@153382@153383:yemek_net&userId=vnetdc5075c3-0999-4ad4-a2db-d225ee94040d&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.7065373565779727
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Thu, 15 Jun 2023 22:13:45 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame EADA 136 KB
39 KB 471ms
471ms XHR
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=456909807881205&correlator=1059037487767753&eid=31075377&output=ldjh&gdfp_req=1&vrg=202306130101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=2&adks=3733009076&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1686867225697%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetdc5075c3-0999-4ad4-a2db-d225ee94040d%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetdc5075c309994ad4a2dbd225ee94040d&sc=1&cdm=ye-mek.net&abxe=1&dt=1686867225942&lmt=1686867225&dlt=1686867225218&idt=614&adxs=436&adys=2665&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=qgb0sg4vjslu&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1164401128.1686867225&ga_sid=1686867226&ga_hid=372826235&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075377

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b333c7f773aa4f325289b9f395a20df02c21f05e0be5415f717e6376232904b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39809
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B931 6 KB
3 KB 97ms
17ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075377

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 22:13:46 GMT
expires: Fri, 14 Jun 2024 22:13:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ Frame EADA 7 KB
3 KB 199ms
45ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19523
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Thu, 22 Jun 2023 22:13:46 GMT

GET
H2 200 zoneview
ng.virgul.com/ Frame EADA 0
209 B 44ms
44ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1686867225982&v=https%3A%2F%2Fye-mek.net%2F&r=153394@153493:yemek_net&userId=vnetdc5075c3-0999-4ad4-a2db-d225ee94040d&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.049429031180767025
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Thu, 15 Jun 2023 22:13:45 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 tag Show response
feed.pghub.io/ Frame A535 13 B
248 B 93ms
24ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Thu, 15 Jun 2023 22:13:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 google

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame EADA 361 KB
121 KB 108ms
80ms Script
text/javascript 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19523

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123120
x-xss-protection: 0
expires: Thu, 15 Jun 2023 22:13:46 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ Frame EADA 398 KB
128 KB 48ms
48ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=6/15/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19523
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: gzip
last-modified: Mon, 29 May 2023 18:51:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Thu, 22 Jun 2023 22:13:46 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame EADA 107 B
165 B 17ms
17ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075377

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame EADA 34 KB
14 KB 312ms
312ms XHR
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=456909807881205&correlator=4458343357226991&eid=31075377&output=ldjh&gdfp_req=1&vrg=202306130101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=3&adks=345722362&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1686867225697%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetdc5075c3-0999-4ad4-a2db-d225ee94040d%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetdc5075c309994ad4a2dbd225ee94040d&sc=1&cdm=ye-mek.net&abxe=1&dt=1686867226341&lmt=1686867226&dlt=1686867225218&idt=614&adxs=436&adys=1389&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=kprw3p1gbvc1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1164401128.1686867225&ga_sid=1686867226&ga_hid=372826235&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075377

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

251d626986bb36c79db29e057235bf0083536b9069a5bb5ba000a829366acf93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13817
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame EADA 65 KB
14 KB 526ms
525ms XHR
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=456909807881205&correlator=1628135580046668&eid=31075377&output=ldjh&gdfp_req=1&vrg=202306130101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_left_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=4&adks=3299242717&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1686867225697%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetdc5075c3-0999-4ad4-a2db-d225ee94040d%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetdc5075c309994ad4a2dbd225ee94040d&sc=1&cdm=ye-mek.net&abxe=1&dt=1686867226377&lmt=1686867226&dlt=1686867225218&idt=614&adxs=122&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=p1oehikcckij&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=1164401128.1686867225&ga_sid=1686867226&ga_hid=372826235&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075377

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

411fe8c4b65aaac876035a74a61d230e99e06014c0d16f0c0ed9aed6e01f4bfd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14639
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame EADA 22 KB
10 KB 386ms
385ms XHR
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=456909807881205&correlator=4411505519121175&eid=31075377&output=ldjh&gdfp_req=1&vrg=202306130101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C970x250%7C970x90%7C728x90%7C300x250%7C468x60%7C250x250%7C200x200%7C160x160%7C640x205&fluid=height&ifi=5&adks=3050045420&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1686867225697%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetdc5075c3-0999-4ad4-a2db-d225ee94040d%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetdc5075c309994ad4a2dbd225ee94040d&sc=1&cdm=ye-mek.net&abxe=1&dt=1686867226379&lmt=1686867226&dlt=1686867225218&idt=614&adxs=315&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=doq5h5n5fnvq&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=996x0&msz=996x0&fws=388&ohw=1600&ga_vid=1164401128.1686867225&ga_sid=1686867226&ga_hid=372826235&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075377

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8295852ad7bdcca485615bd4374ce89f8e7d2b3268b75fbc200529223bc185d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10631
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame EADA 23 KB
11 KB 301ms
300ms XHR
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=456909807881205&correlator=1301202720989499&eid=31075377&output=ldjh&gdfp_req=1&vrg=202306130101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=6&adks=2157304621&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1686867225697%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetdc5075c3-0999-4ad4-a2db-d225ee94040d%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetdc5075c309994ad4a2dbd225ee94040d&sc=1&cdm=ye-mek.net&abxe=1&dt=1686867226382&lmt=1686867226&dlt=1686867225218&idt=614&adxs=436&adys=2027&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=fshb60aszzvv&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1164401128.1686867225&ga_sid=1686867226&ga_hid=372826235&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075377

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

98d410fc0c96ec6d8dc9120fd0fc244390b0292bab05412336cdf110ae719e29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11128
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame EADA 39 KB
16 KB 396ms
395ms XHR
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=456909807881205&correlator=2543756732907220&eid=31075377&output=ldjh&gdfp_req=1&vrg=202306130101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_ust_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=7&adks=456810305&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1686867225697%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetdc5075c3-0999-4ad4-a2db-d225ee94040d%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetdc5075c309994ad4a2dbd225ee94040d&sc=1&cdm=ye-mek.net&abxe=1&dt=1686867226386&lmt=1686867226&dlt=1686867225218&idt=614&adxs=436&adys=751&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=nvz27hdbvvql&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1164401128.1686867225&ga_sid=1686867226&ga_hid=372826235&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075377

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4c9e69fc66416688824527064b028ed03b18ce5e446dbc3deba6228e9c41a3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16257
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame EADA 34 KB
13 KB 313ms
312ms XHR
text/plain 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=456909807881205&correlator=82494975888790&eid=31075377&output=ldjh&gdfp_req=1&vrg=202306130101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_right_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=8&adks=3203893797&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1686867225697%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnetdc5075c3-0999-4ad4-a2db-d225ee94040d%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnetdc5075c309994ad4a2dbd225ee94040d&sc=1&cdm=ye-mek.net&abxe=1&dt=1686867226389&lmt=1686867226&dlt=1686867225218&idt=614&adxs=1318&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=42wdykbsm08z&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=1164401128.1686867225&ga_sid=1686867226&ga_hid=372826235&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075377

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a3c84de160fa22e749817bfaf1aae8e4f9016b215b33bc0b3a1bd1c56a129b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13683
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame EADA 15 KB
11 KB 57ms
57ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230614&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b5e55ab86aff99a1d6ef13c9f0ae6d3e3ad3e6e6baa6141a0a1d42beb0d678aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11327
x-xss-protection: 0

GET
H2 200 container.html Show response
9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C3CF 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075377

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 22:13:46 GMT
expires: Fri, 14 Jun 2024 22:13:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame C3CF 2 KB
975 B 40ms
17ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4f393315ffc75417c9c350e709bbcca2d2e9d5640fa0925b32088ff1ed6c84f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 15 Jun 2023 20:29:39 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 15 Jun 2023 22:13:46 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame C3CF 2 KB
946 B 37ms
8ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:39:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16456
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:39:30 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C3CF 0
0 57ms
56ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CHlGjGY2LZL3iPOKT7_UPyIW8gAzC0dqTcZGIuaPVD9nHgLKhMhABIMCygmtglaKSgqAHoAHZ0uTPA8gBCakC5Y0av6Fcsj7gAgCoAwHIA8sEqgTYAU_QmjE9VCHdiACYO6FswUCHwH_fU4bIpTDuWIPX-v1CJYZJdCt8J7H0pdGKgekPK8uO3JujSZFb0zrKD97IrR75b0e_aQLyXTaQeGd9mLLckK3ERpmt8YMlwFHwEMdddoyyXOWEtReUZbgkqeNOTIb8Ly8vExxYxFS-PDm2uxO2iZX1EUeqXIGfvKL_zL-HrUj0Grw411LkUDo2XkfURMaALxf7sOGEdQM7Avbyst9rKdMT7c95W5j5owcYHalFdLRrC8f1VcUI48dAMYnixviN3b--cmuLYcAE7rXgzvMD4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB_H90zCoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAemvhvYBwDyBwQQirEB0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOYAKA8gLAdgTC4gUGNAVAYAXAbIXHgocCAASFHB1Yi02NTkzNTIzMjEwMDEwMTU0GOrBbQ&sigh=RMqukzywusw&uach_m=[UACH]&cid=CAQSLQBygQiDbvwjFcqo__bnjByzB7wz4CPxD4ZjLEU4Gzhtm_wUyDp-1EiHMpejrhgB&template_id=494
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/ Frame C3CF 22 KB
9 KB 35ms
8ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/abg_lite_fy2021.js

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

854f47fda466ed9d7e0d438a80c3f7049575d373d5887aca71313da2b795c739

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:39:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16456
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8931
x-xss-protection: 0
server: cafe
etag: 12022837384336330993
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:39:30 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame C3CF 3 KB
1 KB 39ms
13ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:39:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16455
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:39:31 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame C3CF 19 KB
8 KB 33ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:39:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16456
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8120
x-xss-protection: 0
server: cafe
etag: 8171891181101138299
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:39:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C3CF 178 KB
56 KB 110ms
51ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Jun 2023 22:13:46 GMT

GET
H2 200 9c81088c85b4e7b59d5cd8ce7f87e269.js Show response
www.gstatic.com/mysidia/ Frame C3CF 32 KB
14 KB 60ms
15ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/9c81088c85b4e7b59d5cd8ce7f87e269.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1255c225e18e01faae68870c17c44c85368bf6c4120d0e674615f7a9ccc70d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 09 Jun 2023 22:02:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 519050
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13708
x-xss-protection: 0
last-modified: Fri, 09 Jun 2023 21:46:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 07 Sep 2023 22:02:56 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame EADA 17 KB
7 KB 71ms
47ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 15 Jun 2023 22:13:46 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame C3CF 31 KB
31 KB 49ms
15ms Image
image/jpeg 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcTnUNZ4TUClrmvbreq5dRszKPPsHA9YaDyHmyOmerVfKqnjV-ojV-6H3ntmSg&usqp=CAI

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8725ac174c3cf47211755e0845c2f14608a50d13fd5e38926d47f50df7d01607

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 18:19:59 GMT
x-content-type-options: nosniff
age: 14027
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32019
x-xss-protection: 0
last-modified: Sun, 18 Dec 2022 02:11:06 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 14 Jun 2024 18:19:59 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame C3CF 33 KB
33 KB 44ms
16ms Image
image/jpeg 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcTEcclpSLkhWc_ElflUauvOkcUNo8UZswAaAS27WHi27ZSOJ5s&usqp=CAI

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

041eb9735c498d0f7d1ffb5b159cdc3776591b6ef9055662a9c8c366945714a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 11:43:09 GMT
x-content-type-options: nosniff
age: 124237
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33932
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 02:21:22 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 13 Jun 2024 11:43:09 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame C3CF 33 KB
33 KB 54ms
16ms Image
image/jpeg 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQbAvLr4Awyl7Vi0ulVDZ9lPOpwKG3CHuBA5qnQj9jHuMNVK-Nkho1_Jxvb9mY&usqp=CAI

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

157d7c600d20ebfa7b18c3baea166f0c31d574bd796790b6ba85d4b183ae9fbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 18:14:02 GMT
x-content-type-options: nosniff
age: 14384
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33653
x-xss-protection: 0
last-modified: Fri, 14 Oct 2022 04:36:14 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 14 Jun 2024 18:14:02 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame C3CF 32 KB
32 KB 36ms
8ms Image
image/jpeg 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcTm7PkNrS_-a3xKcm-pBT-vYmhMuze5G2TB-U-XuiElgOxGOtoG2HGgxR1SNg&usqp=CAI

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7fa8ca78c5f1108ceddb6a05a5487ff5b8e810d0b58237643937d0f7d9616970

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:58:57 GMT
x-content-type-options: nosniff
age: 15289
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32330
x-xss-protection: 0
last-modified: Sun, 16 Apr 2023 04:19:43 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 14 Jun 2024 17:58:57 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame C3CF 28 KB
29 KB 47ms
9ms Image
image/jpeg 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcRJ92NzrEiuhxuoTa_F7Bvz_N4vH0tLP7fayvbNE2eCKgW7kK7c&usqp=CAI

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e31c749d5758d983a69c28c8475100a27b5d12493bc8823fefd31b27af5aa76f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 18:31:12 GMT
x-content-type-options: nosniff
age: 13354
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28738
x-xss-protection: 0
last-modified: Sat, 12 Nov 2022 06:58:15 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 14 Jun 2024 18:31:12 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame C3CF 22 KB
22 KB 57ms
20ms Image
image/jpeg 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcSOH7xpownsIyBnjBtXNFl6MsHQBGnqZtr4oL4BYkZ8w5SSirg2&usqp=CAI

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27d45cbb2b062f651792ced980698de4255b9e3313d84e234ab63ffd397a5322

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 13:02:11 GMT
x-content-type-options: nosniff
age: 119495
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22834
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 09:19:16 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 13 Jun 2024 13:02:11 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame C3CF 28 KB
28 KB 39ms
8ms Image
image/jpeg 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcTvOCZCny6mcH2eg-9Peg_9CwSLSkmxHeRJDXz96KCYJy5pFYTFzlv39yIBZQ&usqp=CAI

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ede2e50e331f20b179c02b5f6afbc30be0d3dfb7b4b23f6c1db9fb786d6aed8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 23:51:01 GMT
x-content-type-options: nosniff
age: 80565
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28522
x-xss-protection: 0
last-modified: Thu, 27 Jul 2023 06:01:22 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 13 Jun 2024 23:51:01 GMT

GET
H2

200

1214661526530726722
tpc.googlesyndication.com/simgad/ Frame C3CF
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKC3pPzvyAEQuAgYuAgyCP3K3VapmAd5
https://tpc.googlesyndication.com/simgad/1214661526530726722

40 KB
40 KB

9ms
8ms

Image
image/png

2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1214661526530726722

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b9a744b9f1f0bd6236b287352d771297db879a7e757bebbdfc68b1f02dc22de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 22:06:20 GMT
x-content-type-options: nosniff
age: 432446
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41048
x-xss-protection: 0
last-modified: Fri, 09 Apr 2021 08:30:49 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 09 Jun 2024 22:06:20 GMT

Redirect headers

date: Thu, 15 Jun 2023 22:11:28 GMT
x-content-type-options: nosniff
server: cafe
age: 138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/1214661526530726722
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Jul 2023 22:11:28 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 066E 13 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 49099
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 08:35:27 GMT
expires: Fri, 14 Jun 2024 08:35:27 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame BE1F 783 B
1 KB 40ms
18ms Document
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ad979399a6f4a784764fabf153ff7728f2cf56a876627cddd3e272e8cebe9e05

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qxrHZ39og1jknNaJoSqegQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-qxrHZ39og1jknNaJoSqegQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 22:13:46 GMT
expires: Thu, 15 Jun 2023 22:13:46 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 _gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js Show response
pagead2.googlesyndication.com/bg/ Frame 066E 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/_gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe02c6f5a37c72317bbd729b31e3b19ad08e8ccf0f22c2553f3417353d9d63b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 08:34:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49177
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14773
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 14 Jun 2024 08:34:09 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame BE1F 0
0 40ms
40ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230614&jk=456909807881205&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame C3CF 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb840eb3e3c8d008226b2991872a22cd79d7c72fab1e8d3597d8d0b687ef418b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame C3CF 20 KB
21 KB 58ms
15ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 05:48:51 GMT
x-content-type-options: nosniff
age: 491095
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20784
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:21:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 09 Jun 2024 05:48:51 GMT

GET
H3 200 _gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js Show response
pagead2.googlesyndication.com/bg/ Frame C1A9 37 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/_gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe02c6f5a37c72317bbd729b31e3b19ad08e8ccf0f22c2553f3417353d9d63b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 08:34:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49177
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14773
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 14 Jun 2024 08:34:09 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 066E 0
10 B 7ms
7ms Image
text/plain 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Mibxrw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 container.html Show response
9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D62E 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075377

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 22:13:46 GMT
expires: Fri, 14 Jun 2024 22:13:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5122 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075377

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 22:13:46 GMT
expires: Fri, 14 Jun 2024 22:13:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 27F0 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075377

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 22:13:46 GMT
expires: Fri, 14 Jun 2024 22:13:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C337 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075377

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 22:13:46 GMT
expires: Fri, 14 Jun 2024 22:13:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 47ED 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075377

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 22:13:46 GMT
expires: Fri, 14 Jun 2024 22:13:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2DB5 624 B
242 B 22ms
19ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEYz62L7AEwAQ&v=APEucNW2H73CKuoOh2bgyuQ8QthzDxcz1nHnoD_iDYLA-IW6nGRAzJo-gypNMbBbkNLXRWY_u_STv-yJSbXkUJ_43R5lRc9qzKlbpRB_fhPAZmR4S3GeLmMDVO7tAXd5Lz7hUuUkLfP7M0VrM_N2JtTZXSd7DCYFj271TpSxO6iVAy70r6ofNC0

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 22:13:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame D62E 78 KB
27 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 15 Jun 2023 22:13:46 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D62E 42 B
63 B 44ms
42ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BicdvKLgxRYeiZOV934JzgwCnfPnUtcY23kWWPdjswnPZc7C2g8wqb6j_6w6e_kHFKQ7hASHes7XodwZCZZFn_be9U3V6v7vXlHFRNmreaN4Ygdso

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D62E 0
20 B 44ms
42ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=7913394521251740298&x=1&ct=76

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame D62E 3 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:39:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16455
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:39:31 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame D62E 19 KB
8 KB 12ms
9ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:39:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16456
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8120
x-xss-protection: 0
server: cafe
etag: 8171891181101138299
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:39:30 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame D62E 0
0 17ms
14ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTsCUnFa5duc4qO4hPZzbduvJ2oOmcuco0zMN41gyVsnF_UjZxi3JzA6BRdbNLpVzwFYwdM8t8jXqBclCugiqK_KAslwA
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D62E 178 KB
56 KB 33ms
30ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Jun 2023 22:13:46 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6F43 640 B
262 B 23ms
20ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4no4gEwAQ&v=APEucNWs94VGVIzhY0RNscSCpeJoPSAmG4dSKhy-lMoqsTUbTsYGSXpJk47h4IKD63c3gQohwVzuECz91U2bsDWFMHNLORwYqPPrjX6h6vtJ3RKatLyAZJpOQBTOB1fy734bsE1785gkcLIAVoypbNZ_ZQ9CyOa-zQUDrayOcMYIkAHMmegdxuw

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 22:13:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 5122 78 KB
27 KB 33ms
30ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 15 Jun 2023 22:13:46 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5122 42 B
63 B 44ms
41ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DeJxPFOnE98MfaODZZfIiiAXSkvCCF90iwqBpNrQu2usOWec5Xwov47G800tkiULcI5Hj7eBZcwmujs56DtA5qffpx4Z5UXF2GmGB58xq4ypg5N7E

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5122 0
20 B 44ms
41ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=12035958757863162579&x=1&ct=76

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
fw.adsafeprotected.com/rjss/bgd/1352960/70224197/xbbe/creative/ Frame 5122 253 KB
77 KB 150ms
37ms Script
application/javascript 52.31.224.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bgd/1352960/70224197/xbbe/creative/adj?p=APEucNW5q_G8hIbLWmehTiKKPN6Ac3moJXXJ2u8rNvh9kN_Zmb6gOUY&d=CokBAKAmf-CDSTp6ebVaPw1RFmGub3VYYZtvh2IzWSwtqGivKwZBXmV7_mRwXbW3Ob7q7Ew1ZY_hiXSdMHRvm-lz4NT33LiH_wJKXXr6oDWEMy-ZFdWiL0XMwoAgbvNp4_KC3I29bcYk8VpYSwW_h9SEUA6XS9LOrsQX_-5uMPuF-I8BoAgEEvaMk4USqRQAoCZ_4N6j0BbXtBz1sTxUFM2v-jKsDhJtqTn9Zb5lcxIuDrNhuLLir8XdJfbqeiGdX0hBHjTfWc31od4XCduBfsuZwVTPAjLAEUq8bAU8OWDSOKqhI2r31s6FpPHy_vtGD4WBTMuTdfLRGs_7s1U4PkVVLYp5ixWQVzOhvW_t6v6GyvDIc_ULxlBtLbUC_WfmXyml-dZTNBIZWauezifZmZUO_Jf-a6XpsnXeo_OVByQnIssTF8se_VwMS46tbhAATAQhBdkHAfrlE1fhthNtjM9kgI74rCNL5d4kp_hXcx7QL3zEq6ShIgG8x4yDmJR4kU0IIPeGq_881gy48OXG1C_jHdgSLF8G2-8ieHodtb3jH-odF9VOt66Dhk3o1Aw2h80LO6y8GbED3rdoLiQ90PnRsFo3JGxIXNLggb2dx6CRxuOxiihBcMdNBKmtEXj61TWWLv4K4JcZFG85Q7t3O8d4jPEHZcec77-b8LNgRO7ynEokm_sgEJ_xYstSirujNCMSLP91TMY4CTu3WQq3C07AuPbl-3gfdJz6HsvSBIWzkYIXzzEcShM3WqUkTh7xj8d97_5JphUlAzO_XGIxEJOMY2ioGDXe6opGZGT4m88GJov6MqWIJ2e9ii0EM_-6CZRrgIQX-B4_T6p1okBd7F8WmomI1dfCwxODu8RMWWt5XfkuqBwMMTgLbOPVwhXjkZ4M-xtS5EeetOl7Tg90tYNT2KRscsme3cIPU1EVQ4F0LIcQITpFVBXUEMJ-TnBUs-CfW-gfoQ3_xEy-mO_MKcJvIlAWU_8NS9dJQ-LbESi-Szjcq0ljovgSqS4GWfMKhNTw_20l9xGtNO7yd3GQfZbVDIL4Dix2_lYhIUDMLziKvdlNrkeuAyBmWHlEriSd669uucYy_ZDwIFP_bklE0C_MnzM5xg4Fi7VrGLkIy_9nFJMukfGuRCQnJJdfVjTDAAZnfYVgOSozCg9cNZa69wb-KpWlap6q5jf-x0XK5SJRh9--S23f6F9mwix5KvWBq7LMlTLhoiJg4k4awbYYbG8VYLI2v10eDR9ny5rU1tlUV-JLgz-ybQkcRh029Rgub-atcRVM-y1lZXFrpJYKNdEyaZa1mn7YCYvkH-RFINMT8sDE9YoUrCz0TQqmEtLEWu4NfdJPteDRvUHqcvsx8QQPqFF55kUdTOyo01y3VBo5JPe7hX2TgaGU6DjD2kVRMIEm1MXBUC40GUSqcHqj4ILn5VHMsJQQsuF21VUIvvDQAFQwGFuEd5DCt7ZvDU-031p4V7qTDIv1AoXkgvJ-3m5chfCmbopTncCchybdoS8QBAlREgEUH8YCdvw8JDHc75Myz_coV2o_62NKDKpM-VvsOFg22A82DEoJgR0blIoKSCeV5ptk-TZZ6wrtH9mLyYtDU4IzoCrXnsxnNbh_J4xIMbCS8a0cnxnj7jW7u6VDHZqycDLRCGwLCQz2pQfelxXTF0DKQY7kAP46l6nnIxpeh5v_c5OEnAG0-LtqAcMOiGSIY7-bhMmtcr9AkEkEGf9vF-k-pQfnH9Eaz7H7s60J6-ewKwUIU5ufe4jGYtT6y0oJkokxFFPecJNc5a1S-UOAKeke-rKxrd2mygX43C9QSxkP9XuVCJY9FoGPxujJaDtPA9ZElb9xqAqbkPj15I2K0yFrP8BDWNHZtfRD0WxOfLBYmRjBu7FJZe2BQQwLATtrVdiMZLxAsaK4AeSgvosF5WlO3rjcR9cQDOdPiw-juT9PBXqW4Hjjpph3jS7VhrDR97KV4RawZO_ZnMJn5d6SSMrhgpeEt7N1546D2NW3MTuNal_9rCTTMA3LJKQfQFzirW2NuELdHe1pfD1n2sTCKex_T_B40dI4WCVblCUrRf5pK5tI-cNe7-xqo5WiB6QpC9-1xzq0W59wFVzk2uF8rRu6o0DdGwDQDAdv2-PtYD9c-xAlMx4hZ8JgVmJDU-QO1hPKoz4veaxgrzxeiY02mpFNeiUT3kNmoJq-w1a4dVFPYFqUzaQwZF8mxKeX8nwP52Y2DOFmm8lfZRGoS_o_bY6b1Q8AkeVAmXZCXWYRG3E4ilN6Ajltcq-suUObVMX_p8xCOgU2EoyQMvQYK_5y5LlV-tK1GWAISm0FYas4eO2eOB38JyNLseViHYewJ7Js-WX1b9524Vnjoh84T5158UxVqXkN2BRM_lJIykUns6AclRZ3tx6eydqjFMpQxPNKfHXbJTqOQcKoSuTRhiQJymeieFkn4J6prxa15XPi7KMBI4PYDT0-sHvmk48eOFU0QZSVlygCGISJPXfb2dF-wjqnYsXRYtwp8LvoSIswxBoX2S1F2hliMD8UlgXEEIEil2SAvZ5p0Mkj2VAmr7MhRGxq6Vq2AneY353-A6nTeIOgY9DOh7djmUPS7a-sWBCQIzi729V6NnNvqsBH56mnP_A7DTfFqdh7EfyS7lrVET4fxTjinzFGIjP-OhMUbojgmowVQbbil9oc39uYsf3V9U6DZlcnzPHdCnKFWq9fksXXCSO6OoQKFqCPGwnJTf2Jn1NClmmuo7APpESJsnz6vB--hnENMIlAZLRkm-x4dHOHot7OV8gKcIuel9hy-3SlwwHTHxTHFAxS3y31WM_czx-0Tt7cvilKATL5LqFu6kE5u-ZeGhF1w8OX3lBbqFU503nINjfwJCtmdcymoqZUhIP1tpLSLlA9R-5RMDKTTJCrCVUwiygnWOcZtO749QtbQCl9T2BNWHS6-LMBmz5LvLUAzcl7KzIcAj7GGpdlCCWY4G80Hv8cbmv3ePDqiRW70MaE4B23xQmziWuI5-FDwHsfh_vHpc6jhQuTndIHJvvWU1oaIi4O0gzfeg15LEiBQPPnxt6YP-AfyvyyEXyUNh4TO0Ypavgddtq-uW2I0wdTVSYUWkLpCl8WLsVwmoWjl7FUpGpst8xEOHMC_rI87WK9EBZrVEIVTvzChQ5k-YTnnJkc9A5cHCb0uDlvOTqDM9hRJy80Vfx-Itj9Myg_U3TNreLm4moWczuAR1cAmNx-7SydbSSPWAByyQ2YXs0Qu-U5NrOQtHQ_JKdPkzZzy-oOGzriMqsQYrofvJ-J7353Fp3UN2tPtdUF5l2x_nShDpNKOxm4o_69CTv9CQ1bxcaixYNN9Y8BbqFNzoPu8HT-LQAedPByejF2KNP59IF0f5SGjJrPpd41EM5lrfz9o_VWV7CS4NndLvjepWUr4v8VNI4omjwCzEJ1gy3MjnEa3e378zKp_7uTILBh-My9vrZW_sXnKwdpN2BtgH8rmoBdHD26yell5OC_KNCsXj2V3BmXU8X06GJAj83mvswWBZZFs5AdWPCkm0I-GC4Fd7ETx-Jvs6mpMh10KNHdXP8n3AG6uZuS2nvjuitjK3dw6O3CmtIB37BlLIj1Jp0QxPCd-laj86FbbeGHwx3-DhStLWG7A6RzGfTCpZPgtYi8D3bKPiQaQQgEEjsAcoEIg84qAUWrFg13YVfwPK3Wcdg8_ZMjeU8mb4QvsT4nNWwzujzONmMuyA21ZmK-VTcts3M3XDhhFBgBYAE&cry=1&bundleId=&ias_dspID=3&ias_campId=25458251&ias_pubId=pub-7983651257838282&ias_chanId=1&ias_placementId=18513634021&bidurl=https://ye-mek.net/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0jiNUqV0X3tL98KmpQzs5bK
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.31.224.54 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-224-54.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e9ce2d80642f3fc19499ffce87f1eb72e4dca888883b42fafa2503a6973a6c82

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame 5122 3 KB
1 KB 11ms
8ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:39:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16455
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:39:31 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame 5122 19 KB
8 KB 12ms
8ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:39:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16456
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8120
x-xss-protection: 0
server: cafe
etag: 8171891181101138299
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:39:30 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 5122 0
0 21ms
17ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSlVCDFj2QEr6hVfXDuzm88Ce0yZiLpczVbyeQLtqdIooDiEVf78WfjH3TPjURzTMZuEi3wABLEbPU9A0Oxk6hDDJkboQ
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5122 178 KB
56 KB 65ms
61ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Jun 2023 22:13:46 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 3499 640 B
262 B 22ms
20ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4Lo4gEwAQ&v=APEucNVytZFeALAtdfo7Az6_j8CQxJBveglsicc42xzIv-Smid0_DOGLoJHsAPEru8_BXAkJspRhIHhooYPrEZ6lBOdXSr6alSWwFGk5tVvQ4-ouarFg3kzzAXR6FAVPtMmiUDFxd5qhv0mrrJlpI7aMmLc_UIdPoif8zlFEfs3UnRDWSAwgcas

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 22:13:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 27F0 78 KB
27 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 15 Jun 2023 22:13:46 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 27F0 42 B
63 B 43ms
41ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DYZENpRlVb_ZBhKpfpCEhRfgFI6lsXulrS57JinVsvoOPDjnQGwqlzA4GsIZboAuAFqcaPo7nYHvFSOoaJG1lRiWOjL94O0nVHnTs0CFnv49OovCM

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 27F0 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=13364904021248578314&x=1&ct=76

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
fw.adsafeprotected.com/rjss/bgd/1352960/70224255/xbbe/creative/ Frame 27F0 253 KB
77 KB 145ms
36ms Script
application/javascript 52.31.224.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bgd/1352960/70224255/xbbe/creative/adj?p=APEucNWkcZqnkVmkesuUrqsTnH2tUrghoQk1-YLL4wGGgy8azDUzW5Q&d=CokBAKAmf-DfQ5tlPF7fVM8k8DFerrrAZ8goK_3ZbmF3PFClNE1KeYCaBAFJZKRlkp4phcgSMrECuX9384FpFYgrtpowGQrzpdRpCgv9p0eWHhL0zYazQ7XGF0Nu5FEo8tJ_IVt4Xmrz9pkchmEo_YEamV-6SNjKYtNivMA8mGD3cEL3pEmKdPvqooMSqRQAoCZ_4DeK8oWQfwwdXO8ESzjYo5NTtLMH6QTpKtJB_GPNBDYdPCWrMhY4FpM1RgEilWFBa0w4Lx8s_pXQZbhEW-iKOK1FmH6FSKI8ApgmIeE39tqbs24PafVr4CvfgiNzucXGZaFpionomLruwyhvEzeWkRvaTI-JWXENCHXximn0_aoWNAArO9JBR5gX0puGd9ky0nUj1cmVhaCJOdKawtJcFLHUJ4XQwmp_veaBHLZc07mOhDybNTQvzstP_lcJBYPtlVemEBF69KC8vfAjwoLXM1lJNYdWCmhrSIhRrm10I1ebtvA9tfQoBuxJLC3Zy2x6-E_AQQ8Mt_UtIEXPn1jquamTh_udz49NRGmS0nLCeB8ychsCSxWkQhHE5vEMEkWpYCS3ea2RDm84JFXkfHJymTjNilTSgnIw6aw2xg8xeqQdbtjbkLkJ7-q28sSbBDSLySPX9T6QJyzra9f8rgg45eM29jnLgot-9gtev2q4_Fa8ks8BrF6du21GTykmIwjlsCjwP9dDu4jymyc8Rg8WbPoXEbIJlz0c_UQJcoLZnvJ4DlmNdA9fGBr7_IUANiUaBPWTU5fhpokkoqzEE3Phr9xqtV2vWS8sdZ7iskaFxeAxwFMcsUJBvaL5Zihtf-mENxZL9LNg9FVq9f0xkpjLEoE0-ngj0E04mhgxidRKSJCS2YPX2tzuTV0jRKZEmBzg-x_UHVD9geLe1sjRj9zy6c6K7dE29GqNPHiMmkXEd81LLI79nu6A-coTblIe8NGP44rJpZMK1tc-FN6dMHmzfI2srk5uKHr6XGDXpWG5cMs6sL_w4ZNSWykDP-z2JjyVtFY4hox17Csz773uhgTNC366dDaEnW6cITjug56FnloUThcWy-0G_ODn6cK3UldKbfGaTKZWDGONGlf3KgkCGPO1jnzDhLKjnHXQCHtLHo3ONDcCqyLu7JMyVgpsIIa1CEAKpOcVgmVZqf_1vBHMjNzDM6grR5jLGeUPEq7DAOosFcBH-DHcHCbMzA2-L0KFh0RkAgoHr07i_BxhcxbxZPwzmWQJGIpNdXk5w2f08DvLlIY6neZe7OdlRtuBjlW_9VcYgb5qdMB76OU28Y8Lm7anaPVelLWa8RTO0PW39Omkv6hEcYj9Bf0Im6xuBgb_IjoOF_NuKyULNR3As6T0eRlNmX09UIWQTcf4yEfZKS2qLzEkIh2HxcJ-KYpMio-glyKe2DSsaUEfTNrY7vrgDi1zjQ-PSq6oFtH-su9sx-aIkN0pykJnsRSuoVeM9asYyDdFReMHsK8Qx-VqWH8aBzT-D6FmYK5lo7IY-cFlnbUsY6_96qmLIyPLlptxLEmAAJCwEblwA865t_S1KrB_UQf13gQUNHqvCl7k6ykRcFvmzu4-0R4Mim_7xSBu4-dFit_LB_D0Ve9KJAm62mjAiKn5RMXJgXhlWrQUaAyZUyR5KbWMAzWWqcE426VZM_GiY7uh7ZB_igcJFeDXjfDmvlh_sgJEGPOS6wpAXpHnS6flKa7hCmwGL4bkUDRqS1OQTCxpnmSqpmVT3pmbHjtFYiqq3PE5Bk5hb2EUakL4SSwFA3JKxw41Lcjwnq9nTviya0rKngfGVi6t7QxFNujBp83hIenxhv1bNEu1v5ZrQoes6-5lBM6VQnOvW2k7VwS4OIi6o7zbQFX7g1bpax3hemvpuMhWnKFlpyTSVu5NmsBPgOCg4drUeV6rU3cWwBwgtxpwudRtDCeVlfzm1gE4AwLOwb26vgTNSMQAc8owdgMKlHM0851E73G16AaOL74XXt61gcqE92b_wetsvP1gISuu-slrEAtHjfcOWCZYg4tKB2TvNGeGPh9IISCtdZZzGRkjaRqA3LwTrkYQy9sYaMSRkxtxsavdONhV6ZZctzTtGV0sFePCJFl4FHw6U3HXGo4u5npVloiD7nNWo6s8bCaphCIJff-yNibpy_sqe-ELlOoarKiSF53Q2FzTSihsQ4-qQoZByY71D6xGl8tunoZwtsxrOWYsFpGD_xlKAelFCPk4WdNfibn_iAH0qs5ixArS1Oh9Mc5yKsi7AA-w__QI9bjXND73SrjUEzZCGRww2srYwk84bFsEPTvEzku79oRy9smB6-SdsuOLq2gkCi3_3xyY3UveKVOi5qFQJmW3wvnikPWvwbwrBM8Nhy4b1VpPvkkFfHxfZLYYizv2Apj9ufjR8cgDXlnHPWoMqnul2XN_xQg-J_tay0jrMEYyiT8tnjUv46DyBU6zlX4htQM_JSibWbcEweGHYCNcDnff78Q39vmQwg886ZVqf-z-KVHEKrgZVrSQIfJsw5LsMU4FtKuS2rnul6iG773tfHAyF1PQrLIm2epgnQAPdbXpC5WSDQsNIbHUZF5uHkqIteFrfw3mkqbaXkuzxqADpMP1HcH908YLTBIWZEN9sHMgB9MZoF_Vc2LZoiH1xZKHZzOuCjr4-Ki9B7Te5i7Pn7AYF-lqB_WVKodqW2MGwiM8nEmNqnVKm0_LYrvt1c6KvzZHJYLbw-8aO-wk6QBzIeZLJ7ep0Pc1ohg5yLPqnzsJRoNexcmXyYu_zCVfQpXmpbUhl3pJWjEvPd2RqaCp0O97-h-9mY8lgdDZBcoT-FrSsdV2FzcNyjg4qKw4XQONgEAJb8_M_m9qmZMAEqfNvznK9tWUDp6HaqBIAII-k0DCobVtakGikx8mA6v0M9uUrSqN6HF1ZhgWxSfUn7D4Wm8b-e585PXUNPZ5TRFOHIs0SIHzgD1zZTopin4vHC02lQRvamaJ0fPbgfEsZsGg18Sled3WQbzGleQZ6kya381X637bp6HYYcKSqHosWD6gZmHvkI0Ev6dChC5_l78s9_RibnnY3SIqbsedhb29cxngD7vkdvCcyy2Q1aCWNyt3IqG7v8p7VYFqz0_LlCfrHg3AILHloemkdhQbfBc4joZmytnG2xMc2_mJXfJNY00-uvQ1n3rgi6lkVBgCtpzZBwUcWA3YPHjjX-yGwbTn2GvbC47JIXJdifEcjFwMLhBy6tOjRisrDuxZEsRMv2uaDMsvusfyKVS5mrdU8C8Nm5ebKlNV7ZFQytmX32KchxEMbo4bZmU0QlrrWPP2WUpQUEuhHAhmXjawUbzngvkKZti4Zi0qWHxIDRdU7ICobJ0JyXn4yCP_NYx-KXjFM4BUFhpIa7OXj5mK44zF4wZqNeMwaKkwbI56QPRa9LKkEmz2xbUgCU3JTNqqNtXHeBCY_Tzyl6v3DC8RWgK527CEcDvKFSnu_14EurJvMfjiaC0e_EMicLRvNvPxm9nnql8iPawefMrHm5eNb8XxKdaFM57ACiqFeBlTPlrC7XawVQomRsVrX9gA0kMNxGg7OzuNP4fipIaeKxYeHDWnEb85vLcs3NiQeAVEwjz-XCM3HZ7iNrsovEV0035sTcHOf3SzdIPHYT02wmkQyWF-QGWGj3pNaiYkk4oaQQgEEjsAcoEIg6lCQNRkG0TexMsucctSixIMiNRXdCy49SU-wOhBAIWSTa2SStBqOvYK9W32ES9CxpEV_deeNBgBYAE&cry=1&bundleId=&ias_dspID=3&ias_campId=25458251&ias_pubId=pub-7983651257838282&ias_chanId=1&ias_placementId=18513634021&bidurl=https://ye-mek.net/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iAjcyzvlIWtUhMS89eTIKW
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.31.224.54 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-224-54.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: b25ebe4576f6a7fa46c6ff7010c53f137c1b635d378341302ea12badbf9fbacb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame 27F0 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:39:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16455
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:39:31 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame 27F0 19 KB
8 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:39:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16456
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8120
x-xss-protection: 0
server: cafe
etag: 8171891181101138299
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:39:30 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 27F0 0
0 18ms
17ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQzYzPRLxHq52zRm67LibbYvIiM23hrvub7wAKKSVeqyGC9qNadW7JRsVRxW_YxvKaYKlnPCXYwiSyaoVNCWUek59h-wQ
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 27F0 178 KB
56 KB 61ms
60ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Jun 2023 22:13:46 GMT

GET
H2 200 5ed7638be4b07a92411bbffe
ng2.virgul.com/tck/imp/ Frame EADA 0
209 B 498ms
45ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7638be4b07a92411bbffe?g=1&t=gb&r=153366@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1686867225697&userId=vnetdc5075c3-0999-4ad4-a2db-d225ee94040d
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Thu, 15 Jun 2023 22:13:47 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0086 466 B
235 B 23ms
20ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CODOjZADEPD565ADGMGE8eYBMAE&v=APEucNWmVhX_4qljaCcnGaYnVOOP9Rj9qkfiKonh3HV-ZvDH9OqpTzvsY_yOu6lO6bmvpvt_VzXfbr7xaYkMh1AeinJb9hNdK27V_KbusGLIjAvIGWAiiupaFmPtfY9cVBuE4kf_OE7bi1MiPK3F9hGH_XkMyHQIUpJJ-j9aUFMj-1JjbdwdUVA

