pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_A...
Submission: On July 11 via api (July 11th 2023, 10:51:27 pm UTC) from TR — Scanned from DE

Summary HTTP 317 Redirects Behaviour Indicators

Summary

This website contacted 60 IPs in 12 countries across 51 domains to perform 317 HTTP transactions. The main IP is 20.60.220.36, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pcloak.blob.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on March 22nd 2023. Valid for: a year.

This is the only time pcloak.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	20.60.220.36 20.60.220.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NIOBEBILI...) (NIOBEBILISIMHIZMETLERI)
4	2606:4700:10:... 2606:4700:10::6814:e66f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	31.3.2.72 31.3.2.72	21245 (MEDIANOVA...) (MEDIANOVA-CDN)
27	185.7.176.221 185.7.176.221	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
2	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
40	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
3	108.138.37.209 108.138.37.209	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
14	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
1	18.173.159.32 18.173.159.32	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
4	185.7.176.222 185.7.176.222	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
4	99.84.88.66 99.84.88.66	16509 (AMAZON-02) (AMAZON-02)
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	160.16.238.49 160.16.238.49	9370 (SAKURA-B ...) (SAKURA-B SAKURA Internet Inc.)
5	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1 35	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1	2600:9000:20c... 2600:9000:20c3:bc00:3:4706:a6c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:26d... 2600:9000:26da:1800:1b:f040:3600:93a1	16509 (AMAZON-02) (AMAZON-02)
1	154.58.197.185 154.58.197.185	174 (COGENT-174) (COGENT-174)
2 7	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
8 39	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
3 7	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
4 6	185.89.210.90 185.89.210.90	29990 (ASN-APPNEX) (ASN-APPNEX)
4	2001:4860:480... 2001:4860:4802:32::3	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1	142.250.13.154 142.250.13.154	15169 (GOOGLE) (GOOGLE)
26	2a00:1450:400... 2a00:1450:4001:82a::2006	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:6b::6	15169 (GOOGLE) (GOOGLE)
1	34.248.62.209 34.248.62.209	16509 (AMAZON-02) (AMAZON-02)
3 6	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
5 5	198.47.127.19 198.47.127.19	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
3 4	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
3 3	18.203.168.4 18.203.168.4	16509 (AMAZON-02) (AMAZON-02)
6 6	46.228.174.117 46.228.174.117	56396 (AMOBEE) (AMOBEE)
1	185.7.176.4 185.7.176.4	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
1 2	2620:116:800d... 2620:116:800d:21:ef75:8280:f209:5ba1	16509 (AMAZON-02) (AMAZON-02)
2 2	37.157.6.237 37.157.6.237	198622 (ADFORM) (ADFORM)
2 2	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
1 2	23.192.153.28 23.192.153.28	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	52.212.148.89 52.212.148.89	16509 (AMAZON-02) (AMAZON-02)
2 2	35.204.74.118 35.204.74.118	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
3 3	18.192.77.207 18.192.77.207	16509 (AMAZON-02) (AMAZON-02)
1 1	185.29.132.245 185.29.132.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	2a05:d018:d29... 2a05:d018:d29:3601:40e6:3444:17d5:43eb	16509 (AMAZON-02) (AMAZON-02)
2 2	213.155.156.168 213.155.156.168	1299 (TWELVE99 ...) (TWELVE99 Arelion)
2	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
1	185.86.139.102 185.86.139.102	201081 (SMARTADSE...) (SMARTADSERVER)
4	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
1	213.202.235.9 213.202.235.9	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:26d... 2600:9000:26da:fe00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
6	2600:1f13:800... 2600:1f13:800:7781:137e:246c:f226:35e4	() ()
1 2	185.7.176.223 185.7.176.223	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
317	60

4 20.60.220.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pcloak.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NIOBEBILISIMHIZMETLERI, TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:10::6814:e66f (United States)

ASN13335 (CLOUDFLARENET, US)

www.nefisyemektarifleri.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i2.nefisyemektarifleri.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.nefisyemektarifleri.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

mn.nytcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.3.2.72 (Frankfurt am Main, Germany)

ASN21245 (MEDIANOVA-CDN, TR)

i.nefisyemektarifleri.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 185.7.176.221 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

static.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng2.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
logger.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.138.37.209 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-37-209.muc50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.173.159.32 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-159-32.muc50.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.7.176.222 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

c1.imgiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 99.84.88.66 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-88-66.muc50.r.cloudfront.net

bitbeat7.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

feed.pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 160.16.238.49 (Tokyo, Japan)

ASN9370 (SAKURA-B SAKURA Internet Inc., JP)
PTR: tk2-261-40045.vs.sakura.ne.jp

placehold.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20c3:bc00:3:4706:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cti.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:26da:1800:1b:f040:3600:93a1 (United States)

ASN16509 (AMAZON-02, US)

ads.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 154.58.197.185 (Indonesia)

ASN174 (COGENT-174, US)
PTR: staticip-hv4m185.hispavista.com

t.hspvst.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 172.217.18.2 (United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.80.39.216 (Canada) 3 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.89.210.90 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:4860:4802:32::3 (United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.13.154 (United States)

ASN15169 (GOOGLE, US)
PTR: we-in-f154.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:82a::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:6b::6 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

r1---sn-4g5ednss.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.248.62.209 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-62-209.eu-west-1.compute.amazonaws.com

i.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:18ad (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Bad Durrheim, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 198.47.127.19 (United States) 5 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 51.89.9.252 (London, United Kingdom) 3 redirects

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.203.168.4 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-203-168-4.eu-west-1.compute.amazonaws.com

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 46.228.174.117 (United Kingdom) 6 redirects

ASN56396 (AMOBEE, GB)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.7.176.4 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

panel.izlesene.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:ef75:8280:f209:5ba1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.237 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.245.213 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.192.153.28 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-192-153-28.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.212.148.89 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-148-89.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.204.74.118 (Groningen, Netherlands) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 118.74.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.192.77.207 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-192-77-207.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.245 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:d29:3601:40e6:3444:17d5:43eb (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.168 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.102 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.202.235.9 (Grenzach-Wyhlen, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.75.62.37 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:26da:fe00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:1f13:800:7781:137e:246c:f226:35e4 (None, )

ASN- ()

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.7.176.223 (Turkey) 1 redirects

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

istr.izlesene.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
istr-n23.nktcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
82	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 135 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 160	696 KB
70	doubleclick.net 8 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 216 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 cm.g.doubleclick.net — Cisco Umbrella Rank: 254 bid.g.doubleclick.net — Cisco Umbrella Rank: 810 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 346	443 KB
29	2mdn.net 1 redirects s0.2mdn.net — Cisco Umbrella Rank: 325 gcdn.2mdn.net — Cisco Umbrella Rank: 1112 r1---sn-4g5ednss.c.2mdn.net	3 MB
27	virgul.com static.virgul.com — Cisco Umbrella Rank: 81866 ng.virgul.com — Cisco Umbrella Rank: 65490 ng2.virgul.com — Cisco Umbrella Rank: 74231 logger.virgul.com — Cisco Umbrella Rank: 84088	246 KB
12	gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com www.gstatic.com csi.gstatic.com fonts.gstatic.com	234 KB
11	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 951 static.adsafeprotected.com — Cisco Umbrella Rank: 624 dt.adsafeprotected.com	101 KB
10	google.com 2 redirects ampcid.google.com — Cisco Umbrella Rank: 2261 adservice.google.com — Cisco Umbrella Rank: 113 www.google.com — Cisco Umbrella Rank: 10	2 KB
10	nytcdn.com mn.nytcdn.com — Cisco Umbrella Rank: 431099	186 KB
7	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 635	5 KB
7	googleapis.com imasdk.googleapis.com — Cisco Umbrella Rank: 500 fonts.googleapis.com — Cisco Umbrella Rank: 88	598 KB
6	tribalfusion.com 3 redirects a.tribalfusion.com — Cisco Umbrella Rank: 893 s.tribalfusion.com — Cisco Umbrella Rank: 1946	3 KB
6	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 257 secure.adnxs.com — Cisco Umbrella Rank: 469	5 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 205	337 KB
6	nefisyemektarifleri.com www.nefisyemektarifleri.com — Cisco Umbrella Rank: 320439 i.nefisyemektarifleri.com — Cisco Umbrella Rank: 406978 i2.nefisyemektarifleri.com — Cisco Umbrella Rank: 498374 c.nefisyemektarifleri.com	156 KB
5	pubmatic.com 5 redirects image6.pubmatic.com — Cisco Umbrella Rank: 812	2 KB
4	1rx.io 4 redirects sync.1rx.io — Cisco Umbrella Rank: 613	3 KB
4	onetag-sys.com 3 redirects onetag-sys.com — Cisco Umbrella Rank: 857	1 KB
4	bitbeat7.com bitbeat7.com — Cisco Umbrella Rank: 445250	36 KB
4	imgiz.com c1.imgiz.com — Cisco Umbrella Rank: 136022	133 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 353 aax.amazon-adsystem.com — Cisco Umbrella Rank: 438	62 KB
4	windows.net pcloak.blob.core.windows.net	3 KB
3	yahoo.com 2 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 481 ups.analytics.yahoo.com — Cisco Umbrella Rank: 338	2 KB
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 359	1 KB
3	360yield.com 3 redirects match.360yield.com — Cisco Umbrella Rank: 2409	1 KB
3	w55c.net cti.w55c.net — Cisco Umbrella Rank: 4192 ads.w55c.net — Cisco Umbrella Rank: 12943 i.w55c.net — Cisco Umbrella Rank: 2590	67 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	297 B
2	openx.net rtb.openx.net — Cisco Umbrella Rank: 982	348 B
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 5037	647 B
2	simpli.fi 2 redirects um.simpli.fi — Cisco Umbrella Rank: 981	1 KB
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1425	449 B
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 422	957 B
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 633	1 KB
2	quantserve.com 1 redirects cms.quantserve.com — Cisco Umbrella Rank: 862	819 B
2	izlesene.com 1 redirects panel.izlesene.com — Cisco Umbrella Rank: 982144 istr.izlesene.com — Cisco Umbrella Rank: 357056	1 KB
2	unrulymedia.com 2 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1372	1 KB
2	placehold.jp placehold.jp — Cisco Umbrella Rank: 350090	4 KB
2	pghub.io pghub.io — Cisco Umbrella Rank: 2090 feed.pghub.io — Cisco Umbrella Rank: 2360	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 173	156 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	158 KB
2	cloakan.co www.cloakan.co	742 B
1	nktcdn.com istr-n23.nktcdn.com
1	criteo.com dis.criteo.com — Cisco Umbrella Rank: 608	363 B
1	exactag.com m.exactag.com — Cisco Umbrella Rank: 11731	60 B
1	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 922	45 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 577	729 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 374	460 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1777	586 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 44074	610 B
1	hspvst.com t.hspvst.com — Cisco Umbrella Rank: 188023	922 B
1	google.de ampcid.google.de — Cisco Umbrella Rank: 52173	377 B
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 63	21 KB
317	51

	Domain	Requested by
40	pagead2.googlesyndication.com	static.virgul.com pagead2.googlesyndication.com 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com googleads.g.doubleclick.net imasdk.googleapis.com tpc.googlesyndication.com www.nefisyemektarifleri.com s0.2mdn.net www.googletagservices.com securepubads.g.doubleclick.net
39	cm.g.doubleclick.net	8 redirects googleads.g.doubleclick.net 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com www.nefisyemektarifleri.com
35	tpc.googlesyndication.com	1 redirects googleads.g.doubleclick.net 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com imasdk.googleapis.com pcloak.blob.core.windows.net tpc.googlesyndication.com s0.2mdn.net securepubads.g.doubleclick.net
26	s0.2mdn.net	2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com pcloak.blob.core.windows.net imasdk.googleapis.com s0.2mdn.net www.nefisyemektarifleri.com
14	googleads.g.doubleclick.net	pagead2.googlesyndication.com 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com www.nefisyemektarifleri.com
12	securepubads.g.doubleclick.net	static.virgul.com securepubads.g.doubleclick.net 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
10	ng.virgul.com	static.virgul.com www.nefisyemektarifleri.com ng2.virgul.com
10	mn.nytcdn.com	www.nefisyemektarifleri.com mn.nytcdn.com
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
7	www.google.com	2 redirects 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com tpc.googlesyndication.com
7	2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
7	ng2.virgul.com	static.virgul.com www.nefisyemektarifleri.com
7	static.virgul.com	www.nefisyemektarifleri.com static.virgul.com pcloak.blob.core.windows.net
6	dt.adsafeprotected.com	2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
6	www.googletagservices.com	googleads.g.doubleclick.net 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
5	image6.pubmatic.com	5 redirects
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
5	imasdk.googleapis.com	c1.imgiz.com 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com imasdk.googleapis.com
4	googleads4.g.doubleclick.net	pcloak.blob.core.windows.net
4	sync.1rx.io	4 redirects
4	onetag-sys.com	3 redirects 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
4	csi.gstatic.com	imasdk.googleapis.com
4	bitbeat7.com	ng2.virgul.com www.nefisyemektarifleri.com bitbeat7.com
4	c1.imgiz.com	static.virgul.com c1.imgiz.com www.nefisyemektarifleri.com
4	pcloak.blob.core.windows.net	pcloak.blob.core.windows.net
3	logger.virgul.com	c1.imgiz.com
3	static.adsafeprotected.com	fw.adsafeprotected.com 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
3	x.bidswitch.net	3 redirects
3	match.360yield.com	3 redirects
3	s.tribalfusion.com	www.nefisyemektarifleri.com 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
3	a.tribalfusion.com	3 redirects
3	fonts.gstatic.com	fonts.googleapis.com
3	www.facebook.com	www.nefisyemektarifleri.com
3	c.amazon-adsystem.com	static.virgul.com c.amazon-adsystem.com
2	rtb.openx.net	2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
2	d5p.de17a.com	2 redirects
2	pr-bh.ybp.yahoo.com	2 redirects
2	um.simpli.fi	2 redirects
2	fw.adsafeprotected.com	1 redirects pcloak.blob.core.windows.net
2	sync.teads.tv	1 redirects www.nefisyemektarifleri.com
2	eb2.3lift.com	2 redirects
2	c1.adform.net	2 redirects
2	cms.quantserve.com	1 redirects 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
2	sync.targeting.unrulymedia.com	2 redirects
2	r1---sn-4g5ednss.c.2mdn.net	www.nefisyemektarifleri.com
2	encrypted-tbn2.gstatic.com	googleads.g.doubleclick.net
2	encrypted-tbn1.gstatic.com	googleads.g.doubleclick.net
2	fonts.googleapis.com	googleads.g.doubleclick.net 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
2	placehold.jp	www.nefisyemektarifleri.com bitbeat7.com
2	adservice.google.com	securepubads.g.doubleclick.net
2	connect.facebook.net	pcloak.blob.core.windows.net connect.facebook.net
2	c.nefisyemektarifleri.com	www.nefisyemektarifleri.com
2	www.googletagmanager.com	www.nefisyemektarifleri.com www.googletagmanager.com
2	i.nefisyemektarifleri.com	www.nefisyemektarifleri.com
2	www.cloakan.co	pcloak.blob.core.windows.net
1	istr-n23.nktcdn.com	www.nefisyemektarifleri.com
1	istr.izlesene.com	1 redirects
1	ups.analytics.yahoo.com	2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
1	dis.criteo.com	2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
1	m.exactag.com	2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
1	ssbsync.smartadserver.com	2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
1	sync.mathtag.com	1 redirects
1	secure.adnxs.com	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	panel.izlesene.com	c1.imgiz.com
1	dsp.adfarm1.adition.com	1 redirects
1	gcm.ctnsnet.com	1 redirects
1	i.w55c.net	2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
1	gcdn.2mdn.net	1 redirects
1	bid.g.doubleclick.net	imasdk.googleapis.com
1	t.hspvst.com	2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
1	ads.w55c.net	2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
1	cti.w55c.net	2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
1	www.gstatic.com	googleads.g.doubleclick.net
1	feed.pghub.io	pghub.io
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	pghub.io	static.virgul.com
1	ampcid.google.de	www.google-analytics.com
1	ampcid.google.com	www.google-analytics.com
1	www.google-analytics.com	www.googletagmanager.com
1	i2.nefisyemektarifleri.com	www.nefisyemektarifleri.com
1	www.nefisyemektarifleri.com	www.cloakan.co
317	82

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2023-03-22` - `2024-03-22`	a year	crt.sh
cpanel.cloakan.co R3	`2023-07-03` - `2023-10-01`	3 months	crt.sh
*.nefisyemektarifleri.com Thawte RSA CA 2018	`2022-06-24` - `2023-07-25`	a year	crt.sh
nytcdn.com E1	`2023-05-17` - `2023-08-15`	3 months	crt.sh
*.virgul.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-24` - `2023-09-28`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-04-20` - `2023-07-19`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.google.de GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
*.imgiz.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-27` - `2023-09-09`	a year	crt.sh
bitbeat7.com Amazon RSA 2048 M01	`2023-02-28` - `2023-12-02`	9 months	crt.sh
placehold.jp R3	`2023-07-01` - `2023-09-29`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.w55c.net Amazon RSA 2048 M02	`2023-05-29` - `2024-06-25`	a year	crt.sh
*.hspvst.com Gandi Standard SSL CA 2	`2022-12-12` - `2023-12-09`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.izlesene.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-05` - `2024-08-04`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
*.exactag.com Sectigo ECC Domain Validation Secure Server CA	`2022-08-19` - `2023-09-15`	a year	crt.sh
*.c.docs.google.com GTS CA 1C3	`2023-07-04` - `2023-09-12`	2 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-12` - `2023-08-10`	3 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-02-21` - `2023-08-16`	6 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-05-09` - `2024-06-06`	a year	crt.sh

This page contains 41 frames:

Primary Page: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB
Frame ID: 2A21EF5D16FEC05D7DA9EAE9B892AC7A
Requests: 6 HTTP requests in this frame

Frame: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Frame ID: 82A32B119C15ECF067D52FEDCB00EA4B
Requests: 78 HTTP requests in this frame

Frame: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Frame ID: 7549DC5BC0C3689316E393BB45817AE6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230710/r20190131/zrt_lookup.html
Frame ID: CA7A2BC969BE65F4A2B490C2168A0541
Requests: 1 HTTP requests in this frame

Frame: https://ng2.virgul.com/ic/5e73154be4b0016313fa90d5?g=1&t=cpc_annotation&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&info=&mt=1689115883758&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost
Frame ID: 3798C45E10E2F2BED5A3689693215B2B
Requests: 2 HTTP requests in this frame

Frame: https://ng2.virgul.com/adview?a=5e73154be4b0016313fa90d5&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689115883874&mt=1689115883758&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a&vmn=5e73154be4b0016313fa90d5___154248-194842644
Frame ID: 44A0BBD5B45CFBE804D2D77427A4EFE3
Requests: 4 HTTP requests in this frame

Frame: https://ng2.virgul.com/ic/5e73154be4b0016313fa90d5?g=1&t=cpc_annotation&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&info=&mt=1689115883758&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost
Frame ID: 23C7AB026EED5E5D7B6B252BAC56BE21
Requests: 2 HTTP requests in this frame

Frame: https://ng2.virgul.com/adview?a=5e73154be4b0016313fa90d5&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689115883874&mt=1689115883758&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a&vmn=5e73154be4b0016313fa90d5___154248-1948426442
Frame ID: BCAD84A553E1C4561A5BDBE6D85C6589
Requests: 4 HTTP requests in this frame

Frame: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 1507D6A0C57626E992C91E272402111F
Requests: 1 HTTP requests in this frame

Frame: https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D
Frame ID: 8B39D89ED132571B4D4D7086A9C34665
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689115883954&bpp=4&bdt=683&idt=219&shv=r20230710&mjsv=m202306290101&ptt=9&saldr=aa&nras=1&correlator=3311523031480&frm=24&ife=1&pv=2&ga_vid=1596421245.1689115884&ga_sid=1689115884&ga_hid=71987472&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=1843544316&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C31075758%2C31075881%2C44788442%2C21065724&oid=2&pvsid=413980555089297&tmod=845280809&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.i0yur3un8s5j&fsb=1&dtd=232
Frame ID: F50D1516B3FB8412E686566B7C7E0C9E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=280&slotname=6444949229&adk=4082077109&adf=3927512983&pi=t.ma~as.6444949229&w=970&fwrn=16&fwrnh=100&lmt=1689114300&rafmt=1&format=970x280&url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&fwr=0&fwrattr=true&rw=970&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689115884002&bpp=2&bdt=731&idt=187&shv=r20230710&mjsv=m202306290101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3311523031480&frm=22&ife=1&pv=1&ga_vid=1596421245.1689115884&ga_sid=1689115884&ga_hid=71987472&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=1843544316&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C31075758%2C31075881%2C44788442%2C21065724&oid=2&pvsid=413980555089297&tmod=845280809&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=2.1oxg8e5xb3ne&fsb=1&xpc=Ioj73wlDL6&p=https%3A//www.nefisyemektarifleri.com&dtd=193
Frame ID: E18385A1016F8FCD22C2479A67D28F06
Requests: 17 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 663AB51BCF0FDCDF0A30196E7D2A7535
Requests: 1 HTTP requests in this frame

Frame: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: C278499CEADFAE1C0A269A530DC34CF9
Requests: 19 HTTP requests in this frame

Frame: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: AA0EC663BE1BA659AE6C0289CA33B69B
Requests: 12 HTTP requests in this frame

Frame: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 09D272381A592BAB455ACFC432E7986A
Requests: 13 HTTP requests in this frame

Frame: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 63EC114CAF927564E9353CC0640CDF20
Requests: 21 HTTP requests in this frame

Frame: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: D5D011EB06C63DFC2C63238484EF86E0
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQt9LfAhjFzOfbATAB&v=APEucNUt-QpygHiaz4OZ-f-2k7fVqARrtJWGkw3sE1Z4g8rV44e2BqTkT0iZyxUImRryeo_GgnN0qriWbJA0FfU9OF6B5wCzqkI5gie_ayqaQIiiYAJUmVj-P_jShAii0hQMkZw3QSYsnBH4EdvSIlOFHdAuHLXMbAcn_2ueJ1yHF6MOHOfij2A
Frame ID: 51D99FE021443729E14923CC6C018AB3
Requests: 5 HTTP requests in this frame

Frame: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 276C16083EB14F4CFFCFF6E0AF042490
Requests: 30 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbIhtYEEM2TpN8EGPjkxe8BMAE&v=APEucNW0mhUJ4LlfMtwmf-p63pxMsTBl1JIKQ4unzFa-OgeNHi6DwSSvSk-D5EbaD8QrUVmxP2LZeEuarUXgzt0_jW8JpWSzsgkerCRxWnCphHYZzgjMBtwrAecUe6Tr3NF0HB5m2B7dJF-kkBxalh6O253KUoNpfVc4jz5lq9Zw80lIHo44X7I
Frame ID: BDBE0778007B79279971684A9ACD287B
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 179BED37E4F581E05073B6FD342B2846
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: B4923EA206B41AAB0429DF3B5B471E0D
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: BFAB7D3D78994C6864CE525BC9C02116
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js
Frame ID: 1F744AADF2AF5F8E4377719E55199D43
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: EA60BC6620C54F6B3C9B7A8A76838C35
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: DEBCE1BAEE40224C84BD75F0E4E99D3A
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B3EF65F4D37F75410210853ADE1806A3
Requests: 9 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.580.0_en.html
Frame ID: F7FC6CD4C3E4B30F52E973D644E8C661
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 2ADD1B016302CD6C45DB2AC32EE9661E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 249D8ED40517959A019A5526BDA48325
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 3772DDA2540A663C014F4C358E0AD397
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10776139036581716392/index.html?e=69&leftOffset=0&topOffset=0&c=WldR1jgurf&t=1&renderingType=2&ev=01_250
Frame ID: 942DC111516BD4B3D0E9248E1CDCEE4F
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B69B05E3916C5396AF346874C8ADB5D0
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5ADD48C804DCE3565C523FA10C749EA3
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12339641061559367785/index.html?e=69&leftOffset=0&topOffset=0&c=rlPKL8Z2GL&t=1&renderingType=2&ev=01_250
Frame ID: 9B2A8353A458AFB80AE07674DB12E666
Requests: 12 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 9B6C905BB450E632BE2285ED1A500B16
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js
Frame ID: 8AE312FA0FF9BD4ABF45774C6AFDDD03
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js
Frame ID: 4C62DF77DF9537630C82F9D460436F03
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: FF36E84AF4D779ACCB83102E5E05AF88
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F55F80E9B5859F3E54006E4902C9560C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

317
Requests

85 %
HTTPS

45 %
IPv6

51
Domains

82
Subdomains

60
IPs

12
Countries

6501 kB
Transfer

14106 kB
Size

37
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 85

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgODKz-eDfhCwCRiwCTIIjV9upJawnso HTTP 301
https://tpc.googlesyndication.com/simgad/12902815231273958923

Request Chain 126

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJPOXT_2uhEdk3sIUx4g9Us&google_cver=1

Request Chain 127

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZK3c7JItjehVWzs..FW3SAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJPOXT_2uhEdk3sIUx4g9Us&google_cver=1&google_hm=2

Request Chain 128

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEN1_Ha_Sz1iFHuWeOKfGaU8&google_cver=1

Request Chain 129

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDk0MjM1OTA0NDEzMDE5MjMwOQ%3D%3D

Request Chain 161

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJPOXT_2uhEdk3sIUx4g9Us&google_cver=1

Request Chain 162

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZK3c7JItjehVWzs..FW3SAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJPOXT_2uhEdk3sIUx4g9Us&google_cver=1&google_hm=2

Request Chain 163

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEN1_Ha_Sz1iFHuWeOKfGaU8&google_cver=1

Request Chain 164

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDk0MjM1OTA0NDEzMDE5MjMwOQ%3D%3D