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 22:13:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame C337 78 KB
27 KB 31ms
29ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 15 Jun 2023 22:13:46 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C337 42 B
63 B 44ms
41ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AoVQM3S42yVcUa_oiKwF7GUZ2uutxFrqOVp51p_iHQ8TpsHDE5emb5IMhxF5WAX0_NPmKE9C9OvJFX_9hHoi-EGcPNJbXpjpQrQafjBm3bd_igmfg

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C337 0
20 B 44ms
42ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=9608998460487781594&x=1&ct=76

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame C337 3 KB
1 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:39:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16455
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:39:31 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame C337 19 KB
8 KB 11ms
8ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:39:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16456
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8120
x-xss-protection: 0
server: cafe
etag: 8171891181101138299
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:39:30 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame C337 0
0 18ms
16ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRpZQBqpzudk2MvflgsxVvz--CoN8_UHz-81a2c_EtROI1rU9qfWJivkbIhDXmgWyc2NBKZe-FooPmoME-3yD3_qGmB9w
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C337 178 KB
56 KB 43ms
40ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Jun 2023 22:13:46 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2DB5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJqyAoRspJgtNiu1XofO9y8&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJqyAoRspJgtNiu1XofO9y8&google_cver=1&C=1

43 B
632 B

9ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJqyAoRspJgtNiu1XofO9y8&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEYz62L7AEwAQ&v=APEucNW2H73CKuoOh2bgyuQ8QthzDxcz1nHnoD_iDYLA-IW6nGRAzJo-gypNMbBbkNLXRWY_u_STv-yJSbXkUJ_43R5lRc9qzKlbpRB_fhPAZmR4S3GeLmMDVO7tAXd5Lz7hUuUkLfP7M0VrM_N2JtTZXSd7DCYFj271TpSxO6iVAy70r6ofNC0
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Jun 2023 22:13:46 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Thu, 15 Jun 2023 22:13:46 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEJqyAoRspJgtNiu1XofO9y8&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2DB5
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZIuNGhYoGw2jzSUYwPdRFgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK65ynRzwvnL6owwv69tivQ&google_cver=1

43 B
632 B

9ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK65ynRzwvnL6owwv69tivQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEYz62L7AEwAQ&v=APEucNW2H73CKuoOh2bgyuQ8QthzDxcz1nHnoD_iDYLA-IW6nGRAzJo-gypNMbBbkNLXRWY_u_STv-yJSbXkUJ_43R5lRc9qzKlbpRB_fhPAZmR4S3GeLmMDVO7tAXd5Lz7hUuUkLfP7M0VrM_N2JtTZXSd7DCYFj271TpSxO6iVAy70r6ofNC0
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Jun 2023 22:13:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK65ynRzwvnL6owwv69tivQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 2DB5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEMnys_QL1WZpizgsPfQwd-4&google_cver=1

43 B
1 KB

21ms
8ms

Image
image/gif

37.252.171.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEMnys_QL1WZpizgsPfQwd-4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEYz62L7AEwAQ&v=APEucNW2H73CKuoOh2bgyuQ8QthzDxcz1nHnoD_iDYLA-IW6nGRAzJo-gypNMbBbkNLXRWY_u_STv-yJSbXkUJ_43R5lRc9qzKlbpRB_fhPAZmR4S3GeLmMDVO7tAXd5Lz7hUuUkLfP7M0VrM_N2JtTZXSd7DCYFj271TpSxO6iVAy70r6ofNC0

Protocol

HTTP/1.1

Server

37.252.171.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.2 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Jun 2023 22:13:46 GMT
AN-X-Request-Uuid: 8412927b-821c-4361-bcfa-b50668af9990
Server: nginx/1.23.2
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 37.58.58.244; 37.58.58.244; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEMnys_QL1WZpizgsPfQwd-4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2DB5
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg2MzE0OTI4NDkyMjkyMTU3NA%3D%3D

170 B
188 B

19ms
19ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg2MzE0OTI4NDkyMjkyMTU3NA%3D%3D

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 15 Jun 2023 22:13:46 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 37.58.58.244; 37.58.58.244; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: a14135ac-84a3-489c-9c5b-46995559d510
Server: nginx/1.23.2
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg2MzE0OTI4NDkyMjkyMTU3NA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 creative_add_on.js Show response
cti.w55c.net/ct/ Frame 47ED 5 KB
2 KB 80ms
15ms Script
application/javascript 2600:9000:20c3:b400:3:4706:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cti.w55c.net/ct/creative_add_on.js?w=728&h=90&zindex=0&ci=Xmwo1n97Q8&ei=GOOGLE&ob=0&ai=0DaDXCcU00&epid=R0wxNTIyMg&fiu=WG1FS1o4a2t0eA&s=https%3A%2F%2Fye-mek.net&ciu=XRK8N4Rwai&btid=MERBRDVFODFDRTZBNzVERThGRUVGMUZERjk1M0U5MjR8R0ZzejhWZ3pieHwxNjg2ODY3MjI2NTU2fDF8WG1FS1o4a2t0eHxYUks4TjRSd2FpfDEwOTg3NDIyMzVfRVh8MTA4NDg2fHx8fC4wUHxVU0Q&c=DE&dt=2dt0005&sd=ye-mek.net&cip=1&hmt=1&uidu=CAESEMgFII7GByxgsjV8aVYOxgo&spidu=GOOGLE&pidu=15222&hmpvu=49b79b12-14ed-4304-a48f-9f1625730a06&hmtsu=3&odtu=2&mtfu=1&crdmu=728x90&cridu=XRK8N4Rwai&

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:b400:3:4706:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e8090651b52c256938df2fb0582f24521fe0476939aab81d01b7f31a7ac75beb

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 15:03:16 GMT
x-amz-version-id: 0IYa12QvFdrNK.CC2JhaeEJAYjkhUjCe
content-encoding: br
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 7ede51d8c775deaef83b54a3beafab3c.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-C1
age: 285031
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 17 Sep 2021 21:17:39 GMT
server: AmazonS3
etag: W/"a6c8a5bdec77729759b220b95bf503f9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: must-revalidate
x-amz-cf-id: _KbTwR1r_ior4kO2OUueMBZHTxzA2j7siBsnPDbf2ho9lCN9ACAcwQ==

GET
H2 200 XassetJtVGFj2g.png
ads.w55c.net/t/d/ Frame 47ED 29 KB
30 KB 80ms
20ms Image
image/png 2600:9000:218d:f200:1b:f040:3600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.w55c.net/t/d/XassetJtVGFj2g.png?at=0&rtbhost=conf01-europe-west1.rtb.roku.com&btid=MERBRDVFODFDRTZBNzVERThGRUVGMUZERjk1M0U5MjR8R0ZzejhWZ3pieHwxNjg2ODY3MjI2NTU2fDF8WG1FS1o4a2t0eHxYUks4TjRSd2FpfDEwOTg3NDIyMzVfRVh8MTA4NDg2fHx8fC4wUHxVU0Q&ei=GOOGLE&ac=WFMwUE56aXZTMTpYU2YwU29uZW43fDB8MHxFVVI7&js=0&ob=0&ccw=SUFCOCMwLjY4Njk3NDY0fElBQjgtOCMwLjQ5ODA3MTA3fElBQjgtNyMwLjA2NjcwMDUx&ci=Xmwo1n97Q8&psid=NTkzOTA4MTEyNTc&s=https%3A%2F%2Fye-mek.net&ts=1686867226560&c=DE&r=HE&m=0&pc=34131&epid=R0wxNTIyMg&mi=d2Vi&wp_exchange=NWP
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:218d:f200:1b:f040:3600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8c5275956fa1bf68a0418dddb092a5881af6b6be10f6dca54dfacda6ba41992a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 16:40:25 GMT
x-amz-version-id: 8SPBXJhT_RiSNmerbyVsLrwEkkTx88nO
via: 1.1 6b4e2529be13169ec5ee4214df435daa.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P2
age: 20002
x-amz-server-side-encryption: AES256
x-amz-meta-width: 728
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-meta-filesize: 29942
x-amz-meta-height: 90
content-length: 29942
last-modified: Thu, 15 Jun 2023 15:29:43 GMT
server: AmazonS3
etag: "1ff110a85bc3d8deeb9bac4954656b3b"
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: jwlw01pazwCC4yrYI2vIV8--h_JqKZX4bBfC9rF5A5DJZL02Mfvmfw==

GET
H/1.1 200
OK pixel.php
t.hspvst.com/ Frame 47ED 95 B
918 B 186ms
40ms Image
image/png 154.58.197.185
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.hspvst.com/pixel.php?id=2677&t=P&cb=5480625215075037
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 154.58.197.185 , Indonesia, ASN174 (COGENT-174, US),
Reverse DNS: staticip-hv4m185.hispavista.com
Software: Apache / PHP/5.4.45-1~dotdeb+7.1
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Thu, 15 Jun 2023 22:13:45 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-1~dotdeb+7.1
Transfer-Encoding: chunked
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Content-Type: image/png
Cache-Control: max-age=315360000
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Keep-Alive: timeout=3, max=1000
Expires: Sun, 12 Jun 2033 22:13:45 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame 47ED 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:39:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16455
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:39:31 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/ Frame 47ED 19 KB
8 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230614/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:39:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16456
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8120
x-xss-protection: 0
server: cafe
etag: 8171891181101138299
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:39:30 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 47ED 0
0 18ms
15ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRpX23telRZrrQOzQDkHa14fr7vw4u18CTowLuWOKJoH7om-PbT-hdcYuZPBs5jVlcYVfUzJs4RQoXdOm7JtzjszHsd4g
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 47ED 24 KB
6 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 10:25:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 128887
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 13 Jun 2024 10:25:39 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 47ED 178 KB
56 KB 33ms
30ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57029
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686742752845198"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Jun 2023 22:13:46 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 6F43
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMM9NU9Li1LBvltNYdctaug&google_cver=1

43 B
114 B

16ms
15ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMM9NU9Li1LBvltNYdctaug&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4no4gEwAQ&v=APEucNWs94VGVIzhY0RNscSCpeJoPSAmG4dSKhy-lMoqsTUbTsYGSXpJk47h4IKD63c3gQohwVzuECz91U2bsDWFMHNLORwYqPPrjX6h6vtJ3RKatLyAZJpOQBTOB1fy734bsE1785gkcLIAVoypbNZ_ZQ9CyOa-zQUDrayOcMYIkAHMmegdxuw
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMM9NU9Li1LBvltNYdctaug&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 6F43 43 B
304 B 40ms
17ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4no4gEwAQ&v=APEucNWs94VGVIzhY0RNscSCpeJoPSAmG4dSKhy-lMoqsTUbTsYGSXpJk47h4IKD63c3gQohwVzuECz91U2bsDWFMHNLORwYqPPrjX6h6vtJ3RKatLyAZJpOQBTOB1fy734bsE1785gkcLIAVoypbNZ_ZQ9CyOa-zQUDrayOcMYIkAHMmegdxuw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 6F43
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEJG-yvOsHq-X7otRWM6TN-I&google_cver=1

23 B
163 B

49ms
38ms

Image
image/gif

104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEJG-yvOsHq-X7otRWM6TN-I&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4no4gEwAQ&v=APEucNWs94VGVIzhY0RNscSCpeJoPSAmG4dSKhy-lMoqsTUbTsYGSXpJk47h4IKD63c3gQohwVzuECz91U2bsDWFMHNLORwYqPPrjX6h6vtJ3RKatLyAZJpOQBTOB1fy734bsE1785gkcLIAVoypbNZ_ZQ9CyOa-zQUDrayOcMYIkAHMmegdxuw
Protocol: H2
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Thu, 15 Jun 2023 22:13:47 GMT
pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEJG-yvOsHq-X7otRWM6TN-I&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 6F43 23 B
163 B 104ms
40ms Image
image/gif 104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4no4gEwAQ&v=APEucNWs94VGVIzhY0RNscSCpeJoPSAmG4dSKhy-lMoqsTUbTsYGSXpJk47h4IKD63c3gQohwVzuECz91U2bsDWFMHNLORwYqPPrjX6h6vtJ3RKatLyAZJpOQBTOB1fy734bsE1785gkcLIAVoypbNZ_ZQ9CyOa-zQUDrayOcMYIkAHMmegdxuw
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Thu, 15 Jun 2023 22:13:47 GMT
pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 3499
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMM9NU9Li1LBvltNYdctaug&google_cver=1

43 B
106 B

17ms
17ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMM9NU9Li1LBvltNYdctaug&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4Lo4gEwAQ&v=APEucNVytZFeALAtdfo7Az6_j8CQxJBveglsicc42xzIv-Smid0_DOGLoJHsAPEru8_BXAkJspRhIHhooYPrEZ6lBOdXSr6alSWwFGk5tVvQ4-ouarFg3kzzAXR6FAVPtMmiUDFxd5qhv0mrrJlpI7aMmLc_UIdPoif8zlFEfs3UnRDWSAwgcas
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMM9NU9Li1LBvltNYdctaug&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 3499 43 B
120 B 37ms
17ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4Lo4gEwAQ&v=APEucNVytZFeALAtdfo7Az6_j8CQxJBveglsicc42xzIv-Smid0_DOGLoJHsAPEru8_BXAkJspRhIHhooYPrEZ6lBOdXSr6alSWwFGk5tVvQ4-ouarFg3kzzAXR6FAVPtMmiUDFxd5qhv0mrrJlpI7aMmLc_UIdPoif8zlFEfs3UnRDWSAwgcas
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 3499
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEJG-yvOsHq-X7otRWM6TN-I&google_cver=1

23 B
163 B

121ms
112ms

Image
image/gif

104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEJG-yvOsHq-X7otRWM6TN-I&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4Lo4gEwAQ&v=APEucNVytZFeALAtdfo7Az6_j8CQxJBveglsicc42xzIv-Smid0_DOGLoJHsAPEru8_BXAkJspRhIHhooYPrEZ6lBOdXSr6alSWwFGk5tVvQ4-ouarFg3kzzAXR6FAVPtMmiUDFxd5qhv0mrrJlpI7aMmLc_UIdPoif8zlFEfs3UnRDWSAwgcas
Protocol: H2
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Thu, 15 Jun 2023 22:13:47 GMT
pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEJG-yvOsHq-X7otRWM6TN-I&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 3499 23 B
163 B 113ms
49ms Image
image/gif 104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4Lo4gEwAQ&v=APEucNVytZFeALAtdfo7Az6_j8CQxJBveglsicc42xzIv-Smid0_DOGLoJHsAPEru8_BXAkJspRhIHhooYPrEZ6lBOdXSr6alSWwFGk5tVvQ4-ouarFg3kzzAXR6FAVPtMmiUDFxd5qhv0mrrJlpI7aMmLc_UIdPoif8zlFEfs3UnRDWSAwgcas
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Thu, 15 Jun 2023 22:13:47 GMT
pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D62E 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8684184120877&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D62E 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8684184120877&version=m202301230201&ct=76&x=1&cor=7913394521251741000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame D62E 87 KB
36 KB 63ms
63ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B2JLcMucXc_Xngss10qK3YH3fxbvIA3gZwJFkfxymY8Qyhl_0KGfF05qakK4H1P910ksw2hce-j-pqCIUDabVRJRk_YBicLEbVaG4bM8RlP2wyK6AKso09SlFXQSomSL_7TmP9qUmZqu8BM6-tOhWGUtxEL3MyO8T3tlDpEdaFw-EIsUk&dbm_d=AKAmf-CaTx822esUz7_UUJ1eB5fZi-wek3lRnpHjDlmR-D_FaCktiPSWo4i7pHShIO_WIWXTLyhPbgJ9oNKqEl9Kb7zxz-lyq_YSkmneUflnJWbjhARu0HVDggq06CyrDakIjLaJrtkViyknIimLqVXqCeXj9JeqdDxSb2YTUskgNhihvncCFcex4inP0mWQZz_i5VNXIH0gqKM26i4pMgKYF-Rrp-B0T1Aa_4Y-wZBJwpuVJ1f1j7DhmRZXd2FXaP0ylIzBKgsLFNyW80DrfuvBjLj0LNm0nCoscx_PKC8btD09bOB595r_s6_88JP3e9m7Zk_TLSEew7vquTFBmZNb0EWEXRuOEaDqVYUvs73b2X-uWVjUok-Dah7-4AZupLTOrdfhr7teUym-_jVW6-t9qKqIgiBujJDh2QKuOBg7KDz8yLXCDhzw2zCRh2HglBEqRKUiEsSIALdJpq5asHqaltVpX4xMnWlNUJW9yjn6Xvb6T5Fi5zevlWUbes4stDo3iDXzdKnL4fTihJMmOuga0dpLfwYEvFABvMM4ieI4dDq1_NTgWT3Xbk2mlXr7zTslix-HPQEGBE80zhV6e0B55L-8gkOs_fih34kzqHevHSWMiMWR-rqfszlJzpTpkD06eSJKygoZlOyHFuE6ZWs6rqy3jnrpRr1HEtmMBEjYGAekxALBSZt-yOSCu66Kcvlu8Ao620j_71fhzskv8XEedyiARrtdDnvw7c9iAP99B5Oa_ge_MXBau3JNRwD2ijzNIPAv8ThtlpTMtdjTI041EaLDC0pB9pQEDTcVHUhinNxb4uaPP0Og8C1s5GgzbmEDwzoU3UoEIY9DK9SO-EZdf5Im93OySs0tmmOWeHGMAsKZfEi4Z7ZqpHC-NGl9pryZ42yWfA4q4fEuI6OeTbnV1Mtduvn9E-wwMxtg-0UapI-VVw-IulFEtdHOcfQsafsd-l1LY9IVT_YDRukPEsnBQc5hoW1YjFY_rbwWpaJ3j_17VJ2Ye08zkm8DL23v9agw0Kud9bOT1_lrDu45vrMd3MWUWGOXcUqvussBQXPPIjw7aEQEwBIoAyh9lEW9hlshmBy3PB_mpux0HS26g4VukudNHeAITvjkjZ_F1SXBYgBSX79f_FyHFAo6Nri8vIJMYTgsiiyAovSx2izkQdmuWcaIC9WcPDVvd8riaSvxQp47tXq7fs7cNIMsi3OJtGa4mJgKaSSR3bpek-x6kRSyjKyBRj90xigVgMvy2df6hkFaXyqQgveKKcaXSJ1bKf_nz-8zTpr2J27AyZAICeRJT7wN0cI6oXHgVzJ-R8OHbmCOq-1vhGh6zbsuaM3kU0j06tOsFZjlMMx4FGbPBKuXbKEJ5zmHWLnouSf95djPTLLbEuUAmTIvEjsyU4GolJs8ZCr_dk0ExbVX6MaaCIHIh2Wde1NYybbsgjbu0V5BuxQyV6zocKkti1Y2bddlcedGbIXvUtWXFWBHfmHYYGWKcILiCcHmCmPPFWjBGFeGlm7E0LJ2vdy8hApW3o0ydZais-9ye-hgTL4ZkjgRfClSRmypBfonlq1j6ben5AGYjHQM_K73_--nRQg5uvsZUz3FwQs0TALduUL0oFSIxVcA-E4CbSMUeLvm8uoFuI4ooJxJ7zEBezB-3pYzOzobmo6KmSMP29dKUOqgCC3b3-xcXOD1dYKt3Boyj4jkzrwwfNMjh0kkHRljPxImyIokFCpGJ3IBRqi34mqbnbwY0Y3Ccglg5b_NKndSjMSgMKbLaeG4JVfbhTZDvDTOr9hcmfTwRmn96CXNBr1Nc4wrh10ECMuGadOY6zxZqHNvY817y_khkVBcn_0nMp8jlIkPAGYDxHofb9WVORANiKqOggZmLX6j3EDjreKe6LIJgaQjEY8AIQ_GNV8QO8ZOWWzj4QmGRU9DsRCuxWE0D86NR_La4yYQwXmSpcURFPhaK5ExybQx4CyUBwtDPSm5S7QaGt5WR1f6CMoK-FgO3M-IF7Bh1oYYrq30bZg53LQAIue-Xsnd6Lk8WHSjxsw9cbzsb_7MXRGzCNmxsRHZ0yWAVA0wvLuDmUkZQMZV6WPyma7lcYAAdXbnIXSY1weWGGOJzgcO4X53chWzolGyMtBhVbs5Mf1l7FuidLDoeKbeY6BYliObNPLYrJzVOx4HYOszvJrR85hopU4pat31gvCXCRxA9avd2orNU-7Xfqx7AbVe0infV3HIJbVnWK_-wQWREOHR64DaFp2dhMg_x8Iird8Vbq6d1rE0ztGLCvFr4fNQiSgFbAaefQP3rq6AvuCLX_pax73KGna2xkXGw6omYMVHVWtdPqWY73uGFa5o8Lhbu8S4r-I7dQdu0VBQZkg7JAcmRebq97ibKWZRk48FcPfYT9TZhoOPkukzPfH3m_cuBQ6llwjsPJ-Eo2Q4QLFg1O1nfr-WjdKTYMgpNuX1TvpDSVUPybePEdoBmhJUPK6ah3ET7-GCczksEVRTPpwkLOe-Ld-IBLcjy9MmqBq4r-Lxc4cvTKzsHOhbtw47JVj4WZjKuiuMUKxvRbOCjthOGwn5geTgr4HZNknnd-bZlJb0FvtnJL1GqFTbeCy0ir5TAislmVeRB2dp0JSMwRbk6aBnofIprQla0rkpLXlDNT3Eg3_5Y1qxfYqFsplwp1VIB2vJ0EKVLuzvlsDMtRkFa-Ullg3ungfmPX_zzRmwafmwdcXjaaa9-ekYKuntVONeMNtEbr7UMtnVdiOZXpDOQIv5oXsu6cmAtZBh7hbkvcVdOJsvPyivl4J0EiBWXnONvmA80kyvWvLbFulusvb1_krBrLO3q-Y0LFCbikpSzs2LfI2NrkLTLEFImAsJzbnbJ2l9OElAbSfMveuPv8KMtFqwGq1arVQwI8Crfr-lbtBS3vAGAxIXuXiwgZQuwOI6q9eeFI0Vvp-bPEfyYscTLr5M-jYXXnFf8QOcu7SX4hmJaxr5xeoLzk_TUZuokQnvQmZxQxbbj9DUOzPqkWslQJ_N3m4tOxue-mvuz4OWcy17xu2OIPKmsDbNJhYCC8rvZkxHNlyRxdOW5GMpzKuK3crcBeXwLUxmyyiCX_3aQLa2MLE0Ed4U0k07krhfRnzerTBDeuYoo2JIOniWkxzOdSRx-h2Sc2pmjdlSnL5nJsdHeDy5z6c6mMDqXMmNddiimUH1eYtDAnPUfhpujXi8GnCES81dsUrxcF7jmo8DOBAWD4eWHtrNyfE0d6-ZNC1rYuASInQs6CmDWCc8bbqVa-bZnF5FziAybJqc4z06trYNBnbyuvN19-T3zaxp1WXTX4Jo3W2QFjpPKh-oExuUWrQCBIcGxBCUuzNbqI88xuTB0dLM7uTzSLeFiCFomRGJZSt6mGLC5RRMiGq-m6zK54zi2dCMi2nXxFv1sQDUCNg5uDNZtY06R_ohl9dWaDFK4XZiYqSAI-0-2eePEGp86ejWxz8ZWgZYEWtJci49mT_oypY-t1d87NOz85PyvepTg5a1OfYE4-OCcQi58VZUveMylxnyD6aeoigPP45vk9DT6ZyyfGfwMa0al3XaCjKhBx4bT912Im_uJW7pV1W7uewdAylwsCMDTV-V-sVNb1pxLXf_nex-PL7cLYw5WDf3v4niPH8Gh0uCsKV1SymWATL1nih_C__dWDP4I11P-_0CBEZM9eWFVw&cid=CAQSOwBygQiDh5ybttJZv7ZvU4ewyf4DfFJre_Hj_zQFswLv9hNHIOpL_admqZmcjVcaq_pXl_t68eXRmw2fGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=7913394521251741000&adk=2465470143&idt=33&cac=0&dtd=37

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09dee85f539acd1ea2c80316a51d67172fb49a9cbe1b7b72047380c5051ed7e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37119
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5122 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6758524147173&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5122 0
20 B 42ms
41ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6758524147173&version=m202301230201&ct=76&x=1&cor=12035958757863162000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5122 15 KB
11 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BiRhnSHwN_58CluuPTb2PGZvaQ-Pc2tt-JLS6BFCHNyGsEk7h7ybmFePtYi8azAv1E5LFRnmHWa8y4EOEPDvVbA3rRhcNvGoyfNQzDklMQhuUFujMprPF1-II68oDuWHT4JV8mvRQQoQ4m1uc4v6kKdfZfqVMyQg3ZHn58fievDd7J404&cry=1&dbm_d=AKAmf-DXcm4Zr33vNC_QcxGETG7xygy2RUtxJVzRofdbGkgG9KHLaCo_akB_wuk-bMvmTSQGh51dvERZ1-oFIjAouMJwAL6wMlBn2HZK3cMSCiqeu8jP5w7hFPV-SU7ZH19eUXgA5mhKJC3i7ObBMWAOJpM9Yyo7R3ASTUQ4okg4sMqsoKS_AaaWiA4xFavnAiigYrHiBG5CDlnPmbuPLjalFS02J2e5jt7Qho_czPajj1l_5IdjJwCqR_ziUGXC_XQIuQ8NuBo_QP5JL4clHX6RC0rIW9Lny_p99EP04XQ_27cIp18fpTlGWzbffTzv9MnNhiRhmIxJWJuGkyPNaVks63ng8ewVWCzLMcjuQuuV-oSHdAP-c5FELrjHpzxrQIgtbwT70ylUt4jZj1ieWeCFSbbKcNTYyVRiIZNEPYPRmIeXFF-qVatZcQtnhEh2K3j-bUOxO5Q_C4BAssSznQpZUR16R1Xi8-ZqKQ_Imh_c1VTi0C_UHR7bWNl968Xcb9Hg8NzXG9tAAfSPY3m0l0aOCf1_Yy0AGCKPhmJ6ViYIiOrveqlCV8urFdplAa5srFGagA-vRN54pVK6M_gdoMud2DFKR7fxUmWKx4UdUNarDla_nqbpm9Dgv2jvmsY9SrIe-KALGUBo4ohTk9qouCBA_UD3zE80hZWs3uTijVze6oR-tMdiMDmD8SKBzJZcLaw9hrXEyzyXZPn_m6vYHI7BbG1aA8h-Od-P9t3C33NyUbpy3_Ol6CUYZhCAnN6sgg90Sg9m-jhCVtBpSUm4Asc5OQgSUFxTAs73lWGChnXTnsQgHApmcWcJoTayfVveG8I8yGT9qH-kAYp5rhWsIwWBx89CHdKuRnjvmbhgPI_nZsUT9YSEpRb4Ib5og8JndGgPc27Y1hsA0H8EKTa0mNob_niJZLpcG-uO8p8NkdwfUl0j_AURrTcJ1Oaracio9fG3rToljPLSzFoCAiRV9kNkseQzI_vS0QeAoOYKAo8YZtvMoZewbF1FxmZYW-R-P61T0Nst11quOxmfoUljRZnzpkA0KqWUIjw7feDsoe5eomsFJpv-IJZ9hW6gzmz4WxVDXsWVj2E2XskmqmsSVL7pKLV92vEt2Hfjyx_qfqLzGY1sEd4dS_trS2jdlu36f_DQskutnTdZ9HcaQ84RtnvRjJV_V8rGiD-BcGvel7wixo0R-hZ11zN2yu2ab87c89A2IKxWrHb5PfM6odzKQ7PDafpI_xmb1gTdmJrK3cN4j-8JVD-RGQDfg0usRBN84t4Z78NpBxNIQL0jTLMiL7PDMa9UtpYzvukzbJbXE86YyoGfCZptTiCrt1hzWMz_oEsD7qhIbjW_HOuj51LYrM0IJcgx9flNFKmKwMxl6KChU8oBdjCcaenSuEynLJ9gwQDvChWdyvHLJWuUJ-FQHEHhlUjg5Jy5i3k5ZEGR3ZAUwZFb1BEJ6Zi4TgzwFasnnap65WxmEwWjHMjsO7jGoZAXnb0rKNdM_L7FcJFBQ5sisPpwU5L7NqzK0Xq6YIlb1aeQb3mgSm00eEmI7mnmcJM__uK30fAFA-1qtLFcRioA1E42TcPUU2wyy4Si3KwkY4WKdgMqEHUuVN7L4mgYrw8yzUOWNisB7fpVtxVLT9-2fyMo-OzLA9a_tRMt3xbr3WJLYUe7je0ZJZM3PNi6ivG3r2E8uPAORwFUqsxbj71CfW1auWmDT1hxgr_sHY_ErYjLiG4khXmtAmT99XTqojNh5ds7uuZN52SQUnetp-VZ2iK4oou0OuUzZ7t5lZzDlO7ksLpg1roTOfYmtiDeh2BFqlZa5tEhQewjRWEL8mgvfl3qRVPW-rZbh8IjkBJfFshBWtCxcR2eoNW2ZOtQ28sCVpo6B1jc74nWLU5zzu4ceqfn8wKd7TUM9aLs482qkFgCi7-nFJIwcEci8JiMpacIiYKWcgCATTfFuSMDsEaWVAok3qk3eVp9-rJt_16Dx2Lj-PcTQM0zz6ln_wX-9DWKj7CjqtVjLFr_aj3AKtTrS90Tzc7qsWbNcP7T0lhkO7yWsLd4Pdu4_eO0ptyeWOjj3XL58dkH3wx2XsEdJY7-AKMYrZnsD2JVJ4cRYwWQj4yTBNC4LL0MdwCvvT-hH58glliNd1JJhfTIMpE1Y1CHPstZrrUXyx3Db5VwHAGAmC3oeawNBsvJr5GlqTdBI_9u-0Ti-fAkzFDbGfg3a8VgJVB8IVh42jW1Efmp1g_FDvCdYrOD6D85q7Ot42AWxWnTJg1EvYwmbNtujjKygZQlbwQQK3TU1zu_XxN07L0xM04n3aMXG0r2DeIspwF3obYAFEUyaLP6PyB29BKKRmoax8pWssqQRwjY-X-hHp_1ycPT6my6dBS4043T_FK4aRkGwBi-uOpUaslPYdzJegqssUlhVMxvEwLytKHErzK4vHdvJWehAzGJJR40kuIVx6NkL1DvsOdOu7E6IVvxSBB7iQmosTm43N1glqiyOrr4QOIMluD8RwTiRexIftUz9bNJke_Zqci-BaGv9fNW7kkND7zCp7mPoZT-bUxoH87r1PqsrrEODQQaSnULdmDPptSw2vgOxzR3f3gY7dtlo3SwES2tCjFc_IQjFL4Io5HhqS5zTFG80n0ayE2mTj1hR8Ulstr7m3miZANh8Q3rksts6_scZ4K1Mqo0B4iltKc5vUs6nBCINNPo4vheiHutG5ih3dAoZmPiVoZgSNGFa_gjIc5WznAhuD9YLzV-PeWdUAwsY46xHRes-g26Bd_ztak4usZpY3PA1r9cNFELZnL4i9wlHbuVT1v8b2P3TUnkyww0N1MdVBhEfs2TT1-gHtW6ASm6G18kg70b68gUCTaDPSbur9UDJ5t28f0E9u-FF4ejGqu_35_g8TRlrynv-BdEfFbxqXkl_mLoj1XI4uisXyGNBTRGNMh_vjjrT2O-q_zl7BjAwfX7N7ARYoqrqPWtNe2zKEuxVd843Hf7DE8u5O6i2Tp62lR_sL_OoRx0JT5D1w2_aqUgvY3oFCZMC1vtWTIbYbN6_OyR3GRQjVjZMrYU742rx_A&cid=CAQSOwBygQiDzioBRasWDXdhV_A8rdZx2Dz9kyN5TyZvhC-xPic1bDO6PM42Yy7IDbVmYr5VNy2zczdcOGEUGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=12035958757863162000&adk=212707235&idt=36&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc9ac2a4c8dc66d4dcaaeced1bb0fe5f2476da3fc9ffcc58b867d1ac9e766e56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11467
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 0086
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEPub921lTByLXSDDbnteelA&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEPub921lTByLXSDDbnteelA&google_cver=1&__user_check__=1&sync_id=e6069779-0bc9-11ee-a9b2-1bce7de30306

43 B
549 B

18ms
18ms

Image
image/gif

185.94.180.125
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEPub921lTByLXSDDbnteelA&google_cver=1&__user_check__=1&sync_id=e6069779-0bc9-11ee-a9b2-1bce7de30306
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CODOjZADEPD565ADGMGE8eYBMAE&v=APEucNWmVhX_4qljaCcnGaYnVOOP9Rj9qkfiKonh3HV-ZvDH9OqpTzvsY_yOu6lO6bmvpvt_VzXfbr7xaYkMh1AeinJb9hNdK27V_KbusGLIjAvIGWAiiupaFmPtfY9cVBuE4kf_OE7bi1MiPK3F9hGH_XkMyHQIUpJJ-j9aUFMj-1JjbdwdUVA
Protocol: HTTP/1.1
Server: 185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Thu, 15 Jun 2023 22:13:47 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 142
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Thu, 15 Jun 2023 22:13:47 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=7025&uid=CAESEPub921lTByLXSDDbnteelA&google_cver=1&__user_check__=1&sync_id=e6069779-0bc9-11ee-a9b2-1bce7de30306
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 95
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0086
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZTYwNjk3MjMtMGJjOS0xMWVlLWE5YjItMWJjZTdkZTMwMzA2

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZTYwNjk3MjMtMGJjOS0xMWVlLWE5YjItMWJjZTdkZTMwMzA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CODOjZADEPD565ADGMGE8eYBMAE&v=APEucNWmVhX_4qljaCcnGaYnVOOP9Rj9qkfiKonh3HV-ZvDH9OqpTzvsY_yOu6lO6bmvpvt_VzXfbr7xaYkMh1AeinJb9hNdK27V_KbusGLIjAvIGWAiiupaFmPtfY9cVBuE4kf_OE7bi1MiPK3F9hGH_XkMyHQIUpJJ-j9aUFMj-1JjbdwdUVA

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 15 Jun 2023 22:13:47 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZTYwNjk3MjMtMGJjOS0xMWVlLWE5YjItMWJjZTdkZTMwMzA2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 32
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0086
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1oalB0bUFoRTJ1RnFuTnBpTHA4ZXY3U0hCZWtyNTRncX5B

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1oalB0bUFoRTJ1RnFuTnBpTHA4ZXY3U0hCZWtyNTRncX5B

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1oalB0bUFoRTJ1RnFuTnBpTHA4ZXY3U0hCZWtyNTRncX5B
date: Thu, 15 Jun 2023 22:13:47 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012305252018000/ Frame 9DDB 222 KB
61 KB 40ms
7ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012305252018000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075377

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a4135cd61dfa379bb61b0718f3a20dc8b25d0b8f4e3f2e52ef4d0e5be736136c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 14 Jun 2023 21:11:23 GMT
age: 90143
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61795
x-xss-protection: 0
server: sffe
etag: "7347aa4c83612bf7"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Jun 2024 21:11:23 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012305252018000/v0/ Frame 9DDB 15 KB
5 KB 51ms
18ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012305252018000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075377

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e2ac756b7d18a0715d66cff4a48f4ba89882b3bcec6cd4fda5455387eaff84d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 14 Jun 2023 21:11:23 GMT
age: 90143
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5238
x-xss-protection: 0
server: sffe
etag: "6efdfbd3c81d03c9"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Jun 2024 21:11:23 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012305252018000/v0/ Frame 9DDB 94 KB
28 KB 51ms
18ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012305252018000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075377

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a9344144d755ac52f3d8405003feb8eab3b79aebc78e330537ea10861d6f32e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 14 Jun 2023 21:11:23 GMT
age: 90143
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28864
x-xss-protection: 0
server: sffe
etag: "51fe97ef57b83921"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Jun 2024 21:11:23 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012305252018000/v0/ Frame 9DDB 5 KB
2 KB 56ms
24ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012305252018000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075377

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a28b55f41413d16c71a76b7af3ff9f707323bb3906096b85f7a581415aaeff55

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 14 Jun 2023 21:11:23 GMT
age: 90143
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1896
x-xss-protection: 0
server: sffe
etag: "9635e780e0a5dede"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Jun 2024 21:11:23 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012305252018000/v0/ Frame 9DDB 40 KB
13 KB 57ms
24ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012305252018000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075377

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45352935afb3119009abbfa8ed5bf7b67fc4edf64e8b718a134975410823ace9

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 14 Jun 2023 21:11:23 GMT
age: 90143
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12956
x-xss-protection: 0
server: sffe
etag: "bd37dd4c3b7b688b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Jun 2024 21:11:23 GMT

GET
DATA 200
OK truncated
/ Frame 9DDB 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bde4de4194ceb22b55373fc7253d4f4d8560220a0a65672c757f599b535dca2d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 5648818383791576392
s0.2mdn.net/simgad/ Frame 9DDB 532 KB
532 KB 45ms
8ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/5648818383791576392

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

187574c8a3cf0026b633b356842e03d60450be911027b697e9542a650d1049c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 23:03:04 GMT
x-content-type-options: nosniff
age: 429042
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 544482
x-xss-protection: 0
last-modified: Fri, 31 Mar 2023 09:51:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 09 Jun 2024 23:03:04 GMT

GET
H2 200 14952963386359035714
s0.2mdn.net/simgad/ Frame 9DDB 10 KB
10 KB 55ms
18ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14952963386359035714

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 23:03:04 GMT
x-content-type-options: nosniff
age: 429042
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Fri, 31 Mar 2023 09:51:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 09 Jun 2024 23:03:04 GMT