Request Chain 176

https://gcdn.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720651885/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/0858F1F2CF540A5694C00E412379216B567DF259.50B67ACCD6E074DE8290EEEE6D0EF5F2D15711F2/key/ck2/file/file.mp4 HTTP 302
https://r1---sn-4g5ednss.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720651885/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/1A47E32EE2C09EDF53A23C49736E02321F89D9EB.754592A5F564A60B8E05BF64B1C683669516B57B/key/cms1/cms_redirect/yes/mh/xb/mip/2001:1b60:1010:2:1012:39f8:745c:d74/mm/42/mn/sn-4g5ednss/ms/onc/mt/1689115415/mv/u/mvi/1/pl/29/file/file.mp4

Request Chain 186

https://a.tribalfusion.com/i.match?p=b6&u=CAESECxj97dEpEbQOtd_-hVjwt8&google_cver=1&google_push=AaAOQGFuV8TDkZnJrLba8xEqkhT6Rbxp09FV1BdLv4O8V2wOGk7rC4uth-jP-dtq5QbzlqKUIl34XhaGYgJsUFbI45e9WI2owuHJTw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGFuV8TDkZnJrLba8xEqkhT6Rbxp09FV1BdLv4O8V2wOGk7rC4uth-jP-dtq5QbzlqKUIl34XhaGYgJsUFbI45e9WI2owuHJTw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESECxj97dEpEbQOtd_-hVjwt8&google_cver=1&google_push=AaAOQGFuV8TDkZnJrLba8xEqkhT6Rbxp09FV1BdLv4O8V2wOGk7rC4uth-jP-dtq5QbzlqKUIl34XhaGYgJsUFbI45e9WI2owuHJTw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGFuV8TDkZnJrLba8xEqkhT6Rbxp09FV1BdLv4O8V2wOGk7rC4uth-jP-dtq5QbzlqKUIl34XhaGYgJsUFbI45e9WI2owuHJTw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 187

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESECJsILMId5rW8dsgw4L83jg&google_cver=1&google_push=AaAOQGEqMUY4VR3S_EKQSdzEefO7EGBmfk7Q4UrzzbM5FYaKX1nuq60oc4BxjAlfFsDM9-ABQ-1bnXTq1XRXmyULoKgZL29ZFcvhSg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGEqMUY4VR3S_EKQSdzEefO7EGBmfk7Q4UrzzbM5FYaKX1nuq60oc4BxjAlfFsDM9-ABQ-1bnXTq1XRXmyULoKgZL29ZFcvhSg&google_hm=4QgSJvLfQA6xgyGMiOtDcbc

Request Chain 188

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEMezLPIF41N67ll2BMddKS4&google_cver=1&google_push=AaAOQGGKxUXUqc7gr9QzAVY0NtWhw5wegTMUCb2Hq-7AuMUb3H4F9EXNZFcUMK1qZSyiuU14DnUJ5QOYrzggmDMWR_JxgsanMGU8Xw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1NDY5NzQ4NTIzMjg5NjE1MQ%3D%3D&google_push=AaAOQGGKxUXUqc7gr9QzAVY0NtWhw5wegTMUCb2Hq-7AuMUb3H4F9EXNZFcUMK1qZSyiuU14DnUJ5QOYrzggmDMWR_JxgsanMGU8Xw

Request Chain 189

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBIOMXEjg6GFzndS56UxOEQ&google_cver=1&google_push=AaAOQGHaHq6xZmvN-SNBkwP2SKKF5Qxke8dn8bMtZ1To2QQJ-A5sQwsYHCHiQrBLV2R_eBDx7qWpFQ6J4S0MccySlM0Z19YDmIwJ HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBIOMXEjg6GFzndS56UxOEQ&google_cver=1&google_push=AaAOQGHaHq6xZmvN-SNBkwP2SKKF5Qxke8dn8bMtZ1To2QQJ-A5sQwsYHCHiQrBLV2R_eBDx7qWpFQ6J4S0MccySlM0Z19YDmIwJ&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GaKNndidRR-jveUq6OgFrA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHaHq6xZmvN-SNBkwP2SKKF5Qxke8dn8bMtZ1To2QQJ-A5sQwsYHCHiQrBLV2R_eBDx7qWpFQ6J4S0MccySlM0Z19YDmIwJ

Request Chain 190

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEGoBeAkuCV-8nkdNvGGjDt8&google_cver=1&google_push=AaAOQGEm_ezOVfQjQGyFYBIXoDHjMiii0F77dAJOqKFO1v5T7HXIQoDDr8G-JX__Ssc5w50cFF8BvjKvp2NRlGXi0exYKd40xqQkgg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGEm_ezOVfQjQGyFYBIXoDHjMiii0F77dAJOqKFO1v5T7HXIQoDDr8G-JX__Ssc5w50cFF8BvjKvp2NRlGXi0exYKd40xqQkgg

Request Chain 191

https://match.360yield.com/match/ebda?google_gid=CAESEBmIT6GWn9D83sZQtSa_KwM&google_cver=1&google_push=AaAOQGG3P15tewfWiyYDW5nnztivslyKwI8X1JpyJD3Drt762EkZp6XMXGAiJQSRYcOx41JRkWNfcevBqX91_Q63EQ-dcG-z1peFog HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEBmIT6GWn9D83sZQtSa_KwM&google_cver=1&google_push=AaAOQGG3P15tewfWiyYDW5nnztivslyKwI8X1JpyJD3Drt762EkZp6XMXGAiJQSRYcOx41JRkWNfcevBqX91_Q63EQ-dcG-z1peFog HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=dGMJ18AAQxumdCjJzDMIpQ&google_push=AaAOQGG3P15tewfWiyYDW5nnztivslyKwI8X1JpyJD3Drt762EkZp6XMXGAiJQSRYcOx41JRkWNfcevBqX91_Q63EQ-dcG-z1peFog

Request Chain 192

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEILi9-X2egRsxJxQso_kJmg&google_cver=1&google_push=AaAOQGF-14aP1L_FDcTHj5dy11VoPduARQuhVDVp9wAH3CFdW1IQyBCnTOOGX6xigRfA_Gjv3x2ol_mjMmun0DssZoWsiI48tCCO HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AaAOQGF-14aP1L_FDcTHj5dy11VoPduARQuhVDVp9wAH3CFdW1IQyBCnTOOGX6xigRfA_Gjv3x2ol_mjMmun0DssZoWsiI48tCCO&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1689115885244 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-d31a465d-2612-4819-880a-62be39e763be-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAaAOQGF-14aP1L_FDcTHj5dy11VoPduARQuhVDVp9wAH3CFdW1IQyBCnTOOGX6xigRfA_Gjv3x2ol_mjMmun0DssZoWsiI48tCCO%26google_hm%3DA9MaRl0mEkgZiApivjnnY74 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGF-14aP1L_FDcTHj5dy11VoPduARQuhVDVp9wAH3CFdW1IQyBCnTOOGX6xigRfA_Gjv3x2ol_mjMmun0DssZoWsiI48tCCO&google_hm=A9MaRl0mEkgZiApivjnnY74

Request Chain 207

https://a.tribalfusion.com/i.match?p=b6&u=CAESENq0E6ZTNyMf8CcDGzF9Z20&google_cver=1&google_push=AaAOQGGWOs6zze_rTObWH9thpSRamw4xTx8tGkePHzvHJI_AK_IcU8NpgImLSBc1hCbFPTBLTdmtMbWPF2R3Vi8mM8NFL0S7N0wyWA&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGGWOs6zze_rTObWH9thpSRamw4xTx8tGkePHzvHJI_AK_IcU8NpgImLSBc1hCbFPTBLTdmtMbWPF2R3Vi8mM8NFL0S7N0wyWA%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENq0E6ZTNyMf8CcDGzF9Z20&google_cver=1&google_push=AaAOQGGWOs6zze_rTObWH9thpSRamw4xTx8tGkePHzvHJI_AK_IcU8NpgImLSBc1hCbFPTBLTdmtMbWPF2R3Vi8mM8NFL0S7N0wyWA&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGGWOs6zze_rTObWH9thpSRamw4xTx8tGkePHzvHJI_AK_IcU8NpgImLSBc1hCbFPTBLTdmtMbWPF2R3Vi8mM8NFL0S7N0wyWA%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 208

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEFeC7lRQDk8aakQfh9C8WmE&google_cver=1&google_push=AaAOQGF8VJty8-BksnGJ4uSzW-FA_IQpV8e5Ojujlz-FrS4o9AyryliNGV7KSglq8behX7P8PjeeLv5FBXqHNmiDSmDP6wd8UdP77A HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEFeC7lRQDk8aakQfh9C8WmE&google_cver=1&google_push=AaAOQGF8VJty8-BksnGJ4uSzW-FA_IQpV8e5Ojujlz-FrS4o9AyryliNGV7KSglq8behX7P8PjeeLv5FBXqHNmiDSmDP6wd8UdP77A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTE5MzU5MTgyMjAxNjMzMjk1Nw&google_push=AaAOQGF8VJty8-BksnGJ4uSzW-FA_IQpV8e5Ojujlz-FrS4o9AyryliNGV7KSglq8behX7P8PjeeLv5FBXqHNmiDSmDP6wd8UdP77A

Request Chain 209

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIGnMY19IZfbbyaXrMdW3tY&google_cver=1&google_push=AaAOQGHOKE-GH0gYhMra6M3ioGsIVYB3oykqRjTVnDho8CenO41d46S4Mli9iT4zFRRqZLlIbjJWDFlAVYEed9Ck1wUzvxN6QjfL HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIGnMY19IZfbbyaXrMdW3tY&google_cver=1&google_push=AaAOQGHOKE-GH0gYhMra6M3ioGsIVYB3oykqRjTVnDho8CenO41d46S4Mli9iT4zFRRqZLlIbjJWDFlAVYEed9Ck1wUzvxN6QjfL&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=R7dUWa-fRMqnnl7sVCyzPA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHOKE-GH0gYhMra6M3ioGsIVYB3oykqRjTVnDho8CenO41d46S4Mli9iT4zFRRqZLlIbjJWDFlAVYEed9Ck1wUzvxN6QjfL

Request Chain 210

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEJs0MlhhBJ2YPfvdMoaTJIA&google_cver=1&google_push=AaAOQGHrhDWTsl8u5nOJX8lk1f0Hkprp9-5VToW172XKHFTGiK3m68SEXYCrIPLE4PgcFdmGKCIzUFrqEDm1OolBwS3HC4Mi4oyNpw HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AaAOQGHrhDWTsl8u5nOJX8lk1f0Hkprp9-5VToW172XKHFTGiK3m68SEXYCrIPLE4PgcFdmGKCIzUFrqEDm1OolBwS3HC4Mi4oyNpw&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1689115885247 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-d31a465d-2612-4819-880a-62be39e763be-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAaAOQGHrhDWTsl8u5nOJX8lk1f0Hkprp9-5VToW172XKHFTGiK3m68SEXYCrIPLE4PgcFdmGKCIzUFrqEDm1OolBwS3HC4Mi4oyNpw%26google_hm%3DA9MaRl0mEkgZiApivjnnY74 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGHrhDWTsl8u5nOJX8lk1f0Hkprp9-5VToW172XKHFTGiK3m68SEXYCrIPLE4PgcFdmGKCIzUFrqEDm1OolBwS3HC4Mi4oyNpw&google_hm=A9MaRl0mEkgZiApivjnnY74

Request Chain 211

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELGa0H5TUgVdVrNdosKRLaY&google_cver=1&google_push=AaAOQGHlCamsY-212SA-gt_mUtRb5Khj6oEPe8Iv-owfhxEUfKjElYcNQHDFFqcAqiS_NlGTJg9SdrVn0Qy3dWrFCEBebVWPECLMSg HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AaAOQGHlCamsY-212SA-gt_mUtRb5Khj6oEPe8Iv-owfhxEUfKjElYcNQHDFFqcAqiS_NlGTJg9SdrVn0Qy3dWrFCEBebVWPECLMSg&google_gid=CAESELGa0H5TUgVdVrNdosKRLaY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzU1MDE3ODE0NTgzNzA4Njg0NzA4OQ%3D%3D&google_push=AaAOQGHlCamsY-212SA-gt_mUtRb5Khj6oEPe8Iv-owfhxEUfKjElYcNQHDFFqcAqiS_NlGTJg9SdrVn0Qy3dWrFCEBebVWPECLMSg

Request Chain 212

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEOuH_AIIpPiuK4esR_YK-l4&google_cver=1&google_push=AaAOQGFKpQzAbm0NKauL_YMKD21u5psX69VpYG57pbJwYWJb49bN6edtjXBg_N2uCa03bLkrck4TVM9UqWLS8HL9s9xIA4hc1_8vtw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AaAOQGFKpQzAbm0NKauL_YMKD21u5psX69VpYG57pbJwYWJb49bN6edtjXBg_N2uCa03bLkrck4TVM9UqWLS8HL9s9xIA4hc1_8vtw HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 220

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 223

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEDMz-MNS3AGJjQI9nmnikVw&google_cver=1&google_push=AaAOQGHdAlPOa23DNoBq-m4E63abrrYj3AeSVP1w10VyLVMRc1PClQWqBs25p-8d8ze9kEAcOA_uL2dt9aU-Yre_aht6CqTQB0A HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AaAOQGHdAlPOa23DNoBq-m4E63abrrYj3AeSVP1w10VyLVMRc1PClQWqBs25p-8d8ze9kEAcOA_uL2dt9aU-Yre_aht6CqTQB0A&google_hm=tBAKHyYpbJsqK7kcIGuisw