GET
H3 200 ad
googleads.g.doubleclick.net/dbm/ Frame 9DDB 42 B
63 B 34ms
33ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dq82S3SEbSnQlTJNtIaHKMUdfvWDqAciXaSyPpEz4mnUo8VFmKOeRPfoz6Co7CGuGnL-Gpqe0a5glkRrw0eFS5hgpT0-yvEctaZHW9v_3LZvFetj9K6UcRs6AIqfQVIK62WDD4BS-LOVoJyLZXVAEpCzfG5w&dbm_d=AKAmf-Cj7E50BHrvrPW-iJch5gBZ7l_P2Cln8hycGAV_nyFTqtQAlxWjs6IegvnPrLFtWq-R4SuJP-rZBpW2WlIPBjPvXA4NHkHL6aB0HOzx8T3lNuDePPmSMSBqe88S7idtrcvKz7mU8vdppkN4R26dtTwwRjMP9mxLye-vR1_CuO8PN4eQnTeTP2clqe06fGIxrbAStRHz4jpprujDUuwvoWTnoXD-o9SShvfmZJDEaGq7zGUVtXN5IkY6E2AqguXDefPmkapPktOFM3UiPd-XIQ3PpYKG4Zd7rwtd57Z503bMM8YYuL4V6lxZQ7ZKfNgr4HvMxPJH0TsxINhZrQ2_rV1-A7KNDqV6kCN2Wqe1Nq53QS9tWD97Yv2LtByRlO5e3fjqeWg8jX-JselSYH6JKGBhfezo3KFgNz-52LRNFTmJ5y4rSOY525zIYNImHpGipIHmq75x5s1AjXpnK5iSyfj0thVKfAy8jL6_cin6aDl4m4VpeYvdQ0JXox-w71wE7H56miWshPGuCal-l-NYURlh47VOnKXCRixKfFxAN9h0XNNcfJM5aYWYuFM2v4Q8uCVX7RB3YkOIyGAKhHe5xwk4fDtI6iwjnE41lfBLrDUuj7O5603UeQp3dIW7UKIqE6i0WoGqutN3AxWos8IsDID_NhoLjFKQOFPqktMkjh-hXZwmA3gGzXSiSdDGbsku3HmZRBu-TVJUEqi_-8r7G2O4LFMtl8J5JFo1Zt5FL_tfhKe_4WpQHGT9cd63FWdsGwy_lXOGSXx6Dq8jWiwSzwwm79ZXD-BVKKVt3Xh_-Ol7Ay3uDVr59lM1vKeB5u8X6fV_kLNqC0H4yYPc5GrqyTEvPdoLthwtlCcgwHEIIobTP_Uxea0ZK37G2gvZM_lrCwCF-AZ0lgAZViA4yU0NUqqtyrtxX3dPsHsqixs4mXobW0_GDwzuDK57pCHdFbttG5umpvyz-3nlcF9x7IeaqR1Vg7qszIzrPMNmbFTrXUDbUCffaa5QvQV8mXz2GRiBeyZ3edcw_wLmyZ2AX2id3FM5wZ9d2plWwANFQrEEzfBTmPpcUPDVejyFBV0WmzBl0dcgi7IxraBPgUYrl1QyfH1b5TLHQKUE9G0ig_tCDmKxM-trf2irK5M23LcpsfZbBDpNxJziGZw0tJUFEtu6w2FX7_GZBlIYA3DVcE3hNLllGlj_pG10aNakrfl0NRL-yD_0q6ngKDh4kdv-MLcmFClQ277diZHlqKvOcGn72i9RrjDCpUb6MGpBqBO1ryEmSSieY4AvRC3n7lp6IEZVEGr-6vb07XASTvnVYrHqJIj0DsQ9PNVrXf9qn0aCuBCxhZ76JFfJ6l2oTDMX9c6Ql76Gihi3L3QiYLBm3hM9c7D_72FAQwnNe0h7EEgHfS34SzNQ-7-5IxES-pmxvz2WSbq4A7IkXoCNB3DGT7E3dNadIEVH0XTgNg2soHjiiMR7YunHbaduW37fbb1UPzTvJdSCjfxj5USimUdPCr6eiB75heEScK-fAD1YMnFUhkjzS-DggYDT0hIP5j_D7Bizb4f7grt4TvxHZEZjmOvtfKjzcIC_4-surR_VfamH0GdLNoiz6v72M1xz_RNjqjsnWuYE_MEo7XtO5QaOk-gEGFsc1EYKeMb5Y0tna2PIZ8AprAIsdM8bmx1wo8_CqLEUkmo0fDlacSV7T5mNyPffFSOny_4UpPcJDE9fBVXEy1vVPanCA6SB7dt2b3w5ydbwPhhR-txDTM-Yli66RgBJrvnE45hafJkS4yfP8-nMCYixlQGZM7Wg1q7g02U9iknYF7jiOFXjBiXVIuCnO1VuAMov5mUweS8nr17Bti3k1YVXrMZAYqNAWrIiuG1nzSovpa05gn-DEv9p0pz5cGcjE2Mwj6RNJMp-v0vHWrKf7d7Dfyv63Me2GMt46rfoHPAAvphoTT2ewJdQSUVCnk2DknAhoGHWAHfSCOrEj308mjxMJaPQgGAJUq69xZkVcNiK-SrR1cd_x11xo9AZis_5pUb3ue8dETlZD1pbg-9WRjWXHYkXo0GNVyLa32_wK7LmhAjFrRnmbEqSgaM7-hNwE9tvJ1lsD6nkGliCbdAoo9bRK4O2gBlFjKGHNJxk4bwT8SCz4l28UjHmEOfCcVx1CDoGd8aj3eVGJ4Vgv9ySdq7ZVBvS6Eu4UvX8VVOyxbwdTIjcXptGAls6rKswBLE0Xu1WV3u0vfxVol7S8HRn3CmE8Z5XWLm_PrVWPGhX1YMy2Az0Lg6dCFM7a7f5xRc4UtS-BRAVsVRkZZZsUvf_zYfDx5M_cI8uBa-96VE_wYaCpic1Bc7X07I6Lg4NkhqvHZFpDyloEo8T67qxLhMKalWDe04sGJ41sjNgnXkzC3f2fzisBfgDhQghsvPKuXJom1VyvDZcNBaFbfLxMml99vpHVGlYTM-aW4qPgIpevKMe69mD8CHWQ342ykG9YRimZPzm1ls4mHMeF4a-zzM8tpn6RiHgyCAyFS27_XfwXtUr_tvtTrpzqVN3cGANesVK1YfizLz12eQO1m4IeF7X-LjyNxZkFWepPXXYTbG3dvGfInluBNJvC0pMg-tI_NHmqwBhi326AK1IUzg9a-Gj0opMXqnwJwh_93ZHmiuxw1PhgPejmKQKIOUXY1UdHLu1L5UOT3XGE3bKUJbUI_0TdvsAxRQV06R34wwBHnJOsdNQKXCVnT6SnhRHlRYAMOa_BiMALxQOoUspbSfQSPUW2yq38cG_Fwp---MM1E6gjvYQ1LTvCjvzw7xe3cqwY9H-F8LOQB_-Wdx2IM9x_F5RrBwEnwnDwEmUV_wIdbfSKC2jXxDR2HTPyLOl2njOnEVNx9TboOFLN8aXxd9e8TaPe7WgF1F6wCtrafoxpALCHd_q1FfmJ5skKeew2lR_65affRawBdG-hqrWa5qyyvGxO-ZmOuFKoefEKf0C0Zgz4bZF1vETt3MSKViQZp55cn9zyD_hYJI_Sg0Sx28GDX1TRVwC35lRvCE04AHJCKF02_PymBETPyvgRHHwPU9QmZJJcxxcKvqeF1wo52I569zHyOD3SOuIDco1UHWBUO3pmlFinZmg68UMW5WUSZEOXE1k0o3L57pYL4UGN4L9EDzkTs0s24NN2wmPMBo_AZbhY-lPkwlJNoPUKGKvJm7BliYroVuIpHyAlwOwyU_s54YfFYlLJEAKgt00DQp2H0aF3Iqj7D2lSoomL9J8O8ZzQeyllCSZlV4bdPzBV3ZY6Yucdkcd2mN11TYzelj7dntKeu_mvlIXC7gNYIvFSDNo8UGWl3bQm1CDSaCsj_hk4bwcnmXpJ2xfmV1LuEF8_-IUnDBdtAqSPCvo33xvHpr1S2ceX6nQgyp6iXRZAs-RDTKc_itVKXZUizUTVJe2Nc3jB7ABIbEd4TY25A&cid=CAQSOwBygQiDnBIXllX758UHUN3NgPOHUJH1zAJOkGR7sAOpQH_4u2GfEILBN0n-t9KJwI6yIEfLg9r8cfcfGAE&dc_exteid=31117208020780480558047150509495016&dc_pubid=4

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9DDB 0
0 52ms
51ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CIWORGo2LZNqUG_WX7_UPlO-GkA6X9tbmb7ebyK2NEajanLOeAxABIMCygmtglaKSgqAHoAHTqd35AsgBBqkC1MKjsvJesj6oAwGqBNsBT9DmVe2mG6DULcIr44XDb5I0_Kq0J3lGwTMYdWtLayW49nmI7CXMex3X9V77v3AH49BWdRJC4qaz8EpZUkaxnyVoeyz9JirMFSseO5Iue5zjLfUhjMgqnTNWEu4i5cuvtqLPy2bxh9HgnHo6Lmg6wi5RqAvpHdAcA65X4BEcnvqXFT-kb2z-lpfTy0VQRTNOWJEAoJ5PBJ3YQAW3uuz7mZtO-02DDOJo7PiUlq-xnK0e74Km94Q6ub4ULHbaTtbcHYr8PScZ1j1imU_MwrVH8_ecPfAYflZOf7gjwATw97ucrwTgBAOIBc75m5VKkgUGCBsQAhgBkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAY3gAeV1qKGAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcKEI-ADxi0kcDlAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgPICwGwE4D1vhPIE5vtjuID0BMA2BMNiBQC2BQB0BUBgBcBshceChwIABIUcHViLTY1OTM1MjMyMTAwMTAxNTQY6sFt&sigh=hXWXFXup35I&uach_m=[UACH]&cid=CAQSOwBygQiDnBIXllX758UHUN3NgPOHUJH1zAJOkGR7sAOpQH_4u2GfEILBN0n-t9KJwI6yIEfLg9r8cfcfGAE&template_id=509&vt=10
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 204 l
www.google.com/ads/measurement/ Frame 9DDB 0
0 16ms
16ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRkci9XpsLOwDI_JO7ymHW3A8_7LVVAU9gOztubRbDJgLHlcd8ymGxletZ1_0XtNUnRNLURLaxLC-VNL6O4JDf43yFBJA
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 tr.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 9DDB 3 KB
3 KB 8ms
7ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 19:49:55 GMT
x-content-type-options: nosniff
server: cafe
age: 8631
etag: 9957912877679239782
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3057
x-xss-protection: 0
expires: Fri, 16 Jun 2023 19:49:55 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 9DDB 344 B
368 B 9ms
8ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 19:03:49 GMT
x-content-type-options: nosniff
server: cafe
age: 11397
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Fri, 16 Jun 2023 19:03:49 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 27F0 0
20 B 48ms
47ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2160909449205&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 27F0 0
20 B 47ms
47ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2160909449205&version=m202301230201&ct=76&x=1&cor=13364904021248578000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 27F0 15 KB
11 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BUv6lw3e9QvV-phSyJGZNomXsJL26PGEtug25BC_-fMlnNMxb6o7-72ZHEellh3MKFawDy5SBDdyyZaEcPSIbcuaIS4gt_-9zH0K44oEmdwhlX7ntEgru5T5hwFrs3mSgQI2Q1CxgADIPHdulCub9fudHKekZ7z6M9xoKuxQq6OKCIW9c&cry=1&dbm_d=AKAmf-Dcq9u-2Ji2O0dZrnqvZakOaO52pAW9rrqyKK2tdT6E7XyOZK6cX31BNneSDwPhNvoWbFcJkjOQNX3cWjOlG4aYtxPJMWW2uveT7OmuKtBoewcehAiRjZ75UzriY5yhES9MHw83huZ_Pw48QMmJIvCzPIwHXMvU3m6OfPqLjHwjfxbJJbdV4kRJuK9SdL47HdbHsZyuzPxbBOQiZyEEaItv7nZbFuobolSki71RfQ-euXkFJMuscp01tFjcKVKhqUTZ5cB63lxIggk6yzSDV3y0sLYVX1H5WsTOUW-KCaLpUpqv7zx5QeULGM4quwbQJQHdrIXrCBNxD20amroro7fUW_oNLUMa9KHVIIDsrFc9UC81FdP7Ce_2vLlN62vIYTqJMl782dHZhARCrnWA2Hc633mq4aDwUFwFSPO65FUZ-j7AvkLKf6MPFgVash4uzgHjzp2yRJEcUG6d1RhKXGwx9Vzk-IEooy_ZnB0KcSPaNYr3joP3rFLB_FpTtfcBvZllchjB-LsB8iYV_Eh7oUlfVjVszjmM3JnUbZ07PJv0APki98YFDVIoCiGfgamE5SWQ5m2zaI3PUfRGuO6LmtdtISg_1FOK8a2VZNTc-jxTvU2rIVmXWNiaX2x0E4Pxh2I4T-x3NOblkS-dId6-h9CcFeYWO4yRS3NZfvZK97Yooqd0Cjnx8VSfAuj9wD7Vh_Vx4-ALAzpjdDpKE1wSNzp9faRcDaOWbbBeSiHt_JY_7fR19BLtRN4shHo9sd5dkV4ldfG1SlLcfQyuCcGxtEwyyP7bYFlMdcfcnLQnt3CmUVRXZXqD6TXfgpYwOXhVHjxEKz8HDZ805opJNtyCf0PT9MtzQD_Oh3ak-uzdQExrkGQVPJ5tb4OF3ZmlwS50EuskQUE-ct0IiTvG-QIyOwT_g7blxWkxozm48AdytLRT_Q86FFpFFVZ6ZFb4RVqUnD7j3D3kqg40L2r4hIQV0mgOGv1F2-2npG7gxmdYEH8F0uykcDnkhl6dRJf4bou0g1QIrHwGfl0nPSEbEhYm1SgO8tR3MkX2afGsme9ynBD2kNdR2StN2hxFNoR_EUnrf388_5b6-3IbPrnxSRIv-BBi3N-Qr9bbjhFKIt7x2wNuzfgL9teNdlRIROAYw7KY7HYB5BfMfCS1-jHS_sYu6LBsEe116STmoUHj1ZENdST0kXTiye7qkHC-ub3lYEIpDp7YFEBb9JYO_QBXs6wRY1fDatuNFGGDDk_Yi0TTUscBkKOayZYFKPAHYMHVhHsenMe6e0SNALS6DkMho1iO4Ul4DC9S9gmMo4LSJkkNNN7z3JBB4YngDF6Dd0uvpHoquwU5vBDgfawWaPpPlMyE5hKvVvX9q2YdJw9t0YWP6R7cMl78hWBn7DWxdHx65-Ldjfv1rs8LssLw7YM5ANZzPShLLpGSbJSuqjUpPyq9-pvY9i6Z9It30LX4L3u_hOh_Ku1aKEI9bCPBfsjVjed_3ailho08IVgQLJ9qqE0KDBxtMEvyrQeBnA0WdNxn34kgLe2shPozEi9kFX1ehCnqatymF792EDpoUttEkEo2kIuDaT7-kY2W4d9PXiZrY-9bPT7SXPYGeIJUmT6AMsLPiI2iyD7CE6v9zkftVADldcPN6Pb_YVpW-X6ZKP9VXwdGineqJnzHiBp6OSINB7HpskFf_Wx-SUtICYeqt8FXAE_idu4al5maaa-IteCYtKdHjQhPER-pUklOx3gmZF47AyFer95jcTvoVfQ7MJ4eMqZgJ15ucNJysDlaXrVY_Fm2oh-dZQjWWLFM7FbyiXCYKDqbEIOA0I7Hb570dJeSUHiGH3CnLDh8WxoP8PCRkHyTT2srMwv1FnM6ZW1M0Utm3sVzjYBDDITvfX0MzMSROGmzVatH58chXHpvGS75uU89kpo4HYKQyu18sJqojIO99h7Inl7r4mvLz6TsOvz3zXdkQIiNxvTQKmEoxX8c4QyM6Iz_qaAvtBcuSli_d1FtJwJnIoX6LJHLC4CPgWo96fg5H026AnQSNtoHfBQvvWj8HOFPEiIU8klFE-J1PbvVfoeOGTkWe4HjtEiCzV8UwCVwdLVH-mqveE-KU2X6zGsQ8bz9AIlfppxzNnmqso87Z9DERHECzSjDe264vZ98_07FhNm0OwiI1EqUSBMs-fLfvaB5qM03bsZCUUPkaIt0WhIUyUa27hFS1pRt5RKhIj5TzIIjHcFOkPcjxmOIojHRQ5UveAsrIE3ADmIisG3CXrjcSh5xnFRFxxWyUWNTp75SUbvWi06MwZUvYwBkj62r5fSah_Ru1Fh993d_j6qdnj-vRVZXbXg6XyQ4GHS16tJvbuRacE4LUVCoo26IvRnQ3gHPCiVSL2TuFWN_Wdww4XPwvF3byDXvNDLO5bfd11Ona6AcPp2VKbxSQ3NpTI7nLeD6UIQaKl121q9aIk6LHEIeD_zhE3yxgfKmJ8lp6OV0uhYRqcrxJjoY4w8OINI0NLnliOW9bApLKaO6AtQodcSgDva0VaeQFO81nhgbvaULnLiE0bjFuGak1mCVu6k-2uz931zgd2L88n5yy6Z7xtQDiZdHeiP5_WyS2mEFt0AKJED1VbuJESTT1MELAEZMpb2xemsbbRiVWp7yWY0tzCsOy6AMFUFI9qX0qxZHpP2_gdcnJdHnwCOcHJauImTwsWR_8kM7cb6sOCVzLZqHdePpfIB8nfmrdNgMq_24ZXgJiKp42YMBmJd2VjP3FxtMNNTuKj6l1LcQVs57oD7E7blCAd9j8P2vp78SY5Wwog0niHw9xjzxNvtSaVwDhdXrUCDtKuZbkdgeN5_Dmpsg1bdN6FUtFOxO94g5uiNiadYsKHeRdhR7SysWEs3_3yeFsyHdFRXa5aBGDN7n9lcqH6Of5KWbYgBOLxQPs04G8bbXyInvNWma1bLnWKqfxbNeXYCnXtaq35KAtW5fhSXLXBXeW4FG_ZBzkopliO6A6tmXpSed3cBVxhqU-blHaT_OyGhFBJtS6hg1jOSZyuJk7R9_VDzdgFvoQu9MDBz83-Pe_pU7LWg&cid=CAQSOwBygQiDqUJA1GQbRN7Eyy5xy1KLEgyI1Fd0LLj1JT7A6EEAhZJNrZJK0Go69gr1bfYRL0LGkRX91540GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=13364904021248578000&adk=3587751834&idt=42&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d4c6a1f4d6a96e145bf49dd859b5566a2cbd4b3a9fd1435b198dea49f926d6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11207
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C337 0
20 B 43ms
42ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5009047356554&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C337 0
20 B 42ms
42ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5009047356554&version=m202301230201&ct=76&x=1&cor=9608998460487782000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C337 74 KB
34 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A8G03rcdsPQdhKfZc5qaePAlEoUNy1MChllVdruOdJyKqVTVnVTDNwh3WrMm5avJkQ20WMMjOQlix8K3cPCwH_x6gG5g&cry=1&dbm_d=AKAmf-BMwaVhy9HggNViHgGdA9UEepb3CZJ7LdDYpv7yodEZbpsdhyb6Bzk9ZuATtoM4cCDbrZpilvKTtvbsAo8zE3x7a-x1he4qlPGvSbfE-G14lXogfxhjdV79_paYmIyHBt2NfWajWUVGsAIIken0HoFPR82xrI8RUVO3IiA8EwsMUWKbckfk_xKWo91kNXFKRltd6I_8gOfF9wcYwGGa_uIOeitm19mCh4V4kkKm-2yxjJQ6a8HRatnW-SBKgeSUOlXeJgVOdP0w75184Yrw0KDcxoCI-o_utOw0pm61-GDdvngBibjgVW46C0NzqjEO-vvKlUgByhHtBYs1bD2vuJ41ROaFJ_nuOHk1vS3jb3cNT-FVTW1EwKLflsRgi2Dh9O72dIQhA95foikWx1m8oe49UUbOSIpAIbBdmgAYpBixOjZCq_nseQq5WtlmbW4dTW_yEiPhasZgx1pRYjqB1wwL856RkpfZRhdsive_UDC6libFLWcPFj0tASLjN9GBOpD9YKMFXHdCetETsvCyCy9CJsqWY8c4XItFHMiUyrZxY_A26J7E8VqNy0P39tej9US_LtDcmX6L0yH1TxkNl49KZDgXiGtpLoIR2z2LUYtI4KOJNFWuv-cWgeNcTRCCK2aZ8-kijsDeT07WBegCWJDufREqymQN_pawAL6u9_i8KBgbX4QQbXzgeno4reazw2jLPFPoFYbSMX1B3yNXkR3YevVs-R6u44zWR25B2HjrbBnVHyoF-cjflR795umdDigbXjevq3q4g2iWXunqTmrWQl3osDKhUXsEIvdBM3tLE5ojHYNN3m1n_eboZ0Eqd03v6B8a94t4RVQISCtAwKFf2BlTGuP-fYcIEPp80S_RksgpeicV_2pGksj5NFKS4yMDAegEo5cHmidC1aChoM2FYhM7qjl30G-ecECqvuvq72aMxeuWjZudzV_GRs3J5xXAcMa239BxNdjKmxe8wPJ83Q-YaBntqCm490AWvQwmwmXlFcl6iVWqzVX4KLxBh05Ulj5pwS1_jWFc78gq515DRy1zAKUMoODONWZx05llnAWqItuP7H1r1B6QxfWWBCCHgi9cHTs1f6tuoG5Hcm6sIwLTMl1tJTV9lsmVpAG00OkLQ29sBIzDMm-IqlQSQVl9qEV3-oDd4sTIQN-uJFCSJkxikFtInKG1HKhmsGqjadhWah2RugaFYWhVjWI1yysXP1GiU0L_N_AUDRnHcJcZ969VjFb1fnssry_b7t5IdzR_HaFmYlPWKHdxJ58KM-pcJUe7bnp3iELY27jHRTm4kjaZFXZoBkAIXiIaZDmbEO73sHdClb3fGQnLMDlPmGGkNisRezg1p9_s2VhiIz5erJPlXZwAww7zMa4H0ufo0z4AO9lcUPKH_qQV81rQmkUhKcRG9kFFMxWdXfeoGLnAbZHMF4n1QQtVecRRMdRowmWB3vw4NI7rV3Z0oz7HAvSQn0Bglr33xt9MgFLB128Eb8mT65hqAb_dui_eXKuOjo5y5nb5SZ0N6BY18eOmcsh8NgMrQB9HCZXTQ4JukUtlP-_Ke1866t4aAO5UCZeOwkAveykIti0fWHwRA57Ifa0SThghyOB2zzv7zIMuchepDcXh8BlKVligwq2NzsQDyGACVUIHpBB9o0o6haUtx6H-QbYgx3lU_-mIIgCWUAAsewbDs6txV_tVCQCCaN8QiP8h3e-HSGsjF5l3FtAqWLg4Mo7HtJoHX3o7_ap9Gs7-fnyyrnE7pX4qyAW1vQayjBpijlNZ3oqloogU_ZRrtz3sO8-RMooGZAexE_L_tz1YMH_dDPUITQG4lKKgb_XwGVnD-zDuOIyuXjNZu9ko37Qs6JgwxX6ZMScKL3umj4Koi8t-QgA-pjzF-boboXbvpecaQ--3MRxNZNWH8LixABhBXqjMXMRtk-MpCAOno3-_Tjz3a6iS7O39widYVNU8t6hHi-5fw2bANsgs7LtsmS3ozVaZb0lWt2KUP071_ECfdJ34kbPR_2LlhqRjAHbJv_qooKP3fld4KzN8r61DNWhDMJBmBjh-CorwwByixGOR-HD6XCwHXLEwGFbig9ek1UGyUsg8kCtEwhz8TKvypOoJqwoNuBKgaTAGMp_xOd_eeTFFcBkU7d-URzHTlyMA0Xc5Sq4vVre5XAeQGDSsWo_Z4WoyFaToTezKxeExi4pO_0XOiStwfCJxFRhgX3v17o3gbWuXH6v7cy1iTHn09av3D34lCWyAZOH-M_c28SRh4XlHb56k7YetUa-7D3S82XTjriPKdmaj4BJncQGmU2Ib37OkZbI_l9pk8QsVEE-77GFQDIM7Ja1ikdxpz91Q5EPcRiZVMiA7eOxkz2MxcAi1CBcCUP4hcDWOxgpl-bPQaKppd5zyNYDgTZvHhOsgW6lx9z_0we2BEe8bVdtN7OeV6gzzr6Mzr4Bf817uBzND1hWBg_MNx7eqj2DzE3GBGBrpT7nOpKM3fulImV1vZie3zO0y8mZGcH0qtAhxEjyPPF6TZGPPCwXX5yi0Qfce_MgrnTC6nyHNeMJWcpD1jRJ2iK2jlhaGBi6Q6s1Mm4nDjnbtKC02xiHdlbtdoShjBKDk8Grs-9LcNS7elOsSr5_4fte5HmyJQfohrKLpcfzuhabxPyGHr_j0YKq3U9glvw8E3gnhAPdK4veBY6t5KakfoTDgNUGw4MlFIV7zS4lxDj51C2cbazYZEG3ijEeh24TF29SQF6MrNPYOXxnsU0xHelBC7wBAr2HO_nAZ-50WHJu9eFp4U7P6XEEaJfikAV51GwgYNimscXD2TazXZWn6i876cphgg3tbesu59w6xZfmT7O0boxMvqq6vq2EkFGPkYEbrNu9PxCRF3YUDnvy6rCcPoVTJUCc2IEhZ6m76YnaonXGD9v97haWkTec7iEd49lgK_oqkMmH1wJtnyp9yM7bdJO-sIkInI5XDSsY5WM64yFp1Dl5gWroi-yOa7gcV6Z1fON13_hCE6oFXgc-Do0omu4bGHk8viJd3MWupSTrhwz5enpD_eMWiWdVQtN1DBow2ACIo74ua2TaNo6DHh0o0TbLO0jNfeTybS3H7EiSvfr6svA2Ms_njOjDif-UgnxOOzo9qJPAZnTxI7Wl4IVK-qQB_JZkKUeoztBKSPre446JinrATSE9yxELnlAzqmdUeknzas7561ADpBqcR23ShoB_Uzv2HOImMF5ib6UtyooKCy9AeOVvNcT2DIonpPhW_DOgOt9h2UJeWo0r-N6qgzorFYljozN4xriDA91-wohwwFq_0V1Mk-eMRiHpv3ZBOAsMbWeHJ9XtJl9rvwa6k1vWrIShMrsZEonDqETILBSyOhRmtfCsPZ5WRPQYnD7w&cid=CAQSOwBygQiDSgcjqNPfImrPxuNBev1MS2VzBdyXUU1jqRO0DidLvIMzM08Dmc5DSNbopGHhu6fsgnZ7NyfiGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=9608998460487782000&adk=578009112&idt=33&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c7b24b5c577eb559cfd73af20bddaa795cb60cdc2b1c928f2e7a913a83196755

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35126
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 5122 41 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BiRhnSHwN_58CluuPTb2PGZvaQ-Pc2tt-JLS6BFCHNyGsEk7h7ybmFePtYi8azAv1E5LFRnmHWa8y4EOEPDvVbA3rRhcNvGoyfNQzDklMQhuUFujMprPF1-II68oDuWHT4JV8mvRQQoQ4m1uc4v6kKdfZfqVMyQg3ZHn58fievDd7J404&cry=1&dbm_d=AKAmf-DXcm4Zr33vNC_QcxGETG7xygy2RUtxJVzRofdbGkgG9KHLaCo_akB_wuk-bMvmTSQGh51dvERZ1-oFIjAouMJwAL6wMlBn2HZK3cMSCiqeu8jP5w7hFPV-SU7ZH19eUXgA5mhKJC3i7ObBMWAOJpM9Yyo7R3ASTUQ4okg4sMqsoKS_AaaWiA4xFavnAiigYrHiBG5CDlnPmbuPLjalFS02J2e5jt7Qho_czPajj1l_5IdjJwCqR_ziUGXC_XQIuQ8NuBo_QP5JL4clHX6RC0rIW9Lny_p99EP04XQ_27cIp18fpTlGWzbffTzv9MnNhiRhmIxJWJuGkyPNaVks63ng8ewVWCzLMcjuQuuV-oSHdAP-c5FELrjHpzxrQIgtbwT70ylUt4jZj1ieWeCFSbbKcNTYyVRiIZNEPYPRmIeXFF-qVatZcQtnhEh2K3j-bUOxO5Q_C4BAssSznQpZUR16R1Xi8-ZqKQ_Imh_c1VTi0C_UHR7bWNl968Xcb9Hg8NzXG9tAAfSPY3m0l0aOCf1_Yy0AGCKPhmJ6ViYIiOrveqlCV8urFdplAa5srFGagA-vRN54pVK6M_gdoMud2DFKR7fxUmWKx4UdUNarDla_nqbpm9Dgv2jvmsY9SrIe-KALGUBo4ohTk9qouCBA_UD3zE80hZWs3uTijVze6oR-tMdiMDmD8SKBzJZcLaw9hrXEyzyXZPn_m6vYHI7BbG1aA8h-Od-P9t3C33NyUbpy3_Ol6CUYZhCAnN6sgg90Sg9m-jhCVtBpSUm4Asc5OQgSUFxTAs73lWGChnXTnsQgHApmcWcJoTayfVveG8I8yGT9qH-kAYp5rhWsIwWBx89CHdKuRnjvmbhgPI_nZsUT9YSEpRb4Ib5og8JndGgPc27Y1hsA0H8EKTa0mNob_niJZLpcG-uO8p8NkdwfUl0j_AURrTcJ1Oaracio9fG3rToljPLSzFoCAiRV9kNkseQzI_vS0QeAoOYKAo8YZtvMoZewbF1FxmZYW-R-P61T0Nst11quOxmfoUljRZnzpkA0KqWUIjw7feDsoe5eomsFJpv-IJZ9hW6gzmz4WxVDXsWVj2E2XskmqmsSVL7pKLV92vEt2Hfjyx_qfqLzGY1sEd4dS_trS2jdlu36f_DQskutnTdZ9HcaQ84RtnvRjJV_V8rGiD-BcGvel7wixo0R-hZ11zN2yu2ab87c89A2IKxWrHb5PfM6odzKQ7PDafpI_xmb1gTdmJrK3cN4j-8JVD-RGQDfg0usRBN84t4Z78NpBxNIQL0jTLMiL7PDMa9UtpYzvukzbJbXE86YyoGfCZptTiCrt1hzWMz_oEsD7qhIbjW_HOuj51LYrM0IJcgx9flNFKmKwMxl6KChU8oBdjCcaenSuEynLJ9gwQDvChWdyvHLJWuUJ-FQHEHhlUjg5Jy5i3k5ZEGR3ZAUwZFb1BEJ6Zi4TgzwFasnnap65WxmEwWjHMjsO7jGoZAXnb0rKNdM_L7FcJFBQ5sisPpwU5L7NqzK0Xq6YIlb1aeQb3mgSm00eEmI7mnmcJM__uK30fAFA-1qtLFcRioA1E42TcPUU2wyy4Si3KwkY4WKdgMqEHUuVN7L4mgYrw8yzUOWNisB7fpVtxVLT9-2fyMo-OzLA9a_tRMt3xbr3WJLYUe7je0ZJZM3PNi6ivG3r2E8uPAORwFUqsxbj71CfW1auWmDT1hxgr_sHY_ErYjLiG4khXmtAmT99XTqojNh5ds7uuZN52SQUnetp-VZ2iK4oou0OuUzZ7t5lZzDlO7ksLpg1roTOfYmtiDeh2BFqlZa5tEhQewjRWEL8mgvfl3qRVPW-rZbh8IjkBJfFshBWtCxcR2eoNW2ZOtQ28sCVpo6B1jc74nWLU5zzu4ceqfn8wKd7TUM9aLs482qkFgCi7-nFJIwcEci8JiMpacIiYKWcgCATTfFuSMDsEaWVAok3qk3eVp9-rJt_16Dx2Lj-PcTQM0zz6ln_wX-9DWKj7CjqtVjLFr_aj3AKtTrS90Tzc7qsWbNcP7T0lhkO7yWsLd4Pdu4_eO0ptyeWOjj3XL58dkH3wx2XsEdJY7-AKMYrZnsD2JVJ4cRYwWQj4yTBNC4LL0MdwCvvT-hH58glliNd1JJhfTIMpE1Y1CHPstZrrUXyx3Db5VwHAGAmC3oeawNBsvJr5GlqTdBI_9u-0Ti-fAkzFDbGfg3a8VgJVB8IVh42jW1Efmp1g_FDvCdYrOD6D85q7Ot42AWxWnTJg1EvYwmbNtujjKygZQlbwQQK3TU1zu_XxN07L0xM04n3aMXG0r2DeIspwF3obYAFEUyaLP6PyB29BKKRmoax8pWssqQRwjY-X-hHp_1ycPT6my6dBS4043T_FK4aRkGwBi-uOpUaslPYdzJegqssUlhVMxvEwLytKHErzK4vHdvJWehAzGJJR40kuIVx6NkL1DvsOdOu7E6IVvxSBB7iQmosTm43N1glqiyOrr4QOIMluD8RwTiRexIftUz9bNJke_Zqci-BaGv9fNW7kkND7zCp7mPoZT-bUxoH87r1PqsrrEODQQaSnULdmDPptSw2vgOxzR3f3gY7dtlo3SwES2tCjFc_IQjFL4Io5HhqS5zTFG80n0ayE2mTj1hR8Ulstr7m3miZANh8Q3rksts6_scZ4K1Mqo0B4iltKc5vUs6nBCINNPo4vheiHutG5ih3dAoZmPiVoZgSNGFa_gjIc5WznAhuD9YLzV-PeWdUAwsY46xHRes-g26Bd_ztak4usZpY3PA1r9cNFELZnL4i9wlHbuVT1v8b2P3TUnkyww0N1MdVBhEfs2TT1-gHtW6ASm6G18kg70b68gUCTaDPSbur9UDJ5t28f0E9u-FF4ejGqu_35_g8TRlrynv-BdEfFbxqXkl_mLoj1XI4uisXyGNBTRGNMh_vjjrT2O-q_zl7BjAwfX7N7ARYoqrqPWtNe2zKEuxVd843Hf7DE8u5O6i2Tp62lR_sL_OoRx0JT5D1w2_aqUgvY3oFCZMC1vtWTIbYbN6_OyR3GRQjVjZMrYU742rx_A&cid=CAQSOwBygQiDzioBRasWDXdhV_A8rdZx2Dz9kyN5TyZvhC-xPic1bDO6PM42Yy7IDbVmYr5VNy2zczdcOGEUGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=12035958757863162000&adk=212707235&idt=36&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 07:39:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 225253
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Jun 2024 07:39:33 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 659C 1 KB
643 B 7ms
7ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 32076
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 13:19:10 GMT
etag: 48472445140208031
expires: Fri, 16 Jun 2023 13:19:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 47ED 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5dfb1bf0086b8a02cc693559a1fffce75fe3676b824103080e7964b7b1487a05

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame D62E 172 KB
60 KB 55ms
8ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
Origin: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 10:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42985
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 16 Jun 2023 10:17:22 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/ Frame D62E 11 KB
4 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B2JLcMucXc_Xngss10qK3YH3fxbvIA3gZwJFkfxymY8Qyhl_0KGfF05qakK4H1P910ksw2hce-j-pqCIUDabVRJRk_YBicLEbVaG4bM8RlP2wyK6AKso09SlFXQSomSL_7TmP9qUmZqu8BM6-tOhWGUtxEL3MyO8T3tlDpEdaFw-EIsUk&dbm_d=AKAmf-CaTx822esUz7_UUJ1eB5fZi-wek3lRnpHjDlmR-D_FaCktiPSWo4i7pHShIO_WIWXTLyhPbgJ9oNKqEl9Kb7zxz-lyq_YSkmneUflnJWbjhARu0HVDggq06CyrDakIjLaJrtkViyknIimLqVXqCeXj9JeqdDxSb2YTUskgNhihvncCFcex4inP0mWQZz_i5VNXIH0gqKM26i4pMgKYF-Rrp-B0T1Aa_4Y-wZBJwpuVJ1f1j7DhmRZXd2FXaP0ylIzBKgsLFNyW80DrfuvBjLj0LNm0nCoscx_PKC8btD09bOB595r_s6_88JP3e9m7Zk_TLSEew7vquTFBmZNb0EWEXRuOEaDqVYUvs73b2X-uWVjUok-Dah7-4AZupLTOrdfhr7teUym-_jVW6-t9qKqIgiBujJDh2QKuOBg7KDz8yLXCDhzw2zCRh2HglBEqRKUiEsSIALdJpq5asHqaltVpX4xMnWlNUJW9yjn6Xvb6T5Fi5zevlWUbes4stDo3iDXzdKnL4fTihJMmOuga0dpLfwYEvFABvMM4ieI4dDq1_NTgWT3Xbk2mlXr7zTslix-HPQEGBE80zhV6e0B55L-8gkOs_fih34kzqHevHSWMiMWR-rqfszlJzpTpkD06eSJKygoZlOyHFuE6ZWs6rqy3jnrpRr1HEtmMBEjYGAekxALBSZt-yOSCu66Kcvlu8Ao620j_71fhzskv8XEedyiARrtdDnvw7c9iAP99B5Oa_ge_MXBau3JNRwD2ijzNIPAv8ThtlpTMtdjTI041EaLDC0pB9pQEDTcVHUhinNxb4uaPP0Og8C1s5GgzbmEDwzoU3UoEIY9DK9SO-EZdf5Im93OySs0tmmOWeHGMAsKZfEi4Z7ZqpHC-NGl9pryZ42yWfA4q4fEuI6OeTbnV1Mtduvn9E-wwMxtg-0UapI-VVw-IulFEtdHOcfQsafsd-l1LY9IVT_YDRukPEsnBQc5hoW1YjFY_rbwWpaJ3j_17VJ2Ye08zkm8DL23v9agw0Kud9bOT1_lrDu45vrMd3MWUWGOXcUqvussBQXPPIjw7aEQEwBIoAyh9lEW9hlshmBy3PB_mpux0HS26g4VukudNHeAITvjkjZ_F1SXBYgBSX79f_FyHFAo6Nri8vIJMYTgsiiyAovSx2izkQdmuWcaIC9WcPDVvd8riaSvxQp47tXq7fs7cNIMsi3OJtGa4mJgKaSSR3bpek-x6kRSyjKyBRj90xigVgMvy2df6hkFaXyqQgveKKcaXSJ1bKf_nz-8zTpr2J27AyZAICeRJT7wN0cI6oXHgVzJ-R8OHbmCOq-1vhGh6zbsuaM3kU0j06tOsFZjlMMx4FGbPBKuXbKEJ5zmHWLnouSf95djPTLLbEuUAmTIvEjsyU4GolJs8ZCr_dk0ExbVX6MaaCIHIh2Wde1NYybbsgjbu0V5BuxQyV6zocKkti1Y2bddlcedGbIXvUtWXFWBHfmHYYGWKcILiCcHmCmPPFWjBGFeGlm7E0LJ2vdy8hApW3o0ydZais-9ye-hgTL4ZkjgRfClSRmypBfonlq1j6ben5AGYjHQM_K73_--nRQg5uvsZUz3FwQs0TALduUL0oFSIxVcA-E4CbSMUeLvm8uoFuI4ooJxJ7zEBezB-3pYzOzobmo6KmSMP29dKUOqgCC3b3-xcXOD1dYKt3Boyj4jkzrwwfNMjh0kkHRljPxImyIokFCpGJ3IBRqi34mqbnbwY0Y3Ccglg5b_NKndSjMSgMKbLaeG4JVfbhTZDvDTOr9hcmfTwRmn96CXNBr1Nc4wrh10ECMuGadOY6zxZqHNvY817y_khkVBcn_0nMp8jlIkPAGYDxHofb9WVORANiKqOggZmLX6j3EDjreKe6LIJgaQjEY8AIQ_GNV8QO8ZOWWzj4QmGRU9DsRCuxWE0D86NR_La4yYQwXmSpcURFPhaK5ExybQx4CyUBwtDPSm5S7QaGt5WR1f6CMoK-FgO3M-IF7Bh1oYYrq30bZg53LQAIue-Xsnd6Lk8WHSjxsw9cbzsb_7MXRGzCNmxsRHZ0yWAVA0wvLuDmUkZQMZV6WPyma7lcYAAdXbnIXSY1weWGGOJzgcO4X53chWzolGyMtBhVbs5Mf1l7FuidLDoeKbeY6BYliObNPLYrJzVOx4HYOszvJrR85hopU4pat31gvCXCRxA9avd2orNU-7Xfqx7AbVe0infV3HIJbVnWK_-wQWREOHR64DaFp2dhMg_x8Iird8Vbq6d1rE0ztGLCvFr4fNQiSgFbAaefQP3rq6AvuCLX_pax73KGna2xkXGw6omYMVHVWtdPqWY73uGFa5o8Lhbu8S4r-I7dQdu0VBQZkg7JAcmRebq97ibKWZRk48FcPfYT9TZhoOPkukzPfH3m_cuBQ6llwjsPJ-Eo2Q4QLFg1O1nfr-WjdKTYMgpNuX1TvpDSVUPybePEdoBmhJUPK6ah3ET7-GCczksEVRTPpwkLOe-Ld-IBLcjy9MmqBq4r-Lxc4cvTKzsHOhbtw47JVj4WZjKuiuMUKxvRbOCjthOGwn5geTgr4HZNknnd-bZlJb0FvtnJL1GqFTbeCy0ir5TAislmVeRB2dp0JSMwRbk6aBnofIprQla0rkpLXlDNT3Eg3_5Y1qxfYqFsplwp1VIB2vJ0EKVLuzvlsDMtRkFa-Ullg3ungfmPX_zzRmwafmwdcXjaaa9-ekYKuntVONeMNtEbr7UMtnVdiOZXpDOQIv5oXsu6cmAtZBh7hbkvcVdOJsvPyivl4J0EiBWXnONvmA80kyvWvLbFulusvb1_krBrLO3q-Y0LFCbikpSzs2LfI2NrkLTLEFImAsJzbnbJ2l9OElAbSfMveuPv8KMtFqwGq1arVQwI8Crfr-lbtBS3vAGAxIXuXiwgZQuwOI6q9eeFI0Vvp-bPEfyYscTLr5M-jYXXnFf8QOcu7SX4hmJaxr5xeoLzk_TUZuokQnvQmZxQxbbj9DUOzPqkWslQJ_N3m4tOxue-mvuz4OWcy17xu2OIPKmsDbNJhYCC8rvZkxHNlyRxdOW5GMpzKuK3crcBeXwLUxmyyiCX_3aQLa2MLE0Ed4U0k07krhfRnzerTBDeuYoo2JIOniWkxzOdSRx-h2Sc2pmjdlSnL5nJsdHeDy5z6c6mMDqXMmNddiimUH1eYtDAnPUfhpujXi8GnCES81dsUrxcF7jmo8DOBAWD4eWHtrNyfE0d6-ZNC1rYuASInQs6CmDWCc8bbqVa-bZnF5FziAybJqc4z06trYNBnbyuvN19-T3zaxp1WXTX4Jo3W2QFjpPKh-oExuUWrQCBIcGxBCUuzNbqI88xuTB0dLM7uTzSLeFiCFomRGJZSt6mGLC5RRMiGq-m6zK54zi2dCMi2nXxFv1sQDUCNg5uDNZtY06R_ohl9dWaDFK4XZiYqSAI-0-2eePEGp86ejWxz8ZWgZYEWtJci49mT_oypY-t1d87NOz85PyvepTg5a1OfYE4-OCcQi58VZUveMylxnyD6aeoigPP45vk9DT6ZyyfGfwMa0al3XaCjKhBx4bT912Im_uJW7pV1W7uewdAylwsCMDTV-V-sVNb1pxLXf_nex-PL7cLYw5WDf3v4niPH8Gh0uCsKV1SymWATL1nih_C__dWDP4I11P-_0CBEZM9eWFVw&cid=CAQSOwBygQiDh5ybttJZv7ZvU4ewyf4DfFJre_Hj_zQFswLv9hNHIOpL_admqZmcjVcaq_pXl_t68eXRmw2fGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=7913394521251741000&adk=2465470143&idt=33&cac=0&dtd=37