Request Chain 224

https://um.simpli.fi/gp_match?google_gid=CAESEAdmLEBnn6cWzUI45eJSxFA&google_cver=1&google_push=AaAOQGHIesXo-GD9z4YoEbL6EXXW4WzR2JKUgl2igZesTzMGsR1p3R0T5BpCGXx9CYO0zXeuJq4fwXWat6OVmiSEIbsht9PgBKU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=EA2ED22C10FA4FF8BBD9D899C80FC3DE&google_push=AaAOQGHIesXo-GD9z4YoEbL6EXXW4WzR2JKUgl2igZesTzMGsR1p3R0T5BpCGXx9CYO0zXeuJq4fwXWat6OVmiSEIbsht9PgBKU

Request Chain 225

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEC7x-78GRWhGWJbMZrfK9xI&google_cver=1&google_push=AaAOQGH162mLOVNu8PoajR4FME0WsZNX7-TVFGwyG5BUbJraf5v7Yeng-cZu2hd3_cENOWGhG3yOcwYfkn3DKG6J0SXjvnQlqfc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=R7dUWa-fRMqnnl7sVCyzPA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGH162mLOVNu8PoajR4FME0WsZNX7-TVFGwyG5BUbJraf5v7Yeng-cZu2hd3_cENOWGhG3yOcwYfkn3DKG6J0SXjvnQlqfc

Request Chain 226

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMO7eI6_BdAYwVdH_S4b8fU&google_cver=1&google_push=AaAOQGHq7b0dtAAyttvEWTcA6BRvS2tgSpYC3CfKqIhqeIy-HSiGX_95y7Fbr3Gr_nlRmo4GlyzfiA-Ez5p8D9XcFCckyiFjIA0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpZVlpJSjktMVotMk9GNw==&google_push=AaAOQGHq7b0dtAAyttvEWTcA6BRvS2tgSpYC3CfKqIhqeIy-HSiGX_95y7Fbr3Gr_nlRmo4GlyzfiA-Ez5p8D9XcFCckyiFjIA0

Request Chain 227

https://match.360yield.com/match/ebda?google_gid=CAESEEZ9X6br7v5jCVMm1OprUN4&google_cver=1&google_push=AaAOQGHbIzQwsjvg84u5C_j3MgpHi3nSxLVEuVc1UeldwhXuAP68Olk5T8CEsBjUbqQwITEUQYWuw2AqKuviqe64AtnIhOuzTug HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=dGMJ18AAQxumdCjJzDMIpQ&google_push=AaAOQGHbIzQwsjvg84u5C_j3MgpHi3nSxLVEuVc1UeldwhXuAP68Olk5T8CEsBjUbqQwITEUQYWuw2AqKuviqe64AtnIhOuzTug

Request Chain 228

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEPUuu4aI_skni67xljB62LY&google_cver=1&google_push=AaAOQGF-AOy-86RMiAymEMrzdIFDyWLxrfFqJ3MjcgxuWIR8z7KpNJ2tLoS2StbExI7c79tfFiDMc7-wE1OjmdBvZCaPAi7CD765 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NDk0MjM1OTA0NDEzMDE5MjMwOQ%3D%3D&google_gid=CAESEPUuu4aI_skni67xljB62LY&google_cver=1&google_push=AaAOQGF-AOy-86RMiAymEMrzdIFDyWLxrfFqJ3MjcgxuWIR8z7KpNJ2tLoS2StbExI7c79tfFiDMc7-wE1OjmdBvZCaPAi7CD765

Request Chain 229

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESENCljyD2J4Qnh6jyzN_dmVI&google_cver=1&google_push=AaAOQGGHvBF4C2n6E5iTqeyLpC4EQlEBGjsicWW07Mo8ImDX-mmMmLyzes3N_TsJYbLk4g7DlxqaiEfMXBhTQ6dsujGENiA3_4Sw HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESENCljyD2J4Qnh6jyzN_dmVI&google_cver=1&google_push=AaAOQGGHvBF4C2n6E5iTqeyLpC4EQlEBGjsicWW07Mo8ImDX-mmMmLyzes3N_TsJYbLk4g7DlxqaiEfMXBhTQ6dsujGENiA3_4Sw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=2c904e7c-1719-4cc0-a134-5aa114d71e23&%%GOOGLE_PUSH_PAIR%%

Request Chain 231

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEO6zwXUX5mLLtSbjpXeRFtI&google_cver=1&google_push=AaAOQGHgbQvwvrR1lVtANIwjxqF7k4ncsmzH5ij_5rsmjnUnjCh-xXxaYEdYd9vpIy9rBS6YyOsj_fEi71UTr4AJleUQg4I4kfqr HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGHgbQvwvrR1lVtANIwjxqF7k4ncsmzH5ij_5rsmjnUnjCh-xXxaYEdYd9vpIy9rBS6YyOsj_fEi71UTr4AJleUQg4I4kfqr

Request Chain 232

https://a.tribalfusion.com/i.match?p=b6&u=CAESEMnjClYZAOOYbGi_FzIvrq0&google_cver=1&google_push=AaAOQGEVKVwDQuu--u7OfbGXHQ8u83fwZr0LELAY5cJuSAW5QYiJLDpWAfnO6CpU1R6i-lLEjqelO6hmUbM9v80wDSSRAJN9YAk&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGEVKVwDQuu--u7OfbGXHQ8u83fwZr0LELAY5cJuSAW5QYiJLDpWAfnO6CpU1R6i-lLEjqelO6hmUbM9v80wDSSRAJN9YAk%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEMnjClYZAOOYbGi_FzIvrq0&google_cver=1&google_push=AaAOQGEVKVwDQuu--u7OfbGXHQ8u83fwZr0LELAY5cJuSAW5QYiJLDpWAfnO6CpU1R6i-lLEjqelO6hmUbM9v80wDSSRAJN9YAk&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGEVKVwDQuu--u7OfbGXHQ8u83fwZr0LELAY5cJuSAW5QYiJLDpWAfnO6CpU1R6i-lLEjqelO6hmUbM9v80wDSSRAJN9YAk%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 233

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMGXCrHGiTsssr72tCqNB24&google_cver=1&google_push=AaAOQGEjw7-QdjrPDlIcIUmMkM788vfeGf0gOPkqSUy8iYl_--oOw0IzrmJK902rJL_vhfPCg3Hal28BJfEWD9CEZg4rX8JVZG9G HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGEjw7-QdjrPDlIcIUmMkM788vfeGf0gOPkqSUy8iYl_--oOw0IzrmJK902rJL_vhfPCg3Hal28BJfEWD9CEZg4rX8JVZG9G&google_hm=eS1paTBWWXY5RTJwRzhxUGZyeGZaVXJNcVlUODVWODF1T35B

Request Chain 234

https://d5p.de17a.com/cookies/google?google_gid=CAESELJEf1NPBthlHXrU5y-wWXc&google_cver=1&google_push=AaAOQGEWn0JBvaNH_G7AkhBlSRVWsHT4k395L_6e2aHF0k7k_7UtIlphYM_bN7Xrq9ca6IXR3Sn98AM-1MHz4mh7C9l1dinJnEWH HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESELJEf1NPBthlHXrU5y-wWXc&google_cver=1&google_push=AaAOQGEWn0JBvaNH_G7AkhBlSRVWsHT4k395L_6e2aHF0k7k_7UtIlphYM_bN7Xrq9ca6IXR3Sn98AM-1MHz4mh7C9l1dinJnEWH HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGEWn0JBvaNH_G7AkhBlSRVWsHT4k395L_6e2aHF0k7k_7UtIlphYM_bN7Xrq9ca6IXR3Sn98AM-1MHz4mh7C9l1dinJnEWH

Request Chain 237

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEC2lCEslld4rWCdZ1QSWUX0&google_cver=1&google_push=AaAOQGGrcBAOPL77-YvOLkLWq-f4yXdzfKpsdtONlwdtqRrMlasGjiPKf38zrMMSKWh-BgUsb63U0RaBRXwtngGq6gTr9QeHdlm60Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGGrcBAOPL77-YvOLkLWq-f4yXdzfKpsdtONlwdtqRrMlasGjiPKf38zrMMSKWh-BgUsb63U0RaBRXwtngGq6gTr9QeHdlm60Q HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 243

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 247

https://um.simpli.fi/gp_match?google_gid=CAESEKp4HQ6eLMzon9v8xsrwxEU&google_cver=1&google_push=AaAOQGFx-xjpF-TWZ0Rd031Z7rReAgquqKbfYhrO2FAyLGhYiOJcHgdLHdTBGlclEEs8vtrehgdUU-6Y9XMzvzZdcuaBeacRS7Mu HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=EA2ED22C10FA4FF8BBD9D899C80FC3DE&google_push=AaAOQGFx-xjpF-TWZ0Rd031Z7rReAgquqKbfYhrO2FAyLGhYiOJcHgdLHdTBGlclEEs8vtrehgdUU-6Y9XMzvzZdcuaBeacRS7Mu

Request Chain 248

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESELU0-tf6_lKD0XoJXv6K35U&google_cver=1&google_push=AaAOQGEz-VCnf2KgORbf2ds1Q8lgEtWD23OHb6LvAklJFQe8G7smiZjN5pge1wdXkv1rCqkQcR_-eoKTLb9vqMi8BY2o5UBuBnJQag HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGEz-VCnf2KgORbf2ds1Q8lgEtWD23OHb6LvAklJFQe8G7smiZjN5pge1wdXkv1rCqkQcR_-eoKTLb9vqMi8BY2o5UBuBnJQag&google_hm=eS1paTBWWXY5RTJwRzhxUGZyeGZaVXJNcVlUODVWODF1T35B

Request Chain 251

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEF9evX3cJU0tuowrRXwdpbY&google_cver=1&google_push=AaAOQGFhP43jTJ938QJXNzOZTXdsXAEdwjTjPq-WTeUKHYn5EZKZ8p9rXqkhzuCZl_AJCkrasjMdyWmVbq1q4BYh4sBIXnQ6HER6 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGFhP43jTJ938QJXNzOZTXdsXAEdwjTjPq-WTeUKHYn5EZKZ8p9rXqkhzuCZl_AJCkrasjMdyWmVbq1q4BYh4sBIXnQ6HER6

Request Chain 253

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESENnErwH9AyF4e5aX3GoZn_A&google_cver=1&google_push=AaAOQGFtsKTDJM6OBT3IrZeHcPX_zzlmcaf5x8rfMRAqBMevkjmojcJXLCoRiYeDo2Yiel1oA_IDo7Pgb8mhrwzh5s6tpdvIyAVnGA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=2c904e7c-1719-4cc0-a134-5aa114d71e23&%%GOOGLE_PUSH_PAIR%%

Request Chain 276

https://fw.adsafeprotected.com/rfw/st/1534583/72389193/skeleton.js?adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:2dffbaa2-f741-71db-eb2d-2a6ebf9195ae,c:i6nEob,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-6cdfcd9489-x4rdp,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:227,mot:0,app:0,maw:0,fm:tJKe7jy+111%7C112%7C113%7C114%7C115%7C116%7C117%7C118%7C119%7C11a1%7C11b11%7C11c1%7C11d1%7C11d2%7C11e1%7C11e2%7C11e3%7C11e41%7C11f1%7C11f2%7C11g*.1534583-72389193%7C11g1%7C11g2%7C11g3%7C11g4%7C11h%7C11i1%7C11j,idMap:11g*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:252,oid:76d94b6f-203d-11ee-a3b0-9617c417f7a5,v:19.8.427,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

Request Chain 289

https://istr.izlesene.com/data/videos/10710/10710800-480_2-170k.mp4?token=ghJqF0FTY48xkzVo1nmRhA&ts=1689205885&playername=npm_nefisyemektarifleri HTTP 302
https://istr-n23.nktcdn.com/data/videos/10710/10710800-480_2-170k.mp4?playername=npm_nefisyemektarifleri&token=BSSx8LbI3Jtom91JaiPM2g&ts=1689202286

317 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 6x67420x0229.html Show response
pcloak.blob.core.windows.net/web/ 1 KB
2 KB 464ms
111ms Document
text/html 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: add347e23d6d68d50f456f663e081078bf03026f868ca4aa31e6b0f8f5354e01

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 1321
Content-MD5: 4ybI82/2lfG6TucYWk+Hdw==
Content-Type: text/html
Date: Tue, 11 Jul 2023 22:51:21 GMT
ETag: 0x8DB5ED054FF7A83
Last-Modified: Sat, 27 May 2023 16:35:07 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: d804f7f9-401e-003f-664a-b48aae000000
x-ms-version: 2009-09-19