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16402
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:40:25 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/ Frame D62E 29 KB
11 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16402
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11316
x-xss-protection: 0
server: cafe
etag: 309758756414748794
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:40:25 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame D62E 41 KB
15 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 07:39:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 225254
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Jun 2024 07:39:33 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 168B 1 KB
643 B 11ms
7ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 32077
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 13:19:10 GMT
etag: 48472445140208031
expires: Fri, 16 Jun 2023 13:19:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame D62E 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0870f8dd92fec1ce4f9fac7f858590d73c999cdf9eabdb5ec8c770ed869b432c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 27F0 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BUv6lw3e9QvV-phSyJGZNomXsJL26PGEtug25BC_-fMlnNMxb6o7-72ZHEellh3MKFawDy5SBDdyyZaEcPSIbcuaIS4gt_-9zH0K44oEmdwhlX7ntEgru5T5hwFrs3mSgQI2Q1CxgADIPHdulCub9fudHKekZ7z6M9xoKuxQq6OKCIW9c&cry=1&dbm_d=AKAmf-Dcq9u-2Ji2O0dZrnqvZakOaO52pAW9rrqyKK2tdT6E7XyOZK6cX31BNneSDwPhNvoWbFcJkjOQNX3cWjOlG4aYtxPJMWW2uveT7OmuKtBoewcehAiRjZ75UzriY5yhES9MHw83huZ_Pw48QMmJIvCzPIwHXMvU3m6OfPqLjHwjfxbJJbdV4kRJuK9SdL47HdbHsZyuzPxbBOQiZyEEaItv7nZbFuobolSki71RfQ-euXkFJMuscp01tFjcKVKhqUTZ5cB63lxIggk6yzSDV3y0sLYVX1H5WsTOUW-KCaLpUpqv7zx5QeULGM4quwbQJQHdrIXrCBNxD20amroro7fUW_oNLUMa9KHVIIDsrFc9UC81FdP7Ce_2vLlN62vIYTqJMl782dHZhARCrnWA2Hc633mq4aDwUFwFSPO65FUZ-j7AvkLKf6MPFgVash4uzgHjzp2yRJEcUG6d1RhKXGwx9Vzk-IEooy_ZnB0KcSPaNYr3joP3rFLB_FpTtfcBvZllchjB-LsB8iYV_Eh7oUlfVjVszjmM3JnUbZ07PJv0APki98YFDVIoCiGfgamE5SWQ5m2zaI3PUfRGuO6LmtdtISg_1FOK8a2VZNTc-jxTvU2rIVmXWNiaX2x0E4Pxh2I4T-x3NOblkS-dId6-h9CcFeYWO4yRS3NZfvZK97Yooqd0Cjnx8VSfAuj9wD7Vh_Vx4-ALAzpjdDpKE1wSNzp9faRcDaOWbbBeSiHt_JY_7fR19BLtRN4shHo9sd5dkV4ldfG1SlLcfQyuCcGxtEwyyP7bYFlMdcfcnLQnt3CmUVRXZXqD6TXfgpYwOXhVHjxEKz8HDZ805opJNtyCf0PT9MtzQD_Oh3ak-uzdQExrkGQVPJ5tb4OF3ZmlwS50EuskQUE-ct0IiTvG-QIyOwT_g7blxWkxozm48AdytLRT_Q86FFpFFVZ6ZFb4RVqUnD7j3D3kqg40L2r4hIQV0mgOGv1F2-2npG7gxmdYEH8F0uykcDnkhl6dRJf4bou0g1QIrHwGfl0nPSEbEhYm1SgO8tR3MkX2afGsme9ynBD2kNdR2StN2hxFNoR_EUnrf388_5b6-3IbPrnxSRIv-BBi3N-Qr9bbjhFKIt7x2wNuzfgL9teNdlRIROAYw7KY7HYB5BfMfCS1-jHS_sYu6LBsEe116STmoUHj1ZENdST0kXTiye7qkHC-ub3lYEIpDp7YFEBb9JYO_QBXs6wRY1fDatuNFGGDDk_Yi0TTUscBkKOayZYFKPAHYMHVhHsenMe6e0SNALS6DkMho1iO4Ul4DC9S9gmMo4LSJkkNNN7z3JBB4YngDF6Dd0uvpHoquwU5vBDgfawWaPpPlMyE5hKvVvX9q2YdJw9t0YWP6R7cMl78hWBn7DWxdHx65-Ldjfv1rs8LssLw7YM5ANZzPShLLpGSbJSuqjUpPyq9-pvY9i6Z9It30LX4L3u_hOh_Ku1aKEI9bCPBfsjVjed_3ailho08IVgQLJ9qqE0KDBxtMEvyrQeBnA0WdNxn34kgLe2shPozEi9kFX1ehCnqatymF792EDpoUttEkEo2kIuDaT7-kY2W4d9PXiZrY-9bPT7SXPYGeIJUmT6AMsLPiI2iyD7CE6v9zkftVADldcPN6Pb_YVpW-X6ZKP9VXwdGineqJnzHiBp6OSINB7HpskFf_Wx-SUtICYeqt8FXAE_idu4al5maaa-IteCYtKdHjQhPER-pUklOx3gmZF47AyFer95jcTvoVfQ7MJ4eMqZgJ15ucNJysDlaXrVY_Fm2oh-dZQjWWLFM7FbyiXCYKDqbEIOA0I7Hb570dJeSUHiGH3CnLDh8WxoP8PCRkHyTT2srMwv1FnM6ZW1M0Utm3sVzjYBDDITvfX0MzMSROGmzVatH58chXHpvGS75uU89kpo4HYKQyu18sJqojIO99h7Inl7r4mvLz6TsOvz3zXdkQIiNxvTQKmEoxX8c4QyM6Iz_qaAvtBcuSli_d1FtJwJnIoX6LJHLC4CPgWo96fg5H026AnQSNtoHfBQvvWj8HOFPEiIU8klFE-J1PbvVfoeOGTkWe4HjtEiCzV8UwCVwdLVH-mqveE-KU2X6zGsQ8bz9AIlfppxzNnmqso87Z9DERHECzSjDe264vZ98_07FhNm0OwiI1EqUSBMs-fLfvaB5qM03bsZCUUPkaIt0WhIUyUa27hFS1pRt5RKhIj5TzIIjHcFOkPcjxmOIojHRQ5UveAsrIE3ADmIisG3CXrjcSh5xnFRFxxWyUWNTp75SUbvWi06MwZUvYwBkj62r5fSah_Ru1Fh993d_j6qdnj-vRVZXbXg6XyQ4GHS16tJvbuRacE4LUVCoo26IvRnQ3gHPCiVSL2TuFWN_Wdww4XPwvF3byDXvNDLO5bfd11Ona6AcPp2VKbxSQ3NpTI7nLeD6UIQaKl121q9aIk6LHEIeD_zhE3yxgfKmJ8lp6OV0uhYRqcrxJjoY4w8OINI0NLnliOW9bApLKaO6AtQodcSgDva0VaeQFO81nhgbvaULnLiE0bjFuGak1mCVu6k-2uz931zgd2L88n5yy6Z7xtQDiZdHeiP5_WyS2mEFt0AKJED1VbuJESTT1MELAEZMpb2xemsbbRiVWp7yWY0tzCsOy6AMFUFI9qX0qxZHpP2_gdcnJdHnwCOcHJauImTwsWR_8kM7cb6sOCVzLZqHdePpfIB8nfmrdNgMq_24ZXgJiKp42YMBmJd2VjP3FxtMNNTuKj6l1LcQVs57oD7E7blCAd9j8P2vp78SY5Wwog0niHw9xjzxNvtSaVwDhdXrUCDtKuZbkdgeN5_Dmpsg1bdN6FUtFOxO94g5uiNiadYsKHeRdhR7SysWEs3_3yeFsyHdFRXa5aBGDN7n9lcqH6Of5KWbYgBOLxQPs04G8bbXyInvNWma1bLnWKqfxbNeXYCnXtaq35KAtW5fhSXLXBXeW4FG_ZBzkopliO6A6tmXpSed3cBVxhqU-blHaT_OyGhFBJtS6hg1jOSZyuJk7R9_VDzdgFvoQu9MDBz83-Pe_pU7LWg&cid=CAQSOwBygQiDqUJA1GQbRN7Eyy5xy1KLEgyI1Fd0LLj1JT7A6EEAhZJNrZJK0Go69gr1bfYRL0LGkRX91540GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=13364904021248578000&adk=3587751834&idt=42&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 07:39:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 225254
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Jun 2024 07:39:33 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 47ED 0
0 54ms
54ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CNMk3Go2LZM7uGoOxlQeYtIPIDLqItI9cnNfu7qkIwI23ARABIABglaKSgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBPcBT9AFDgJu6-wx-WA6wvlCm2ce4DWTM9R_1tNc_ayRj8o_cCjAfeX2dqf1kcCTGZ8DmQ4GImkuETx5WHFU1OmCvAreAiYNnbBhCOpLzvNyyCtg4M2lxuaJoSTtvRlSuvLI3xPpKISUljnTCoPYpMDGAKU8Iys-7QQT-AqXcf9Tl1-vB0651CibD3yQoR_gHHFaTSVgsudD2pP_SPjTMYmQF-AB1ujc5aleKiMo3N48Ay93Ndy9mwQdNqzxas0Q7KqngPfOMk43WVD0MqSq07e8CWXeaXdzRNqD9TfmNXk97i-6O3_NURRUcFVecfCXBKwydhPXGxn7DuAEAYAGtrny8N7048SLAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgEDyCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNzk4MzY1MTI1NzgzODI4MhjqwW0&sigh=UOFHBBHbBXc&uach_m=[UACH]&cid=CAQSOwBygQiDP1aZlWGWUES9F0vUXixhf4X8zJOnJPDcgpgBbe70adYwmXrMrelFlyq3mTGmIIjxkwnbkhUmGAE&cbvp=2&vis=1
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H/1.1 200 a.gif
i.w55c.net/ Frame 47ED 42 B
582 B 71ms
8ms Image
image/gif 3.125.31.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.w55c.net/a.gif?t=0&rtbhost=conf01-europe-west1.rtb.roku.com&rts=1&btid=MERBRDVFODFDRTZBNzVERThGRUVGMUZERjk1M0U5MjR8R0ZzejhWZ3pieHwxNjg2ODY3MjI2NTU2fDF8WG1FS1o4a2t0eHxYUks4TjRSd2FpfDEwOTg3NDIyMzVfRVh8MTA4NDg2fHx8fC4wUHxVU0Q&ei=GOOGLE&wp_exchange=ZIuNGgAGt04K5ViDAADaGDsOttCS6Qrqp08rAg&ac=WFMwUE56aXZTMTpYU2YwU29uZW43fDB8MHxFVVI7&psid=NTkzOTA4MTEyNTc&js=0&ob=0&ccw=SUFCOCMwLjY4Njk3NDY0fElBQjgtOCMwLjQ5ODA3MTA3fElBQjgtNyMwLjA2NjcwMDUx&ci=Xmwo1n97Q8&fiu=WG1FS1o4a2t0eA&fid=XmEKZ8kktx&sd=ye-mek.net&s=https%3A%2F%2Fye-mek.net&ts=1686867226560&dvdp=i.w55c.net/dv.jpg&ai=0DaDXCcU00&c=DE&r=HE&m=0&pc=34131&rnd=5480625215075037&epid=R0wxNTIyMg&ct=b126c92c760c4964ba6058483a07fa14&os=Mm8wMDAy&dc=NzI4NWEyMmNjZmE2NGM1Y2JmMzBmYzExNmQzNGFhNGU&dv=MUxWSXJn&dm=MU1udVZVV21Ndg&l=dHJ8fA&ri=2rxtlU&cip=1&alg=TGcwMDA4&v=0&euid=Q0FFU0VNZ0ZJSTdHQnl4Z3NqVjhhVllPeGdv&mt=2cmt0001&mi=d2Vi&dt=2dt0005&tz=RXVyb3BlL0Jlcmxpbg&sg=FIpudONlB7mW7PJ5EYtVEQ&buid=Xdb4DXiaK1Q&hmt=1&hmdp=s.h.w55c.net/2/948461/analytics.gif&hmtiu=9484611643830741015000&uidu=CAESEMgFII7GByxgsjV8aVYOxgo&spidu=GOOGLE&pidu=15222&hmpvu=49b79b12-14ed-4304-a48f-9f1625730a06&hmtsu=3&odtu=2&mtfu=1&crdmu=728x90&cridu=XRK8N4Rwai&naoh=i.w55c.net/na.gif&ndgh=i.w55c.net/ng.gif&cbvp=2

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.125.31.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-125-31-31.eu-central-1.compute.amazonaws.com

Software

PixelTracking/v2.0.30-780-gdfb6b2e#rel-ec2-master i-0014315516ab858c7@eu-central-1b@dxedge-app-eu-central-1-prod-asg /

Resource Hash

47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Jun 2023 22:13:46 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PixelTracking/v2.0.30-780-gdfb6b2e#rel-ec2-master i-0014315516ab858c7@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Content-Type: image/gif
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 42
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 6BF1 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 488980
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 10 Jun 2023 06:24:07 GMT
expires: Sun, 09 Jun 2024 06:24:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/ Frame C337 29 KB
11 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A8G03rcdsPQdhKfZc5qaePAlEoUNy1MChllVdruOdJyKqVTVnVTDNwh3WrMm5avJkQ20WMMjOQlix8K3cPCwH_x6gG5g&cry=1&dbm_d=AKAmf-BMwaVhy9HggNViHgGdA9UEepb3CZJ7LdDYpv7yodEZbpsdhyb6Bzk9ZuATtoM4cCDbrZpilvKTtvbsAo8zE3x7a-x1he4qlPGvSbfE-G14lXogfxhjdV79_paYmIyHBt2NfWajWUVGsAIIken0HoFPR82xrI8RUVO3IiA8EwsMUWKbckfk_xKWo91kNXFKRltd6I_8gOfF9wcYwGGa_uIOeitm19mCh4V4kkKm-2yxjJQ6a8HRatnW-SBKgeSUOlXeJgVOdP0w75184Yrw0KDcxoCI-o_utOw0pm61-GDdvngBibjgVW46C0NzqjEO-vvKlUgByhHtBYs1bD2vuJ41ROaFJ_nuOHk1vS3jb3cNT-FVTW1EwKLflsRgi2Dh9O72dIQhA95foikWx1m8oe49UUbOSIpAIbBdmgAYpBixOjZCq_nseQq5WtlmbW4dTW_yEiPhasZgx1pRYjqB1wwL856RkpfZRhdsive_UDC6libFLWcPFj0tASLjN9GBOpD9YKMFXHdCetETsvCyCy9CJsqWY8c4XItFHMiUyrZxY_A26J7E8VqNy0P39tej9US_LtDcmX6L0yH1TxkNl49KZDgXiGtpLoIR2z2LUYtI4KOJNFWuv-cWgeNcTRCCK2aZ8-kijsDeT07WBegCWJDufREqymQN_pawAL6u9_i8KBgbX4QQbXzgeno4reazw2jLPFPoFYbSMX1B3yNXkR3YevVs-R6u44zWR25B2HjrbBnVHyoF-cjflR795umdDigbXjevq3q4g2iWXunqTmrWQl3osDKhUXsEIvdBM3tLE5ojHYNN3m1n_eboZ0Eqd03v6B8a94t4RVQISCtAwKFf2BlTGuP-fYcIEPp80S_RksgpeicV_2pGksj5NFKS4yMDAegEo5cHmidC1aChoM2FYhM7qjl30G-ecECqvuvq72aMxeuWjZudzV_GRs3J5xXAcMa239BxNdjKmxe8wPJ83Q-YaBntqCm490AWvQwmwmXlFcl6iVWqzVX4KLxBh05Ulj5pwS1_jWFc78gq515DRy1zAKUMoODONWZx05llnAWqItuP7H1r1B6QxfWWBCCHgi9cHTs1f6tuoG5Hcm6sIwLTMl1tJTV9lsmVpAG00OkLQ29sBIzDMm-IqlQSQVl9qEV3-oDd4sTIQN-uJFCSJkxikFtInKG1HKhmsGqjadhWah2RugaFYWhVjWI1yysXP1GiU0L_N_AUDRnHcJcZ969VjFb1fnssry_b7t5IdzR_HaFmYlPWKHdxJ58KM-pcJUe7bnp3iELY27jHRTm4kjaZFXZoBkAIXiIaZDmbEO73sHdClb3fGQnLMDlPmGGkNisRezg1p9_s2VhiIz5erJPlXZwAww7zMa4H0ufo0z4AO9lcUPKH_qQV81rQmkUhKcRG9kFFMxWdXfeoGLnAbZHMF4n1QQtVecRRMdRowmWB3vw4NI7rV3Z0oz7HAvSQn0Bglr33xt9MgFLB128Eb8mT65hqAb_dui_eXKuOjo5y5nb5SZ0N6BY18eOmcsh8NgMrQB9HCZXTQ4JukUtlP-_Ke1866t4aAO5UCZeOwkAveykIti0fWHwRA57Ifa0SThghyOB2zzv7zIMuchepDcXh8BlKVligwq2NzsQDyGACVUIHpBB9o0o6haUtx6H-QbYgx3lU_-mIIgCWUAAsewbDs6txV_tVCQCCaN8QiP8h3e-HSGsjF5l3FtAqWLg4Mo7HtJoHX3o7_ap9Gs7-fnyyrnE7pX4qyAW1vQayjBpijlNZ3oqloogU_ZRrtz3sO8-RMooGZAexE_L_tz1YMH_dDPUITQG4lKKgb_XwGVnD-zDuOIyuXjNZu9ko37Qs6JgwxX6ZMScKL3umj4Koi8t-QgA-pjzF-boboXbvpecaQ--3MRxNZNWH8LixABhBXqjMXMRtk-MpCAOno3-_Tjz3a6iS7O39widYVNU8t6hHi-5fw2bANsgs7LtsmS3ozVaZb0lWt2KUP071_ECfdJ34kbPR_2LlhqRjAHbJv_qooKP3fld4KzN8r61DNWhDMJBmBjh-CorwwByixGOR-HD6XCwHXLEwGFbig9ek1UGyUsg8kCtEwhz8TKvypOoJqwoNuBKgaTAGMp_xOd_eeTFFcBkU7d-URzHTlyMA0Xc5Sq4vVre5XAeQGDSsWo_Z4WoyFaToTezKxeExi4pO_0XOiStwfCJxFRhgX3v17o3gbWuXH6v7cy1iTHn09av3D34lCWyAZOH-M_c28SRh4XlHb56k7YetUa-7D3S82XTjriPKdmaj4BJncQGmU2Ib37OkZbI_l9pk8QsVEE-77GFQDIM7Ja1ikdxpz91Q5EPcRiZVMiA7eOxkz2MxcAi1CBcCUP4hcDWOxgpl-bPQaKppd5zyNYDgTZvHhOsgW6lx9z_0we2BEe8bVdtN7OeV6gzzr6Mzr4Bf817uBzND1hWBg_MNx7eqj2DzE3GBGBrpT7nOpKM3fulImV1vZie3zO0y8mZGcH0qtAhxEjyPPF6TZGPPCwXX5yi0Qfce_MgrnTC6nyHNeMJWcpD1jRJ2iK2jlhaGBi6Q6s1Mm4nDjnbtKC02xiHdlbtdoShjBKDk8Grs-9LcNS7elOsSr5_4fte5HmyJQfohrKLpcfzuhabxPyGHr_j0YKq3U9glvw8E3gnhAPdK4veBY6t5KakfoTDgNUGw4MlFIV7zS4lxDj51C2cbazYZEG3ijEeh24TF29SQF6MrNPYOXxnsU0xHelBC7wBAr2HO_nAZ-50WHJu9eFp4U7P6XEEaJfikAV51GwgYNimscXD2TazXZWn6i876cphgg3tbesu59w6xZfmT7O0boxMvqq6vq2EkFGPkYEbrNu9PxCRF3YUDnvy6rCcPoVTJUCc2IEhZ6m76YnaonXGD9v97haWkTec7iEd49lgK_oqkMmH1wJtnyp9yM7bdJO-sIkInI5XDSsY5WM64yFp1Dl5gWroi-yOa7gcV6Z1fON13_hCE6oFXgc-Do0omu4bGHk8viJd3MWupSTrhwz5enpD_eMWiWdVQtN1DBow2ACIo74ua2TaNo6DHh0o0TbLO0jNfeTybS3H7EiSvfr6svA2Ms_njOjDif-UgnxOOzo9qJPAZnTxI7Wl4IVK-qQB_JZkKUeoztBKSPre446JinrATSE9yxELnlAzqmdUeknzas7561ADpBqcR23ShoB_Uzv2HOImMF5ib6UtyooKCy9AeOVvNcT2DIonpPhW_DOgOt9h2UJeWo0r-N6qgzorFYljozN4xriDA91-wohwwFq_0V1Mk-eMRiHpv3ZBOAsMbWeHJ9XtJl9rvwa6k1vWrIShMrsZEonDqETILBSyOhRmtfCsPZ5WRPQYnD7w&cid=CAQSOwBygQiDSgcjqNPfImrPxuNBev1MS2VzBdyXUU1jqRO0DidLvIMzM08Dmc5DSNbopGHhu6fsgnZ7NyfiGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=9608998460487782000&adk=578009112&idt=33&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16402
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11316
x-xss-protection: 0
server: cafe
etag: 309758756414748794
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:40:25 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/ Frame C337 11 KB
4 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16402
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:40:25 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C337 0
0 99ms
53ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsusxXue6I3zRabsrcz4TTsjCnP4dArQV8F6b419X6u9XZBZvLUgmkaca9kItOPEkfR7Nqg6dkbBLgAUHqlWlLflchHWWKX5FxLmEpAD1nWWYp5k2dl-Kllq9E913OVnu0OOtJPovh59fsDClheVHW8AVL2Vv1genfr75uGUAtHgHzDal5rYae_Pt0XUrzRd_E-ciz9u4kMAC9L-9TQa_qwBKisw7axiCJwHhLVa5OG3hgFhIrn9i6dHGpvv3-HAq07yw4oqXCCna_xGwWCq1xJeUkyrl0SakDQGjpTH3Mm87WsfxaB4U-BDI1KvHsYBTTZVzuhu13H4t-ULRQQYnDsvFRl2HrDZseuAkziRn1MiPdJbavFM76jjK6YFHD2znx9HFHyzj7CljubyTpPYfq_8ayXHcq19Xi8EOzsOZQCAoiI8vB-7ZDCei3hcLOJ7ZPCWk7t25qlsgIDOGynOUF_g_EbPRr8HrpTd_GHBJmC9FH3k8HukR5whVoQqhHHthtLxqPoyeaKxokqkYHRahUim9qWea1qutyFgKlWESo_hNmQx5khW75X_wSqkEwXjOFosH_BbrWjECBqqtnEkWsgt4uz9n_VJqkWxZuLsjDgt6oGItkgRUpQJ6Dg5FRO4D3x72HIn7Bdbg30T5eiHd8ESgQ4DL53yTLt8nDwmt0hR-zSLP4j3jzeJnoG6HG-ZhZLoJUVDXLPStULAJZULbiFH69rJFB-CjdiVSW4nn5td8SzNbSx7hDagTb4Ev-eUUANPBLaNnc3TIKZMz5SqmgSH1Nex2FW7z6hLwmJFnfUmg6ii8Ixh7nHQqlW2vNKmcKXheFaV0Sh4S34WnpCUJ5I4Ququ8bbM86qTo5GOl--2y2mf7gSPkFzIA0CijQPBZa0FlV3EUSFt7_ensPlV9-ERP6nEKx3ANjqB-0qBIFEAyoog34m2PaUXOemjjbXcSkeWXjvtPqoXX2q-Ri7KRylTkxWBj03u5o7E9Qp4Y-izx52A5JT7YKyWxX8S-Xx8TRtMUCsyEDcYee6iuKpg7-YhXIt-SJyBtTHMWr4rZnqtsaoYuUBqLQGqWijtY9GS2gYnfWlyoAwv4UGGCBWvrtsNUqFt5TYMeYbxsMdVKaIh8G3ki2F3Ih26tO3tLclAwLDi5ra7czGx3ubLfNqPzoVOvAZCNDIRwUQ2q2vJg3mGRrGAjj8Y8QjlRC5EFvZq8mVOE5J_jphviViPNS16GSEMVCxmbEAuoMox60N5Mbjc&sai=AMfl-YReYj-6a_CbtzwLNWZqSOHAdMNb9Lgu89A6DOi4dp3s5t9DsJpg7E83dkTQX9nzcJZ71Bm2n7qYw2CvwNf4JNc868yfqK1EVzKWx3YE2x4mqsow6yGE7bC8YD_uy4R19-kxRuU6poHFrqTZ6D6Gx44rw-JijS6MYbxBjvHQizksp9ispNPYdAlfK-NflIHUMVdTPFJI0lM94ecJoaCpGhQOHDV_KJygFF8m5psWXur6rSzhXWTbtNEnv0977nA20-rK&sig=Cg0ArKJSzLz2hIP1EaW1EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230614.43952&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 15 Jun 2023 22:13:47 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Thu, 15 Jun 2023 22:13:47 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C337 41 KB
15 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 07:39:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 225254
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Jun 2024 07:39:33 GMT

GET
H2 200 16517925057805721467
s0.2mdn.net/simgad/ Frame C337 26 KB
26 KB 9ms
8ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/16517925057805721467

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467fdf5409ef15bc78672806dccbb71c34337a721454f9917f2db8eeb8e31fe9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 04:20:40 GMT
x-content-type-options: nosniff
age: 496387
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26981
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 03:28:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 09 Jun 2024 04:20:40 GMT

GET
H2

200

adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame 27F0
Redirect Chain

https://fw.adsafeprotected.com/rfw/bgd/1352960/70224255/xbbe/creative/adj?p=APEucNWkcZqnkVmkesuUrqsTnH2tUrghoQk1-YLL4wGGgy8azDUzW5Q&d=CokBAKAmf-DfQ5tlPF7fVM8k8DFerrrAZ8goK_3ZbmF3PFClNE1KeYCaBAFJZKR...
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWkcZqnkVmkesuUrqsTnH2tUrghoQk1-YLL4wGGgy8azDUzW5Q&d=CokBAKAmf-DfQ5tlPF7fVM8k8DFerrrAZ8goK_3ZbmF3PFClNE1KeYCaBAFJZKRlkp4phcgSMrECuX9384FpFYgrt...

75 KB
25 KB

107ms
56ms

Script
text/javascript

64.233.184.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWkcZqnkVmkesuUrqsTnH2tUrghoQk1-YLL4wGGgy8azDUzW5Q&d=CokBAKAmf-DfQ5tlPF7fVM8k8DFerrrAZ8goK_3ZbmF3PFClNE1KeYCaBAFJZKRlkp4phcgSMrECuX9384FpFYgrtpowGQrzpdRpCgv9p0eWHhL0zYazQ7XGF0Nu5FEo8tJ_IVt4Xmrz9pkchmEo_YEamV-6SNjKYtNivMA8mGD3cEL3pEmKdPvqooMSqRQAoCZ_4DeK8oWQfwwdXO8ESzjYo5NTtLMH6QTpKtJB_GPNBDYdPCWrMhY4FpM1RgEilWFBa0w4Lx8s_pXQZbhEW-iKOK1FmH6FSKI8ApgmIeE39tqbs24PafVr4CvfgiNzucXGZaFpionomLruwyhvEzeWkRvaTI-JWXENCHXximn0_aoWNAArO9JBR5gX0puGd9ky0nUj1cmVhaCJOdKawtJcFLHUJ4XQwmp_veaBHLZc07mOhDybNTQvzstP_lcJBYPtlVemEBF69KC8vfAjwoLXM1lJNYdWCmhrSIhRrm10I1ebtvA9tfQoBuxJLC3Zy2x6-E_AQQ8Mt_UtIEXPn1jquamTh_udz49NRGmS0nLCeB8ychsCSxWkQhHE5vEMEkWpYCS3ea2RDm84JFXkfHJymTjNilTSgnIw6aw2xg8xeqQdbtjbkLkJ7-q28sSbBDSLySPX9T6QJyzra9f8rgg45eM29jnLgot-9gtev2q4_Fa8ks8BrF6du21GTykmIwjlsCjwP9dDu4jymyc8Rg8WbPoXEbIJlz0c_UQJcoLZnvJ4DlmNdA9fGBr7_IUANiUaBPWTU5fhpokkoqzEE3Phr9xqtV2vWS8sdZ7iskaFxeAxwFMcsUJBvaL5Zihtf-mENxZL9LNg9FVq9f0xkpjLEoE0-ngj0E04mhgxidRKSJCS2YPX2tzuTV0jRKZEmBzg-x_UHVD9geLe1sjRj9zy6c6K7dE29GqNPHiMmkXEd81LLI79nu6A-coTblIe8NGP44rJpZMK1tc-FN6dMHmzfI2srk5uKHr6XGDXpWG5cMs6sL_w4ZNSWykDP-z2JjyVtFY4hox17Csz773uhgTNC366dDaEnW6cITjug56FnloUThcWy-0G_ODn6cK3UldKbfGaTKZWDGONGlf3KgkCGPO1jnzDhLKjnHXQCHtLHo3ONDcCqyLu7JMyVgpsIIa1CEAKpOcVgmVZqf_1vBHMjNzDM6grR5jLGeUPEq7DAOosFcBH-DHcHCbMzA2-L0KFh0RkAgoHr07i_BxhcxbxZPwzmWQJGIpNdXk5w2f08DvLlIY6neZe7OdlRtuBjlW_9VcYgb5qdMB76OU28Y8Lm7anaPVelLWa8RTO0PW39Omkv6hEcYj9Bf0Im6xuBgb_IjoOF_NuKyULNR3As6T0eRlNmX09UIWQTcf4yEfZKS2qLzEkIh2HxcJ-KYpMio-glyKe2DSsaUEfTNrY7vrgDi1zjQ-PSq6oFtH-su9sx-aIkN0pykJnsRSuoVeM9asYyDdFReMHsK8Qx-VqWH8aBzT-D6FmYK5lo7IY-cFlnbUsY6_96qmLIyPLlptxLEmAAJCwEblwA865t_S1KrB_UQf13gQUNHqvCl7k6ykRcFvmzu4-0R4Mim_7xSBu4-dFit_LB_D0Ve9KJAm62mjAiKn5RMXJgXhlWrQUaAyZUyR5KbWMAzWWqcE426VZM_GiY7uh7ZB_igcJFeDXjfDmvlh_sgJEGPOS6wpAXpHnS6flKa7hCmwGL4bkUDRqS1OQTCxpnmSqpmVT3pmbHjtFYiqq3PE5Bk5hb2EUakL4SSwFA3JKxw41Lcjwnq9nTviya0rKngfGVi6t7QxFNujBp83hIenxhv1bNEu1v5ZrQoes6-5lBM6VQnOvW2k7VwS4OIi6o7zbQFX7g1bpax3hemvpuMhWnKFlpyTSVu5NmsBPgOCg4drUeV6rU3cWwBwgtxpwudRtDCeVlfzm1gE4AwLOwb26vgTNSMQAc8owdgMKlHM0851E73G16AaOL74XXt61gcqE92b_wetsvP1gISuu-slrEAtHjfcOWCZYg4tKB2TvNGeGPh9IISCtdZZzGRkjaRqA3LwTrkYQy9sYaMSRkxtxsavdONhV6ZZctzTtGV0sFePCJFl4FHw6U3HXGo4u5npVloiD7nNWo6s8bCaphCIJff-yNibpy_sqe-ELlOoarKiSF53Q2FzTSihsQ4-qQoZByY71D6xGl8tunoZwtsxrOWYsFpGD_xlKAelFCPk4WdNfibn_iAH0qs5ixArS1Oh9Mc5yKsi7AA-w__QI9bjXND73SrjUEzZCGRww2srYwk84bFsEPTvEzku79oRy9smB6-SdsuOLq2gkCi3_3xyY3UveKVOi5qFQJmW3wvnikPWvwbwrBM8Nhy4b1VpPvkkFfHxfZLYYizv2Apj9ufjR8cgDXlnHPWoMqnul2XN_xQg-J_tay0jrMEYyiT8tnjUv46DyBU6zlX4htQM_JSibWbcEweGHYCNcDnff78Q39vmQwg886ZVqf-z-KVHEKrgZVrSQIfJsw5LsMU4FtKuS2rnul6iG773tfHAyF1PQrLIm2epgnQAPdbXpC5WSDQsNIbHUZF5uHkqIteFrfw3mkqbaXkuzxqADpMP1HcH908YLTBIWZEN9sHMgB9MZoF_Vc2LZoiH1xZKHZzOuCjr4-Ki9B7Te5i7Pn7AYF-lqB_WVKodqW2MGwiM8nEmNqnVKm0_LYrvt1c6KvzZHJYLbw-8aO-wk6QBzIeZLJ7ep0Pc1ohg5yLPqnzsJRoNexcmXyYu_zCVfQpXmpbUhl3pJWjEvPd2RqaCp0O97-h-9mY8lgdDZBcoT-FrSsdV2FzcNyjg4qKw4XQONgEAJb8_M_m9qmZMAEqfNvznK9tWUDp6HaqBIAII-k0DCobVtakGikx8mA6v0M9uUrSqN6HF1ZhgWxSfUn7D4Wm8b-e585PXUNPZ5TRFOHIs0SIHzgD1zZTopin4vHC02lQRvamaJ0fPbgfEsZsGg18Sled3WQbzGleQZ6kya381X637bp6HYYcKSqHosWD6gZmHvkI0Ev6dChC5_l78s9_RibnnY3SIqbsedhb29cxngD7vkdvCcyy2Q1aCWNyt3IqG7v8p7VYFqz0_LlCfrHg3AILHloemkdhQbfBc4joZmytnG2xMc2_mJXfJNY00-uvQ1n3rgi6lkVBgCtpzZBwUcWA3YPHjjX-yGwbTn2GvbC47JIXJdifEcjFwMLhBy6tOjRisrDuxZEsRMv2uaDMsvusfyKVS5mrdU8C8Nm5ebKlNV7ZFQytmX32KchxEMbo4bZmU0QlrrWPP2WUpQUEuhHAhmXjawUbzngvkKZti4Zi0qWHxIDRdU7ICobJ0JyXn4yCP_NYx-KXjFM4BUFhpIa7OXj5mK44zF4wZqNeMwaKkwbI56QPRa9LKkEmz2xbUgCU3JTNqqNtXHeBCY_Tzyl6v3DC8RWgK527CEcDvKFSnu_14EurJvMfjiaC0e_EMicLRvNvPxm9nnql8iPawefMrHm5eNb8XxKdaFM57ACiqFeBlTPlrC7XawVQomRsVrX9gA0kMNxGg7OzuNP4fipIaeKxYeHDWnEb85vLcs3NiQeAVEwjz-XCM3HZ7iNrsovEV0035sTcHOf3SzdIPHYT02wmkQyWF-QGWGj3pNaiYkk4oaQQgEEjsAcoEIg6lCQNRkG0TexMsucctSixIMiNRXdCy49SU-wOhBAIWSTa2SStBqOvYK9W32ES9CxpEV_deeNBgBYAE&cry=1&bundleId=

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

64.233.184.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f156.1e100.net

Software

cafe /

Resource Hash

1e0383aee4030d43f4de3f8b596ef609342d8e51248fd42191d941b7927540bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25384
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: nginx
x-server-name: app13.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWkcZqnkVmkesuUrqsTnH2tUrghoQk1-YLL4wGGgy8azDUzW5Q&d=CokBAKAmf-DfQ5tlPF7fVM8k8DFerrrAZ8goK_3ZbmF3PFClNE1KeYCaBAFJZKRlkp4phcgSMrECuX9384FpFYgrtpowGQrzpdRpCgv9p0eWHhL0zYazQ7XGF0Nu5FEo8tJ_IVt4Xmrz9pkchmEo_YEamV-6SNjKYtNivMA8mGD3cEL3pEmKdPvqooMSqRQAoCZ_4DeK8oWQfwwdXO8ESzjYo5NTtLMH6QTpKtJB_GPNBDYdPCWrMhY4FpM1RgEilWFBa0w4Lx8s_pXQZbhEW-iKOK1FmH6FSKI8ApgmIeE39tqbs24PafVr4CvfgiNzucXGZaFpionomLruwyhvEzeWkRvaTI-JWXENCHXximn0_aoWNAArO9JBR5gX0puGd9ky0nUj1cmVhaCJOdKawtJcFLHUJ4XQwmp_veaBHLZc07mOhDybNTQvzstP_lcJBYPtlVemEBF69KC8vfAjwoLXM1lJNYdWCmhrSIhRrm10I1ebtvA9tfQoBuxJLC3Zy2x6-E_AQQ8Mt_UtIEXPn1jquamTh_udz49NRGmS0nLCeB8ychsCSxWkQhHE5vEMEkWpYCS3ea2RDm84JFXkfHJymTjNilTSgnIw6aw2xg8xeqQdbtjbkLkJ7-q28sSbBDSLySPX9T6QJyzra9f8rgg45eM29jnLgot-9gtev2q4_Fa8ks8BrF6du21GTykmIwjlsCjwP9dDu4jymyc8Rg8WbPoXEbIJlz0c_UQJcoLZnvJ4DlmNdA9fGBr7_IUANiUaBPWTU5fhpokkoqzEE3Phr9xqtV2vWS8sdZ7iskaFxeAxwFMcsUJBvaL5Zihtf-mENxZL9LNg9FVq9f0xkpjLEoE0-ngj0E04mhgxidRKSJCS2YPX2tzuTV0jRKZEmBzg-x_UHVD9geLe1sjRj9zy6c6K7dE29GqNPHiMmkXEd81LLI79nu6A-coTblIe8NGP44rJpZMK1tc-FN6dMHmzfI2srk5uKHr6XGDXpWG5cMs6sL_w4ZNSWykDP-z2JjyVtFY4hox17Csz773uhgTNC366dDaEnW6cITjug56FnloUThcWy-0G_ODn6cK3UldKbfGaTKZWDGONGlf3KgkCGPO1jnzDhLKjnHXQCHtLHo3ONDcCqyLu7JMyVgpsIIa1CEAKpOcVgmVZqf_1vBHMjNzDM6grR5jLGeUPEq7DAOosFcBH-DHcHCbMzA2-L0KFh0RkAgoHr07i_BxhcxbxZPwzmWQJGIpNdXk5w2f08DvLlIY6neZe7OdlRtuBjlW_9VcYgb5qdMB76OU28Y8Lm7anaPVelLWa8RTO0PW39Omkv6hEcYj9Bf0Im6xuBgb_IjoOF_NuKyULNR3As6T0eRlNmX09UIWQTcf4yEfZKS2qLzEkIh2HxcJ-KYpMio-glyKe2DSsaUEfTNrY7vrgDi1zjQ-PSq6oFtH-su9sx-aIkN0pykJnsRSuoVeM9asYyDdFReMHsK8Qx-VqWH8aBzT-D6FmYK5lo7IY-cFlnbUsY6_96qmLIyPLlptxLEmAAJCwEblwA865t_S1KrB_UQf13gQUNHqvCl7k6ykRcFvmzu4-0R4Mim_7xSBu4-dFit_LB_D0Ve9KJAm62mjAiKn5RMXJgXhlWrQUaAyZUyR5KbWMAzWWqcE426VZM_GiY7uh7ZB_igcJFeDXjfDmvlh_sgJEGPOS6wpAXpHnS6flKa7hCmwGL4bkUDRqS1OQTCxpnmSqpmVT3pmbHjtFYiqq3PE5Bk5hb2EUakL4SSwFA3JKxw41Lcjwnq9nTviya0rKngfGVi6t7QxFNujBp83hIenxhv1bNEu1v5ZrQoes6-5lBM6VQnOvW2k7VwS4OIi6o7zbQFX7g1bpax3hemvpuMhWnKFlpyTSVu5NmsBPgOCg4drUeV6rU3cWwBwgtxpwudRtDCeVlfzm1gE4AwLOwb26vgTNSMQAc8owdgMKlHM0851E73G16AaOL74XXt61gcqE92b_wetsvP1gISuu-slrEAtHjfcOWCZYg4tKB2TvNGeGPh9IISCtdZZzGRkjaRqA3LwTrkYQy9sYaMSRkxtxsavdONhV6ZZctzTtGV0sFePCJFl4FHw6U3HXGo4u5npVloiD7nNWo6s8bCaphCIJff-yNibpy_sqe-ELlOoarKiSF53Q2FzTSihsQ4-qQoZByY71D6xGl8tunoZwtsxrOWYsFpGD_xlKAelFCPk4WdNfibn_iAH0qs5ixArS1Oh9Mc5yKsi7AA-w__QI9bjXND73SrjUEzZCGRww2srYwk84bFsEPTvEzku79oRy9smB6-SdsuOLq2gkCi3_3xyY3UveKVOi5qFQJmW3wvnikPWvwbwrBM8Nhy4b1VpPvkkFfHxfZLYYizv2Apj9ufjR8cgDXlnHPWoMqnul2XN_xQg-J_tay0jrMEYyiT8tnjUv46DyBU6zlX4htQM_JSibWbcEweGHYCNcDnff78Q39vmQwg886ZVqf-z-KVHEKrgZVrSQIfJsw5LsMU4FtKuS2rnul6iG773tfHAyF1PQrLIm2epgnQAPdbXpC5WSDQsNIbHUZF5uHkqIteFrfw3mkqbaXkuzxqADpMP1HcH908YLTBIWZEN9sHMgB9MZoF_Vc2LZoiH1xZKHZzOuCjr4-Ki9B7Te5i7Pn7AYF-lqB_WVKodqW2MGwiM8nEmNqnVKm0_LYrvt1c6KvzZHJYLbw-8aO-wk6QBzIeZLJ7ep0Pc1ohg5yLPqnzsJRoNexcmXyYu_zCVfQpXmpbUhl3pJWjEvPd2RqaCp0O97-h-9mY8lgdDZBcoT-FrSsdV2FzcNyjg4qKw4XQONgEAJb8_M_m9qmZMAEqfNvznK9tWUDp6HaqBIAII-k0DCobVtakGikx8mA6v0M9uUrSqN6HF1ZhgWxSfUn7D4Wm8b-e585PXUNPZ5TRFOHIs0SIHzgD1zZTopin4vHC02lQRvamaJ0fPbgfEsZsGg18Sled3WQbzGleQZ6kya381X637bp6HYYcKSqHosWD6gZmHvkI0Ev6dChC5_l78s9_RibnnY3SIqbsedhb29cxngD7vkdvCcyy2Q1aCWNyt3IqG7v8p7VYFqz0_LlCfrHg3AILHloemkdhQbfBc4joZmytnG2xMc2_mJXfJNY00-uvQ1n3rgi6lkVBgCtpzZBwUcWA3YPHjjX-yGwbTn2GvbC47JIXJdifEcjFwMLhBy6tOjRisrDuxZEsRMv2uaDMsvusfyKVS5mrdU8C8Nm5ebKlNV7ZFQytmX32KchxEMbo4bZmU0QlrrWPP2WUpQUEuhHAhmXjawUbzngvkKZti4Zi0qWHxIDRdU7ICobJ0JyXn4yCP_NYx-KXjFM4BUFhpIa7OXj5mK44zF4wZqNeMwaKkwbI56QPRa9LKkEmz2xbUgCU3JTNqqNtXHeBCY_Tzyl6v3DC8RWgK527CEcDvKFSnu_14EurJvMfjiaC0e_EMicLRvNvPxm9nnql8iPawefMrHm5eNb8XxKdaFM57ACiqFeBlTPlrC7XawVQomRsVrX9gA0kMNxGg7OzuNP4fipIaeKxYeHDWnEb85vLcs3NiQeAVEwjz-XCM3HZ7iNrsovEV0035sTcHOf3SzdIPHYT02wmkQyWF-QGWGj3pNaiYkk4oaQQgEEjsAcoEIg6lCQNRkG0TexMsucctSixIMiNRXdCy49SU-wOhBAIWSTa2SStBqOvYK9W32ES9CxpEV_deeNBgBYAE&cry=1&bundleId=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 661D 91 KB
23 KB 76ms
22ms Script
application/javascript 2600:9000:2450:5e00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2450:5e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 8064e48208c1dcd93ca1f9cc15dd104e.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P4
age: 23092651
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: jYvokuH4DjLqg9JRcZzAPUKu8PUdynGFpaxu6HOUf6ih2gc5F2ba0g==

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 659C 0
104 B 91ms
26ms Image
text/plain 2a02:fa8:8806:13::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEAWXnx-YYVptL1EAumZpXwk&google_cver=1&google_push=ATf1kGOLYOcsgeyWIP9mhhmtOO1zLy5Sg0qpug8ExOdftU0tR9e_D-4LS920JHQ0nt_r16890-bveMKxnM435urS_Efv-fr3qNo
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 659C
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEOA95SU41_v8GHwPMBQJWLM&google_push=ATf1kGO8E5BLZEs0oH__GDxjpODOZMDwqC-sHQ93GsQ0HvPMnL0nEVIF2e...

170 B
188 B

22ms
22ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEOA95SU41_v8GHwPMBQJWLM&google_push=ATf1kGO8E5BLZEs0oH__GDxjpODOZMDwqC-sHQ93GsQ0HvPMnL0nEVIF2eiAjg3oxR51xh9nsRyzYXl9T6NSL2aIoPh-fsIpWbY

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230027-FRA
pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1686867227.217122,VS0,VE95
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEOA95SU41_v8GHwPMBQJWLM&google_push=ATf1kGO8E5BLZEs0oH__GDxjpODOZMDwqC-sHQ93GsQ0HvPMnL0nEVIF2eiAjg3oxR51xh9nsRyzYXl9T6NSL2aIoPh-fsIpWbY
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 659C
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEENJ0M78p4f9QV3kESMVADk&google_cver=1&google_push=ATf1kGMMgLutaCMf-y__zy2SK5YOa4lan4s4Yd6sQMFGELLHcahVwFFiu0Ba7qCrmEIzWZLDz88ITDO_fsMPMP0H8UGfUbeDhspx
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=539A861253744BCD899BC955B7C801FC&google_push=ATf1kGMMgLutaCMf-y__zy2SK5YOa4lan4s4Yd6sQMFGELLHcahVwFFiu0Ba7qCrmEIzWZLDz88ITDO_fsMPMP0...

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=539A861253744BCD899BC955B7C801FC&google_push=ATf1kGMMgLutaCMf-y__zy2SK5YOa4lan4s4Yd6sQMFGELLHcahVwFFiu0Ba7qCrmEIzWZLDz88ITDO_fsMPMP0H8UGfUbeDhspx

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 15 Jun 2023 22:13:47 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=539A861253744BCD899BC955B7C801FC&google_push=ATf1kGMMgLutaCMf-y__zy2SK5YOa4lan4s4Yd6sQMFGELLHcahVwFFiu0Ba7qCrmEIzWZLDz88ITDO_fsMPMP0H8UGfUbeDhspx
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 14 Jun 2023 22:13:47 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 659C
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEEVeOc3KSvDcgU8o-qpOzjw&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEEVeOc3KSvDcgU8o-qpOzjw&google_hm=ZIuNGhYoGw2jzSUYwPdRFgAAFHgAAAAB&google_nid=index&google_push=ATf1kGOHlmz28uo2RGFd-5P1tBbrUjI01pZPd...

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEEVeOc3KSvDcgU8o-qpOzjw&google_hm=ZIuNGhYoGw2jzSUYwPdRFgAAFHgAAAAB&google_nid=index&google_push=ATf1kGOHlmz28uo2RGFd-5P1tBbrUjI01pZPdcSCxdKkF8HNl0dQM1ngkX7G2weQBPVFWhM57T5K6Pv4o2DcoUSE1jGRi8GFL9s

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 15 Jun 2023 22:13:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEEVeOc3KSvDcgU8o-qpOzjw&google_hm=ZIuNGhYoGw2jzSUYwPdRFgAAFHgAAAAB&google_nid=index&google_push=ATf1kGOHlmz28uo2RGFd-5P1tBbrUjI01pZPdcSCxdKkF8HNl0dQM1ngkX7G2weQBPVFWhM57T5K6Pv4o2DcoUSE1jGRi8GFL9s
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 659C
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEKtyvjiv3kDnZ0aC7W5Q0zk&google_cver=1&google_push=ATf1kGPH_7nGF-AVgV3tq9dDiN6kJfygM7gyhObpYyTlDmgEcunS5r9b8k4u3m4olLUFW_EfKGgCr12K2vbEWyMR6...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEKtyvjiv3kDnZ0aC7W5Q0zk&google_cver=1&google_push=ATf1kGPH_7nGF-AVgV3tq9dDiN6kJfygM7gyhObpYyTlDmgEcunS5r9b8k4u3m4olLUFW_EfKGgCr12K2vbEWyMR6...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGPH_7nGF-AVgV3tq9dDiN6kJfygM7gyhObpYyTlDmgEcunS5r9b8k4u3m4olLUFW_EfKGgCr12K2vbEWyMR6UTO9PMf6ykG&google_hm=G0nVsGZH6hYwA1PSQPm-Dvgw

170 B
188 B

19ms
18ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGPH_7nGF-AVgV3tq9dDiN6kJfygM7gyhObpYyTlDmgEcunS5r9b8k4u3m4olLUFW_EfKGgCr12K2vbEWyMR6UTO9PMf6ykG&google_hm=G0nVsGZH6hYwA1PSQPm-Dvgw

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 15 Jun 2023 22:13:47 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGPH_7nGF-AVgV3tq9dDiN6kJfygM7gyhObpYyTlDmgEcunS5r9b8k4u3m4olLUFW_EfKGgCr12K2vbEWyMR6UTO9PMf6ykG&google_hm=G0nVsGZH6hYwA1PSQPm-Dvgw
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 659C
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEC6BNX11Uy5cUHIEDpqFvqo&google_cver=1&google_push=ATf1kGMLOeuz9OvaGZjWQ4HWQ8B5kYP93fCI5EDmcGtuy-0bPbUzKmqECWLfXPwEmPgWj4O6Dm...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1VUTNpb2g1RTJ1R1RaRVpWOG8ua0tSbTJ3OGVELlJXc35B&google_push=ATf1kGMLOeuz9OvaGZjWQ4HWQ8B5kYP93fCI5EDmcGtuy-0bPbUzKmqEC...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1VUTNpb2g1RTJ1R1RaRVpWOG8ua0tSbTJ3OGVELlJXc35B&google_push=ATf1kGMLOeuz9OvaGZjWQ4HWQ8B5kYP93fCI5EDmcGtuy-0bPbUzKmqECWLfXPwEmPgWj4O6Dmn3PQoUDLJGianDgiErusKMWQ4E0g

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1VUTNpb2g1RTJ1R1RaRVpWOG8ua0tSbTJ3OGVELlJXc35B&google_push=ATf1kGMLOeuz9OvaGZjWQ4HWQ8B5kYP93fCI5EDmcGtuy-0bPbUzKmqECWLfXPwEmPgWj4O6Dmn3PQoUDLJGianDgiErusKMWQ4E0g
date: Thu, 15 Jun 2023 22:13:47 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 659C
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEK8BASJmk...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEK8...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=7d2ef4b3-13ef-4009-9dce-49bc870ecb0e&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=7d2ef4b3-13ef-4009-9dce-49bc870ecb0e&%%GOOGLE_PUSH_PAIR%%

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=7d2ef4b3-13ef-4009-9dce-49bc870ecb0e&%%GOOGLE_PUSH_PAIR%%
date: Thu, 15 Jun 2023 22:13:47 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 659C 0
12 B 17ms
17ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JOeweZyk6fyXLrdoRo0iG-hVtjmVTwVxkK-l4jnHFeW-HCZtxpyBHQKEr5NFqR0FIzHL2RsjU

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2

200

adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame 5122
Redirect Chain

https://fw.adsafeprotected.com/rfw/bgd/1352960/70224197/xbbe/creative/adj?p=APEucNW5q_G8hIbLWmehTiKKPN6Ac3moJXXJ2u8rNvh9kN_Zmb6gOUY&d=CokBAKAmf-CDSTp6ebVaPw1RFmGub3VYYZtvh2IzWSwtqGivKwZBXmV7_mRwXbW...
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNW5q_G8hIbLWmehTiKKPN6Ac3moJXXJ2u8rNvh9kN_Zmb6gOUY&d=CokBAKAmf-CDSTp6ebVaPw1RFmGub3VYYZtvh2IzWSwtqGivKwZBXmV7_mRwXbW3Ob7q7Ew1ZY_hiXSdMHRvm-lz4...

75 KB
25 KB

63ms
53ms

Script
text/javascript

64.233.184.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNW5q_G8hIbLWmehTiKKPN6Ac3moJXXJ2u8rNvh9kN_Zmb6gOUY&d=CokBAKAmf-CDSTp6ebVaPw1RFmGub3VYYZtvh2IzWSwtqGivKwZBXmV7_mRwXbW3Ob7q7Ew1ZY_hiXSdMHRvm-lz4NT33LiH_wJKXXr6oDWEMy-ZFdWiL0XMwoAgbvNp4_KC3I29bcYk8VpYSwW_h9SEUA6XS9LOrsQX_-5uMPuF-I8BoAgEEvaMk4USqRQAoCZ_4N6j0BbXtBz1sTxUFM2v-jKsDhJtqTn9Zb5lcxIuDrNhuLLir8XdJfbqeiGdX0hBHjTfWc31od4XCduBfsuZwVTPAjLAEUq8bAU8OWDSOKqhI2r31s6FpPHy_vtGD4WBTMuTdfLRGs_7s1U4PkVVLYp5ixWQVzOhvW_t6v6GyvDIc_ULxlBtLbUC_WfmXyml-dZTNBIZWauezifZmZUO_Jf-a6XpsnXeo_OVByQnIssTF8se_VwMS46tbhAATAQhBdkHAfrlE1fhthNtjM9kgI74rCNL5d4kp_hXcx7QL3zEq6ShIgG8x4yDmJR4kU0IIPeGq_881gy48OXG1C_jHdgSLF8G2-8ieHodtb3jH-odF9VOt66Dhk3o1Aw2h80LO6y8GbED3rdoLiQ90PnRsFo3JGxIXNLggb2dx6CRxuOxiihBcMdNBKmtEXj61TWWLv4K4JcZFG85Q7t3O8d4jPEHZcec77-b8LNgRO7ynEokm_sgEJ_xYstSirujNCMSLP91TMY4CTu3WQq3C07AuPbl-3gfdJz6HsvSBIWzkYIXzzEcShM3WqUkTh7xj8d97_5JphUlAzO_XGIxEJOMY2ioGDXe6opGZGT4m88GJov6MqWIJ2e9ii0EM_-6CZRrgIQX-B4_T6p1okBd7F8WmomI1dfCwxODu8RMWWt5XfkuqBwMMTgLbOPVwhXjkZ4M-xtS5EeetOl7Tg90tYNT2KRscsme3cIPU1EVQ4F0LIcQITpFVBXUEMJ-TnBUs-CfW-gfoQ3_xEy-mO_MKcJvIlAWU_8NS9dJQ-LbESi-Szjcq0ljovgSqS4GWfMKhNTw_20l9xGtNO7yd3GQfZbVDIL4Dix2_lYhIUDMLziKvdlNrkeuAyBmWHlEriSd669uucYy_ZDwIFP_bklE0C_MnzM5xg4Fi7VrGLkIy_9nFJMukfGuRCQnJJdfVjTDAAZnfYVgOSozCg9cNZa69wb-KpWlap6q5jf-x0XK5SJRh9--S23f6F9mwix5KvWBq7LMlTLhoiJg4k4awbYYbG8VYLI2v10eDR9ny5rU1tlUV-JLgz-ybQkcRh029Rgub-atcRVM-y1lZXFrpJYKNdEyaZa1mn7YCYvkH-RFINMT8sDE9YoUrCz0TQqmEtLEWu4NfdJPteDRvUHqcvsx8QQPqFF55kUdTOyo01y3VBo5JPe7hX2TgaGU6DjD2kVRMIEm1MXBUC40GUSqcHqj4ILn5VHMsJQQsuF21VUIvvDQAFQwGFuEd5DCt7ZvDU-031p4V7qTDIv1AoXkgvJ-3m5chfCmbopTncCchybdoS8QBAlREgEUH8YCdvw8JDHc75Myz_coV2o_62NKDKpM-VvsOFg22A82DEoJgR0blIoKSCeV5ptk-TZZ6wrtH9mLyYtDU4IzoCrXnsxnNbh_J4xIMbCS8a0cnxnj7jW7u6VDHZqycDLRCGwLCQz2pQfelxXTF0DKQY7kAP46l6nnIxpeh5v_c5OEnAG0-LtqAcMOiGSIY7-bhMmtcr9AkEkEGf9vF-k-pQfnH9Eaz7H7s60J6-ewKwUIU5ufe4jGYtT6y0oJkokxFFPecJNc5a1S-UOAKeke-rKxrd2mygX43C9QSxkP9XuVCJY9FoGPxujJaDtPA9ZElb9xqAqbkPj15I2K0yFrP8BDWNHZtfRD0WxOfLBYmRjBu7FJZe2BQQwLATtrVdiMZLxAsaK4AeSgvosF5WlO3rjcR9cQDOdPiw-juT9PBXqW4Hjjpph3jS7VhrDR97KV4RawZO_ZnMJn5d6SSMrhgpeEt7N1546D2NW3MTuNal_9rCTTMA3LJKQfQFzirW2NuELdHe1pfD1n2sTCKex_T_B40dI4WCVblCUrRf5pK5tI-cNe7-xqo5WiB6QpC9-1xzq0W59wFVzk2uF8rRu6o0DdGwDQDAdv2-PtYD9c-xAlMx4hZ8JgVmJDU-QO1hPKoz4veaxgrzxeiY02mpFNeiUT3kNmoJq-w1a4dVFPYFqUzaQwZF8mxKeX8nwP52Y2DOFmm8lfZRGoS_o_bY6b1Q8AkeVAmXZCXWYRG3E4ilN6Ajltcq-suUObVMX_p8xCOgU2EoyQMvQYK_5y5LlV-tK1GWAISm0FYas4eO2eOB38JyNLseViHYewJ7Js-WX1b9524Vnjoh84T5158UxVqXkN2BRM_lJIykUns6AclRZ3tx6eydqjFMpQxPNKfHXbJTqOQcKoSuTRhiQJymeieFkn4J6prxa15XPi7KMBI4PYDT0-sHvmk48eOFU0QZSVlygCGISJPXfb2dF-wjqnYsXRYtwp8LvoSIswxBoX2S1F2hliMD8UlgXEEIEil2SAvZ5p0Mkj2VAmr7MhRGxq6Vq2AneY353-A6nTeIOgY9DOh7djmUPS7a-sWBCQIzi729V6NnNvqsBH56mnP_A7DTfFqdh7EfyS7lrVET4fxTjinzFGIjP-OhMUbojgmowVQbbil9oc39uYsf3V9U6DZlcnzPHdCnKFWq9fksXXCSO6OoQKFqCPGwnJTf2Jn1NClmmuo7APpESJsnz6vB--hnENMIlAZLRkm-x4dHOHot7OV8gKcIuel9hy-3SlwwHTHxTHFAxS3y31WM_czx-0Tt7cvilKATL5LqFu6kE5u-ZeGhF1w8OX3lBbqFU503nINjfwJCtmdcymoqZUhIP1tpLSLlA9R-5RMDKTTJCrCVUwiygnWOcZtO749QtbQCl9T2BNWHS6-LMBmz5LvLUAzcl7KzIcAj7GGpdlCCWY4G80Hv8cbmv3ePDqiRW70MaE4B23xQmziWuI5-FDwHsfh_vHpc6jhQuTndIHJvvWU1oaIi4O0gzfeg15LEiBQPPnxt6YP-AfyvyyEXyUNh4TO0Ypavgddtq-uW2I0wdTVSYUWkLpCl8WLsVwmoWjl7FUpGpst8xEOHMC_rI87WK9EBZrVEIVTvzChQ5k-YTnnJkc9A5cHCb0uDlvOTqDM9hRJy80Vfx-Itj9Myg_U3TNreLm4moWczuAR1cAmNx-7SydbSSPWAByyQ2YXs0Qu-U5NrOQtHQ_JKdPkzZzy-oOGzriMqsQYrofvJ-J7353Fp3UN2tPtdUF5l2x_nShDpNKOxm4o_69CTv9CQ1bxcaixYNN9Y8BbqFNzoPu8HT-LQAedPByejF2KNP59IF0f5SGjJrPpd41EM5lrfz9o_VWV7CS4NndLvjepWUr4v8VNI4omjwCzEJ1gy3MjnEa3e378zKp_7uTILBh-My9vrZW_sXnKwdpN2BtgH8rmoBdHD26yell5OC_KNCsXj2V3BmXU8X06GJAj83mvswWBZZFs5AdWPCkm0I-GC4Fd7ETx-Jvs6mpMh10KNHdXP8n3AG6uZuS2nvjuitjK3dw6O3CmtIB37BlLIj1Jp0QxPCd-laj86FbbeGHwx3-DhStLWG7A6RzGfTCpZPgtYi8D3bKPiQaQQgEEjsAcoEIg84qAUWrFg13YVfwPK3Wcdg8_ZMjeU8mb4QvsT4nNWwzujzONmMuyA21ZmK-VTcts3M3XDhhFBgBYAE&cry=1&bundleId=

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

64.233.184.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f156.1e100.net

Software

cafe /

Resource Hash

03ca337507cf883c92600d48f3c3601b7cb721f37ec131343aee1ff516a22858

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25418
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: nginx
x-server-name: app05.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNW5q_G8hIbLWmehTiKKPN6Ac3moJXXJ2u8rNvh9kN_Zmb6gOUY&d=CokBAKAmf-CDSTp6ebVaPw1RFmGub3VYYZtvh2IzWSwtqGivKwZBXmV7_mRwXbW3Ob7q7Ew1ZY_hiXSdMHRvm-lz4NT33LiH_wJKXXr6oDWEMy-ZFdWiL0XMwoAgbvNp4_KC3I29bcYk8VpYSwW_h9SEUA6XS9LOrsQX_-5uMPuF-I8BoAgEEvaMk4USqRQAoCZ_4N6j0BbXtBz1sTxUFM2v-jKsDhJtqTn9Zb5lcxIuDrNhuLLir8XdJfbqeiGdX0hBHjTfWc31od4XCduBfsuZwVTPAjLAEUq8bAU8OWDSOKqhI2r31s6FpPHy_vtGD4WBTMuTdfLRGs_7s1U4PkVVLYp5ixWQVzOhvW_t6v6GyvDIc_ULxlBtLbUC_WfmXyml-dZTNBIZWauezifZmZUO_Jf-a6XpsnXeo_OVByQnIssTF8se_VwMS46tbhAATAQhBdkHAfrlE1fhthNtjM9kgI74rCNL5d4kp_hXcx7QL3zEq6ShIgG8x4yDmJR4kU0IIPeGq_881gy48OXG1C_jHdgSLF8G2-8ieHodtb3jH-odF9VOt66Dhk3o1Aw2h80LO6y8GbED3rdoLiQ90PnRsFo3JGxIXNLggb2dx6CRxuOxiihBcMdNBKmtEXj61TWWLv4K4JcZFG85Q7t3O8d4jPEHZcec77-b8LNgRO7ynEokm_sgEJ_xYstSirujNCMSLP91TMY4CTu3WQq3C07AuPbl-3gfdJz6HsvSBIWzkYIXzzEcShM3WqUkTh7xj8d97_5JphUlAzO_XGIxEJOMY2ioGDXe6opGZGT4m88GJov6MqWIJ2e9ii0EM_-6CZRrgIQX-B4_T6p1okBd7F8WmomI1dfCwxODu8RMWWt5XfkuqBwMMTgLbOPVwhXjkZ4M-xtS5EeetOl7Tg90tYNT2KRscsme3cIPU1EVQ4F0LIcQITpFVBXUEMJ-TnBUs-CfW-gfoQ3_xEy-mO_MKcJvIlAWU_8NS9dJQ-LbESi-Szjcq0ljovgSqS4GWfMKhNTw_20l9xGtNO7yd3GQfZbVDIL4Dix2_lYhIUDMLziKvdlNrkeuAyBmWHlEriSd669uucYy_ZDwIFP_bklE0C_MnzM5xg4Fi7VrGLkIy_9nFJMukfGuRCQnJJdfVjTDAAZnfYVgOSozCg9cNZa69wb-KpWlap6q5jf-x0XK5SJRh9--S23f6F9mwix5KvWBq7LMlTLhoiJg4k4awbYYbG8VYLI2v10eDR9ny5rU1tlUV-JLgz-ybQkcRh029Rgub-atcRVM-y1lZXFrpJYKNdEyaZa1mn7YCYvkH-RFINMT8sDE9YoUrCz0TQqmEtLEWu4NfdJPteDRvUHqcvsx8QQPqFF55kUdTOyo01y3VBo5JPe7hX2TgaGU6DjD2kVRMIEm1MXBUC40GUSqcHqj4ILn5VHMsJQQsuF21VUIvvDQAFQwGFuEd5DCt7ZvDU-031p4V7qTDIv1AoXkgvJ-3m5chfCmbopTncCchybdoS8QBAlREgEUH8YCdvw8JDHc75Myz_coV2o_62NKDKpM-VvsOFg22A82DEoJgR0blIoKSCeV5ptk-TZZ6wrtH9mLyYtDU4IzoCrXnsxnNbh_J4xIMbCS8a0cnxnj7jW7u6VDHZqycDLRCGwLCQz2pQfelxXTF0DKQY7kAP46l6nnIxpeh5v_c5OEnAG0-LtqAcMOiGSIY7-bhMmtcr9AkEkEGf9vF-k-pQfnH9Eaz7H7s60J6-ewKwUIU5ufe4jGYtT6y0oJkokxFFPecJNc5a1S-UOAKeke-rKxrd2mygX43C9QSxkP9XuVCJY9FoGPxujJaDtPA9ZElb9xqAqbkPj15I2K0yFrP8BDWNHZtfRD0WxOfLBYmRjBu7FJZe2BQQwLATtrVdiMZLxAsaK4AeSgvosF5WlO3rjcR9cQDOdPiw-juT9PBXqW4Hjjpph3jS7VhrDR97KV4RawZO_ZnMJn5d6SSMrhgpeEt7N1546D2NW3MTuNal_9rCTTMA3LJKQfQFzirW2NuELdHe1pfD1n2sTCKex_T_B40dI4WCVblCUrRf5pK5tI-cNe7-xqo5WiB6QpC9-1xzq0W59wFVzk2uF8rRu6o0DdGwDQDAdv2-PtYD9c-xAlMx4hZ8JgVmJDU-QO1hPKoz4veaxgrzxeiY02mpFNeiUT3kNmoJq-w1a4dVFPYFqUzaQwZF8mxKeX8nwP52Y2DOFmm8lfZRGoS_o_bY6b1Q8AkeVAmXZCXWYRG3E4ilN6Ajltcq-suUObVMX_p8xCOgU2EoyQMvQYK_5y5LlV-tK1GWAISm0FYas4eO2eOB38JyNLseViHYewJ7Js-WX1b9524Vnjoh84T5158UxVqXkN2BRM_lJIykUns6AclRZ3tx6eydqjFMpQxPNKfHXbJTqOQcKoSuTRhiQJymeieFkn4J6prxa15XPi7KMBI4PYDT0-sHvmk48eOFU0QZSVlygCGISJPXfb2dF-wjqnYsXRYtwp8LvoSIswxBoX2S1F2hliMD8UlgXEEIEil2SAvZ5p0Mkj2VAmr7MhRGxq6Vq2AneY353-A6nTeIOgY9DOh7djmUPS7a-sWBCQIzi729V6NnNvqsBH56mnP_A7DTfFqdh7EfyS7lrVET4fxTjinzFGIjP-OhMUbojgmowVQbbil9oc39uYsf3V9U6DZlcnzPHdCnKFWq9fksXXCSO6OoQKFqCPGwnJTf2Jn1NClmmuo7APpESJsnz6vB--hnENMIlAZLRkm-x4dHOHot7OV8gKcIuel9hy-3SlwwHTHxTHFAxS3y31WM_czx-0Tt7cvilKATL5LqFu6kE5u-ZeGhF1w8OX3lBbqFU503nINjfwJCtmdcymoqZUhIP1tpLSLlA9R-5RMDKTTJCrCVUwiygnWOcZtO749QtbQCl9T2BNWHS6-LMBmz5LvLUAzcl7KzIcAj7GGpdlCCWY4G80Hv8cbmv3ePDqiRW70MaE4B23xQmziWuI5-FDwHsfh_vHpc6jhQuTndIHJvvWU1oaIi4O0gzfeg15LEiBQPPnxt6YP-AfyvyyEXyUNh4TO0Ypavgddtq-uW2I0wdTVSYUWkLpCl8WLsVwmoWjl7FUpGpst8xEOHMC_rI87WK9EBZrVEIVTvzChQ5k-YTnnJkc9A5cHCb0uDlvOTqDM9hRJy80Vfx-Itj9Myg_U3TNreLm4moWczuAR1cAmNx-7SydbSSPWAByyQ2YXs0Qu-U5NrOQtHQ_JKdPkzZzy-oOGzriMqsQYrofvJ-J7353Fp3UN2tPtdUF5l2x_nShDpNKOxm4o_69CTv9CQ1bxcaixYNN9Y8BbqFNzoPu8HT-LQAedPByejF2KNP59IF0f5SGjJrPpd41EM5lrfz9o_VWV7CS4NndLvjepWUr4v8VNI4omjwCzEJ1gy3MjnEa3e378zKp_7uTILBh-My9vrZW_sXnKwdpN2BtgH8rmoBdHD26yell5OC_KNCsXj2V3BmXU8X06GJAj83mvswWBZZFs5AdWPCkm0I-GC4Fd7ETx-Jvs6mpMh10KNHdXP8n3AG6uZuS2nvjuitjK3dw6O3CmtIB37BlLIj1Jp0QxPCd-laj86FbbeGHwx3-DhStLWG7A6RzGfTCpZPgtYi8D3bKPiQaQQgEEjsAcoEIg84qAUWrFg13YVfwPK3Wcdg8_ZMjeU8mb4QvsT4nNWwzujzONmMuyA21ZmK-VTcts3M3XDhhFBgBYAE&cry=1&bundleId=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 41A0 91 KB
23 KB 44ms
35ms Script
application/javascript 2600:9000:2450:5e00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2450:5e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 8064e48208c1dcd93ca1f9cc15dd104e.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P4
age: 23092651
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: 5niAZnXi2v0Gr1BxejXJS1unnRLHLADrALCul4EWBDdYE8ms5S_LAQ==

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 9DDB
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

26ms
25ms

Image
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Protocol: H3
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Redirect headers

date: Thu, 15 Jun 2023 22:13:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4A79 1 KB
643 B 7ms
7ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 32077
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 13:19:10 GMT
etag: 48472445140208031
expires: Fri, 16 Jun 2023 13:19:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 27F0 43 B
215 B 351ms
103ms Image
image/gif 2600:1f18:1aca:4281:ab69:b866:4b22:2f96
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=5484cf98-b562-595a-3428-0f1be2d6b4b6&tv=%7Bc:fEcvAm,pingTime:-3,time:139,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:28%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:139,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:28,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B132~0%5D,as:%5B131~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHi2Yxx+111%7C112%7C113%7C114%7C115%7C1161%7C117%7C118%7C1191%7C1192%7C11a1%7C11a2%7C11b*.1352960-70224255%7C11b1%7C11c1%7C11d1%7C11e,idMap:11b*,rmeas:1,rend:0,renddet:IMG.us,siq:29%7D&br=c
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:ab69:b866:4b22:2f96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: nginx
x-server-name: dt27.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 27F0 43 B
216 B 347ms
101ms Image
image/gif 2600:1f18:1aca:4281:ab69:b866:4b22:2f96
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=5484cf98-b562-595a-3428-0f1be2d6b4b6&tv=%7Bc:fEcvAn,pingTime:-6,time:140,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:140,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:28,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B133~0%5D,as:%5B132~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHi2Yxx+111%7C112%7C113%7C114%7C115%7C1161%7C117%7C118%7C1191%7C1192%7C11a1%7C11a2%7C11b*.1352960-70224255%7C11b1%7C11c1%7C11d1%7C11e,idMap:11b*,rmeas:1,rend:0,renddet:IMG.us,siq:29%7D&tpiLookup=ao:pcloak.blob.core.windows.net*%2Cye-mek.net*&br=c
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:ab69:b866:4b22:2f96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: nginx
x-server-name: dt01.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5122 43 B
215 B 345ms
102ms Image
image/gif 2600:1f18:1aca:4281:ab69:b866:4b22:2f96
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=923b4705-9d8d-98db-689a-40abd9d5f61b&tv=%7Bc:fEcvAs,pingTime:-3,time:91,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:20%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:91,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B84~0%5D,as:%5B84~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHi2Yxx+111%7C112%7C113%7C114%7C115%7C1161%7C117%7C118%7C1191%7C1192%7C11a*.1352960-70224197%7C11a1%7C11a2%7C11b.1352960-70224255%7C11b1%7C11b2%7C11c1%7C11d1%7C11e,idMap:11a*,rmeas:1,rend:0,renddet:IMG.us,siq:22%7D&br=c
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:ab69:b866:4b22:2f96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: nginx
x-server-name: dt02.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5122 43 B
215 B 438ms
199ms Image
image/gif 2600:1f18:1aca:4281:ab69:b866:4b22:2f96
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=923b4705-9d8d-98db-689a-40abd9d5f61b&tv=%7Bc:fEcvAu,pingTime:-6,time:93,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:93,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B86~0%5D,as:%5B86~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHi2Yxx+111%7C112%7C113%7C114%7C115%7C1161%7C117%7C118%7C1191%7C1192%7C11a*.1352960-70224197%7C11a1%7C11a2%7C11b.1352960-70224255%7C11b1%7C11b2%7C11c1%7C11d1%7C11e,idMap:11a*,rmeas:1,rend:0,renddet:IMG.us,siq:22%7D&tpiLookup=ao:pcloak.blob.core.windows.net*%2Cye-mek.net*&br=c
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:ab69:b866:4b22:2f96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: nginx
x-server-name: dt16.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 168B
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEP9LB5G-pq-bMnHGvve-mQs&google_cver=1&google_push=ATf1kGN0rSR6zQ9KhgW4J-AB0XhjQ2prNBCAK_UqELFtPxm049mquQpiHAZz_4Q_bLkEtcTS0ghMde9hvvcWHbGdjuzKtdBLkoaoPw
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzYxMDAyODg3NTM3NjI1NTk4MQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEA1UPJZLNed9BN29Ll56vKc&google_cver=1

43 B
398 B

58ms
14ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEA1UPJZLNed9BN29Ll56vKc&google_cver=1
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEA1UPJZLNed9BN29Ll56vKc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 168B 35 B
464 B 42ms
10ms Image
image/gif 2620:116:800d:21:de2e:c7b3:55c0:d5a0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEN7qwtiIb0eX6nVILowOKBA&google_cver=1&google_push=ATf1kGOBX22f3Wkto6lQJhfLgeNFwwMq7lXfTWDktw0Um17Focu_ON-aHkMaiMnBoYhbOjqXTEHL8ItT1q2jX7kE7ar64T_xshk5Bw

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:de2e:c7b3:55c0:d5a0 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 168B
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEHnGn8zGKKgRbenanx99Chs&google_cver=1&google_push=ATf1kGOju4337NEVsdx5oTAq74NN0-1nDKVvhhBA1r93RrtvhaT75ObFENDmr80pyJ8IQzJ9Y09riHf6xbM...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGOju4337NEVsdx5oTAq74NN0-1nDKVvhhBA1r93RrtvhaT75ObFENDmr80pyJ8IQzJ9Y09riHf6xbM3nplpQ_ZjwJu0wLoEWQ&google_hm=Md20Luu9TXKkuYW2kt...

170 B
188 B

19ms
18ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGOju4337NEVsdx5oTAq74NN0-1nDKVvhhBA1r93RrtvhaT75ObFENDmr80pyJ8IQzJ9Y09riHf6xbM3nplpQ_ZjwJu0wLoEWQ&google_hm=Md20Luu9TXKkuYW2kti6MvQ

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGOju4337NEVsdx5oTAq74NN0-1nDKVvhhBA1r93RrtvhaT75ObFENDmr80pyJ8IQzJ9Y09riHf6xbM3nplpQ_ZjwJu0wLoEWQ&google_hm=Md20Luu9TXKkuYW2kti6MvQ
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 168B 43 B
245 B 55ms
16ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEOhjxXez9YV1RmqF5xWfrHw&google_cver=1&google_push=ATf1kGODRMloWBv3pL1ROephMbEebrm0uXoG_EuuRdQNdIpbXon8xVsR3orWx1E_0aUeJbg2fkN8WTitBv-gXQCkPt4H12dY4MJzJA
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 168B
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEDpEA01aNdJU70si_S2yXEM&google_cver=1&google_push=ATf1kGN_WXsAFVhUazzZHnfO9Rpn_6GxnJPdEozBP3YQLsX7Q_MsUw7wht0qnvqqzv2AEbycFFkCHYa724JjbL4fA...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGN_WXsAFVhUazzZHnfO9Rpn_6GxnJPdEozBP3YQLsX7Q_MsUw7wht0qnvqqzv2AEbycFFkCHYa724JjbL4fAQCTKVz53Na7LA&google_hm=G0nVsGZH6hYwA1PSQPm-...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGN_WXsAFVhUazzZHnfO9Rpn_6GxnJPdEozBP3YQLsX7Q_MsUw7wht0qnvqqzv2AEbycFFkCHYa724JjbL4fAQCTKVz53Na7LA&google_hm=G0nVsGZH6hYwA1PSQPm-Dvgw

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 15 Jun 2023 22:13:47 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGN_WXsAFVhUazzZHnfO9Rpn_6GxnJPdEozBP3YQLsX7Q_MsUw7wht0qnvqqzv2AEbycFFkCHYa724JjbL4fAQCTKVz53Na7LA&google_hm=G0nVsGZH6hYwA1PSQPm-Dvgw
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 168B
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEOfoQjqnXay2NwCej4SQ9hk&google_cver=1&google_push=ATf1kGMF075wvIzpxaH0quiOeavKkwRyUIYJXGzNCUWgwGll1K3M-cvc8N97NSWHCbtDhUbDDnVG3QMCq2UnSV7CnhzxAZmtHvD7
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=ATf1kGMF075wvIzpxaH0quiOeavKkwRyUIYJXGzNCUWgwGll1K3M-cvc8N97NSWHCbtDhUbDDnVG3QMCq2UnSV7CnhzxAZmtHvD...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTIxMTE0MjM2NjY0NzkyMzI3NDA2OQ%3D%3D&google_push=ATf1kGMF075wvIzpxaH0quiOeavKkwRyUIYJXGzNCUWgwGll1K3M-cvc...