GET
H/1.1 404
The specified blob does not exist. jquery.min.js
pcloak.blob.core.windows.net/web/ 0
0 111ms
110ms Script
application/xml 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/jquery.min.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-request-id: d804f8ab-401e-003f-044a-b48aae000000
Date: Tue, 11 Jul 2023 22:51:21 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 200
OK cloakan.js Show response
pcloak.blob.core.windows.net/web/ 308 B
717 B 358ms
111ms Script
text/javascript 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Tue, 11 Jul 2023 22:51:21 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: zPiKctHo6j8i1UGOFPpInw==
ETag: 0x8DA4D4A263C11C2
Content-Type: text/javascript
x-ms-request-id: d804f984-401e-003f-554a-b48aae000000
x-ms-version: 2009-09-19
Content-Length: 308

GET
H/1.1 200
OK style.css
pcloak.blob.core.windows.net/web/ 166 B
568 B 247ms
136ms Stylesheet
text/css 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/style.css
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Tue, 11 Jul 2023 22:51:21 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 9ruAIrm4XHnQO3/sM8J0AQ==
ETag: 0x8DA4D4A26527CA0
Content-Type: text/css
x-ms-request-id: d804f91c-401e-003f-6f4a-b48aae000000
x-ms-version: 2009-09-19
Content-Length: 166

GET
H2 200 px.php Show response
www.cloakan.co/ 55 B
321 B 348ms
151ms XHR
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/px.php?id=6x67420x0229
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: a9f55a9e4658a9960455f9485c446ea9874f2590ae283801311d84e908536cc2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:19 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 45

GET
H2 200 nv.php Show response
www.cloakan.co/ 275 B
421 B 323ms
165ms Script
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/nv.php?id=6x67420x0229-m
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 64bba7358df0b70cff3572ee3e5a2eee51ae741c86167cd529bc7af0e15682a6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:20 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 147

GET
H2 200 / Show response
www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/ Frame 82A3 289 KB
44 KB 157ms
97ms Document
text/html 2606:4700:10::6814:e66f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Requested by

Host: www.cloakan.co
URL: https://www.cloakan.co/nv.php?id=6x67420x0229-m

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:e66f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b29ef90ab1c7c70fc47d2d1806b5526c84d81a4053c41789fd0bd7842018038c

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pcloak.blob.core.windows.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1582
cf-cache-status: DYNAMIC
cf-ray: 7e549c5ddf62997a-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 11 Jul 2023 22:51:23 GMT
last-modified: Tue, 11 Jul 2023 22:25:00 GMT
server: cloudflare
x-amp: no
x-cache: HIT
x-device: nmobile
x-xss-protection: 1; mode=block

GET
H2 200 icon-set.ttf
mn.nytcdn.com/wp-content/themes/nytheme/dist/assets/fonts/ Frame 82A3 22 KB
22 KB 84ms
27ms Font
application/octet-stream 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mn.nytcdn.com/wp-content/themes/nytheme/dist/assets/fonts/icon-set.ttf?v=20210129

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

886a2ff3ff2a76e50d8387582d03539c71d06dbd4314cd8cc955ea08b5cf752f

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nefisyemektarifleri.com/
Origin: https://www.nefisyemektarifleri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3872
alt-svc: h3=":443"; ma=86400
content-length: 22084
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Mar 2022 06:41:39 GMT
server: cloudflare
etag: "623c12a3-5644"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wr3n68SNMj2gV0%2B203nJySQFO0SLn7pgFWYBShlO%2FISkhA4OLWAdHmWIj1ryq4kQRSyjzne25%2BcZDAAjwidB98RM32LN%2B%2BqzOIcKjLH5CR4r5wfxRcvjqDI3Ulg%2BIORnHK6V8CeOmUOS3Ecy"}],"group":"cf-nel","max_age":604800}
x-varnish: 1010264765 981221928
content-type: application/octet-stream
access-control-allow-origin: *
x-abc: s3
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7e549c5eeefc3832-FRA
x-nyt-cache: hit cached

GET
H2 200 single-recipe.css
mn.nytcdn.com/wp-content/themes/nytheme/dist/assets/css/ Frame 82A3 161 KB
28 KB 94ms
38ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mn.nytcdn.com/wp-content/themes/nytheme/dist/assets/css/single-recipe.css?1680961699

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fd0e821ef47075614e9500f81f2077fef9be630b5a63bd40a10b7922026aed7

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4529
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 24 Mar 2023 10:00:42 GMT
server: cloudflare
etag: W/"641d74ca-28302"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W9GxFoFpybOyFZXGArA4xEzNRC8jVdwkaWQjAEYIJzDCxXlHpndzKyfBHroYnVyJa5TAiZHc%2Bo3SBf9tXv4rPzZafvNUmeSWSSH4F8Gv9WMzyggvdQiTxk%2Fdc9Hxlvl1tZnzg2UFmGyWGCVH"}],"group":"cf-nel","max_age":604800}
x-varnish: 908258478 908153339
content-type: text/css
access-control-allow-origin: *
x-abc: s3
cache-control: max-age=14400
cf-ray: 7e549c5ee8663a6c-FRA
x-nyt-cache: hit cached

GET
H2 200 single-vendor.css
mn.nytcdn.com/wp-content/themes/nytheme/dist/assets/css/ Frame 82A3 189 KB
30 KB 88ms
32ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mn.nytcdn.com/wp-content/themes/nytheme/dist/assets/css/single-vendor.css?1687242409

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38312b284a104dfa32e4ecfe73f542a66e04fb259e9bcd5e581e45bdeb677487

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5962
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 20 Jun 2023 06:26:15 GMT
server: cloudflare
etag: W/"64914687-2f326"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dp%2B%2FFv7RhbCGLmOVnPH3xo%2BU3AJDQWPL41qZF%2FeNopbEBqUZ5qz9%2Fq1zCsagImRRaV4hgWmTkxRVHlDoV3QcomUlSIexthcBzTXmboXiOEzn2lO1LnaNS47IJ%2BDM%2BhmEnbUJGUyF4p1hGeLQ"}],"group":"cf-nel","max_age":604800}
x-varnish: 204457102 204392002
content-type: text/css
access-control-allow-origin: *
x-abc: local
cache-control: max-age=14400
cf-ray: 7e549c5ee8673a6c-FRA
x-nyt-cache: hit cached

GET
H2 200 1x1.gif
mn.nytcdn.com/wp-content/ Frame 82A3 42 B
391 B 38ms
37ms Image
image/gif 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mn.nytcdn.com/wp-content/1x1.gif

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5962
alt-svc: h3=":443"; ma=86400
content-length: 42
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Mar 2022 06:41:37 GMT
server: cloudflare
etag: "623c12a1-2a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u6X1CyG42hJyfC1JErZph7oWG%2B1XrIBRq9uD%2BEsdDPP0T1qRvfCyL2dcgidnVgpKRsKw5p1qWDHolao0X3Kr2OYpoAjqwgr9YtItYEGkVDwSjdpDVnzG2jw4mHHCdOL2NJfhjxe5WQGDklkm"}],"group":"cf-nel","max_age":604800}
x-varnish: 1002958177 987328424
content-type: image/gif
access-control-allow-origin: *
x-abc: s3
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7e549c5f28943a6c-FRA
x-nyt-cache: hit cached

GET
H2 200 profilo-tab-logo.png
i.nefisyemektarifleri.com/2022/01/06/ Frame 82A3 4 KB
4 KB 85ms
22ms Image
image/png 31.3.2.72
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.nefisyemektarifleri.com/2022/01/06/profilo-tab-logo.png

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

31.3.2.72 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),

Reverse DNS

Software

MNCDN-2139 /

Resource Hash

4621960c2ce01b405da6b6652f322bd8904f3e0d867daf7db9dd5d5ad6cc6491

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Wed, 10 Jul 2024 22:51:23 GMT
date: Tue, 11 Jul 2023 22:51:23 GMT
age: 12344
x-edge-location: DE-372
x-cache-status: Edge : HIT,
content-length: 4162
x-xss-protection: 1; mode=block
last-modified: Thu, 06 Jan 2022 13:11:21 GMT
server: MNCDN-2139
x-mnrequest-id: 30a4a1490074f4de71be2fdef863a619
x-varnish: 743064697 742473178
content-type: image/png
access-control-allow-origin: *
x-abc: local
cache-control: max-age=31536000
accept-ranges: bytes
x-mserver: 2137
x-nyt-cache: hit cached

GET
H2 200 etsiz-nohut-yemegi-5.jpg
i.nefisyemektarifleri.com/2022/08/31/ Frame 82A3 101 KB
102 KB 65ms
23ms Image
image/jpeg 31.3.2.72
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.nefisyemektarifleri.com/2022/08/31/etsiz-nohut-yemegi-5.jpg

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

31.3.2.72 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),

Reverse DNS

Software

MNCDN-2139 /

Resource Hash

cde2d86c6323204b3e715d09b58ab41ecf370b5a10cb1d61fa76b77e0a0a75c0

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Wed, 10 Jul 2024 22:51:23 GMT
date: Tue, 11 Jul 2023 22:51:23 GMT
age: 513
x-edge-location: DE-372
x-cache-status: Edge : HIT,
x-cache: X-MISS
content-length: 103705
x-bn: default
x-xss-protection: 1; mode=block
last-modified: Wed, 31 Aug 2022 10:31:01 GMT
server: MNCDN-2139
x-mnrequest-id: b61ab3ed1103243c78cef96db3e0f10d
x-varnish: 250859771, 884143075 884140396
content-type: image/jpeg
access-control-allow-origin: *
x-abc: remote
cache-control: max-age=31536000
accept-ranges: bytes
x-mserver: 2216
x-nyt-cache: hit cached

GET
H2 200 xa1555678923-751d43b96920b44a27ba4b25ad85fe3b-bpthumb.jpg
i2.nefisyemektarifleri.com/avatar/2019/04/19/3514/ Frame 82A3 4 KB
4 KB 130ms
120ms Image
image/jpeg 2606:4700:10::6814:e66f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.nefisyemektarifleri.com/avatar/2019/04/19/3514/xa1555678923-751d43b96920b44a27ba4b25ad85fe3b-bpthumb.jpg

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:e66f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0757fc98355b7ff4d0bdc506c1ef2aa69aac074686194c2e7690ffdc913035a

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
cf-cache-status: HIT
cf-polished: origSize=4099, status=webp_bigger
content-length: 3656
x-xss-protection: 1; mode=block
cf-bgj: imgq:100,h2pri
last-modified: Fri, 19 Apr 2019 13:02:03 GMT
server: cloudflare
etag: "5cb9c6cb-1003"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
x-abc: s3
cache-control: max-age=31536000
x-varnish: 1042281636 1018566721
accept-ranges: bytes
cf-ray: 7e549c5f68c3997a-FRA
x-nyt-cache: hit cached

GET
H2 200 ads.js Show response
mn.nytcdn.com/wp-content/assets/js/ Frame 82A3 24 B
384 B 32ms
32ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mn.nytcdn.com/wp-content/assets/js/ads.js

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b6ad08a66b7925e557e069b9c9fcab676f04fbc22535b7b12c0d8eca8d48803

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3648
alt-svc: h3=":443"; ma=86400
content-length: 24
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Mar 2022 06:41:38 GMT
server: cloudflare
etag: "623c12a2-18"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qwZdPUuACOyhjqIfXeKKMtuN54%2FwqWYfCmRVYQY3B463zTUnUcuGVnUO5Rba2FF4S%2FRTbTXNyLbKLvk2RTowGCl%2FNkcbHzxMozOoAY5f0pRLFQxTgHUGfcNK3NDlWlzs4rbsYgFi8aAzzvUK"}],"group":"cf-nel","max_age":604800}
x-varnish: 553057397 526533194
content-type: application/javascript
access-control-allow-origin: *
x-abc: s3
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7e549c5f58c13a6c-FRA
x-nyt-cache: hit cached

GET
H2 200 outside.js Show response
static.virgul.com/theme/mockups/adcode/ Frame 82A3 75 KB
26 KB 253ms
82ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
content-encoding: gzip
last-modified: Fri, 23 Jun 2023 06:55:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=43200

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 82A3 223 KB
74 KB 89ms
41ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MFXWLS3

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c7992f89295dc516db9548282b34c7b6e8cfa345ce86f1ed4a6420389bd77bb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74905
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 22:51:23 GMT

GET
H2 200 olan-biten-dark.svg
c.nefisyemektarifleri.com/wp-content/themes/nytheme/dist/assets/img/svg/ Frame 82A3 949 B
611 B 41ms
33ms Image
image/svg+xml 2606:4700:10::6814:e66f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.nefisyemektarifleri.com/wp-content/themes/nytheme/dist/assets/img/svg/olan-biten-dark.svg

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:e66f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f86c74a7863cd1fa2343f0371ccbac47085bdb301f0df1785c5a4337bd044d24

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
content-encoding: br
cf-cache-status: HIT
age: 62
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Mar 2022 06:41:39 GMT
server: cloudflare
etag: W/"623c12a3-3b5"
vary: Accept-Encoding
x-varnish: 19305946 19860535
content-type: image/svg+xml
access-control-allow-origin: *
x-abc: local
cache-control: max-age=31536000
cf-ray: 7e549c5f78ce997a-FRA
x-nyt-cache: hit cached

GET
H2 200 group(1).svg
c.nefisyemektarifleri.com/wp-content/themes/nytheme/dist/assets/img/svg/ Frame 82A3 4 KB
1 KB 40ms
34ms Image
image/svg+xml 2606:4700:10::6814:e66f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.nefisyemektarifleri.com/wp-content/themes/nytheme/dist/assets/img/svg/group(1).svg