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTIxMTE0MjM2NjY0NzkyMzI3NDA2OQ%3D%3D&google_push=ATf1kGMF075wvIzpxaH0quiOeavKkwRyUIYJXGzNCUWgwGll1K3M-cvc8N97NSWHCbtDhUbDDnVG3QMCq2UnSV7CnhzxAZmtHvD7

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTIxMTE0MjM2NjY0NzkyMzI3NDA2OQ%3D%3D&google_push=ATf1kGMF075wvIzpxaH0quiOeavKkwRyUIYJXGzNCUWgwGll1K3M-cvc8N97NSWHCbtDhUbDDnVG3QMCq2UnSV7CnhzxAZmtHvD7
date: Thu, 15 Jun 2023 22:13:47 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

report
sync.teads.tv/um/ Frame 168B
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEAkotIUe4xXRna0-kzwIQYo&...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=ATf1kGMgScwZRgw_5LYqqYzLG90rskweVIbtkKGjbMRn7YYyy0fjOaHF11tdlut7zYw3gjAKXKjoYHjJF_zcxSocxPtQxDSmlq3JrA
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

37ms
37ms

Image
image/gif

104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires: Thu, 15 Jun 2023 22:13:47 GMT
pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 168B 0
12 B 15ms
15ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JgmxaI2snI5KBGPnlhLBp8VT5sHOv6ZAQVqcZMQgqKrY8ZDsA2R8fmoqpNqKxwI2_Q4N8Qrw

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 5648818383791576392
s0.2mdn.net/simgad/ Frame 9DDB 532 KB
532 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/5648818383791576392

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012305252018000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

187574c8a3cf0026b633b356842e03d60450be911027b697e9542a650d1049c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 23:03:04 GMT
x-content-type-options: nosniff
age: 429043
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 544482
x-xss-protection: 0
last-modified: Fri, 31 Mar 2023 09:51:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 09 Jun 2024 23:03:04 GMT

GET
H3 200 14952963386359035714
s0.2mdn.net/simgad/ Frame 9DDB 10 KB
10 KB 13ms
13ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14952963386359035714

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012305252018000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 23:03:04 GMT
x-content-type-options: nosniff
age: 429043
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Fri, 31 Mar 2023 09:51:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 09 Jun 2024 23:03:04 GMT

GET
H3 200 tr.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 9DDB 3 KB
3 KB 9ms
8ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012305252018000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 19:49:55 GMT
x-content-type-options: nosniff
server: cafe
age: 8632
etag: 9957912877679239782
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3057
x-xss-protection: 0
expires: Fri, 16 Jun 2023 19:49:55 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 9DDB 344 B
368 B 9ms
9ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012305252018000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 19:03:49 GMT
x-content-type-options: nosniff
server: cafe
age: 11398
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Fri, 16 Jun 2023 19:03:49 GMT

GET
DATA 200
OK truncated
/ Frame C337 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a9463aa6bc04e8ed65268ee58b03fb119d097a4ec5f33f0dcb3750d4d75f28c3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C337 0
0 54ms
52ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsusxXue6I3zRabsrcz4TTsjCnP4dArQV8F6b419X6u9XZBZvLUgmkaca9kItOPEkfR7Nqg6dkbBLgAUHqlWlLflchHWWKX5FxLmEpAD1nWWYp5k2dl-Kllq9E913OVnu0OOtJPovh59fsDClheVHW8AVL2Vv1genfr75uGUAtHgHzDal5rYae_Pt0XUrzRd_E-ciz9u4kMAC9L-9TQa_qwBKisw7axiCJwHhLVa5OG3hgFhIrn9i6dHGpvv3-HAq07yw4oqXCCna_xGwWCq1xJeUkyrl0SakDQGjpTH3Mm87WsfxaB4U-BDI1KvHsYBTTZVzuhu13H4t-ULRQQYnDsvFRl2HrDZseuAkziRn1MiPdJbavFM76jjK6YFHD2znx9HFHyzj7CljubyTpPYfq_8ayXHcq19Xi8EOzsOZQCAoiI8vB-7ZDCei3hcLOJ7ZPCWk7t25qlsgIDOGynOUF_g_EbPRr8HrpTd_GHBJmC9FH3k8HukR5whVoQqhHHthtLxqPoyeaKxokqkYHRahUim9qWea1qutyFgKlWESo_hNmQx5khW75X_wSqkEwXjOFosH_BbrWjECBqqtnEkWsgt4uz9n_VJqkWxZuLsjDgt6oGItkgRUpQJ6Dg5FRO4D3x72HIn7Bdbg30T5eiHd8ESgQ4DL53yTLt8nDwmt0hR-zSLP4j3jzeJnoG6HG-ZhZLoJUVDXLPStULAJZULbiFH69rJFB-CjdiVSW4nn5td8SzNbSx7hDagTb4Ev-eUUANPBLaNnc3TIKZMz5SqmgSH1Nex2FW7z6hLwmJFnfUmg6ii8Ixh7nHQqlW2vNKmcKXheFaV0Sh4S34WnpCUJ5I4Ququ8bbM86qTo5GOl--2y2mf7gSPkFzIA0CijQPBZa0FlV3EUSFt7_ensPlV9-ERP6nEKx3ANjqB-0qBIFEAyoog34m2PaUXOemjjbXcSkeWXjvtPqoXX2q-Ri7KRylTkxWBj03u5o7E9Qp4Y-izx52A5JT7YKyWxX8S-Xx8TRtMUCsyEDcYee6iuKpg7-YhXIt-SJyBtTHMWr4rZnqtsaoYuUBqLQGqWijtY9GS2gYnfWlyoAwv4UGGCBWvrtsNUqFt5TYMeYbxsMdVKaIh8G3ki2F3Ih26tO3tLclAwLDi5ra7czGx3ubLfNqPzoVOvAZCNDIRwUQ2q2vJg3mGRrGAjj8Y8QjlRC5EFvZq8mVOE5J_jphviViPNS16GSEMVCxmbEAuoMox60N5Mbjc&sai=AMfl-YReYj-6a_CbtzwLNWZqSOHAdMNb9Lgu89A6DOi4dp3s5t9DsJpg7E83dkTQX9nzcJZ71Bm2n7qYw2CvwNf4JNc868yfqK1EVzKWx3YE2x4mqsow6yGE7bC8YD_uy4R19-kxRuU6poHFrqTZ6D6Gx44rw-JijS6MYbxBjvHQizksp9ispNPYdAlfK-NflIHUMVdTPFJI0lM94ecJoaCpGhQOHDV_KJygFF8m5psWXur6rSzhXWTbtNEnv0977nA20-rK&sig=Cg0ArKJSzLz2hIP1EaW1EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=197&vt=11&dtpt=196&dett=2&cstd=0&cisv=r20230614.43952&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 15 Jun 2023 22:13:47 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/13151972954896785613/ Frame 2FB4 126 KB
34 KB 22ms
21ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13151972954896785613/index.html?e=69&leftOffset=0&topOffset=0&c=w7uNkWV6ZV&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35e04b4855605c908b85662df66fa3f5fce2fe1fa2d284873c1349b101bd7bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 22:13:47 GMT
expires: Fri, 14 Jun 2024 22:13:47 GMT
last-modified: Wed, 22 Jun 2022 11:30:07 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame D62E 0
0 56ms
55ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvfSn38-FsYw3Tvk9gYBlku5DFCu-nP6laguyi72gJEXmQFooJttPnMY0W2opD0GnGwF-k1lQ_CtNXINb8OSdqJTVF6tUYKt9QlXmv-SG4Ex7wj4Cj1_swgIIruaexc3ZXKVy7O_vIL_9D9j5GVFlpOvV9tfedG-5ZLfdmT-lWaP6E4Y-Xy30fgZjMUie11aYnnV00jbo3id5W2OypjQQBMPEUAHrsU0VQo0j6lUWK0uzsgR23FpQ5ENODc0sG-TaBSWL8EnTPoQ6240f8zxPruXjR-R-v-n4r11SN9WY9MLItvVglGK_oVF82yc57PN6H254IVnsLv-osE52fhxzI5pMxqBdEZsg6p4qGP1ZEGB_Tx2pLOcjrv0nihMFYv1uW0Uf3la1jmjn0ht6rBbpTE8WQB0NaPkA2I5i_qLo3v4vNkyES0uHOSmvJcbjsrWNRgVRx1-VxJrez-KUTQwVpZa2eVrhmv-qzN3lLie-cD8X25lXyWKyIG5DWK2bn5jW_u_LD6JzOljpc9bE5qRZn9C2VcAv_tTZuumETawvkLj_QIvpzMWDkHJQkur06apdThTGSil3CmJWZg2fbKS9MTqPB4VtFWuZ-49qWcWcsJtGs8_3fhv_RZGGSsTUodFp4bjVJXHgGBbBjTZQbLyHRUDgmQUF7rP-Zii55k3d1h--0bwMFq9M4fYYGhX9BkGFWGRODl7f2_2p3JnBScYGCa4RvE7mdstPXrVIgXvuPX0Gc1JmBDD7A-5KjtZBrHTo3wP-qC-wMfcloexxAVIHQCV9pUmVMFF-cZu-tuP-e5aDOEDZqhEgOaBVmSEf2ZcqIyhZr2FAMog-3QqYxlf7KQIuWM2ovF92LiLgiBhEiSk8ersFx7EpSqdBz8H7jysf6dfght_0Y73jtammKBgx0ToTi3la7OoWt1pPUciTjkkDv551Mq722yGJN4G49cVMOysgEN7fLXtrTUo0GaWZKn7uAZzVEfFbt0ZLgzuEJLPczHjg3P8wpBjd17FlnCxFVpQyjIlmA52tMJjLLmpWSqSzEbCYjecLqpSNZO-R20Htvqo4K021CEiDptGnnZC-A56itS0Pt2pJ9ejiWv9_TJJBGE6HPVLGvVLr2sUETd0Oxa3vctLa5ghxqJDji1WHt1ul9JBulW2CnIgXeLtrcD-kmf7wqcT3HZZQFCe2Y-vxlLFG7cWlg3z5Gp0OZE8GS67s2vNF7ckFWOUWe7w_8quR9smcyI1tMUe6U9zRUR4v6W3zxp0FVMlYlBcY9jRxUadFau5M_ZkNtCy2VlZq7BQBhvce9Ug-nIbQE&sai=AMfl-YS22puOxmFxoVZRViIrQLAfKR-Z44C6PDCgg6UR-sycAIXfMa2WJKudC020TKIozMLFNeEh4RGYTpXYKbeKKRYyBelVFWfeCs13mERosxTzVqdDjUZjsrlTvTEObgVIllgPMlPADv4nKRVymCkZcsX6qPvWpkGzQzg_XjjmVFEH_eyzLd_rjF615YS6qXZM3_e3j3m60QVBU44sxnnnQJlaLy5hYFw5oOlbfz8F6guU2OFuLNQZand4faN6BYvp96WY&sig=Cg0ArKJSzNBdU25jkirtEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=313&cbvp=1&cstd=304&cisv=r20230614.23485&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 15 Jun 2023 22:13:47 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Thu, 15 Jun 2023 22:13:47 GMT

GET
H/1.1

200
OK

px.gif
d.adtriba.com/ Frame D62E
Redirect Chain

https://d.adtriba.com/collect?atb_ptid=f65079e0&atb_dcaid=202305_es_nothilfe_dv_pros_367777976&atb_dpuid=di_dv&gdpr=&gdpr_consent=
https://d.adtriba.com/px.gif

42 B
227 B

9ms
9ms

Image
image/gif

52.57.130.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adtriba.com/px.gif
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Server: 52.57.130.34 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-130-34.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Thu, 15 Jun 2023 22:13:47 GMT
Cache-Control: public, max-age=86400
Server: nginx/1.16.1
Connection: keep-alive
Content-Length: 42
Content-Type: image/gif

Redirect headers

Date: Thu, 15 Jun 2023 22:13:47 GMT
Last-Modified: Thu, 15 Jun 2023 22:13:47 GMT
Server: nginx/1.16.1
P3P: CP="This is not a P3P policy! See https://www.adtriba.com/privacy-policy.html for more info."
Location: /px.gif
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 01:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 27F0 43 B
215 B 275ms
102ms Image
image/gif 2600:1f18:1aca:4281:ab69:b866:4b22:2f96
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=5484cf98-b562-595a-3428-0f1be2d6b4b6&tv=%7Bc:fEcvBA,pingTime:-2,time:215,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:376,beZ:377,mfA:379,cmA:381,inA:381,inZ:385,prA:385,prZ:399,si:404,poA:405,poZ:425,cmZ:425,mfZ:425,loA:515,loZ:518,ltA:590,ltZ:590%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:28%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:215,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:28,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B208~0%5D,as:%5B207~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHi2Yxx+111%7C112%7C113%7C114%7C115%7C1161%7C117%7C118%7C1191%7C1192%7C11a.1352960-70224197%7C11a1%7C11a2%7C11b*.1352960-70224255%7C11b1%7C11c1%7C11d1%7C11e,idMap:11b*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:IMG.us,siq:29,sinceFw:184,readyFired:false%7D&br=c
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:ab69:b866:4b22:2f96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: nginx
x-server-name: dt15.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E20C 22 KB
8 KB 9ms
9ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 488980
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 10 Jun 2023 06:24:07 GMT
expires: Sun, 09 Jun 2024 06:24:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5122 43 B
215 B 270ms
102ms Image
image/gif 2600:1f18:1aca:4281:ab69:b866:4b22:2f96
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=923b4705-9d8d-98db-689a-40abd9d5f61b&tv=%7Bc:fEcvBF,pingTime:-2,time:166,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:439,beZ:440,mfA:444,cmA:445,inA:445,inZ:449,prA:449,prZ:455,si:461,poA:462,poZ:482,cmZ:482,mfZ:482,loA:532,loZ:534,ltA:605,ltZ:605%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:20%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:166,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B159~0%5D,as:%5B159~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHi2Yxx+111%7C112%7C113%7C114%7C115%7C1161%7C117%7C118%7C1191%7C1192%7C11a*.1352960-70224197%7C11a1%7C11a2%7C11b.1352960-70224255%7C11b1%7C11b2%7C11c1%7C11d1%7C11e,idMap:11a*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:IMG.us,siq:22,sinceFw:142,readyFired:false%7D&br=c
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:ab69:b866:4b22:2f96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: nginx
x-server-name: dt17.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5D15 22 KB
8 KB 12ms
11ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 488980
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 10 Jun 2023 06:24:07 GMT
expires: Sun, 09 Jun 2024 06:24:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 _gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js Show response
pagead2.googlesyndication.com/bg/ Frame 6BF1 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/_gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe02c6f5a37c72317bbd729b31e3b19ad08e8ccf0f22c2553f3417353d9d63b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 08:34:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49178
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14773
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 14 Jun 2024 08:34:09 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 2FB4 118 KB
40 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13151972954896785613/index.html?e=69&leftOffset=0&topOffset=0&c=w7uNkWV6ZV&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13151972954896785613/index.html?e=69&leftOffset=0&topOffset=0&c=w7uNkWV6ZV&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 07:18:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53701
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 16 Jun 2023 07:18:46 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4A79
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEO1qMVT-vCwQoV9ccx1Op60&google_cver=1&google_push=ATf1kGOkzileWYetgH_9YcpjHXBAajsZhVOydoAQ8ORStfu_fdGPtJtE2Pvgk-vNQEgloBRR_kty4rQG8vQ...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGOkzileWYetgH_9YcpjHXBAajsZhVOydoAQ8ORStfu_fdGPtJtE2Pvgk-vNQEgloBRR_kty4rQG8vQDm1NKQ1vWUFFpSDJBhw&google_hm=Md20Luu9TXKkuYW2kt...

170 B
188 B

19ms
18ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGOkzileWYetgH_9YcpjHXBAajsZhVOydoAQ8ORStfu_fdGPtJtE2Pvgk-vNQEgloBRR_kty4rQG8vQDm1NKQ1vWUFFpSDJBhw&google_hm=Md20Luu9TXKkuYW2kti6MvQ

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGOkzileWYetgH_9YcpjHXBAajsZhVOydoAQ8ORStfu_fdGPtJtE2Pvgk-vNQEgloBRR_kty4rQG8vQDm1NKQ1vWUFFpSDJBhw&google_hm=Md20Luu9TXKkuYW2kti6MvQ
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 4A79 0
173 B 71ms
16ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEGvNyV7pFU_LRGT_ev3zaGQ&google_cver=1&google_push=ATf1kGOjNUXgpXyjNBy0uRb8rB_tf3z8UAjvmHGeUxmVCTSq8zmFOFCIMUv3qE99VCvoY9YVxOG1ZVoqh4pNmmwZT_dA9oh7Yddc
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:47 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4A79
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEAF1VpIOU_KF2isYXeDmY9Y&google_cver=1&google_push=ATf1kGOYzRl2D6cSg-ZHIpfXvna8Y4wF4oOO5HyBOU1NTwC3NCR3N_DRvMO6zmhe6cxCdHChbH6ZcWDgOcVhvC0u9SfxDCA...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEAF1VpIOU_KF2isYXeDmY9Y&google_cver=1&google_push=ATf1kGOYzRl2D6cSg-ZHIpfXvna8Y4wF4oOO5HyBOU1NTwC3NCR3N_DRvMO6zmhe6cxCdHChbH6ZcWDgOcVhvC0u9SfxD...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGOYzRl2D6cSg-ZHIpfXvna8Y4wF4oOO5HyBOU1NTwC3NCR3N_DRvMO6zmhe6cxCdHChbH6ZcWDgOcVhvC0u9SfxDCA9Ra7-qQ

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGOYzRl2D6cSg-ZHIpfXvna8Y4wF4oOO5HyBOU1NTwC3NCR3N_DRvMO6zmhe6cxCdHChbH6ZcWDgOcVhvC0u9SfxDCA9Ra7-qQ

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGOYzRl2D6cSg-ZHIpfXvna8Y4wF4oOO5HyBOU1NTwC3NCR3N_DRvMO6zmhe6cxCdHChbH6ZcWDgOcVhvC0u9SfxDCA9Ra7-qQ
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4A79
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENUPHEEhwy5s97QoCU0a2rk&google_cver=1&google_push=ATf1kGPSTWvyXhbMTMYDUD_Gel41YTnK1YFHWFIe1jOpXfHg6kyvJvjQJphNDCtNkrmsUFLNwMMz2VEabdowviE0g...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGPSTWvyXhbMTMYDUD_Gel41YTnK1YFHWFIe1jOpXfHg6kyvJvjQJphNDCtNkrmsUFLNwMMz2VEabdowviE0gV5y33k1Nrbw&google_hm=G0nVsGZH6hYwA1PSQPm-Dvgw

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGPSTWvyXhbMTMYDUD_Gel41YTnK1YFHWFIe1jOpXfHg6kyvJvjQJphNDCtNkrmsUFLNwMMz2VEabdowviE0gV5y33k1Nrbw&google_hm=G0nVsGZH6hYwA1PSQPm-Dvgw

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 15 Jun 2023 22:13:47 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGPSTWvyXhbMTMYDUD_Gel41YTnK1YFHWFIe1jOpXfHg6kyvJvjQJphNDCtNkrmsUFLNwMMz2VEabdowviE0gV5y33k1Nrbw&google_hm=G0nVsGZH6hYwA1PSQPm-Dvgw
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4A79
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESED8q20c4erkODqgL0VPHsh0&google_cver=1&google_push=ATf1kGNYpNopAIvv76HAKjMTpvVmgoeqi7p6KhqmvpTX5TzELLNAsFiPgsTVBOF2xS2lLH3JtIzYueqzfoz2XGcJYTVgCs...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESED8q20c4erkODqgL0VPHsh0&google_cver=1&google_push=ATf1kGNYpNopAIvv76HAKjMTpvVmgoeqi7p6KhqmvpTX5TzELLNAsFiPgsTVBOF2xS2lLH3JtIzYueqzfoz2XGcJ...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=gyvz6t6dRYKKgBqk9v4FDQ&google_push=ATf1kGNYpNopAIvv76HAKjMTpvVmgoeqi7p6KhqmvpTX5TzELLNAsFiPgsTVBOF2xS2lLH3JtIzYueqzfoz2XGc...

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=gyvz6t6dRYKKgBqk9v4FDQ&google_push=ATf1kGNYpNopAIvv76HAKjMTpvVmgoeqi7p6KhqmvpTX5TzELLNAsFiPgsTVBOF2xS2lLH3JtIzYueqzfoz2XGcJYTVgCsvsDEPsLg

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=gyvz6t6dRYKKgBqk9v4FDQ&google_push=ATf1kGNYpNopAIvv76HAKjMTpvVmgoeqi7p6KhqmvpTX5TzELLNAsFiPgsTVBOF2xS2lLH3JtIzYueqzfoz2XGcJYTVgCsvsDEPsLg
access-control-allow-origin: *
date: Thu, 15 Jun 2023 22:13:47 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200

0.gif
id5-sync.com/i/495/ Frame 4A79
Redirect Chain

https://sync.inmobi.com/gob?google_gid=CAESEJaFU-zlzYf-1-pbALPV7C0&google_cver=1&google_push=ATf1kGOZfPlDbowkQQbSp2SAjkaOAgTpmS_cwuftM_a5nKtXY9cwniPnP3SbUijhWyxAHS93DGm8AW4H_J1bfyw8Mbmjp5bNLTjRZIw
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DATf1kGOZfPlDbowkQQbSp2SAjkaOAgTpmS_cwuftM_a5nKtX...

43 B
1 KB

60ms
15ms

Image
image/gif

162.19.138.120
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DATf1kGOZfPlDbowkQQbSp2SAjkaOAgTpmS_cwuftM_a5nKtXY9cwniPnP3SbUijhWyxAHS93DGm8AW4H_J1bfyw8Mbmjp5bNLTjRZIw

Protocol

HTTP/1.1

Server

162.19.138.120 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533571.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Thu, 15 Jun 2023 22:13:47 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

Redirect headers

date: Thu, 15 Jun 2023 22:13:47 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
expect-ct: max-age=0
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=utf-8
location: https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DATf1kGOZfPlDbowkQQbSp2SAjkaOAgTpmS_cwuftM_a5nKtXY9cwniPnP3SbUijhWyxAHS93DGm8AW4H_J1bfyw8Mbmjp5bNLTjRZIw
x-download-options: noopen
vary: Accept
content-length: 274
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4A79
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESELWsrl-ZXen260m3zHoQzVU&google_cver=1&google_push=ATf1kGNxZcts8TRKh...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=Njg2MzE0OTI4NDkyMjkyMTU3NA%3D%3D&google_gid=CAESELWsrl-ZXen260m3zHoQzVU&google_cver=1&google_push=ATf1kGNxZcts8TRKhFsD7H9BNSiy2osj58...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=Njg2MzE0OTI4NDkyMjkyMTU3NA%3D%3D&google_gid=CAESELWsrl-ZXen260m3zHoQzVU&google_cver=1&google_push=ATf1kGNxZcts8TRKhFsD7H9BNSiy2osj58Qa2SmJwrnB_nOO6OvShk80-KLeBjUl_1ue1ybT48D3YNVMPcI7VXuOY52b-lmI4xCd2w

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 15 Jun 2023 22:13:47 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 37.58.58.244; 37.58.58.244; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: a9aa4fb4-b855-4dfa-8e32-8d02c5015411
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=Njg2MzE0OTI4NDkyMjkyMTU3NA%3D%3D&google_gid=CAESELWsrl-ZXen260m3zHoQzVU&google_cver=1&google_push=ATf1kGNxZcts8TRKhFsD7H9BNSiy2osj58Qa2SmJwrnB_nOO6OvShk80-KLeBjUl_1ue1ybT48D3YNVMPcI7VXuOY52b-lmI4xCd2w
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 4A79 0
12 B 16ms
15ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KVF2mczbDr7WBUCWU0I30SR35OW_9Rj0Q7Q8DCDpthgNuM372LFmN9Uc5e6XhEg0oYm6sfrdc

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 72CE 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 488980
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 10 Jun 2023 06:24:07 GMT
expires: Sun, 09 Jun 2024 06:24:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 5122 172 KB
60 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
Origin: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 10:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42985
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 16 Jun 2023 10:17:22 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/ Frame 5122 11 KB
4 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/omrhp.js

Requested by

Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/1352960/70224197/xbbe/creative/adj?p=APEucNW5q_G8hIbLWmehTiKKPN6Ac3moJXXJ2u8rNvh9kN_Zmb6gOUY&d=CokBAKAmf-CDSTp6ebVaPw1RFmGub3VYYZtvh2IzWSwtqGivKwZBXmV7_mRwXbW3Ob7q7Ew1ZY_hiXSdMHRvm-lz4NT33LiH_wJKXXr6oDWEMy-ZFdWiL0XMwoAgbvNp4_KC3I29bcYk8VpYSwW_h9SEUA6XS9LOrsQX_-5uMPuF-I8BoAgEEvaMk4USqRQAoCZ_4N6j0BbXtBz1sTxUFM2v-jKsDhJtqTn9Zb5lcxIuDrNhuLLir8XdJfbqeiGdX0hBHjTfWc31od4XCduBfsuZwVTPAjLAEUq8bAU8OWDSOKqhI2r31s6FpPHy_vtGD4WBTMuTdfLRGs_7s1U4PkVVLYp5ixWQVzOhvW_t6v6GyvDIc_ULxlBtLbUC_WfmXyml-dZTNBIZWauezifZmZUO_Jf-a6XpsnXeo_OVByQnIssTF8se_VwMS46tbhAATAQhBdkHAfrlE1fhthNtjM9kgI74rCNL5d4kp_hXcx7QL3zEq6ShIgG8x4yDmJR4kU0IIPeGq_881gy48OXG1C_jHdgSLF8G2-8ieHodtb3jH-odF9VOt66Dhk3o1Aw2h80LO6y8GbED3rdoLiQ90PnRsFo3JGxIXNLggb2dx6CRxuOxiihBcMdNBKmtEXj61TWWLv4K4JcZFG85Q7t3O8d4jPEHZcec77-b8LNgRO7ynEokm_sgEJ_xYstSirujNCMSLP91TMY4CTu3WQq3C07AuPbl-3gfdJz6HsvSBIWzkYIXzzEcShM3WqUkTh7xj8d97_5JphUlAzO_XGIxEJOMY2ioGDXe6opGZGT4m88GJov6MqWIJ2e9ii0EM_-6CZRrgIQX-B4_T6p1okBd7F8WmomI1dfCwxODu8RMWWt5XfkuqBwMMTgLbOPVwhXjkZ4M-xtS5EeetOl7Tg90tYNT2KRscsme3cIPU1EVQ4F0LIcQITpFVBXUEMJ-TnBUs-CfW-gfoQ3_xEy-mO_MKcJvIlAWU_8NS9dJQ-LbESi-Szjcq0ljovgSqS4GWfMKhNTw_20l9xGtNO7yd3GQfZbVDIL4Dix2_lYhIUDMLziKvdlNrkeuAyBmWHlEriSd669uucYy_ZDwIFP_bklE0C_MnzM5xg4Fi7VrGLkIy_9nFJMukfGuRCQnJJdfVjTDAAZnfYVgOSozCg9cNZa69wb-KpWlap6q5jf-x0XK5SJRh9--S23f6F9mwix5KvWBq7LMlTLhoiJg4k4awbYYbG8VYLI2v10eDR9ny5rU1tlUV-JLgz-ybQkcRh029Rgub-atcRVM-y1lZXFrpJYKNdEyaZa1mn7YCYvkH-RFINMT8sDE9YoUrCz0TQqmEtLEWu4NfdJPteDRvUHqcvsx8QQPqFF55kUdTOyo01y3VBo5JPe7hX2TgaGU6DjD2kVRMIEm1MXBUC40GUSqcHqj4ILn5VHMsJQQsuF21VUIvvDQAFQwGFuEd5DCt7ZvDU-031p4V7qTDIv1AoXkgvJ-3m5chfCmbopTncCchybdoS8QBAlREgEUH8YCdvw8JDHc75Myz_coV2o_62NKDKpM-VvsOFg22A82DEoJgR0blIoKSCeV5ptk-TZZ6wrtH9mLyYtDU4IzoCrXnsxnNbh_J4xIMbCS8a0cnxnj7jW7u6VDHZqycDLRCGwLCQz2pQfelxXTF0DKQY7kAP46l6nnIxpeh5v_c5OEnAG0-LtqAcMOiGSIY7-bhMmtcr9AkEkEGf9vF-k-pQfnH9Eaz7H7s60J6-ewKwUIU5ufe4jGYtT6y0oJkokxFFPecJNc5a1S-UOAKeke-rKxrd2mygX43C9QSxkP9XuVCJY9FoGPxujJaDtPA9ZElb9xqAqbkPj15I2K0yFrP8BDWNHZtfRD0WxOfLBYmRjBu7FJZe2BQQwLATtrVdiMZLxAsaK4AeSgvosF5WlO3rjcR9cQDOdPiw-juT9PBXqW4Hjjpph3jS7VhrDR97KV4RawZO_ZnMJn5d6SSMrhgpeEt7N1546D2NW3MTuNal_9rCTTMA3LJKQfQFzirW2NuELdHe1pfD1n2sTCKex_T_B40dI4WCVblCUrRf5pK5tI-cNe7-xqo5WiB6QpC9-1xzq0W59wFVzk2uF8rRu6o0DdGwDQDAdv2-PtYD9c-xAlMx4hZ8JgVmJDU-QO1hPKoz4veaxgrzxeiY02mpFNeiUT3kNmoJq-w1a4dVFPYFqUzaQwZF8mxKeX8nwP52Y2DOFmm8lfZRGoS_o_bY6b1Q8AkeVAmXZCXWYRG3E4ilN6Ajltcq-suUObVMX_p8xCOgU2EoyQMvQYK_5y5LlV-tK1GWAISm0FYas4eO2eOB38JyNLseViHYewJ7Js-WX1b9524Vnjoh84T5158UxVqXkN2BRM_lJIykUns6AclRZ3tx6eydqjFMpQxPNKfHXbJTqOQcKoSuTRhiQJymeieFkn4J6prxa15XPi7KMBI4PYDT0-sHvmk48eOFU0QZSVlygCGISJPXfb2dF-wjqnYsXRYtwp8LvoSIswxBoX2S1F2hliMD8UlgXEEIEil2SAvZ5p0Mkj2VAmr7MhRGxq6Vq2AneY353-A6nTeIOgY9DOh7djmUPS7a-sWBCQIzi729V6NnNvqsBH56mnP_A7DTfFqdh7EfyS7lrVET4fxTjinzFGIjP-OhMUbojgmowVQbbil9oc39uYsf3V9U6DZlcnzPHdCnKFWq9fksXXCSO6OoQKFqCPGwnJTf2Jn1NClmmuo7APpESJsnz6vB--hnENMIlAZLRkm-x4dHOHot7OV8gKcIuel9hy-3SlwwHTHxTHFAxS3y31WM_czx-0Tt7cvilKATL5LqFu6kE5u-ZeGhF1w8OX3lBbqFU503nINjfwJCtmdcymoqZUhIP1tpLSLlA9R-5RMDKTTJCrCVUwiygnWOcZtO749QtbQCl9T2BNWHS6-LMBmz5LvLUAzcl7KzIcAj7GGpdlCCWY4G80Hv8cbmv3ePDqiRW70MaE4B23xQmziWuI5-FDwHsfh_vHpc6jhQuTndIHJvvWU1oaIi4O0gzfeg15LEiBQPPnxt6YP-AfyvyyEXyUNh4TO0Ypavgddtq-uW2I0wdTVSYUWkLpCl8WLsVwmoWjl7FUpGpst8xEOHMC_rI87WK9EBZrVEIVTvzChQ5k-YTnnJkc9A5cHCb0uDlvOTqDM9hRJy80Vfx-Itj9Myg_U3TNreLm4moWczuAR1cAmNx-7SydbSSPWAByyQ2YXs0Qu-U5NrOQtHQ_JKdPkzZzy-oOGzriMqsQYrofvJ-J7353Fp3UN2tPtdUF5l2x_nShDpNKOxm4o_69CTv9CQ1bxcaixYNN9Y8BbqFNzoPu8HT-LQAedPByejF2KNP59IF0f5SGjJrPpd41EM5lrfz9o_VWV7CS4NndLvjepWUr4v8VNI4omjwCzEJ1gy3MjnEa3e378zKp_7uTILBh-My9vrZW_sXnKwdpN2BtgH8rmoBdHD26yell5OC_KNCsXj2V3BmXU8X06GJAj83mvswWBZZFs5AdWPCkm0I-GC4Fd7ETx-Jvs6mpMh10KNHdXP8n3AG6uZuS2nvjuitjK3dw6O3CmtIB37BlLIj1Jp0QxPCd-laj86FbbeGHwx3-DhStLWG7A6RzGfTCpZPgtYi8D3bKPiQaQQgEEjsAcoEIg84qAUWrFg13YVfwPK3Wcdg8_ZMjeU8mb4QvsT4nNWwzujzONmMuyA21ZmK-VTcts3M3XDhhFBgBYAE&cry=1&bundleId=&ias_dspID=3&ias_campId=25458251&ias_pubId=pub-7983651257838282&ias_chanId=1&ias_placementId=18513634021&bidurl=https://ye-mek.net/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0jiNUqV0X3tL98KmpQzs5bK&adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:923b4705-9d8d-98db-689a-40abd9d5f61b,c:fEcvzk,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-6c5d9cf586-6phmg,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:4,mot:0,app:0,maw:0,fm:tHi2Yyp+111%7C112%7C113%7C114%7C115%7C1161%7C117%7C118%7C1191%7C1192%7C11a*.1352960-70224197%7C11a1%7C11a2%7C11b1%7C11b2%7C11c1%7C11d1%7C11e,idMap:11a*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,tt:rjss,et:21,oid:e5f8bdc4-0bc9-11ee-b5e8-ca6a80b6612a,v:19.8.417,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16402
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:40:25 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/ Frame 5122 29 KB
11 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16402
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11316
x-xss-protection: 0
server: cafe
etag: 309758756414748794
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:40:25 GMT

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 27F0 172 KB
60 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
Origin: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 10:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42985
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 16 Jun 2023 10:17:22 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/ Frame 27F0 11 KB
4 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/elements/html/omrhp.js

Requested by

Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/1352960/70224255/xbbe/creative/adj?p=APEucNWkcZqnkVmkesuUrqsTnH2tUrghoQk1-YLL4wGGgy8azDUzW5Q&d=CokBAKAmf-DfQ5tlPF7fVM8k8DFerrrAZ8goK_3ZbmF3PFClNE1KeYCaBAFJZKRlkp4phcgSMrECuX9384FpFYgrtpowGQrzpdRpCgv9p0eWHhL0zYazQ7XGF0Nu5FEo8tJ_IVt4Xmrz9pkchmEo_YEamV-6SNjKYtNivMA8mGD3cEL3pEmKdPvqooMSqRQAoCZ_4DeK8oWQfwwdXO8ESzjYo5NTtLMH6QTpKtJB_GPNBDYdPCWrMhY4FpM1RgEilWFBa0w4Lx8s_pXQZbhEW-iKOK1FmH6FSKI8ApgmIeE39tqbs24PafVr4CvfgiNzucXGZaFpionomLruwyhvEzeWkRvaTI-JWXENCHXximn0_aoWNAArO9JBR5gX0puGd9ky0nUj1cmVhaCJOdKawtJcFLHUJ4XQwmp_veaBHLZc07mOhDybNTQvzstP_lcJBYPtlVemEBF69KC8vfAjwoLXM1lJNYdWCmhrSIhRrm10I1ebtvA9tfQoBuxJLC3Zy2x6-E_AQQ8Mt_UtIEXPn1jquamTh_udz49NRGmS0nLCeB8ychsCSxWkQhHE5vEMEkWpYCS3ea2RDm84JFXkfHJymTjNilTSgnIw6aw2xg8xeqQdbtjbkLkJ7-q28sSbBDSLySPX9T6QJyzra9f8rgg45eM29jnLgot-9gtev2q4_Fa8ks8BrF6du21GTykmIwjlsCjwP9dDu4jymyc8Rg8WbPoXEbIJlz0c_UQJcoLZnvJ4DlmNdA9fGBr7_IUANiUaBPWTU5fhpokkoqzEE3Phr9xqtV2vWS8sdZ7iskaFxeAxwFMcsUJBvaL5Zihtf-mENxZL9LNg9FVq9f0xkpjLEoE0-ngj0E04mhgxidRKSJCS2YPX2tzuTV0jRKZEmBzg-x_UHVD9geLe1sjRj9zy6c6K7dE29GqNPHiMmkXEd81LLI79nu6A-coTblIe8NGP44rJpZMK1tc-FN6dMHmzfI2srk5uKHr6XGDXpWG5cMs6sL_w4ZNSWykDP-z2JjyVtFY4hox17Csz773uhgTNC366dDaEnW6cITjug56FnloUThcWy-0G_ODn6cK3UldKbfGaTKZWDGONGlf3KgkCGPO1jnzDhLKjnHXQCHtLHo3ONDcCqyLu7JMyVgpsIIa1CEAKpOcVgmVZqf_1vBHMjNzDM6grR5jLGeUPEq7DAOosFcBH-DHcHCbMzA2-L0KFh0RkAgoHr07i_BxhcxbxZPwzmWQJGIpNdXk5w2f08DvLlIY6neZe7OdlRtuBjlW_9VcYgb5qdMB76OU28Y8Lm7anaPVelLWa8RTO0PW39Omkv6hEcYj9Bf0Im6xuBgb_IjoOF_NuKyULNR3As6T0eRlNmX09UIWQTcf4yEfZKS2qLzEkIh2HxcJ-KYpMio-glyKe2DSsaUEfTNrY7vrgDi1zjQ-PSq6oFtH-su9sx-aIkN0pykJnsRSuoVeM9asYyDdFReMHsK8Qx-VqWH8aBzT-D6FmYK5lo7IY-cFlnbUsY6_96qmLIyPLlptxLEmAAJCwEblwA865t_S1KrB_UQf13gQUNHqvCl7k6ykRcFvmzu4-0R4Mim_7xSBu4-dFit_LB_D0Ve9KJAm62mjAiKn5RMXJgXhlWrQUaAyZUyR5KbWMAzWWqcE426VZM_GiY7uh7ZB_igcJFeDXjfDmvlh_sgJEGPOS6wpAXpHnS6flKa7hCmwGL4bkUDRqS1OQTCxpnmSqpmVT3pmbHjtFYiqq3PE5Bk5hb2EUakL4SSwFA3JKxw41Lcjwnq9nTviya0rKngfGVi6t7QxFNujBp83hIenxhv1bNEu1v5ZrQoes6-5lBM6VQnOvW2k7VwS4OIi6o7zbQFX7g1bpax3hemvpuMhWnKFlpyTSVu5NmsBPgOCg4drUeV6rU3cWwBwgtxpwudRtDCeVlfzm1gE4AwLOwb26vgTNSMQAc8owdgMKlHM0851E73G16AaOL74XXt61gcqE92b_wetsvP1gISuu-slrEAtHjfcOWCZYg4tKB2TvNGeGPh9IISCtdZZzGRkjaRqA3LwTrkYQy9sYaMSRkxtxsavdONhV6ZZctzTtGV0sFePCJFl4FHw6U3HXGo4u5npVloiD7nNWo6s8bCaphCIJff-yNibpy_sqe-ELlOoarKiSF53Q2FzTSihsQ4-qQoZByY71D6xGl8tunoZwtsxrOWYsFpGD_xlKAelFCPk4WdNfibn_iAH0qs5ixArS1Oh9Mc5yKsi7AA-w__QI9bjXND73SrjUEzZCGRww2srYwk84bFsEPTvEzku79oRy9smB6-SdsuOLq2gkCi3_3xyY3UveKVOi5qFQJmW3wvnikPWvwbwrBM8Nhy4b1VpPvkkFfHxfZLYYizv2Apj9ufjR8cgDXlnHPWoMqnul2XN_xQg-J_tay0jrMEYyiT8tnjUv46DyBU6zlX4htQM_JSibWbcEweGHYCNcDnff78Q39vmQwg886ZVqf-z-KVHEKrgZVrSQIfJsw5LsMU4FtKuS2rnul6iG773tfHAyF1PQrLIm2epgnQAPdbXpC5WSDQsNIbHUZF5uHkqIteFrfw3mkqbaXkuzxqADpMP1HcH908YLTBIWZEN9sHMgB9MZoF_Vc2LZoiH1xZKHZzOuCjr4-Ki9B7Te5i7Pn7AYF-lqB_WVKodqW2MGwiM8nEmNqnVKm0_LYrvt1c6KvzZHJYLbw-8aO-wk6QBzIeZLJ7ep0Pc1ohg5yLPqnzsJRoNexcmXyYu_zCVfQpXmpbUhl3pJWjEvPd2RqaCp0O97-h-9mY8lgdDZBcoT-FrSsdV2FzcNyjg4qKw4XQONgEAJb8_M_m9qmZMAEqfNvznK9tWUDp6HaqBIAII-k0DCobVtakGikx8mA6v0M9uUrSqN6HF1ZhgWxSfUn7D4Wm8b-e585PXUNPZ5TRFOHIs0SIHzgD1zZTopin4vHC02lQRvamaJ0fPbgfEsZsGg18Sled3WQbzGleQZ6kya381X637bp6HYYcKSqHosWD6gZmHvkI0Ev6dChC5_l78s9_RibnnY3SIqbsedhb29cxngD7vkdvCcyy2Q1aCWNyt3IqG7v8p7VYFqz0_LlCfrHg3AILHloemkdhQbfBc4joZmytnG2xMc2_mJXfJNY00-uvQ1n3rgi6lkVBgCtpzZBwUcWA3YPHjjX-yGwbTn2GvbC47JIXJdifEcjFwMLhBy6tOjRisrDuxZEsRMv2uaDMsvusfyKVS5mrdU8C8Nm5ebKlNV7ZFQytmX32KchxEMbo4bZmU0QlrrWPP2WUpQUEuhHAhmXjawUbzngvkKZti4Zi0qWHxIDRdU7ICobJ0JyXn4yCP_NYx-KXjFM4BUFhpIa7OXj5mK44zF4wZqNeMwaKkwbI56QPRa9LKkEmz2xbUgCU3JTNqqNtXHeBCY_Tzyl6v3DC8RWgK527CEcDvKFSnu_14EurJvMfjiaC0e_EMicLRvNvPxm9nnql8iPawefMrHm5eNb8XxKdaFM57ACiqFeBlTPlrC7XawVQomRsVrX9gA0kMNxGg7OzuNP4fipIaeKxYeHDWnEb85vLcs3NiQeAVEwjz-XCM3HZ7iNrsovEV0035sTcHOf3SzdIPHYT02wmkQyWF-QGWGj3pNaiYkk4oaQQgEEjsAcoEIg6lCQNRkG0TexMsucctSixIMiNRXdCy49SU-wOhBAIWSTa2SStBqOvYK9W32ES9CxpEV_deeNBgBYAE&cry=1&bundleId=&ias_dspID=3&ias_campId=25458251&ias_pubId=pub-7983651257838282&ias_chanId=1&ias_placementId=18513634021&bidurl=https://ye-mek.net/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iAjcyzvlIWtUhMS89eTIKW&adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:5484cf98-b562-595a-3428-0f1be2d6b4b6,c:fEcvyz,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-6c5d9cf586-p2xxx,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:4,mot:0,app:0,maw:0,fm:tHi2Yxx+111%7C112%7C113%7C114%7C115%7C1161%7C117%7C118%7C1191%7C1192%7C11a1%7C11a2%7C11b*.1352960-70224255%7C11b1%7C11c1%7C11d1%7C11e,idMap:11b*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,tt:rjss,et:29,oid:e5f8bd91-0bc9-11ee-b72f-5aebb75fcf3e,v:19.8.417,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16402
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:40:25 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/ Frame 27F0 29 KB
11 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230614/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 17:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16402
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11316
x-xss-protection: 0
server: cafe
etag: 309758756414748794
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jun 2023 17:40:25 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame EADA 0
0 44ms
44ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230614&jk=456909807881205&bg=!mJulm8_NAAaGYqkwpmI7ADkAdvg8Wj_EGdIXIr28AKwwLNm5jj90TyaZ8D_3P44oTWYMuJbArF88N1JrayscSYPPjVAyYMIBiDgCAAAA81IAAAACaAEHCgBsdozwz1rlGtk7NqLmkLB-5dRDHJoqmX15zPwMIUtdJM0UL-p5TMp12eja_I0X02KKcG4oV0_ziwXH5U85vVjzggwBSAfbTAm3aggblBtKY7c4uiH0-Q5JTzN_lHBnVVXKTHIorplbeTfaia4dmQLiy3EISnyeJ3PF_UNtXdUDkvCqL6Zaejd8PcuJMYpP1NU9kAPZEUS_BkBIIT06ScbuyX_8KlAgpFdadJSRWrGVQR483_JsmhlQEVt3xhLF_UgqrGzhP7fCdV942tP7zHTgqQuWj7budGvJOdNsm05Q40Ww4ksbyfcY4-hTQTkReoXPpRZRwekivFQ4UTG5rywTeL6J16HRLBEQqH68yWCM_LVcqwoI9vo2rrnnkv4gNc0dngiXI2005dHUR_Rm-qleQ_f37cTd3UhOng-yyZhm6lZy1TmN153n1MWiP0uPnYPhU97VUoZr3xsTWyNIjn0lnRoeskqxY-EAe5v4tt_D7UqNGlZJRsSOsU93LIyENaN48tqAPNO84U71X0hExED4a1wk05lxartmzdss1CScZ4rJK15mE5XVn3w0cZa77MQVkMfeP0lS2mi2pKCQLhHFFFVYv8Pr7rgd3ikUFgErXfQZuAosrP5bBFEezQHUqYvrodFXgVjXE2lLNbr52RXZ7bdfI5YsAEpikarx-Lc6D37tx4GbwHJkkyNoL_zXmaKvtyBdF3oKBN8T-o4GtqHTooCh_iYbNZ56GkyV2BrT4PExLBw517lIKdICLJPmFFwc8H7Id_TyWB3nCvoLQINw0SrHSGuB5UEvwewzSgNCWnP69-6xBmvxXe1ebTtawfW5oIDtvRtABeKkq6B3FoHQGabWIaPehqlOGoL63ad1F6emf-9rSdo22Qm70abCCgA1HpRCRTDubMEojURn3FXx0yAjkjxN_dOgXc4CSq9qMQc1ulOlAIjuzyBlmvji6XtvTGX6epqVXDniuHyl0Iuy9vMK3CALZGSWCl3KLS_p5saZCAkXRUUQsFiup7TzYjeTKsT2-lr-RQZ-NHdiHmYrJeIlC9PZELeCdbcnzgkhFNIMxf1T8uBSPc82XfRpELYuEqpedyIQ2bAHdUlif77InTzz1fPSFb5gDhfZJ6TjZ4x0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame A8D2 1 KB
643 B 7ms
7ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 32077
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 13:19:10 GMT
etag: 48472445140208031
expires: Fri, 16 Jun 2023 13:19:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 5122 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6fe13a97a9b58b37605361f70c852004de3752dae2e8e91604ea09b4f4cfcece