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:e66f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70b9f9cb8f1feda701490e7fa560a0a2e0309ef259f9d74b301c9712e56efa56

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
content-encoding: br
cf-cache-status: HIT
age: 1522
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Mar 2022 06:41:39 GMT
server: cloudflare
etag: W/"623c12a3-102c"
vary: Accept-Encoding
x-varnish: 19303858
content-type: image/svg+xml
access-control-allow-origin: *
x-abc: local
cache-control: max-age=31536000
cf-ray: 7e549c5f78cc997a-FRA
x-nyt-cache: miss cached

GET
H3 200 script-notlogin.js Show response
mn.nytcdn.com/wp-content/themes/nytheme/ Frame 82A3 290 KB
89 KB 34ms
34ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mn.nytcdn.com/wp-content/themes/nytheme/script-notlogin.js?v=1687242409

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd4d8b7f56b06140ad3542041b66f635d9cbd4e0da6cc7d17a0e16d014aa2498

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5094
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 20 Jun 2023 06:26:15 GMT
server: cloudflare
etag: W/"64914687-48777"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m4n26Xy0x0L0V0pUbtPZaIQCyqRG%2FaG%2B6qwIK9WMxX0CIW1q4qosEcXPq8QaXU%2BPn%2BcBuOb%2BPLIC6tGWtKFsaG2L50ZXypfOeU5yJy2hvUg%2BpPDRQ6eODcHs0s4g6ZR3PrJD7xbxUpdiD7IP"}],"group":"cf-nel","max_age":604800}
x-varnish: 204392005 204612307
content-type: application/javascript
access-control-allow-origin: *
x-abc: s3
cache-control: max-age=14400
cf-ray: 7e549c5fea7390d6-FRA
x-nyt-cache: hit cached

GET
H3 200 red-iconned-v2.png
mn.nytcdn.com/wp-content/themes/nytheme/dist/assets/img/png/ Frame 82A3 6 KB
6 KB 82ms
82ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mn.nytcdn.com/wp-content/themes/nytheme/dist/assets/img/png/red-iconned-v2.png

Requested by

Host: mn.nytcdn.com
URL: https://mn.nytcdn.com/wp-content/themes/nytheme/dist/assets/css/single-vendor.css?1687242409

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2ff6717bd218c66ffde415472bdaf58a1384725840a862a466317727eaaab1b

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mn.nytcdn.com/wp-content/themes/nytheme/dist/assets/css/single-vendor.css?1687242409
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6304
alt-svc: h3=":443"; ma=86400
content-length: 5986
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Mar 2022 06:41:39 GMT
server: cloudflare
etag: "623c12a3-1762"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X3iLYUfVPz3CSFjBZdXS%2FxDUjnYwiLLrDVKAYrTUZ1uQ9jEek3z9hCU1T0kNxPCFvqvrnCPOE1Qe%2FEsCNiuhLriZNreIc%2F9g3bqLZcTaLyd3P3FvUBRYn9QBNOfT%2FtDEj%2Fnpf%2F0B%2FhGw%2B5XA"}],"group":"cf-nel","max_age":604800}
x-varnish: 806638575 785362051
content-type: image/png
access-control-allow-origin: *
x-abc: s3
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7e549c600a8290d6-FRA
x-nyt-cache: hit cached

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 82A3 52 KB
21 KB 73ms
21ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFXWLS3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 11 Jul 2023 21:04:37 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6406
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 11 Jul 2023 23:04:37 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 82A3 171 KB
47 KB 79ms
22ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2da988427b34614d705adbf808e2e61d91f67bf147db9049e34c99b3624171e8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 11 Jul 2023 22:51:23 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 46863
x-xss-protection: 0
pragma: public
x-fb-debug: eHNpebX8QEFIpipM8tuxyKvUA+FaFdiOCnWcYmCtzBz5jazfOZ0ujo+T0kK8uJwDl88q5NjLPyopZ832qa3n/A==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 82A3 248 KB
84 KB 34ms
33ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-WGBDLK44E4&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFXWLS3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4d79af9825f1664a8d0a014d047a1b0c98e89648edd655de1f66143c9bbba534

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86207
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 11 Jul 2023 22:51:23 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ Frame 82A3 74 B
448 B 100ms
27ms XHR
application/json 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.nefisyemektarifleri.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94
x-xss-protection: 0

GET
H2 200 1877570159153553 Show response
connect.facebook.net/signals/config/ Frame 82A3 384 KB
110 KB 23ms
22ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1877570159153553?v=2.9.111&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a883e74d2f7c31294beaf47eb691d0fa07414cc3ef857e53b768960c94f23a31

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 11 Jul 2023 22:51:23 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 111683
x-xss-protection: 0
pragma: public
x-fb-debug: xuKZbPLLI95SAwaSHXctWHJG13rwBBBVQTbg+G9o9KDBzGKEIwvnHW49UetZNreNyYgtlYjGyJhSYl5SsRUytw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 82A3 76 KB
26 KB 206ms
143ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

08530601e844dcb94572748ea68fbf5b050c163d578ed8a20c2891e6c64fc064

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26055
x-xss-protection: 0
server: cafe
etag: 56 / 19549 / m202307060101 / config-hash: 4118934116534822147
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 11 Jul 2023 22:51:23 GMT

GET
H2 200 ads.js Show response
static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ Frame 82A3 120 B
306 B 78ms
78ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ads.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
last-modified: Wed, 21 Dec 2022 18:47:42 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 120

GET
H2 200 str.html Show response
static.virgul.com/theme/mockups/outside/ Frame 7549 891 B
1 KB 79ms
79ms Document
text/html 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
content-length: 891
content-type: text/html
date: Tue, 11 Jul 2023 22:51:23 GMT
last-modified: Wed, 28 Sep 2022 10:07:57 GMT
server: openresty/1.15.8.3

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 82A3 144 KB
48 KB 122ms
69ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

201cf00ac07e77740f495f99ec55a485cab9215bf093f0139e731bc5d7595082

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Origin: https://www.nefisyemektarifleri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49184
x-xss-protection: 0
server: cafe
etag: 5194792213129652272
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 11 Jul 2023 22:51:23 GMT

GET
H2 200 prebid7.38.0.js Show response
static.virgul.com/theme/mockups/outside/ Frame 82A3 489 KB
182 KB 85ms
85ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
content-encoding: gzip
last-modified: Mon, 27 Mar 2023 14:56:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 82A3 236 KB
58 KB 106ms
31ms Script
application/javascript 108.138.37.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.37.209 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-37-209.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:37:58 GMT
content-encoding: gzip
via: 1.1 75a13c74495137fb5435dc4030981df6.cloudfront.net (CloudFront), 1.1 beaace02cc7004781239800a1c484ca0.cloudfront.net (CloudFront)
last-modified: Thu, 29 Jun 2023 21:03:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, MUC50-P2
age: 806
x-amz-server-side-encryption: AES256
etag: W/"9352f20e556bff9fea6fd0461aac850d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: qfpS8xwSXQ_nYFZpV5pftJKYjfGXCBWwhSQfhyBWoUhGSvjF_-npSA==

GET
H2 200 pageview Show response
ng.virgul.com/ Frame 82A3 44 KB
7 KB 239ms
182ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/pageview?c=site_geneli&mt=1689115883758&v=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F%26vi%3D10710800%40&r=nefisyemektarifleri:site_geneli&userId=&tp=&os=&call=noktaad.ads.vvad&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc0,hf1,vv1,gpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%20sal%C3%A7as%C4%B1%40karabiber%40kuru%20so%C4%9Fan%40nohut%40pul%20biber%40s%C4%B1v%C4%B1%20ya%C4%9F%40sivri%20biber%40su%40tuz%26nyt_cat%3Dpost&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.8395512808408867
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 31fcf70b02f21d93a4b8d8fd817c7e0eff63c12c3665098f44a342f5bffe9a96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://www.nefisyemektarifleri.com
content-type: application/javascript
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 nefisyemektarifleri.js Show response
static.virgul.com/theme/mockups/fallback/ Frame 82A3 15 KB
3 KB 78ms
78ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/fallback/nefisyemektarifleri.js?dts=19549
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 3b9166033e13e81c852194510ca321d03a0f3e0f8196cc84858c874a32a0adf4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
content-encoding: gzip
last-modified: Tue, 20 Jun 2023 21:45:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 hb Show response
ng.virgul.com/ Frame 82A3 60 KB
6 KB 158ms
104ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/hb?call=noktaad.setHbParameters&site=nefisyemektarifleri&dts=469198
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: bac1442ad76b8ed33d4a4a61e05f8ea6284a31f65ca1fa9cb2a7ba8cb0c93c5b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://www.nefisyemektarifleri.com
content-type: application/javascript
cache-control: max-age=3600
access-control-allow-credentials: true

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ Frame 82A3 3 B
377 B 93ms
29ms XHR
application/json 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 11 Jul 2023 22:51:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.nefisyemektarifleri.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

GET
H2 200 /
www.facebook.com/tr/ Frame 82A3 0
185 B 68ms
20ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1877570159153553&ev=PageView&dl=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&rl=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&if=true&ts=1689115883811&sw=1600&sh=1200&v=2.9.111&r=stable&ec=0&o=30&cs_est=true&it=1689115883748&coo=false&rqm=GET

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 11 Jul 2023 22:51:23 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ Frame 82A3 0
31 B 68ms
20ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1877570159153553&ev=ViewContent&dl=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&rl=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&if=true&ts=1689115883813&cd[content_name]=Etsiz%20Nohut%20Yeme%C4%9Fi&cd[content_ids]=248941&cd[content_type]=recipe&cd[recipe_mainCategory]=Bakliyat%20Yemekleri&cd[recipe_subCategory]=Bakliyat%20Yemekleri&cd[recipe_claps]=27&cd[recipe_comments]=40&cd[recipe_cookDuration]=25dk&cd[recipe_cooked]=22&cd[recipe_cookType]=Ha%C5%9Flama&cd[recipe_hasVideo]=Hay%C4%B1r&cd[recipe_prepDuration]=20dk&cd[recipe_rating]=4.6&cd[recipe_saved]=10888&cd[recipe_serves]=2-4%20&cd[contributor_id]=3514&cd[contributor_followers]=50065&cd[contributor_city]=undefined&cd[contributor_recipes]=undefined&cd[user_id]=undefined&cd[user_gender]=undefined&cd[user_recipes]=undefined&cd[user_followers]=undefined&cd[user_followings]=undefined&cd[user_city]=undefined&cd[user_role]=undefined&cd[ingredients]=domates%20sal%C3%A7as%C4%B1%2Ckarabiber%2Ckuru%20so%C4%9Fan%2Cnohut%2Cpul%20biber%2Cs%C4%B1v%C4%B1%20ya%C4%9F%2Csivri%20biber%2Csu%2Ctuz&sw=1600&sh=1200&v=2.9.111&r=stable&ec=1&o=30&it=1689115883748&coo=false&rqm=GET

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 11 Jul 2023 22:51:23 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 82A3 0
319 B 28ms
28ms XHR
text/plain 108.138.37.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.nefisyemektarifleri.com&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.37.209 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-37-209.muc50.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 20:38:27 GMT
via: 1.1 beaace02cc7004781239800a1c484ca0.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: MUC50-P2
age: 7975
x-cache: Hit from cloudfront
access-control-allow-origin: https://www.nefisyemektarifleri.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: WehKxFAwAIOqzEV7EuECaXRbbxTFgwxVn9ci6CnMSMIK3gGJJDUNlQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 82A3 6 KB
3 KB 82ms
27ms XHR
application/javascript 108.138.37.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.37.209 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-37-209.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: rBtfgJUMGYsy5fZuQwMAU7hSD.fVdF76
content-encoding: gzip
via: 1.1 ba1081cbdcd39cc4928b65493cb81558.cloudfront.net (CloudFront)
date: Tue, 11 Jul 2023 07:14:28 GMT
x-amz-cf-pop: MUC50-P2
age: 56228
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sat, 24 Jun 2023 09:19:11 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: kXH11cEPWRNVFqke9zJR0O5GP0RyAY1XDzzFDV33vAG9buVNiQWApA==

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306290101/ Frame 82A3 344 KB
118 KB 128ms
83ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306290101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=www.nefisyemektarifleri.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

831c363d3e741b5551ee5bea6d427cdefb6303d735ff547ebcc7a1a5ffccff99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121065
x-xss-protection: 0
server: cafe
etag: 15955793558472811128
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 11 Jul 2023 22:51:24 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230710/r20190131/ Frame CA7A 10 KB
5 KB 71ms
21ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230710/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 84005
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4544
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 23:31:19 GMT
etag: 12368291122986407432
expires: Mon, 24 Jul 2023 23:31:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 empowerwebplayer3.js Show response
static.virgul.com/theme/mockups/outside/ Frame 82A3 10 KB
3 KB 79ms
79ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: gzip
last-modified: Tue, 13 Jun 2023 13:36:40 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307060101/ Frame 82A3 392 KB
125 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307060101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d076633408bf78e086b9125a46176d2fdeaf3a5d5b52bb9b3a9d562cea646006