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E417 1 KB
643 B 7ms
7ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 32077
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 13:19:10 GMT
etag: 48472445140208031
expires: Fri, 16 Jun 2023 13:19:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 27F0 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 859d6de6ed6d798b3c50d77366f5062a954487299973c419662647573a7d21f2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 _gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js Show response
pagead2.googlesyndication.com/bg/ Frame E20C 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/_gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe02c6f5a37c72317bbd729b31e3b19ad08e8ccf0f22c2553f3417353d9d63b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 08:34:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49178
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14773
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 14 Jun 2024 08:34:09 GMT

GET
H3 200 _gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js Show response
pagead2.googlesyndication.com/bg/ Frame 5D15 37 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/_gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe02c6f5a37c72317bbd729b31e3b19ad08e8ccf0f22c2553f3417353d9d63b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 08:34:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49178
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14773
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 14 Jun 2024 08:34:09 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame D62E 0
0 46ms
46ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvfSn38-FsYw3Tvk9gYBlku5DFCu-nP6laguyi72gJEXmQFooJttPnMY0W2opD0GnGwF-k1lQ_CtNXINb8OSdqJTVF6tUYKt9QlXmv-SG4Ex7wj4Cj1_swgIIruaexc3ZXKVy7O_vIL_9D9j5GVFlpOvV9tfedG-5ZLfdmT-lWaP6E4Y-Xy30fgZjMUie11aYnnV00jbo3id5W2OypjQQBMPEUAHrsU0VQo0j6lUWK0uzsgR23FpQ5ENODc0sG-TaBSWL8EnTPoQ6240f8zxPruXjR-R-v-n4r11SN9WY9MLItvVglGK_oVF82yc57PN6H254IVnsLv-osE52fhxzI5pMxqBdEZsg6p4qGP1ZEGB_Tx2pLOcjrv0nihMFYv1uW0Uf3la1jmjn0ht6rBbpTE8WQB0NaPkA2I5i_qLo3v4vNkyES0uHOSmvJcbjsrWNRgVRx1-VxJrez-KUTQwVpZa2eVrhmv-qzN3lLie-cD8X25lXyWKyIG5DWK2bn5jW_u_LD6JzOljpc9bE5qRZn9C2VcAv_tTZuumETawvkLj_QIvpzMWDkHJQkur06apdThTGSil3CmJWZg2fbKS9MTqPB4VtFWuZ-49qWcWcsJtGs8_3fhv_RZGGSsTUodFp4bjVJXHgGBbBjTZQbLyHRUDgmQUF7rP-Zii55k3d1h--0bwMFq9M4fYYGhX9BkGFWGRODl7f2_2p3JnBScYGCa4RvE7mdstPXrVIgXvuPX0Gc1JmBDD7A-5KjtZBrHTo3wP-qC-wMfcloexxAVIHQCV9pUmVMFF-cZu-tuP-e5aDOEDZqhEgOaBVmSEf2ZcqIyhZr2FAMog-3QqYxlf7KQIuWM2ovF92LiLgiBhEiSk8ersFx7EpSqdBz8H7jysf6dfght_0Y73jtammKBgx0ToTi3la7OoWt1pPUciTjkkDv551Mq722yGJN4G49cVMOysgEN7fLXtrTUo0GaWZKn7uAZzVEfFbt0ZLgzuEJLPczHjg3P8wpBjd17FlnCxFVpQyjIlmA52tMJjLLmpWSqSzEbCYjecLqpSNZO-R20Htvqo4K021CEiDptGnnZC-A56itS0Pt2pJ9ejiWv9_TJJBGE6HPVLGvVLr2sUETd0Oxa3vctLa5ghxqJDji1WHt1ul9JBulW2CnIgXeLtrcD-kmf7wqcT3HZZQFCe2Y-vxlLFG7cWlg3z5Gp0OZE8GS67s2vNF7ckFWOUWe7w_8quR9smcyI1tMUe6U9zRUR4v6W3zxp0FVMlYlBcY9jRxUadFau5M_ZkNtCy2VlZq7BQBhvce9Ug-nIbQE&sai=AMfl-YS22puOxmFxoVZRViIrQLAfKR-Z44C6PDCgg6UR-sycAIXfMa2WJKudC020TKIozMLFNeEh4RGYTpXYKbeKKRYyBelVFWfeCs13mERosxTzVqdDjUZjsrlTvTEObgVIllgPMlPADv4nKRVymCkZcsX6qPvWpkGzQzg_XjjmVFEH_eyzLd_rjF615YS6qXZM3_e3j3m60QVBU44sxnnnQJlaLy5hYFw5oOlbfz8F6guU2OFuLNQZand4faN6BYvp96WY&sig=Cg0ArKJSzNBdU25jkirtEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=566&vt=11&dtpt=253&dett=3&cstd=304&cisv=r20230614.23485&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 15 Jun 2023 22:13:47 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/15415463092317913147/ Frame 5FA5 1 KB
767 B 16ms
16ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=6Lpq0vB1bw&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

51c012cf2461bf8b29f345373366183c7fd121579b6178e942be0b61d8c7da14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 739
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 22:13:47 GMT
expires: Fri, 14 Jun 2024 22:13:47 GMT
last-modified: Thu, 27 Apr 2023 13:50:29 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5122 0
0 46ms
46ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvkqhPCy4eMNtvsRXOsYMJg5JKbLJH9xH_BME8o4NOtrevCAAgwRYt-TNg4G0Uc7_mz0K5PFKdsIVrdURZbbUlyoNT5En-pguJs9gJTTk9YlcszAUOd6SIT5P50kCqD1hKdXbsjDDtpuYVkB2ZXNKvWWVJv5wJS3QNjhg&sai=AMfl-YTvgZwLrjCED7fPZ90nLaBp17SmgeXfq8a8xhJxAtbT9bt7vkogSCXbC_VvHdFK1M6qn82nJ3755m4_v1-H8OBlZm7mHhWLHTLwK0d5dwYeyRe15SN6kUF3VOkiVA&sig=Cg0ArKJSzOmZci94P8-REAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=164&cbvp=1&cstd=158&cisv=r20230614.33167&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 15 Jun 2023 22:13:47 GMT

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame 5122 43 B
1 KB 92ms
22ms Image
image/gif 85.14.248.91
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lh-mindshare&extProvApi=lh_de&extLi=26915561&extCr=180481255&extPm=361577754&gdpr_consent=&gdpr=

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

85.14.248.91 Mülheim, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Thu, 15 Jun 2023 22:13:46 GMT
X-Content-Type-Options: nosniff
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Do, 15 Jun 2023 10:13:47 GMT
X-ET-Code: 0
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1119
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/12943809228921786815/ Frame 58E2 1 KB
767 B 17ms
16ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=tAvOnLZTdC&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68b34a28617137221b76b93546359bf577aea1d6b3aadbd65b40e8bbdae7dd0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 739
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 15 Jun 2023 22:13:47 GMT
expires: Fri, 14 Jun 2024 22:13:47 GMT
last-modified: Thu, 27 Apr 2023 13:46:02 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 27F0 0
0 45ms
45ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvoc66FgwLZ8ccXSPUnR9NMbLZzn1VTpgeOsZNk8tcGyQmlui3lMHIlQuLjQAItHCcK9jY3gV-g2RB30vUG5PZq2ik4yj4fBFW0t5ExBq0xexIfXFGXRvVeWGUQ-p5iWxXBNB6w-CCEgST3yazwgfqeYSx60jRqMG4iPw&sai=AMfl-YRLBpUaQYyONic-jTtTAJsU2bzYydrbWd1zwZU6ZhNAlchE-hprwzvtkgsnuRXoLC47ggYweEswDmjITuXivtwuDwZcGbP9L7WCJLQ-pZt0_mV_9OW65sRI3h2h6A&sig=Cg0ArKJSzDxA4wTLRC7_EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=175&cbvp=1&cstd=169&cisv=r20230614.04918&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 15 Jun 2023 22:13:47 GMT

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame 27F0 43 B
1 KB 73ms
22ms Image
image/gif 85.14.248.91
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lh-mindshare&extProvApi=lh_de&extLi=26915561&extCr=180662177&extPm=361577763&gdpr_consent=&gdpr=

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

85.14.248.91 Mülheim, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Thu, 15 Jun 2023 22:13:46 GMT
X-Content-Type-Options: nosniff
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Do, 15 Jun 2023 10:13:47 GMT
X-ET-Code: 0
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1119
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 _gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js Show response
pagead2.googlesyndication.com/bg/ Frame 72CE 37 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/_gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe02c6f5a37c72317bbd729b31e3b19ad08e8ccf0f22c2553f3417353d9d63b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 08:34:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49178
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14773
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 14 Jun 2024 08:34:09 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A8D2
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=Wkl1Tkd3QUgwQXNnTkFBRA==&google_gid=CAESENkYv6nuR2GW0h588uyOU5I&google_cver=1&google_push=ATf1kGPOEN44s30bfcK993lNiEtFGOLbVO...

170 B
188 B

20ms
20ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=Wkl1Tkd3QUgwQXNnTkFBRA==&google_gid=CAESENkYv6nuR2GW0h588uyOU5I&google_cver=1&google_push=ATf1kGPOEN44s30bfcK993lNiEtFGOLbVO2tbwWhTjfZp6A5Ld9Rw9e_lUAUDFDjq2G-20Kn1K3QQlTnCOta1cj99RZ_iEveHmg

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230027-FRA
pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1686867228.645239,VS0,VE0
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=Wkl1Tkd3QUgwQXNnTkFBRA==&google_gid=CAESENkYv6nuR2GW0h588uyOU5I&google_cver=1&google_push=ATf1kGPOEN44s30bfcK993lNiEtFGOLbVO2tbwWhTjfZp6A5Ld9Rw9e_lUAUDFDjq2G-20Kn1K3QQlTnCOta1cj99RZ_iEveHmg
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A8D2
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEFgir9IVCEDkzNNEGXYxJqI&google_cver=1&google_push=ATf1kGMXYWNCjFVYrIAJMRqxManp6Te9W3_j1yAfBHNSze144G4GEg2bitPuiGOr7CJXvJvbjmUEESiMSfA...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGMXYWNCjFVYrIAJMRqxManp6Te9W3_j1yAfBHNSze144G4GEg2bitPuiGOr7CJXvJvbjmUEESiMSfAYIasGCNL-lYMvdQ&google_hm=Md20Luu9TXKkuYW2kti6MvQ

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGMXYWNCjFVYrIAJMRqxManp6Te9W3_j1yAfBHNSze144G4GEg2bitPuiGOr7CJXvJvbjmUEESiMSfAYIasGCNL-lYMvdQ&google_hm=Md20Luu9TXKkuYW2kti6MvQ

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGMXYWNCjFVYrIAJMRqxManp6Te9W3_j1yAfBHNSze144G4GEg2bitPuiGOr7CJXvJvbjmUEESiMSfAYIasGCNL-lYMvdQ&google_hm=Md20Luu9TXKkuYW2kti6MvQ
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A8D2
Redirect Chain

https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEDS69tv8bhtwajLRsoVwITU&google_cver=1&google_push=ATf1kGO-M4KnppP6mtY_NhUVxnqE-g2lExtNjl9syfMMx6CgbaECnRMofdNRT7YMeW9O12BPFh18vN75-ylAh8...
https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=ATf1kGO-M4KnppP6mtY_NhUVxnqE-g2lExtNjl9syfMMx6CgbaECnRMofdNRT7YMeW9O12BPFh18vN75-ylAh8fevk5zLFtgQQo&google_hm=hmSLjRvUK4gI7If0kQ...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=ATf1kGO-M4KnppP6mtY_NhUVxnqE-g2lExtNjl9syfMMx6CgbaECnRMofdNRT7YMeW9O12BPFh18vN75-ylAh8fevk5zLFtgQQo&google_hm=hmSLjRvUK4gI7If0kQ&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D648B8D1BD42B8808EC87F491BLIS

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=ATf1kGO-M4KnppP6mtY_NhUVxnqE-g2lExtNjl9syfMMx6CgbaECnRMofdNRT7YMeW9O12BPFh18vN75-ylAh8fevk5zLFtgQQo&google_hm=hmSLjRvUK4gI7If0kQ&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D648B8D1BD42B8808EC87F491BLIS
date: Thu, 15 Jun 2023 22:13:47 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A8D2
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEFsDS6nkexvzebJZdQFJaAw&google_cver=1&google_push=ATf1kGPedN7BrPPGiZBtqixJ4idaBhXS0ZE-BMqDy3OUsC07LL_r5ODRY9weu3xDolhid5bDRDwJPWSByARYGa...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0NTAzOTU3MjY3NTUyNDc1OA%3D%3D&google_push=ATf1kGPedN7BrPPGiZBtqixJ4idaBhXS0ZE-BMqDy3OUsC07LL_r5ODRY9weu3xDolhid5bDRDwJPWSByARYGahdlj...

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0NTAzOTU3MjY3NTUyNDc1OA%3D%3D&google_push=ATf1kGPedN7BrPPGiZBtqixJ4idaBhXS0ZE-BMqDy3OUsC07LL_r5ODRY9weu3xDolhid5bDRDwJPWSByARYGahdljuN2SOxeQ

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0NTAzOTU3MjY3NTUyNDc1OA%3D%3D&google_push=ATf1kGPedN7BrPPGiZBtqixJ4idaBhXS0ZE-BMqDy3OUsC07LL_r5ODRY9weu3xDolhid5bDRDwJPWSByARYGahdljuN2SOxeQ
Date: Thu, 15 Jun 2023 22:13:47 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2 200 dds
rtb.openx.net/sync/ Frame A8D2 43 B
103 B 18ms
16ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEGe3dJob7jsgLzutYUsbGrg&google_cver=1&google_push=ATf1kGMPkt6fpygWce_4tQs9ebzspWOmzkuIy4uSobJIaByjj30Q2kw0yNW-R7qHAHLA2yobWp6bITvFl6itml7CvQP0974_wuo
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A8D2
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEMmL7VfDg_dAExPdzEV3mYA&google_cver=1&google_push=ATf1kGMKV5zy6lD2tAIY9vIOPwqXoP13tvAQ4P-9W_0iPicVwn66brld1stKffeyCQ0DSjxSlF016IrvGhZbTZ0FO...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGMKV5zy6lD2tAIY9vIOPwqXoP13tvAQ4P-9W_0iPicVwn66brld1stKffeyCQ0DSjxSlF016IrvGhZbTZ0FOqe_KP64Xpo&google_hm=G0nVsGZH6hYwA1PSQPm-Dvgw

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGMKV5zy6lD2tAIY9vIOPwqXoP13tvAQ4P-9W_0iPicVwn66brld1stKffeyCQ0DSjxSlF016IrvGhZbTZ0FOqe_KP64Xpo&google_hm=G0nVsGZH6hYwA1PSQPm-Dvgw

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 15 Jun 2023 22:13:47 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGMKV5zy6lD2tAIY9vIOPwqXoP13tvAQ4P-9W_0iPicVwn66brld1stKffeyCQ0DSjxSlF016IrvGhZbTZ0FOqe_KP64Xpo&google_hm=G0nVsGZH6hYwA1PSQPm-Dvgw
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A8D2
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEGi8glbwvSkihEQBZCKikAo&google_cver=1&google_push=ATf1kGODa2oCP4uy27cv27DyYkzbr5TPbuFFtVKu2x2G_WdLNkfog_bAGYntlr_T4bvOaI9wEW...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1VUTNpb2g1RTJ1R1RaRVpWOG8ua0tSbTJ3OGVELlJXc35B&google_push=ATf1kGODa2oCP4uy27cv27DyYkzbr5TPbuFFtVKu2x2G_WdLNkfog_bAG...

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1VUTNpb2g1RTJ1R1RaRVpWOG8ua0tSbTJ3OGVELlJXc35B&google_push=ATf1kGODa2oCP4uy27cv27DyYkzbr5TPbuFFtVKu2x2G_WdLNkfog_bAGYntlr_T4bvOaI9wEWq_pkOA-xHs8Z0Ziw95AdgYJd8v

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1VUTNpb2g1RTJ1R1RaRVpWOG8ua0tSbTJ3OGVELlJXc35B&google_push=ATf1kGODa2oCP4uy27cv27DyYkzbr5TPbuFFtVKu2x2G_WdLNkfog_bAGYntlr_T4bvOaI9wEWq_pkOA-xHs8Z0Ziw95AdgYJd8v
date: Thu, 15 Jun 2023 22:13:47 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame A8D2 0
12 B 17ms
15ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Ig7ra4T5Ryxq9Jpt35SQQtUn6cIUGoS3WJWesZliCBkPmqBBD4VJw7z28K8WQmgTnKy8oHzg

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame E417
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEKmxJ4fv5xzjDf1pJFyo868&google_cver=1&google_push=ATf1kGO-pRFa_rr4USSVducWy_vYtboZmkuC7Jb9bJdW23lyB_92vgNvaJPZCmF-uqEh2RLcVEy4n78IWS2UFCGm5r7WFZIwHv0
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzYxMDAyODg3NTM3NjI1NTk4MQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEA1UPJZLNed9BN29Ll56vKc&google_cver=1

43 B
398 B

14ms
14ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEA1UPJZLNed9BN29Ll56vKc&google_cver=1
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 15 Jun 2023 22:13:46 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEA1UPJZLNed9BN29Ll56vKc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E417
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESECic0H4X-_thqLh8SDFTf5s&google_cver=1&google_push=ATf1kGPe1ZAYMuLrCC77D-Im44wFxNIxN_FPWXHxX_MXTM09jrqp8IKYueF1dAb0oNz3o2jg_ZYqiw_TDNZDi03XNo5jOOhYDqE
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=539A861253744BCD899BC955B7C801FC&google_push=ATf1kGPe1ZAYMuLrCC77D-Im44wFxNIxN_FPWXHxX_MXTM09jrqp8IKYueF1dAb0oNz3o2jg_ZYqiw_TDNZDi03...

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=539A861253744BCD899BC955B7C801FC&google_push=ATf1kGPe1ZAYMuLrCC77D-Im44wFxNIxN_FPWXHxX_MXTM09jrqp8IKYueF1dAb0oNz3o2jg_ZYqiw_TDNZDi03XNo5jOOhYDqE

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 15 Jun 2023 22:13:47 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=539A861253744BCD899BC955B7C801FC&google_push=ATf1kGPe1ZAYMuLrCC77D-Im44wFxNIxN_FPWXHxX_MXTM09jrqp8IKYueF1dAb0oNz3o2jg_ZYqiw_TDNZDi03XNo5jOOhYDqE
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 14 Jun 2023 22:13:47 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E417
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEDNOsJPTv-zF9rMM9U5Z2YI&google_cver=1&google_push=ATf1kGPN05ogWIDuu6NGXXujUlJ-XCEV2NT6R19WpGvpJzqGM5v3z2wZ5zdLwgZwySTGPxmtNeTuK5oRy_TZeU5y...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=WDOn1tF-Tr2-kKb6dPzUbA2&google_push=ATf1kGPN05ogWIDuu6NGXXujUlJ-XCEV2NT6R19WpGvpJzqGM5v3z2wZ5zdLwgZwySTGPxmtNeTuK5oRy_TZeU5yWlIwE0hXwgM

170 B
188 B

19ms
19ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=WDOn1tF-Tr2-kKb6dPzUbA2&google_push=ATf1kGPN05ogWIDuu6NGXXujUlJ-XCEV2NT6R19WpGvpJzqGM5v3z2wZ5zdLwgZwySTGPxmtNeTuK5oRy_TZeU5yWlIwE0hXwgM

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 15 Jun 2023 22:13:47 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=WDOn1tF-Tr2-kKb6dPzUbA2&google_push=ATf1kGPN05ogWIDuu6NGXXujUlJ-XCEV2NT6R19WpGvpJzqGM5v3z2wZ5zdLwgZwySTGPxmtNeTuK5oRy_TZeU5yWlIwE0hXwgM
x-host: tde-deliveryengine-production-768c8bf7ff-n6fcc
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E417
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENsTVV0-cmu1-h9YRqcPQjw&google_cver=1&google_push=ATf1kGM7X0ty0LYxxFpyBEkeqYQ7MVjKMD0bQxyDH-juLkxKhSPjR937iTLeb_-ozIoA_OsvtRaUOCKO1sJSs4eF3...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGM7X0ty0LYxxFpyBEkeqYQ7MVjKMD0bQxyDH-juLkxKhSPjR937iTLeb_-ozIoA_OsvtRaUOCKO1sJSs4eF3aeNTY1fNvI&google_hm=G0nVsGZH6hYwA1PSQPm-Dvgw

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGM7X0ty0LYxxFpyBEkeqYQ7MVjKMD0bQxyDH-juLkxKhSPjR937iTLeb_-ozIoA_OsvtRaUOCKO1sJSs4eF3aeNTY1fNvI&google_hm=G0nVsGZH6hYwA1PSQPm-Dvgw

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 15 Jun 2023 22:13:47 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGM7X0ty0LYxxFpyBEkeqYQ7MVjKMD0bQxyDH-juLkxKhSPjR937iTLeb_-ozIoA_OsvtRaUOCKO1sJSs4eF3aeNTY1fNvI&google_hm=G0nVsGZH6hYwA1PSQPm-Dvgw
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E417
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEHyYVfXkvZP5nYSpcQCYNIU&google_cver=1&google_push=ATf1kGO9pgPhwPXu5yCNeIPrtRDNNyC3ctKzFXklBRigV6UuTiZCppqMRudr2yOuxrZ7u0JzClC2CFfI3maD...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGO9pgPhwPXu5yCNeIPrtRDNNyC3ctKzFXklBRigV6UuTiZCppqMRudr2yOuxrZ7u0JzClC2CFfI3maDWhko7LHtyChmsQ

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGO9pgPhwPXu5yCNeIPrtRDNNyC3ctKzFXklBRigV6UuTiZCppqMRudr2yOuxrZ7u0JzClC2CFfI3maDWhko7LHtyChmsQ

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGO9pgPhwPXu5yCNeIPrtRDNNyC3ctKzFXklBRigV6UuTiZCppqMRudr2yOuxrZ7u0JzClC2CFfI3maDWhko7LHtyChmsQ
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E417
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEHXHkpqDM2bYPbFPQOMr2_8&google_cver=1&google_push=ATf1kGOUGgEFR6jqHb0RaP8DWVYY-ACjE83eKNCQVGJGfpuFcrgbJaeY-uWzXiwzotAOoXBFBpWdoecQ7qiCbUff8ZdFhwTrrMs
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTIxMTE0MjM2NjY0NzkyMzI3NDA2OQ%3D%3D&google_push=ATf1kGOUGgEFR6jqHb0RaP8DWVYY-ACjE83eKNCQVGJGfpuFcrgbJaeY...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTIxMTE0MjM2NjY0NzkyMzI3NDA2OQ%3D%3D&google_push=ATf1kGOUGgEFR6jqHb0RaP8DWVYY-ACjE83eKNCQVGJGfpuFcrgbJaeY-uWzXiwzotAOoXBFBpWdoecQ7qiCbUff8ZdFhwTrrMs

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTIxMTE0MjM2NjY0NzkyMzI3NDA2OQ%3D%3D&google_push=ATf1kGOUGgEFR6jqHb0RaP8DWVYY-ACjE83eKNCQVGJGfpuFcrgbJaeY-uWzXiwzotAOoXBFBpWdoecQ7qiCbUff8ZdFhwTrrMs
date: Thu, 15 Jun 2023 22:13:47 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame E417 0
45 B 268ms
21ms Image
text/plain 185.86.139.103
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEIEh47vtxa5ugRjTGbtA27Y&google_cver=1&google_push=ATf1kGNh3jI0BE5nTbFIjto3szOz04t2RqcXDsSADHUeAmZVPOCC2x5xn9dS5RY-QvHI50Q47xdrlGygqYKw6qnEc9D93OspDQ
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.103 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:47 GMT
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E417 0
12 B 16ms
15ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J0h5kNAZJELZozkYQiu9Ws8RH5oVLRH9VCxF8k6Ep62ZXlWGT6MqBl5wjZAKboK7HhD8kS

Requested by

Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:47 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2FB4 7 KB
6 KB 51ms
51ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d2db2d1db7d55fbe2938a156d74dcf4119263c8ac936549ea4fc1c838d0aba2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:47 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5616
x-xss-protection: 0

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 5FA5 113 KB
38 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=6Lpq0vB1bw&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=6Lpq0vB1bw&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Jun 2023 22:13:47 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 5FA5 118 KB
40 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=6Lpq0vB1bw&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=6Lpq0vB1bw&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 07:18:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53701
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 16 Jun 2023 07:18:46 GMT

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 58E2 113 KB
38 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=tAvOnLZTdC&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=tAvOnLZTdC&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Jun 2023 22:13:47 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 58E2 118 KB
40 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=tAvOnLZTdC&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=tAvOnLZTdC&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 07:18:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53701
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 16 Jun 2023 07:18:46 GMT

GET
H3 200 logo.png
s0.2mdn.net/sadbundle/13151972954896785613/ Frame 2FB4 7 KB
7 KB 8ms
7ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13151972954896785613/logo.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c6573c2cf885d137cce0a8373a7a6e292972b597b9b08ae74ba0f1382cbd59c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13151972954896785613/index.html?e=69&leftOffset=0&topOffset=0&c=w7uNkWV6ZV&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 13:44:51 GMT
x-content-type-options: nosniff
age: 462536
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7642
x-xss-protection: 0
last-modified: Wed, 22 Jun 2022 11:30:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 09 Jun 2024 13:44:51 GMT

GET
H3 200 60028053_20220311244041062_202103_es_jemen_1_bg1_728x90.jpg
s0.2mdn.net/ads/richmedia/studio/60028053/ Frame 2FB4 19 KB
19 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60028053/60028053_20220311244041062_202103_es_jemen_1_bg1_728x90.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f81deecfe24c78cbc7d34f6c4def4d4dd615c37fc575dcbaff96406c9ff05a2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13151972954896785613/index.html?e=69&leftOffset=0&topOffset=0&c=w7uNkWV6ZV&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 19:03:52 GMT
x-content-type-options: nosniff
age: 11395
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19194
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 08:40:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 16 Jun 2023 19:03:52 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2FB4 17 KB
6 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 15 Jun 2023 22:13:47 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 27F0 43 B
215 B 109ms
109ms Image
image/gif 2600:1f18:1aca:4281:ab69:b866:4b22:2f96
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=5484cf98-b562-595a-3428-0f1be2d6b4b6&tv=%7Bc:fEcvIQ,pingTime:-10,time:665,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE0LjAuNTczNS4xMzMgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1686867227800%7C%7Cb91a989c169819f978cecd6415b8d2e7%7C%7C8623b242deb4313525321dba17b62725%7C%7Ce713c8253fdfce2f0a6edb13294ad356%7C%7Cd1e2d5867dd1a03c76d84748541d2a99%7C%7C93eaf5a004dfff4fd85ef148b85fa6a5%7C%7Cb28f096eeaf18e65f3cf76d94cd0face%7C%7C2ed01f39050de6831ef1edf5447e29ad%7C%7C1663701684,im:%7Bpci:%7Btdr:554%7D%7D%7D
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:ab69:b866:4b22:2f96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: nginx
x-server-name: dt14.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 27F0 43 B
215 B 101ms
101ms Image
image/gif 2600:1f18:1aca:4281:ab69:b866:4b22:2f96
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=5484cf98-b562-595a-3428-0f1be2d6b4b6&tv=%7Bc:fEcvIU,pingTime:0,time:669,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:28%7D,%7Bpiv:100,vs:i,r:,t:669%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:669,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:28,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B662~0%5D,as:%5B661~160.600%5D%7D%7D,%7Bsl:i,t:669,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B0~100%5D,as:%5B0~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:428,fm:tHi2Yxx+111%7C112%7C113%7C114%7C115%7C1161%7C117%7C118%7C1191%7C1192%7C11a.1352960-70224197%7C11a1%7C11a2%7C11b*.1352960-70224255%7C11b1%7C11c1%7C11d1%7C11e,idMap:11b*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:29,sis:332%7D&br=c
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:ab69:b866:4b22:2f96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: nginx
x-server-name: dt13.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5122 43 B
215 B 102ms
102ms Image
image/gif 2600:1f18:1aca:4281:ab69:b866:4b22:2f96
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=923b4705-9d8d-98db-689a-40abd9d5f61b&tv=%7Bc:fEcvJ5,pingTime:-10,time:626,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE0LjAuNTczNS4xMzMgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1686867227815%7C%7C0cf114c251a053cc054cd8971a301971%7C%7C8623b242deb4313525321dba17b62725%7C%7C528c0df60a3115923cb75a5bb40dba47%7C%7C6d16f9bd11b4b175c97443a9399ae322%7C%7C7853a0a8447e825a00b48999adff71c1%7C%7Cc79c437905781234cabb31702d5a9473%7C%7C8b4dd298ddbeae325ae059c15471395b%7C%7C1663701684,im:%7Bpci:%7Btdr:572%7D%7D%7D
Requested by: Host: 9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
URL: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:ab69:b866:4b22:2f96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:47 GMT
server: nginx
x-server-name: dt10.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 5ed76f76e4b07a92411bc03a
ng2.virgul.com/tck/imp/ Frame EADA 0
209 B 45ms
44ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed76f76e4b07a92411bc03a?g=1&t=gb&r=153377@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1686867225697&userId=vnetdc5075c3-0999-4ad4-a2db-d225ee94040d
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Thu, 15 Jun 2023 22:13:47 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 27F0 0
0 45ms
45ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvoc66FgwLZ8ccXSPUnR9NMbLZzn1VTpgeOsZNk8tcGyQmlui3lMHIlQuLjQAItHCcK9jY3gV-g2RB30vUG5PZq2ik4yj4fBFW0t5ExBq0xexIfXFGXRvVeWGUQ-p5iWxXBNB6w-CCEgST3yazwgfqeYSx60jRqMG4iPw&sai=AMfl-YRLBpUaQYyONic-jTtTAJsU2bzYydrbWd1zwZU6ZhNAlchE-hprwzvtkgsnuRXoLC47ggYweEswDmjITuXivtwuDwZcGbP9L7WCJLQ-pZt0_mV_9OW65sRI3h2h6A&sig=Cg0ArKJSzDxA4wTLRC7_EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=442&vt=11&dtpt=267&dett=3&cstd=169&cisv=r20230614.04918&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 15 Jun 2023 22:13:47 GMT

GET
H3 200 _gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js Show response
pagead2.googlesyndication.com/bg/ Frame 572F 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/_gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe02c6f5a37c72317bbd729b31e3b19ad08e8ccf0f22c2553f3417353d9d63b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 08:34:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49178
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14773
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 14 Jun 2024 08:34:09 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5122 0
0 45ms
45ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvkqhPCy4eMNtvsRXOsYMJg5JKbLJH9xH_BME8o4NOtrevCAAgwRYt-TNg4G0Uc7_mz0K5PFKdsIVrdURZbbUlyoNT5En-pguJs9gJTTk9YlcszAUOd6SIT5P50kCqD1hKdXbsjDDtpuYVkB2ZXNKvWWVJv5wJS3QNjhg&sai=AMfl-YTvgZwLrjCED7fPZ90nLaBp17SmgeXfq8a8xhJxAtbT9bt7vkogSCXbC_VvHdFK1M6qn82nJ3755m4_v1-H8OBlZm7mHhWLHTLwK0d5dwYeyRe15SN6kUF3VOkiVA&sig=Cg0ArKJSzOmZci94P8-REAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=484&vt=11&dtpt=320&dett=3&cstd=158&cisv=r20230614.33167&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 15 Jun 2023 22:13:47 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame 5FA5 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=6Lpq0vB1bw&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1b2da575466eb30982e08c1020f55bcf2d9565f53bd64c3da87a1d774d75588

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=6Lpq0vB1bw&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:11:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 129
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1100
x-xss-protection: 0
last-modified: Fri, 05 May 2023 10:07:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Jun 2023 22:26:39 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 5FA5 7 KB
6 KB 50ms
49ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f9b312b5a2ee6dc4ec23bab90455c84f65ce36f73c5e162f251dc4fdf8cc1c3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:48 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5614
x-xss-protection: 0

GET
H3 200 main.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame 58E2 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=tAvOnLZTdC&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1b2da575466eb30982e08c1020f55bcf2d9565f53bd64c3da87a1d774d75588

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=tAvOnLZTdC&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:11:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 129
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1100
x-xss-protection: 0
last-modified: Fri, 05 May 2023 10:07:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Jun 2023 22:26:39 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 58E2 7 KB
5 KB 50ms
49ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fa7ee0a66d08c7be5a504759489d6afb1e93086d85f0f3dd8dc25170d0922297

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:48 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5505
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6BF1 0
20 B 45ms
45ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B4RvzGo2LZLPcOYKcgQfB67T4BwAAAAA4AeAEAg&bg=!s7ClsOTNAAaGYqkwpmI7ADkAdvg8Wm--QzjzQAyr8VWw1f_D9vuZmA4r6MEUVU2Uk0ykzu0doZ1P5HnMvdCfjDeg34tsGVbjR3MCAAABpVIAAAACaAEHmQNGx4EORY5bsqK-RMEMe-7Whju64bgYF_JFxs98eenugiZFoNEfV5bVl3UcMpnOebKm0K78seZbRrg_UJs4loGAn7X_uwIqSjIPqAVpnmO7zKlLdwDIxfBe8JWxyN5qJJUJGphICpckvHhRa8ZBPbvcSJFHdxOKHcvsI44W3IcjawQqexPMDlLKNPr0a5kNROeg7wK3UgTge-WkzrtxKUdu04PQsB2SZWxdPw7eTDEDsrI0t7IKwCxyzPn7UsRv48A1BgC5JWNGaQXHBSygVyyYfHnFI2lBtV73vOWl1bFEmIxD2UEwIzw-ngg9KxQhRNtwX3CkA6fX-UPd5JoU1fYhHXX4v3ai9DEWSxjE1Np8qvUNEGe9Sggr2dyRz8yT9ZbHWdxLl1bNRgh2EmrnoKlZnQpKOJh5cXdGD95idJ66Ih77n2fQ8I5qqzTsoJoEQVJbPP7Dy8sQdm815tMjY0GVqQlm16A1Jtrf93gPr1KZoLL4lvrw3FavuIegySHi_UALUYYLZCLSP60yrSpy9nt6qD6Nfs1yx-DMd8YPYxN4WsXoJsAnKZymQ3z5HBYcNCbdnHEbeJhL7rbNla9gsmuismDdRx5QfRXfUb40e3v6NqBHA3m6kEPJKCPicl3NBV4Ct1ylEqkezeU4G4g2YTVchUnEAHrXrlC2XOjBGSI-70kO3ZJXAYQ2pXw0S0nlkTMRoUqoU33EFDBU3ph7CVyUgtOMloNqgcDRtPJdkJUCV0At_nQwGj6p9CpmpoV7O33irsUcSR3r2KLZLZst6hmfnpQbWa2wRGGQueQ07ZZzQLBaOW6C-N26KNctZBWUr7zU3VlKoczoohgUfvygf2vsJg_oGj73GFcQRxCkGpg7DTzFSh9fQzfYF_PuuVM3VNnur0Qp5jL22bpF88Ctjq6fqchjVOEJ_uh-l2DATpesEIa-2qJKQ_W5MGaZzGL5fQEN8J47-_a6byKyFOoc41hum2rNOsnLToKrysHMzRIhmyLcNk0Sj9ZirhgCUq7jKx_hn_dHof1z3Usy0oXb2K1B8HIfIVf17tUi6moeFDrdDZzieH-1fsx7tsO1V7em7pmOWQ00gNSVbZgA9brBpA4mINo-IiiPuw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 47ED 42 B
64 B 43ms
42ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu18u2pAQTJArX16-b6lvYwGH_e7TvH-H9zxSG-iVaMihYBFiNylvPAXztMohsm6mo9oyBplaOjXziCG-rR4RDNnht_&sig=Cg0ArKJSzJZTDij1wq5ZEAE&id=lidar2&mcvt=1011&p=0,0,90,728&mtos=1011,1011,1011,1011,1011&tos=1011,0,0,0,0&v=20230614&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=456810305&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1686867226825&rpt=195&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E20C 0
20 B 45ms
45ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BXaY-Go2LZI6uOaTD9u8P4Z6ByAcAAAAAOAHgBAI&bg=!fX6lfirNAAaGYqkwpmI7ADkAdvg8WogsFenlRtTj4N3KnX-zKpu86JRFTicq7RCQrIhSDNt0LfJGW7vLrQ5VCKrdshdXbYdw5EcCAAABUlIAAAACaAEHmQNZ3SW_PrkVMdtttUmXqIz9BPCgOa2Qo-vYyJhTDNhcyQ0uR5-XlI1kjN3M9IH0qVwH82j9gYIakP0CYNRNziEH1YmkgG1x3b_UQwtuyYnLLv1_nB1eB3VwclpxN-Rf91mx9adk6hvSCEYEjLpKEqninWAqES8bUS50ylbxhf65ZpJfL-xjKyd1X7bpOmxyIT3c9ZLj3LfqczDR9wFd0QYNQKQ-wZ9MTqkh8WdougJW3X2ztdgrCnhyzVEFq7PGlQm5SgPo3tMCupZrYtf4yLWmnTkF-C35wqoPxcIF7GxYS8iXt0aEL_2qxbNlEDCYrGM8z0HJ_m_MLgrZ4GfpMNVuELfJxd0ZluyvbwC62mKwCw7UOHDZ6ZrzTDz-Hh6C2FaRiWz8P1ik_hE2JjX9ZwEQv4RkOwuTz9fmIKh95eaA-8c0N8v1HaF-8AFXvYjvLK2LmIThxj25tSwKFYQYHtJFO6rsmQ6-j8fzKxM-RvqjdWkRhkeOyljPcJ7vFCOY1jCc4RCUN76glypx7kLBf7dlwgTFi46Q5C6klV66TbB59Ek_lIxnPw65Uiu1SwymC0BB4Ln83XzDui9Tyn6NpB_4RMVG124pn-d3fC7IXeMy9PfIoXASmlcIKkGZ7eL4E0OFT9UdSwSR_arclqjVzu0GPwmAmZU6R0TC9euEM87tFdgA-NE7PmcpmdBBgtIsAHuFJ3ExzsvY9EEpSi3H3G6va_Pj4FihPjJ8PlCMpfyc7bWQ1JD6aTE4w4f1K_Y5E-V97MKSQtLAyFbBQIvqsBjyLydoIqh533XRCTvr0UrYGe6ONV3VCrPHtmdjWhJar4_nKA6Lq0uggHlTxQYLs5BQZ2be5AUZ_ETp1bkjPcIdI0iA2xUW-cPcE5Bq1FLWth8FVtpIJ52CJWFg6BAr6Et-WhaerAxSfOSmk1Vceo8a5mEBHIie32xcqUjuQSWRku_ovT-huXZySSDYNtf741tLL5cdZlNeLfQaU58q5deh-zYei8WtGcpsTCTEUFkSv1-0OTjea30dRNTG0zuuDqVM1t6I90k2gguuEQZabrzTEWnRmxhOwLtOTQtxm-TZDYoWjPM8lrTSnagFdLtaICsYIRfxP3C1BCzb2VdVg3I1m5NPuk9HjQR2QF8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 728x90_de-de_performance.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame 5FA5 61 KB
17 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/728x90_de-de_performance.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47a31dcc8145cda5077f9e148f349dc3efa073e864648d0608e5f5b6abbcfb3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=6Lpq0vB1bw&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:07:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 398
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17826
x-xss-protection: 0
last-modified: Tue, 28 Mar 2023 08:38:19 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Jun 2023 22:22:10 GMT

GET
H3 200 160x600_de-de_performance.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame 58E2 62 KB
17 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf035fa0bfc989035b3a60bd3384033c03a80a1ba4103a81d20e0bd053301e9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=tAvOnLZTdC&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:08:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 303
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17856
x-xss-protection: 0
last-modified: Tue, 28 Mar 2023 08:23:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Jun 2023 22:23:45 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 5FA5 17 KB
6 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 15 Jun 2023 22:13:48 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 58E2 17 KB
6 KB 71ms
71ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:13:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 15 Jun 2023 22:13:48 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5D15 0
20 B 47ms
46ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BOxmPGo2LZJyYPI-A-ga6vraQAwAAAAA4AeAEAg&bg=!8POl86fNAAaGYqkwpmI7ADkAdvg8Wm55fSdrF9szuobvLMar-31uF5UhMKIP5mVzi9CJyKYalm0Yc3SqMkAp2ro0xbktO-tspVgCAAABalIAAAACaAEHmQNMDQl0Aw9rOSjEMwEblTaSuUGNRM35iLbTjWs2KqGxEZUVG3bEfhVUGu69nfePC_gOnHTyxeIhws8b4yqEQ2sfDs8b1I426z5J1oMITkX2Xa_E2HTWUQNHahEJJ9xNNXm1smY6lJyo_X0lw4lsuJjdptcG_-8HhI7QcRxQRUCVfEJ4SfEc-qOV1pkGCcY2IkHTfCBWrno3S3c3yodpJ_x5Se5F9velD26YooHbtOtpHb7OcpxwLjTveIpLTP-YO2cd6PiTaZS-MyNsXoaabZbhd-i1KXUlVBDUe2LFOthnJ0-EyhnOC2VEiLWF2N_gPR_-tzBERy5DIlBVvP4zTcJFkMjbnWgbqLCHaRUsKVIdRwVlng1SwjAmTC3CRcFtN4qvmWiyfylDF8ifj3YWJk947-ltQY1pqvEbeC8S6WREUkb5cGEZcI3McVEa4n1QG7eaoj_6pX3DLwlB9XzHIUJdANAohC58fQ-dKtSRsdBEzXstI3J5Q58llrm_TrTpyzq6i8SNaTM_jqVpOB140ms2sj0ATeYkUEicHo96uEzmwk8ClLapdeB4TpSYV48FbQHkvQLYKqggZc-2c0cOokLAnzoE0quwnlh_MLXXv8SDz4D72PiE-4M6zqcRvbWgw1qmQ9RAfuP3QOuwUkTg0WpPxFS7UIEqdYaaDITJL9ZxXftlw9aDWGdOf0kXH2s1SbfJ1V8GCU939YOZgmCk8Q8qDt_hp-j3Gdrozn1IQMtuBsrT3qS5qgI3QMs6CwKcyzJFMktDi-83kn7lBdxxQVu7GDdld1F_9M928R_TK7e5B6jMrTRXE56RcKAy9OcurT9bIGBxKpd9aOWE1lMEo4nYFrftFSlciISzhgMoYPWSM6DuQUFuuZ6YVcEfr8ZU0mhhsLS11BUtiAHrvHTbf6SZVVoIujS9xZIEZxyRle0spNFQhHXZdTdIZ4mbVIBmq-hbMdZ-0Ni2uOXkTFg8SYmGKg66iLm3678iRANCCYtL12W9-GpJjma6JoJJGYzKB63G8I5LsO3Ne-oFofpL_LJqmvDoLDDufKg5x0sD32rSccnDNqZ74WKZiBFeYwMms2U7xkrvBqN-W4JQNWmPrPk-OmOac-ersmQ5tIYAEg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 72CE 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B6DvmGo2LZLbVPKe79u8PjPe86AoAAAAAOAHgBAI&bg=!bm2lbTnNAAaGYqkwpmI7ADkAdvg8WlW1LkEpCxaUtbQ_6APOBtPLHO3lciGWiqPFUY6Ef29df6Qm8bXQlLWV7ckXawmksumPjKkCAAABAlIAAAADaAEHCgAjoEOr86lkfHIbmhbNGOSbqkaRTNI_a-_5og4UL9nhuOhUvlmZAzInA7p1Q113dFh9GqNIs-KX79snxDlLvz_OUtHOATdcpsrMNB14xKdCBdhRuKB_35Im_Kh-6UBqJMqxjTHziaTNJyjejy-RPlkNCf-1cw5pzpREKlWtmWzvCFOvAo7s4JB6rrH-FMqm_Bt1NCOQ92fu1DdnTiSLpY5Ryb5RLLRg2btWzekxYJdUgA_aHOqZJ-Bj9byVDG6OVbvJovkoHoUn4wa2cr1ylgzv2lUSmFa0SgAOgRc31mMUSCFoDu2g3zqZ1iLI0zqcGaLXj3mxRHF_xtaQSQRDFRjVoLabFo04ax2rUBMHz1PEBPcCLrU_S_iIfBYiN7pM_mjkc16afyRblE3Lw9V1emMC1zEeiNe9TDVvCGtVlb8XVpT-e661enwgUrkRqpnlQoGH5ya-ooN7y7KVcGMr6UaBJ_50iCiiukCpTzyqa9fIatY1zS0K665QQ-MZVXkskiu9E6Si_puGn52b8A341NZ7X1NOpWIm0iKs9X_VMVaYJwHEHOr4r3ybDdOUpIEg676uedaRuQu3llskeRGTtpe9YNJ4yb21rPt1A2ONTddzM2UYThJF8hvQWRjKrf4Sa5B1PA38Mgp0HhW38Kxi1gOxnrB_c8loXBj4pk8MSy4krPdnQoDOwS33tyDmvUxjjUL9sS0tXS6g31qDRZ91kndBFUct2LqlCE5eF0-EHKb8vfLyBTlxw50MruXhRAaegY9SkVU9QdGMgnxFSNIWTyt6dSjtqCqqL2v8TGgxjH47oqs7aIZLXSyUusbo64A82JbveC_GqO0GP1faXlOTTF3t__b7CK960ZDVUXmA8zsDdNvXkPRsDVheR-AnmFIr4CNkD1_vk6l5qYoikYj24FhF4gTTlATe7dUcrWUcFW4jbLn_LupF6BlvFR5fXMWH5IWtlCfTVWvLJK7XJQdMCeVSI5FYN28IfUT3wPPOwwn30rh7aTvTpf-dRx99V-wQFGPNt3CsdpxuMF_acDUJK0lZTNLeajFJ--Ch-WJ9ucbZmIjHIYlMCjMUznUOOhOsy-6pkm8uZ2Vn_X4SOUufT_LUVYZ4i6Ftjn5-65mOn_tGE7Q911sdb2yCsQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 star_alliance.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 5FA5 4 KB
2 KB 8ms
8ms XHR
image/svg+xml 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/star_alliance.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/728x90_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3052cb4159c6c3da4cee05fc67f879dfc7c5cf59628a6fd37485cf4c685f60d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=6Lpq0vB1bw&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:06:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1840
x-xss-protection: 0
last-modified: Tue, 04 Oct 2022 11:00:32 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Jun 2023 22:21:00 GMT

GET
H3 200 lh_logotype_single.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 5FA5 5 KB
2 KB 9ms
9ms XHR
image/svg+xml 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_logotype_single.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/728x90_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7502e785bdc8f7184cab7e278053c49be4458393085eb2fbddabf35b895c310

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=6Lpq0vB1bw&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:01:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 723
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2151
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Jun 2023 22:16:45 GMT

GET
H3 200 lh_crane.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 5FA5 2 KB
1 KB 9ms
8ms XHR
image/svg+xml 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_crane.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/728x90_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d2067d4b9b5b9d3003ffa4dc17b44616dc00a543f59eea17df555e959f20b53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=6Lpq0vB1bw&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:12:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1311
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Jun 2023 22:27:06 GMT

GET
H3 200 NH_D_NA_City-Generic_728x90.jpg
s0.2mdn.net/creatives/assets/4703548/ Frame 5FA5 61 KB
61 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4703548/NH_D_NA_City-Generic_728x90.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc2f6c397b2c8bc2ffe3a7f98875347fd37f44f8297f60b1f961123846cad866

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=6Lpq0vB1bw&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:08:46 GMT
x-content-type-options: nosniff
age: 302
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62580
x-xss-protection: 0
last-modified: Tue, 08 Nov 2022 09:07:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Jun 2023 22:23:46 GMT

GET
H3 200 star_alliance.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 58E2 4 KB
2 KB 8ms
7ms XHR
image/svg+xml 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/star_alliance.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3052cb4159c6c3da4cee05fc67f879dfc7c5cf59628a6fd37485cf4c685f60d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=tAvOnLZTdC&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:06:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1840
x-xss-protection: 0
last-modified: Tue, 04 Oct 2022 11:00:32 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Jun 2023 22:21:00 GMT

GET
H3 200 lh_logotype_single.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 58E2 5 KB
2 KB 8ms
8ms XHR
image/svg+xml 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_logotype_single.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7502e785bdc8f7184cab7e278053c49be4458393085eb2fbddabf35b895c310

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=tAvOnLZTdC&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:01:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 723
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2151
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Jun 2023 22:16:45 GMT

GET
H3 200 lh_crane.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 58E2 2 KB
1 KB 9ms
9ms XHR
image/svg+xml 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_crane.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d2067d4b9b5b9d3003ffa4dc17b44616dc00a543f59eea17df555e959f20b53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=tAvOnLZTdC&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:12:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1311
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Jun 2023 22:27:06 GMT

GET
H3 200 NH_G_WD_Airport-Network_160x600.jpg
s0.2mdn.net/creatives/assets/4703548/ Frame 58E2 45 KB
45 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4703548/NH_G_WD_Airport-Network_160x600.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28581a9c3e927973d978984f3d463644abae1650c1128105cc603629666e67e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=tAvOnLZTdC&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:11:59 GMT
x-content-type-options: nosniff
age: 109
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46462
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 16:48:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Jun 2023 22:26:59 GMT

GET
H3 200 LufthansaHeadWeb-Bold.woff2
s0.2mdn.net/creatives/assets/4714589/ Frame 58E2 50 KB
50 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4714589/LufthansaHeadWeb-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a43c20863b324fe2bec355b5ebdc6566861742f92018f12be1b38fa2c8b7767

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=tAvOnLZTdC&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:08:45 GMT
x-content-type-options: nosniff
age: 303
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51548
x-xss-protection: 0
last-modified: Fri, 18 Nov 2022 11:46:13 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Jun 2023 22:23:45 GMT

GET
H3 200 LufthansaHeadWeb-Bold.woff2
s0.2mdn.net/creatives/assets/4714589/ Frame 5FA5 50 KB
50 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4714589/LufthansaHeadWeb-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a43c20863b324fe2bec355b5ebdc6566861742f92018f12be1b38fa2c8b7767

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=6Lpq0vB1bw&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 22:08:45 GMT
x-content-type-options: nosniff
age: 303
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51548
x-xss-protection: 0
last-modified: Fri, 18 Nov 2022 11:46:13 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Jun 2023 22:23:45 GMT

GET
H3 200 _gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js Show response
pagead2.googlesyndication.com/bg/ Frame 3D17 37 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/_gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe02c6f5a37c72317bbd729b31e3b19ad08e8ccf0f22c2553f3417353d9d63b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 08:34:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49179
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14773
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 14 Jun 2024 08:34:09 GMT

GET
H3 200 _gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js Show response
pagead2.googlesyndication.com/bg/ Frame 7F48 37 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/_gLG9aN8cjF7vXKbMeOxmtCOjM8PIsJVPzQXNT2dY7E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe02c6f5a37c72317bbd729b31e3b19ad08e8ccf0f22c2553f3417353d9d63b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 15 Jun 2023 08:34:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49179
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14773
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 14 Jun 2024 08:34:09 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C337 42 B
64 B 51ms
51ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvkXEgU1XALiDGaTAELRqdKCEZhQwWa8bxehA6YCMA-K5MkmiuJojm9wuuzFt1kLjQapB_BV2X-iaqoq7h9s5jHuSI-4DEgSD9uZu-MAnczMXs4WlyvoRTDLYNFkomNNM2tXjQLET8SSy0P&sai=AMfl-YQYRlKAIHP7fXzGjo_L-m-MeGNgmBUNvWW74V97m5Gnu6SfD0Ff-MZvyRmDfVYHGwuZk0QHFIgAsjvuWz9CUUuPoRsMLCRIfS4OCe4FoIslZcswgtiwYfTtF9k&sig=Cg0ArKJSzH0LoHOaTV16EAE&cid=CAQSOwBygQiDSgcjqNPfImrPxuNBev1MS2VzBdyXUU1jqRO0DidLvIMzM08Dmc5DSNbopGHhu6fsgnZ7NyfiGAE&id=lidar2&mcvt=1000&p=0,0,250,300&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230614&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3050045420&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1686867226814&rpt=511&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 9DDB 42 B
64 B 53ms
52ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuUg9tqhDP7G7A1JPTgpdxsubZ88zeFBJKEueXeRAHkZN7NcvvEDnc3pEUM8ZSQY9JC7v_N17_NHusP7bNPQ9Dm2uC1rnP7h3XF3JXI9CRkgtb5qhmXGUgJc-IXWJXil9ahLU0P2CHL13o1&sai=AMfl-YT0RecaeAfxEHzMxMyyvqaaSd_ytlJoZBIhKudGQsucdqzuXhGgZ63_QeopKpUSYlAuyQxYDitRVl52arp2FZDphIHWoPzLJuU4LoZ58o60DHVN5iE8ApVFVUI&sig=Cg0ArKJSzCtectbcD9W4EAE&cid=CAQSOwBygQiDnBIXllX758UHUN3NgPOHUJH1zAJOkGR7sAOpQH_4u2GfEILBN0n-t9KJwI6yIEfLg9r8cfcfGAE&id=ampim&o=0,229&d=160,228&ss=1600,1200&bs=160,228&mcvt=1001&mtos=0,0,0,1001,1001&tos=0,0,0,1001,0&tfs=475&tls=1476&g=100&h=100&tt=1476&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D62E 0
20 B 41ms
40ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8684184120877&version=m202301230201&ct=76&x=1&cor=7913394521251741000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C337 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5009047356554&version=m202301230201&ct=76&x=1&cor=9608998460487782000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5ed7702fe4b07a92411bc03e
ng2.virgul.com/tck/imp/ Frame EADA 0
209 B 44ms
44ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7702fe4b07a92411bc03e?g=1&t=gb&r=153378@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1686867225697&userId=vnetdc5075c3-0999-4ad4-a2db-d225ee94040d
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Thu, 15 Jun 2023 22:13:48 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 27F0 42 B
64 B 51ms
51ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuYgeyr-eG0eYzG7GMyuAIFGfx-Aj_47xfUsrG5OC0_Xw7thUHEJzB-b0CPS6-wsZTvznDkfQCnQNSIcM31-Pc8Ky4C2EV_zOI8mPSezB1aP_NrJ6UiSDVXJ3xP-w3LcLd6LXG4kraCY-vQ&sai=AMfl-YRQlTcV4HVPUdyaE1Ng1iwvxm9ZYQMMPlR_78Bf55iV-dncJqsrc7o3cEEM0VcpDfrntMqDMn-uRmuLuqD_qmz2Icf6ntcOr2bZBz6qTTMs8tSwiWZ_2G7D_q8&sig=Cg0ArKJSzNCCUpUQ5OSfEAE&cid=CAQSOwBygQiDqUJA1GQbRN7Eyy5xy1KLEgyI1Fd0LLj1JT7A6EEAhZJNrZJK0Go69gr1bfYRL0LGkRX91540GAE&id=lidar2&mcvt=1000&p=0,119,40,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230614&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3203893797&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1686867226760&rpt=768&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 27F0 43 B
215 B 103ms
102ms Image
image/gif 2600:1f18:1aca:4281:ab69:b866:4b22:2f96
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=5484cf98-b562-595a-3428-0f1be2d6b4b6&tv=%7Bc:fEcvZk,pingTime:1,time:1687,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:28%7D,%7Bpiv:100,vs:i,r:,t:669%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:1018,o:669,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:28,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B662~0%5D,as:%5B661~160.600%5D%7D%7D,%7Bsl:i,t:669,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1018~100%5D,as:%5B1018~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:160,fm:tHi2Yxx+111%7C112%7C113%7C114%7C115%7C1161%7C117%7C118%7C1191%7C1192%7C11a.1352960-70224197%7C11a1%7C11a2%7C11b*.1352960-70224255%7C11b1%7C11c1%7C11d1%7C11e,idMap:11b*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:29,sis:332%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:ab69:b866:4b22:2f96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:48 GMT
server: nginx
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 27F0 43 B
215 B 102ms
102ms Image
image/gif 2600:1f18:1aca:4281:ab69:b866:4b22:2f96
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1352960&asId=5484cf98-b562-595a-3428-0f1be2d6b4b6&tv=%7Bc:fEcvZk,pingTime:1,time:1687,type:c,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:28%7D,%7Bpiv:100,vs:i,r:,t:669%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:1018,o:669,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:28,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B662~0%5D,as:%5B661~160.600%5D%7D%7D,%7Bsl:i,t:669,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1018~100%5D,as:%5B1018~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:160,fm:tHi2Yxx+111%7C112%7C113%7C114%7C115%7C1161%7C117%7C118%7C1191%7C1192%7C11a.1352960-70224197%7C11a1%7C11a2%7C11b*.1352960-70224255%7C11b1%7C11c1%7C11d1%7C11e,idMap:11b*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:29,sis:332,metricId:grpm1,cmr:t%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:ab69:b866:4b22:2f96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:48 GMT
server: nginx
x-server-name: dt05.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 5ed7638be4b07a92411bbffe
ng.virgul.com/tck/i_vb2/ Frame EADA 0
209 B 45ms
44ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed7638be4b07a92411bbffe?l=&r=153366@site_geneli@yemek_net:site_geneli&cs=1686867228932&userId=vnetdc5075c3-0999-4ad4-a2db-d225ee94040d
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Thu, 15 Jun 2023 22:13:48 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed76f76e4b07a92411bc03a
ng.virgul.com/tck/i_vb2/ Frame EADA 0
209 B 45ms
45ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed76f76e4b07a92411bc03a?l=&r=153377@site_geneli@yemek_net:site_geneli&cs=1686867228933&userId=vnetdc5075c3-0999-4ad4-a2db-d225ee94040d
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Thu, 15 Jun 2023 22:13:48 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771bae4b07a92411bc04c
ng.virgul.com/tck/i_vb2/ Frame EADA 0
209 B 45ms
44ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771bae4b07a92411bc04c?l=&r=153382@site_geneli@yemek_net:site_geneli&cs=1686867228933&userId=vnetdc5075c3-0999-4ad4-a2db-d225ee94040d
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Thu, 15 Jun 2023 22:13:48 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771e3e4b07a92411bc04e
ng.virgul.com/tck/i_vb2/ Frame EADA 0
209 B 45ms
45ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771e3e4b07a92411bc04e?l=&r=153383@site_geneli@yemek_net:site_geneli&cs=1686867228933&userId=vnetdc5075c3-0999-4ad4-a2db-d225ee94040d
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Thu, 15 Jun 2023 22:13:48 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 27F0 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2160909449205&version=m202301230201&ct=76&x=1&cor=13364904021248578000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5122 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6758524147173&version=m202301230201&ct=76&x=1&cor=12035958757863162000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Jun 2023 22:13:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5ed7706de4b07a92411bc042
ng2.virgul.com/tck/imp/ Frame EADA 0
209 B 44ms
44ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7706de4b07a92411bc042?g=1&t=gb&r=153379@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1686867225697&userId=vnetdc5075c3-0999-4ad4-a2db-d225ee94040d
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Thu, 15 Jun 2023 22:13:49 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

43 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.adnxs.com/	1970-01-20 14:44:03	Name: uuid2 Value: 6863149284922921574
.doubleclick.net/	1970-01-20 21:56:03	Name: IDE Value: AHWqTUlSnim1O-_QLgHvpp3t_DFlMjHUtYlmE9RwtwTfu8BLqQ6nMbD5AvpHAPJbnMg
.casalemedia.com/	1970-01-20 14:44:03	Name: CMPS Value: 5240
.casalemedia.com/	1970-01-20 14:44:03	Name: CMPRO Value: 5240
.casalemedia.com/	1970-01-20 21:20:03	Name: CMID Value: ZIuNGhYoGw2jzSUYwPdRFgAA
.adnxs.com/	1970-01-20 14:44:03	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GTwgJO?2!]tbPl1M>e)ZlrFUfJ+tGXxo]CAj/*XX@R.@)g.wLBz5VD!V]7Q<95vqc#gL3If)y3KL9D3I?+YNNTOo
.yahoo.com/	1970-01-20 21:20:24	Name: A3 Value: d=AQABBBuNi2QCEGD30TdhaOreXeDqh7RNhyUFEgEBAQHejGSVZOANyiMA_eMAAA&S=AQAAAkyuHPI9uSH_6oq_cg1uqck
.hspvst.com/	1969-12-31 23:59:59	Name: VI2677 Value: %7B%22time%22%3A1686867225%2C%22utid%22%3A%224f9ee2c3b7d5b69b873fe000bdb68a17%22%2C%22t%22%3A%22P%22%2C%22s%22%3A%22%22%7D
.hspvst.com/	1969-12-31 23:59:59	Name: VIP2677 Value: 1
.spotxchange.com/	1970-01-20 13:14:46	Name: audience Value: e6069723-0bc9-11ee-a9b2-1bce7de30306
.w55c.net/	1970-01-20 22:04:41	Name: wfivefivec Value: 6ELkQxFW1Q9VdV5
.analytics.yahoo.com/	1970-01-20 21:20:03	Name: IDSYNC Value: "18yl~2c8m:18yx~2c8m"
.simpli.fi/	1970-01-20 21:21:29	Name: suid Value: 539A861253744BCD899BC955B7C801FC
.lijit.com/	1970-01-20 21:20:03	Name: ljt_reader Value: G0nVsGZH6hYwA1PSQPm-Dvgw
.everesttech.net/	1970-01-20 21:20:03	Name: everest_g_v2 Value: g_surferid~ZIuNGwAH0AsgNAAD
.doubleclick.net/	1970-01-20 12:34:30	Name: DSID Value: NO_DATA
.ctnsnet.com/	1970-01-20 21:20:03	Name: gid_CAESEHnGn8zGKKgRbenanx99Chs Value: 1
.quantserve.com/	1970-01-20 14:44:03	Name: d Value: EC8BCQGeKYEA
.quantserve.com/	1970-01-20 22:04:41	Name: mc Value: 648b8d1b-5280f-69dd8-ca841
.3lift.com/	1970-01-20 14:44:03	Name: tluid Value: 1211142366647923274069
.turn.com/	1970-01-20 16:53:39	Name: uid Value: 7610028875376255981
.adtriba.com/	1970-01-20 22:10:27	Name: atbgdid Value: 0d38da79-bbaa-44bb-b1ad-0eb201c3dc9c
.ctnsnet.com/	1970-01-20 21:20:03	Name: gid_CAESEO1qMVT-vCwQoV9ccx1Op60 Value: 1
.ctnsnet.com/	1970-01-20 21:20:03	Name: cid Value: 31ddb42eebbd4d72a4b985b692d8ba32
.bidswitch.net/	1970-01-20 21:20:03	Name: tuuid Value: 7d2ef4b3-13ef-4009-9dce-49bc870ecb0e
.bidswitch.net/	1970-01-20 21:20:03	Name: c Value: 1686867227
.bidswitch.net/	1970-01-20 21:20:03	Name: tuuid_lu Value: 1686867227
.blismedia.com/	1970-01-20 21:20:07	Name: b Value: 648B8D1BD42B8808EC87F491BLIS
.de17a.com/	1970-01-20 21:12:51	Name: guid Value: 1.7908875744173654194
.360yield.com/	1970-01-20 14:44:03	Name: tuuid Value: 832bf3ea-de9d-4582-8a80-1aa4f6fe050d
.360yield.com/	1970-01-20 14:44:03	Name: tuuid_lu Value: 1686867227
.ctnsnet.com/	1970-01-20 21:20:03	Name: gid_CAESEFgir9IVCEDkzNNEGXYxJqI Value: 1
.adfarm1.adition.com/	1970-01-20 14:44:03	Name: UserID1 Value: 7245039572675524758
.travelaudience.com/	1970-01-20 22:04:41	Name: _tracker Value: %7B%22UUID%22%3A%225833A7D6-D17E-4EBD-BE90-A6FA74FCD46C%22%7D
m.exactag.com/	1970-01-20 14:44:03	Name: exactag_new_gk Value: 13220a33f1b14ed2837f826fa793f444%7c14.08.2023+22%3a13%3a47
m.exactag.com/	1970-01-20 16:53:39	Name: exactag_new_uk Value: c82e3c0c13224ab6a26fefbaa90148f2%7c
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: a6cb6ffce1ca4a439fdf3b7d
.id5-sync.com/	1970-01-20 12:34:27	Name: cf Value:
.id5-sync.com/	1970-01-20 12:34:27	Name: cip Value:
.id5-sync.com/	1970-01-20 12:34:27	Name: cnac Value:
.id5-sync.com/	1970-01-20 12:34:27	Name: car Value:
.id5-sync.com/	1970-01-20 12:34:27	Name: gdpr Value:
.id5-sync.com/	1970-01-20 12:34:27	Name: callback Value:

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pcloak.blob.core.windows.net/web/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
javascript	error	URL: https://ye-mek.net/(Line 39) Message: Unsafe attempt to initiate navigation for frame with URL 'https://pcloak.blob.core.windows.net/web/6x69807j0b5.html' from frame with URL 'https://ye-mek.net/'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/feature/5851021045661696.
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686867225775&bpp=3&bdt=557&idt=110&shv=r20230614&mjsv=m202306080101&ptt=9&saldr=aa&nras=1&correlator=4172165922379&frm=24&ife=1&pv=2&ga_vid=1164401128.1686867225&ga_sid=1686867226&ga_hid=372826235&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759842%2C44759876%2C31075298%2C31075305%2C44788441%2C44793499&oid=2&pvsid=456909807881205&tmod=1579466775&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.4ficyttl0b37&fsb=1&dtd=123 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9cfe8584e113f3750b1a20dfdd75a256.safeframe.googlesyndication.com
aax.amazon-adsystem.com
ad.turn.com
ads.travelaudience.com
ads.w55c.net
adservice.google.com
ajax.googleapis.com
ap.lijit.com
bid.g.doubleclick.net
c.amazon-adsystem.com
c1.imgiz.com
cdn.ampproject.org
cdn.ye-mek.net
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
cti.w55c.net
d.adtriba.com
d5p.de17a.com
dclk-match.dotomi.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
eb2.3lift.com
encrypted-tbn0.gstatic.com
encrypted-tbn2.gstatic.com
encrypted-tbn3.gstatic.com
feed.pghub.io
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
i.w55c.net
ib.adnxs.com
id5-sync.com
images.dmca.com
imasdk.googleapis.com
m.exactag.com
match.360yield.com
ng.virgul.com
ng2.virgul.com
onetag-sys.com
pagead2.googlesyndication.com
pcloak.blob.core.windows.net
pghub.io
r.turn.com
rtb.openx.net
s0.2mdn.net
s7.addthis.com
secure.adnxs.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
static.virgul.com
sync-tm.everesttech.net
sync.inmobi.com
sync.search.spotxchange.com
sync.teads.tv
t.hspvst.com
tpc.googlesyndication.com
tr.blismedia.com
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
www.cloakan.co
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
ye-mek.net
104.111.217.42
104.75.88.126
108.138.1.25
13.248.245.213
13.32.119.77
142.250.185.162
142.250.186.162
151.101.130.49
151.139.128.10
154.58.197.185
162.19.138.120
18.193.240.217
185.7.176.222
185.7.176.223
185.80.39.216
185.86.139.103
185.94.180.125
20.127.253.7
20.60.220.36
2001:678:cb4:bbbb::11
213.155.156.183
216.52.2.86
2600:1f18:1aca:4281:ab69:b866:4b22:2f96
2600:9000:20c3:b400:3:4706:a6c0:93a1
2600:9000:218d:f200:1b:f040:3600:93a1
2600:9000:2450:5e00:8:48e:53c0:93a1
2620:116:800d:21:de2e:c7b3:55c0:d5a0
2a00:1450:4001:802::2004
2a00:1450:4001:806::200e
2a00:1450:4001:80b::2001
2a00:1450:4001:80f::2001
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2002
2a00:1450:4001:813::2001
2a00:1450:4001:827::2008
2a00:1450:4001:828::2002
2a00:1450:4001:828::200e
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2003
2a00:1450:4001:82a::2006
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2003
2a00:1450:4001:82b::200a
2a00:1450:4001:82f::200a
2a00:1450:4001:82f::200e
2a00:1450:4001:831::200a
2a02:6ea0:c700::10
2a02:fa8:8806:13::1400
2a03:2880:f083:9:face:b00c:0:3
3.125.31.31
3.75.62.37
34.102.243.38
34.96.105.8
35.186.193.173
35.186.253.211
35.190.0.66
35.204.74.118
35.241.45.217
35.244.159.8
37.252.171.149
37.252.171.84
51.89.9.253
52.31.224.54
52.57.130.34
63.35.204.225
64.233.184.156
77.245.159.14
85.114.159.93
85.14.248.91
94.138.206.83
0052f42a0eb025590c4a2c324f65ddac213225b383aed8a10687d4250138cc6c
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
01f43c1e8487a28f744072c622cc1174f2c3455c3b413cc572f66c9258595bf8
026b4a233a96cb33e867984ee3265a666c4f670685a19db68d5dfc9700498c6c
03ca337507cf883c92600d48f3c3601b7cb721f37ec131343aee1ff516a22858
0403acf352d97f4125629cb0d42e156490c93962f561f94d7f3c2f4816c8f415
041eb9735c498d0f7d1ffb5b159cdc3776591b6ef9055662a9c8c366945714a7
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0870f8dd92fec1ce4f9fac7f858590d73c999cdf9eabdb5ec8c770ed869b432c
09dee85f539acd1ea2c80316a51d67172fb49a9cbe1b7b72047380c5051ed7e8
0a21246ce99123e0b692a241953ba4480bac476330267f87370e61b88d53bedd
0a43c20863b324fe2bec355b5ebdc6566861742f92018f12be1b38fa2c8b7767
0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
147c0a445950fa29f9fc3784910f112bdc6dc232412915e1162da9e7ea36ad51
157d7c600d20ebfa7b18c3baea166f0c31d574bd796790b6ba85d4b183ae9fbd
187574c8a3cf0026b633b356842e03d60450be911027b697e9542a650d1049c8
1bd029574063760669a424ed0c20f70f18fb595f1e3769f9bb5c6a64e4bdf622
1d4c6a1f4d6a96e145bf49dd859b5566a2cbd4b3a9fd1435b198dea49f926d6d
1e0383aee4030d43f4de3f8b596ef609342d8e51248fd42191d941b7927540bb
1e190fdf47cb7389e127605fc34bfb1bfc74281d5264501b79f2779008a2ae73
1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc
24466e81baccf62dbd8cda0cc4e8b4dc2f1f4cd55c7591dbc798901697783fbf
251d626986bb36c79db29e057235bf0083536b9069a5bb5ba000a829366acf93
25f2cf0d92927ea6a032fa0eca112d4e69207864db577150d8bd82fd05a3ff7c
27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea
27b62f116d3964364a5054f01a59e237c576d204d47cded37d221f39beed4397
27d45cbb2b062f651792ced980698de4255b9e3313d84e234ab63ffd397a5322
28581a9c3e927973d978984f3d463644abae1650c1128105cc603629666e67e4
2a3c84de160fa22e749817bfaf1aae8e4f9016b215b33bc0b3a1bd1c56a129b6
2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f
2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31a2d1774f7bd443e5771952dcbe0a369aa5d1738f508a0c04de6189b372efcf
31d067009b15c1649df4b4eeb6dc93cd049cd9f8c67a1a57e726f1afd20114e1
31e774f0a5fc7ed9d95690a70e18132c3c36f0a4c2366d0d8886c639dc71780f
324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c
35e04b4855605c908b85662df66fa3f5fce2fe1fa2d284873c1349b101bd7bec
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
3bc501087c297a6f3d740843828eabab1f7f9de9787718f2ec63952faedbec0e
3d2067d4b9b5b9d3003ffa4dc17b44616dc00a543f59eea17df555e959f20b53
3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980
3ede2e50e331f20b179c02b5f6afbc30be0d3dfb7b4b23f6c1db9fb786d6aed8
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
411fe8c4b65aaac876035a74a61d230e99e06014c0d16f0c0ed9aed6e01f4bfd
43bd9d6bbcd9a8c9742300bcb60c541f756427599656f3e0dc3d405509371ac1
45352935afb3119009abbfa8ed5bf7b67fc4edf64e8b718a134975410823ace9
4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a
467fdf5409ef15bc78672806dccbb71c34337a721454f9917f2db8eeb8e31fe9
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
479da794610042c07a692cc82df9f0dcd96e46dd83b103761d7f0387f2ac2f1e
47a31dcc8145cda5077f9e148f349dc3efa073e864648d0608e5f5b6abbcfb3d
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bff962fb085bc7a7d81b7a59a2dceb2a6dd7f44a6d25af7040fd62f86393a05
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184
51c012cf2461bf8b29f345373366183c7fd121579b6178e942be0b61d8c7da14
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92
598a8457413e85866a6501f257f380354f5dfb6f11ba2995668dc55d5c237bf5
5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8
5d867d8101d7d263052fd7656e7e10f585b485c3c38cb96e2c7bca172f579491
5dfb1bf0086b8a02cc693559a1fffce75fe3676b824103080e7964b7b1487a05
605b3f81cae22e511a6b284368d863e9da83d4c50680a9eb4527718e9146fe00
613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61ef244a7f7b27ce2c69ff28e1bb69f7bac2e6be7fe6dbbbcb82feeb11db7d84
62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b
68b34a28617137221b76b93546359bf577aea1d6b3aadbd65b40e8bbdae7dd0f
6a5c3836f01af05b52f926264495b7bac8dcef94acc6cfdbb3fbfa5054e941d8
6b35721318dac7f2078f61535dd887a67724daccc15fe229dd043318b05bc80d
6bc3d03f9d36b00c7c9e9480dc420908aaba03af664e60c3e09a12cc530a7436
6c6573c2cf885d137cce0a8373a7a6e292972b597b9b08ae74ba0f1382cbd59c
6fe13a97a9b58b37605361f70c852004de3752dae2e8e91604ea09b4f4cfcece
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
75a654ce513996dc8f544619cc1c99b2361261bb6f38d51c619833d68d0a6a72
78aa3d973a83de17d8b856934f19a2613483fbfd3cd2b6c5bc50865014924659
7a9344144d755ac52f3d8405003feb8eab3b79aebc78e330537ea10861d6f32e
7b9a744b9f1f0bd6236b287352d771297db879a7e757bebbdfc68b1f02dc22de
7db39f0b9931b338e9cd0eabeef7fd618ace0e5bc5990061ce13a0a2ed8e8a0a
7fa8ca78c5f1108ceddb6a05a5487ff5b8e810d0b58237643937d0f7d9616970
7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851
8295852ad7bdcca485615bd4374ce89f8e7d2b3268b75fbc200529223bc185d8
854f47fda466ed9d7e0d438a80c3f7049575d373d5887aca71313da2b795c739
859d6de6ed6d798b3c50d77366f5062a954487299973c419662647573a7d21f2
8696856d40a33bb1143b9f31c9d507fccab76523f0f3e431bf6e03997017950e
8725ac174c3cf47211755e0845c2f14608a50d13fd5e38926d47f50df7d01607
87f9a87c97f320be2896eb3872bc5f256f0941fb848b5ecfbe7fc5fd08350a1f
8c5275956fa1bf68a0418dddb092a5881af6b6be10f6dca54dfacda6ba41992a
8ceaff2dab6c10ad838fc8f93dc3b66b68485a557d810e2b501e45015a4bef33
8e2b2033aae5f2ebbc9b92291c3cdfa7a084429d21d85b382e39dfbd875b5f55
94dc350acb3e491e883e23665acdfe801c1559d67026fbcd533dfce70d5a6270
95e4c6949ac204908fb72ad3572730075c51644b3683746e11cc1192108bf303
98d410fc0c96ec6d8dc9120fd0fc244390b0292bab05412336cdf110ae719e29
9a24dc75b4b3c4341c1c671f96141dfd1183c66c6281791cd2b5d74fe9b257b2
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86
9e2ac756b7d18a0715d66cff4a48f4ba89882b3bcec6cd4fda5455387eaff84d
9ebd2ca9ffdae715422514a52cabb0852d1fc54c8f1f645a767f3d1089cb240c
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a151cd0ce17efc76f5fe92c0721fa47031a36190c5ac7ee5f6512b9ac734d277
a28b55f41413d16c71a76b7af3ff9f707323bb3906096b85f7a581415aaeff55
a4135cd61dfa379bb61b0718f3a20dc8b25d0b8f4e3f2e52ef4d0e5be736136c
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1
a9463aa6bc04e8ed65268ee58b03fb119d097a4ec5f33f0dcb3750d4d75f28c3
aaca9feb9e33cf12a261bd3aa24977a549b72df3a723e8e8291ce8745c70ef0e
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a
ad979399a6f4a784764fabf153ff7728f2cf56a876627cddd3e272e8cebe9e05
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b25ebe4576f6a7fa46c6ff7010c53f137c1b635d378341302ea12badbf9fbacb
b2614739e5032eef7a58aa35faf7010861d20c62b93b0e8d42a1e8d0a2a7ffa2
b3052cb4159c6c3da4cee05fc67f879dfc7c5cf59628a6fd37485cf4c685f60d
b333c7f773aa4f325289b9f395a20df02c21f05e0be5415f717e6376232904b8
b3fce6c522254e35e5dbbdd484afaacc4007ffc56c7cb235b9a6e7b15d3d6f5a
b5e55ab86aff99a1d6ef13c9f0ae6d3e3ad3e6e6baa6141a0a1d42beb0d678aa
b62c5e6e7f015c810ea23b3cbb9bfb652540ddc3a00f2aea404239a6ddc547e8
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a
bc9ac2a4c8dc66d4dcaaeced1bb0fe5f2476da3fc9ffcc58b867d1ac9e766e56
bde4de4194ceb22b55373fc7253d4f4d8560220a0a65672c757f599b535dca2d
bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c
c0d871d5f9d0fb4ddf16fffccba31fe0f9e933df787e2c45b361dc57a597fca2
c1255c225e18e01faae68870c17c44c85368bf6c4120d0e674615f7a9ccc70d2
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c1b2da575466eb30982e08c1020f55bcf2d9565f53bd64c3da87a1d774d75588
c4c9e69fc66416688824527064b028ed03b18ce5e446dbc3deba6228e9c41a3c
c4f393315ffc75417c9c350e709bbcca2d2e9d5640fa0925b32088ff1ed6c84f
c7b24b5c577eb559cfd73af20bddaa795cb60cdc2b1c928f2e7a913a83196755
cad4c9f9d1cb86fa9c63ffff5f75d98e72f669d27d045940eee183bbf3fea591
cb999f85fd1d501283263c9716367eb7fca38ef43777df0fa253ee71bdf19565
cc2f6c397b2c8bc2ffe3a7f98875347fd37f44f8297f60b1f961123846cad866
cf035fa0bfc989035b3a60bd3384033c03a80a1ba4103a81d20e0bd053301e9a
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5
cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d2db2d1db7d55fbe2938a156d74dcf4119263c8ac936549ea4fc1c838d0aba2d
d469330093a2cebd898628a339df6abaf5edcb89e85769ff79840371195a7d1f
d7502e785bdc8f7184cab7e278053c49be4458393085eb2fbddabf35b895c310
d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60
dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc
dcaa4bf67ba1198b85332a0c4712f44448246e29eedafdd2e6e744a40bb44c35
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e31c749d5758d983a69c28c8475100a27b5d12493bc8823fefd31b27af5aa76f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0
e8090651b52c256938df2fb0582f24521fe0476939aab81d01b7f31a7ac75beb
e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3
e95ae6bc878c84c98ce8435e7546c02b847773de6053b098709bd28fce89dc0c
e9ce2d80642f3fc19499ffce87f1eb72e4dca888883b42fafa2503a6973a6c82
eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d
eb840eb3e3c8d008226b2991872a22cd79d7c72fab1e8d3597d8d0b687ef418b
ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f81deecfe24c78cbc7d34f6c4def4d4dd615c37fc575dcbaff96406c9ff05a2e
f9b312b5a2ee6dc4ec23bab90455c84f65ce36f73c5e162f251dc4fdf8cc1c3e
f9d27feb9e971002d29bf9918639f452ab7e92f53ca38e36d5fc38a6f32f01d4
fa7ee0a66d08c7be5a504759489d6afb1e93086d85f0f3dd8dc25170d0922297
fe02c6f5a37c72317bbd729b31e3b19ad08e8ccf0f22c2553f3417353d9d63b1

pcloak.blob.core.windows.net Open in urlscan Pro 20.60.220.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

361 Requests

88 %HTTPS

41 %IPv6

49 Domains

75 Subdomains

58 IPs

11 Countries

5324 kBTransfer

11252 kBSize

43 Cookies

0 Outgoing links

Redirected requests

361 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Screenshot
Live screenshot

Full Image

361
Requests

88 %
HTTPS

41 %
IPv6

49
Domains

75
Subdomains

58
IPs

11
Countries

5324 kB
Transfer

11252 kB
Size

43
Cookies

361 HTTP transactions
7 data transactions