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 15:51:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25185
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127592
x-xss-protection: 0
server: cafe
etag: 1084883806831873288
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 10 Jul 2024 15:51:38 GMT

GET
H2 200 5e73154be4b0016313fa90d5 Show response
ng2.virgul.com/ic/ Frame 3798 756 B
998 B 85ms
78ms Document
text/html 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng2.virgul.com/ic/5e73154be4b0016313fa90d5?g=1&t=cpc_annotation&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&info=&mt=1689115883758&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 1150d8dd179e6cfc48aba67d1c483f57bc897e4bfb20aa1603366b666c9e0adf

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.nefisyemektarifleri.com
content-length: 756
content-type: text/html
date: Tue, 11 Jul 2023 22:51:24 GMT
expires: Tue, 04 Jan 2022 10:49:40 GMT
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
server: openresty/1.15.8.3

GET
H2 200 adview Show response
ng2.virgul.com/ Frame 44A0 868 B
1 KB 79ms
79ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng2.virgul.com/adview?a=5e73154be4b0016313fa90d5&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689115883874&mt=1689115883758&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a&vmn=5e73154be4b0016313fa90d5___154248-194842644
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2ef84904ec7747868537822254d1191370aabad9d95ac86536390eb827fc0908

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
server: openresty/1.15.8.3
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://www.nefisyemektarifleri.com
content-type: application/javascript
access-control-allow-credentials: true
content-length: 868
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 5e73154be4b0016313fa90d5 Show response
ng2.virgul.com/ic/ Frame 23C7 756 B
998 B 79ms
78ms Document
text/html 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng2.virgul.com/ic/5e73154be4b0016313fa90d5?g=1&t=cpc_annotation&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&info=&mt=1689115883758&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 1150d8dd179e6cfc48aba67d1c483f57bc897e4bfb20aa1603366b666c9e0adf

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.nefisyemektarifleri.com
content-length: 756
content-type: text/html
date: Tue, 11 Jul 2023 22:51:24 GMT
expires: Tue, 04 Jan 2022 10:49:40 GMT
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
server: openresty/1.15.8.3

GET
H2 200 adview Show response
ng2.virgul.com/ Frame BCAD 869 B
1 KB 79ms
79ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng2.virgul.com/adview?a=5e73154be4b0016313fa90d5&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689115883874&mt=1689115883758&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a&vmn=5e73154be4b0016313fa90d5___154248-1948426442
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 19876dc14b687dbd36c0a9fe05bc73a9ddfc34da771137be8d2ed93ab2585644

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
server: openresty/1.15.8.3
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://www.nefisyemektarifleri.com
content-type: application/javascript
access-control-allow-credentials: true
content-length: 869
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 nefisyemektarifleri.js Show response
static.virgul.com/theme/mockups/sites/ Frame 82A3 37 KB
12 KB 88ms
87ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/sites/nefisyemektarifleri.js?dts=469198
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 7ef7148f577d4b8db5481c0c82ec42fc53e2b2d3c7f83b2662977759f58477ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 09:08:15 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ Frame 82A3 17 KB
5 KB 71ms
21ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:21:43 GMT
content-encoding: gzip
age: 1781
x-guploader-uploadid: ADPycdsy7jaPs5TbC64pyBiY2WcKJHa8XsCp0_GKI1TUNNXtA1gHaMd_ZGktMS4lkNnmgUWoau13LhI474rhM20lPg4UvA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5009
last-modified: Mon, 05 Jun 2023 16:36:50 GMT
server: UploadServer
etag: "47a886353056caf33a998c6041e20896"
vary: Accept-Encoding
x-goog-generation: 1685983010517890
x-goog-hash: crc32c=aHj4lg==, md5=R6iGNTBWyvM6mYxgQeIIlg==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 5009
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 zoneview
ng.virgul.com/ Frame 82A3 0
222 B 79ms
79ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1689115884022&v=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F%26vi%3D10710800%40&r=153183@153193@153204@153190@153201@153187@154248@154248@153202@153184@153185@153186:nefisyemektarifleri&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%20sal%C3%A7as%C4%B1%40karabiber%40kuru%20so%C4%9Fan%40nohut%40pul%20biber%40s%C4%B1v%C4%B1%20ya%C4%9F%40sivri%20biber%40su%40tuz%26nyt_cat%3Dpost&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.29247544298120487
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.nefisyemektarifleri.com
date: Tue, 11 Jul 2023 22:51:24 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ Frame 82A3 23 B
471 B 244ms
141ms XHR
text/javascript 18.173.159.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pr=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pid=rxGdoc7xTUsX8&cb=0&ws=1600x1200&v=23.612.1758&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15319321728129623web_nyt_malzemeler_yani_300x250%22%2C%22s%22%3A%5B%22300x250%22%2C%22250x250%22%2C%22200x200%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_nyt_malzemeler_yani_300x250%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15318521728129623web_nyt_right_tower%22%2C%22s%22%3A%5B%22300x600%22%2C%22160x600%22%2C%22120x600%22%2C%22300x250%22%2C%22250x250%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_nyt_right_tower%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15318421728129623web_nyt_left_tower%22%2C%22s%22%3A%5B%22300x600%22%2C%22160x600%22%2C%22120x600%22%2C%22300x250%22%2C%22250x250%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_nyt_left_tower%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15318721728129623web_nyt_sidebar_300x600%22%2C%22s%22%3A%5B%22300x600%22%2C%22160x600%22%2C%22120x600%22%2C%22300x250%22%2C%22250x250%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_nyt_sidebar_300x600%22%7D%5D&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.159.32 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-159-32.muc50.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 ca623c10f2a669c8a9af30362937ebac.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: MUC50-P3
x-amz-rid: NJ03R8E974ZHVNG03X64
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.nefisyemektarifleri.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: 6rI0oDBSnMWfvPmIPdaGYpkt8hnrHYY2Nb-2BSfzyBOSzd2xPoXmng==

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 82A3 107 B
456 B 91ms
29ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.nefisyemektarifleri.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 82A3 78 KB
20 KB 508ms
507ms XHR
text/plain 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=413980555089297&correlator=4133225683535135&eid=21065724&output=ldjh&gdfp_req=1&vrg=202307060101&ptt=17&impl=fif&iu_parts=21728129623%3A21696649314%2Cweb_nyt_tarif_yapilis_sonrasi&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C615x60%7C468x60%7C600x200%7C300x250%7C250x250%7C200x200&fluid=height&ifi=3&adks=3912523020&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dnefisyemektarifleri%26mt%3D1689115883758%26pager%3D1%2540site_geneli%2540nefisyemektarifleri%253Asite_geneli%26policy%3D0%26host%3Dwww.nefisyemektarifleri.com%26url%3Dtsiz%2520nohut%2520yemegi%2520248941%2520%2526vi%253D10710800%2540%26targetCtr%3D0%26pid%3Dvnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26nyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%2520sal%25C3%25A7as%25C4%25B1%252Ckarabiber%252Ckuru%2520so%25C4%259Fan%252Cnohut%252Cpul%2520biber%252Cs%25C4%25B1v%25C4%25B1%2520ya%25C4%259F%252Csivri%2520biber%252Csu%252Ctuz%26nyt_cat%3Dpost&ppid=vnetb9cf87df44c84da282a0503c8f3b7d9a&sc=1&cdm=www.nefisyemektarifleri.com&abxe=1&dt=1689115884097&lmt=1689114300&dlt=1689115883272&idt=790&adxs=486&adys=3356&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=5ltzsh5fqnce&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=300x0&msz=656x0&fws=388&ohw=300&ga_vid=1596421245.1689115884&ga_sid=1689115884&ga_hid=71987472&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4cdcad98da3ff05ec728754dabdeaeaf5031bb1530f8cc418c820581e97b26f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: 280300
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20160
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-mediationtag-id: 429223
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nefisyemektarifleri.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1507 6 KB
3 KB 222ms
29ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 22:51:24 GMT
expires: Wed, 10 Jul 2024 22:51:24 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 5e73154be4b0016313fa90d5 Show response
ng.virgul.com/tck/imp/ Frame 3798 0
212 B 85ms
84ms Script
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/tck/imp/5e73154be4b0016313fa90d5?userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a&sdr=&et=&r=154248@site_geneli@nefisyemektarifleri:site_geneli&mt=1689115883758&l=&info=&t=cpc_annotation&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&os=
Requested by: Host: ng2.virgul.com
URL: https://ng2.virgul.com/ic/5e73154be4b0016313fa90d5?g=1&t=cpc_annotation&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&info=&mt=1689115883758&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ng2.virgul.com
date: Tue, 11 Jul 2023 22:51:24 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5e73154be4b0016313fa90d5 Show response
ng.virgul.com/tck/imp/ Frame 23C7 0
212 B 83ms
82ms Script
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/tck/imp/5e73154be4b0016313fa90d5?userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a&sdr=&et=&r=154248@site_geneli@nefisyemektarifleri:site_geneli&mt=1689115883758&l=&info=&t=cpc_annotation&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&os=
Requested by: Host: ng2.virgul.com
URL: https://ng2.virgul.com/ic/5e73154be4b0016313fa90d5?g=1&t=cpc_annotation&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&info=&mt=1689115883758&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ng2.virgul.com
date: Tue, 11 Jul 2023 22:51:24 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ Frame 82A3 7 KB
3 KB 319ms
85ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19549
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Tue, 18 Jul 2023 22:51:24 GMT

GET
H2 200 t.js Show response
bitbeat7.com/ Frame 44A0 65 KB
18 KB 206ms
28ms Script
application/javascript 99.84.88.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bitbeat7.com/t.js?i=spt4ntkb5q5ru2l99px&cb=3788821689115884139
Requested by: Host: ng2.virgul.com
URL: https://ng2.virgul.com/adview?a=5e73154be4b0016313fa90d5&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689115883874&mt=1689115883758&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a&vmn=5e73154be4b0016313fa90d5___154248-194842644
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.88.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-88-66.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 82ee1e40c5621a84f4cd861d9d7212c7bb94ffde5bdf1bc8cb1f4e32dff9c4e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: zOoo2_h9TaVhAd990YG88tzvCQTcR.0W
content-encoding: gzip
via: 1.1 5d6d1ee413c782ab05cc32e601576462.cloudfront.net (CloudFront)
date: Tue, 11 Jul 2023 01:54:28 GMT
last-modified: Tue, 27 Jun 2023 15:35:35 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-C1
age: 75417
x-amz-server-side-encryption: AES256
etag: W/"cd7dd170485b6d0fa6991dfd6c25d426"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: jD-oP-oREm80oIYGDalBPIcfwLDKs6xTqbdtFGnbgUFKe4GsEUtzSA==

GET
H2 200 t.js Show response
bitbeat7.com/ Frame BCAD 65 KB
18 KB 207ms
29ms Script
application/javascript 99.84.88.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bitbeat7.com/t.js?i=spt4ntkb5q5ru2l99px&cb=4355071689115884140
Requested by: Host: ng2.virgul.com
URL: https://ng2.virgul.com/adview?a=5e73154be4b0016313fa90d5&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689115883874&mt=1689115883758&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a&vmn=5e73154be4b0016313fa90d5___154248-1948426442
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.88.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-88-66.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 82ee1e40c5621a84f4cd861d9d7212c7bb94ffde5bdf1bc8cb1f4e32dff9c4e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: zOoo2_h9TaVhAd990YG88tzvCQTcR.0W
content-encoding: gzip
via: 1.1 5d6d1ee413c782ab05cc32e601576462.cloudfront.net (CloudFront)
date: Tue, 11 Jul 2023 01:54:28 GMT
last-modified: Tue, 27 Jun 2023 15:35:35 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-C1
age: 75417
x-amz-server-side-encryption: AES256
etag: W/"cd7dd170485b6d0fa6991dfd6c25d426"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: Ia0bgTB4WF5UMnUrqNBsydfs6A6j3i4AVdVx_4BjL1ryFoSaZjJ4Lg==

GET
H2 200 tag Show response
feed.pghub.io/ Frame 8B39 13 B
257 B 82ms
34ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Tue, 11 Jul 2023 22:51:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 google

GET
H2 200 zoneview
ng.virgul.com/ Frame 82A3 0
222 B 79ms
78ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1689115884146&v=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F%26vi%3D10710800%40&r=153995@153363:nefisyemektarifleri&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%20sal%C3%A7as%C4%B1%40karabiber%40kuru%20so%C4%9Fan%40nohut%40pul%20biber%40s%C4%B1v%C4%B1%20ya%C4%9F%40sivri%20biber%40su%40tuz%26nyt_cat%3Dpost&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.31731174149594277
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.nefisyemektarifleri.com
date: Tue, 11 Jul 2023 22:51:24 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 zoneview
ng.virgul.com/ Frame 82A3 0
222 B 80ms
79ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1689115884147&v=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F%26vi%3D10710800%40&r=155307:nefisyemektarifleri&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%20sal%C3%A7as%C4%B1%40karabiber%40kuru%20so%C4%9Fan%40nohut%40pul%20biber%40s%C4%B1v%C4%B1%20ya%C4%9F%40sivri%20biber%40su%40tuz%26nyt_cat%3Dpost&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.04360770593887886
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.nefisyemektarifleri.com
date: Tue, 11 Jul 2023 22:51:24 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 zoneview
ng.virgul.com/ Frame 82A3 0
222 B 79ms
79ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1689115884151&v=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F%26vi%3D10710800%40&r=153218:nefisyemektarifleri&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%20sal%C3%A7as%C4%B1%40karabiber%40kuru%20so%C4%9Fan%40nohut%40pul%20biber%40s%C4%B1v%C4%B1%20ya%C4%9F%40sivri%20biber%40su%40tuz%26nyt_cat%3Dpost&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.409754300008083
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.nefisyemektarifleri.com
date: Tue, 11 Jul 2023 22:51:24 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 zoneview
ng.virgul.com/ Frame 82A3 0
222 B 79ms
79ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1689115884152&v=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F%26vi%3D10710800%40&r=153260:nefisyemektarifleri&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%20sal%C3%A7as%C4%B1%40karabiber%40kuru%20so%C4%9Fan%40nohut%40pul%20biber%40s%C4%B1v%C4%B1%20ya%C4%9F%40sivri%20biber%40su%40tuz%26nyt_cat%3Dpost&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.436601048352375
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.nefisyemektarifleri.com
date: Tue, 11 Jul 2023 22:51:24 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F50D 603 B
218 B 86ms
86ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689115883954&bpp=4&bdt=683&idt=219&shv=r20230710&mjsv=m202306290101&ptt=9&saldr=aa&nras=1&correlator=3311523031480&frm=24&ife=1&pv=2&ga_vid=1596421245.1689115884&ga_sid=1689115884&ga_hid=71987472&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=1843544316&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C31075758%2C31075881%2C44788442%2C21065724&oid=2&pvsid=413980555089297&tmod=845280809&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.i0yur3un8s5j&fsb=1&dtd=232

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306290101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=www.nefisyemektarifleri.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 22:51:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E183 129 KB
40 KB 404ms
403ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=280&slotname=6444949229&adk=4082077109&adf=3927512983&pi=t.ma~as.6444949229&w=970&fwrn=16&fwrnh=100&lmt=1689114300&rafmt=1&format=970x280&url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&fwr=0&fwrattr=true&rw=970&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689115884002&bpp=2&bdt=731&idt=187&shv=r20230710&mjsv=m202306290101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3311523031480&frm=22&ife=1&pv=1&ga_vid=1596421245.1689115884&ga_sid=1689115884&ga_hid=71987472&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=1843544316&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C31075758%2C31075881%2C44788442%2C21065724&oid=2&pvsid=413980555089297&tmod=845280809&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=2.1oxg8e5xb3ne&fsb=1&xpc=Ioj73wlDL6&p=https%3A//www.nefisyemektarifleri.com&dtd=193

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c37e721a803d1e37439533716bd2ae47c0369fe38a511b0eff753fcbd11ed973

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 41078
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 22:51:24 GMT
expires: Tue, 11 Jul 2023 22:51:24 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 / Show response
www.facebook.com/tr/ Frame 663A 0
81 B 20ms
19ms Document
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.nefisyemektarifleri.com
Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.nefisyemektarifleri.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 22:51:24 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 82A3 107 B
165 B 28ms
28ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.nefisyemektarifleri.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 82A3 24 KB
11 KB 420ms
420ms XHR
text/plain 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=413980555089297&correlator=4454954471745868&eid=21065724&output=ldjh&gdfp_req=1&vrg=202307060101&ptt=17&impl=fif&iu_parts=21728129623%3A21696649314%2Cweb_nyt_right_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240&fluid=height&ifi=4&adks=1855900369&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dnefisyemektarifleri%26mt%3D1689115883758%26pager%3D1%2540site_geneli%2540nefisyemektarifleri%253Asite_geneli%26policy%3D0%26host%3Dwww.nefisyemektarifleri.com%26url%3Dtsiz%2520nohut%2520yemegi%2520248941%2520%2526vi%253D10710800%2540%26targetCtr%3D0%26pid%3Dvnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26nyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%2520sal%25C3%25A7as%25C4%25B1%252Ckarabiber%252Ckuru%2520so%25C4%259Fan%252Cnohut%252Cpul%2520biber%252Cs%25C4%25B1v%25C4%25B1%2520ya%25C4%259F%252Csivri%2520biber%252Csu%252Ctuz%26nyt_cat%3Dpost&ppid=vnetb9cf87df44c84da282a0503c8f3b7d9a&sc=1&cdm=www.nefisyemektarifleri.com&abxe=1&dt=1689115884343&lmt=1689114300&dlt=1689115883272&idt=790&adxs=1300&adys=159&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=6tidph4w74on&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=0x-1&msz=0x-1&fws=900&ohw=1600&ga_vid=1596421245.1689115884&ga_sid=1689115884&ga_hid=71987472&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a774d6d69744d8d30c9c2e5139e5bc2dc55ebe47d5adc0c2a77d9ddebaae6370

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11486
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nefisyemektarifleri.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 82A3 41 KB
16 KB 296ms
296ms XHR
text/plain 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=413980555089297&correlator=3407643620975903&eid=21065724&output=ldjh&gdfp_req=1&vrg=202307060101&ptt=17&impl=fif&iu_parts=21728129623%3A21696649314%2Cweb_nyt_tarif_gorsel_en_alt_610x280&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C320x180%7C320x250%7C468x60%7C336x280%7C468x280%7C600x200%7C640x205%7C300x100%7C320x100&fluid=height&ifi=5&adks=3546791932&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dnefisyemektarifleri%26mt%3D1689115883758%26pager%3D1%2540site_geneli%2540nefisyemektarifleri%253Asite_geneli%26policy%3D0%26host%3Dwww.nefisyemektarifleri.com%26url%3Dtsiz%2520nohut%2520yemegi%2520248941%2520%2526vi%253D10710800%2540%26targetCtr%3D0%26pid%3Dvnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26nyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%2520sal%25C3%25A7as%25C4%25B1%252Ckarabiber%252Ckuru%2520so%25C4%259Fan%252Cnohut%252Cpul%2520biber%252Cs%25C4%25B1v%25C4%25B1%2520ya%25C4%259F%252Csivri%2520biber%252Csu%252Ctuz%26nyt_cat%3Dpost&ppid=vnetb9cf87df44c84da282a0503c8f3b7d9a&sc=1&cdm=www.nefisyemektarifleri.com&abxe=1&dt=1689115884348&lmt=1689114300&dlt=1689115883272&idt=790&adxs=486&adys=6433&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=p9js4qrcka5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=621x0&msz=656x0&fws=388&ohw=641&ga_vid=1596421245.1689115884&ga_sid=1689115884&ga_hid=71987472&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0d6a32dfb02fde613154a6937354aced12a0180e4c1fe6dec9e2cf4073b723bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16784
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nefisyemektarifleri.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 82A3 117 KB
43 KB 283ms
283ms XHR
text/plain 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=413980555089297&correlator=2157581263268285&eid=21065724&output=ldjh&gdfp_req=1&vrg=202307060101&ptt=17&impl=fif&iu_parts=21728129623%3A21696649314%2Cweb_nyt_malzemeler_yani_300x250&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C160x160%7C300x100&fluid=height&ifi=6&adks=1562665157&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dnefisyemektarifleri%26mt%3D1689115883758%26pager%3D1%2540site_geneli%2540nefisyemektarifleri%253Asite_geneli%26policy%3D0%26host%3Dwww.nefisyemektarifleri.com%26url%3Dtsiz%2520nohut%2520yemegi%2520248941%2520%2526vi%253D10710800%2540%26targetCtr%3D0%26pid%3Dvnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26nyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%2520sal%25C3%25A7as%25C4%25B1%252Ckarabiber%252Ckuru%2520so%25C4%259Fan%252Cnohut%252Cpul%2520biber%252Cs%25C4%25B1v%25C4%25B1%2520ya%25C4%259F%252Csivri%2520biber%252Csu%252Ctuz%26nyt_cat%3Dpost&ppid=vnetb9cf87df44c84da282a0503c8f3b7d9a&sc=1&cdm=www.nefisyemektarifleri.com&abxe=1&dt=1689115884352&lmt=1689114300&dlt=1689115883272&idt=790&adxs=643&adys=2019&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=l1wo82je1q0j&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=300x-1&msz=308x-1&fws=388&ohw=300&ga_vid=1596421245.1689115884&ga_sid=1689115884&ga_hid=71987472&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f2a26d864ec17d1dddb16b99a884abfb77c315ee0c49522de958b06c0c3ee6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43883
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nefisyemektarifleri.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 82A3 24 KB
11 KB 327ms
326ms XHR
text/plain 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=413980555089297&correlator=1621145017530989&eid=21065724&output=ldjh&gdfp_req=1&vrg=202307060101&ptt=17&impl=fif&iu_parts=21728129623%3A21696649314%2Cweb_nyt_left_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240&fluid=height&ifi=7&adks=4169634498&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dnefisyemektarifleri%26mt%3D1689115883758%26pager%3D1%2540site_geneli%2540nefisyemektarifleri%253Asite_geneli%26policy%3D0%26host%3Dwww.nefisyemektarifleri.com%26url%3Dtsiz%2520nohut%2520yemegi%2520248941%2520%2526vi%253D10710800%2540%26targetCtr%3D0%26pid%3Dvnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26nyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%2520sal%25C3%25A7as%25C4%25B1%252Ckarabiber%252Ckuru%2520so%25C4%259Fan%252Cnohut%252Cpul%2520biber%252Cs%25C4%25B1v%25C4%25B1%2520ya%25C4%259F%252Csivri%2520biber%252Csu%252Ctuz%26nyt_cat%3Dpost&ppid=vnetb9cf87df44c84da282a0503c8f3b7d9a&sc=1&cdm=www.nefisyemektarifleri.com&abxe=1&dt=1689115884355&lmt=1689114300&dlt=1689115883272&idt=790&adxs=140&adys=159&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=h6eqy1lnnghb&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=0x-1&msz=0x-1&fws=900&ohw=1600&ga_vid=1596421245.1689115884&ga_sid=1689115884&ga_hid=71987472&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f8d3780b783aec3093ff0950023e2f3da6ba5ff68297dd00b9c9ff0bdcdbda7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11320
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nefisyemektarifleri.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 82A3 117 KB
43 KB 376ms
376ms XHR
text/plain 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=413980555089297&correlator=3758243459657854&eid=21065724&output=ldjh&gdfp_req=1&vrg=202307060101&ptt=17&impl=fif&iu_parts=21728129623%3A21696649314%2Cweb_nyt_sidebar_300x600&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x600%7C160x600%7C120x600%7C300x250&fluid=height&ifi=8&adks=1631017644&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dnefisyemektarifleri%26mt%3D1689115883758%26pager%3D1%2540site_geneli%2540nefisyemektarifleri%253Asite_geneli%26policy%3D0%26host%3Dwww.nefisyemektarifleri.com%26url%3Dtsiz%2520nohut%2520yemegi%2520248941%2520%2526vi%253D10710800%2540%26targetCtr%3D0%26pid%3Dvnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26nyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%2520sal%25C3%25A7as%25C4%25B1%252Ckarabiber%252Ckuru%2520so%25C4%259Fan%252Cnohut%252Cpul%2520biber%252Cs%25C4%25B1v%25C4%25B1%2520ya%25C4%259F%252Csivri%2520biber%252Csu%252Ctuz%26nyt_cat%3Dpost&ppid=vnetb9cf87df44c84da282a0503c8f3b7d9a&sc=1&cdm=www.nefisyemektarifleri.com&abxe=1&dt=1689115884358&lmt=1689114300&dlt=1689115883272&idt=790&adxs=972&adys=1466&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=ckndwzz8mr27&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=300x600&msz=328x0&fws=388&ohw=300&ga_vid=1596421245.1689115884&ga_sid=1689115884&ga_hid=71987472&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f91e084516b5705858547aee3a7d3659a15c5af7fe56cb0c604d96838b4de112

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43688
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nefisyemektarifleri.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 unfriendly.gif
bitbeat7.com/p/ Frame BCAD 0
357 B 39ms
38ms Image
image/gif 99.84.88.66
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bitbeat7.com/p/unfriendly.gif?i=spt4ntkb5q5ru2l99px
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.88.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-88-66.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
x-amz-version-id: EE9hgHBeXFHY2gb85mUsL1p1qwyR4gS_
via: 1.1 5d6d1ee413c782ab05cc32e601576462.cloudfront.net (CloudFront)
last-modified: Mon, 14 Feb 2022 17:22:36 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-C1
age: 81499
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: Origin
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 0
x-amz-cf-id: gJn7KPu3FZqjmxnT5pll4f1quFXB5mI2Gp863uH2_aaqB-hKnIvFCg==

GET
H2 200 300x18.png
placehold.jp/24/cccccc/000000/ Frame BCAD 2 KB
2 KB 884ms
274ms Image
image/png 160.16.238.49
SAKURA-B SAKURA I...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://placehold.jp/24/cccccc/000000/300x18.png
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 160.16.238.49 Tokyo, Japan, ASN9370 (SAKURA-B SAKURA Internet Inc., JP),
Reverse DNS: tk2-261-40045.vs.sakura.ne.jp
Software: Apache /
Resource Hash: 7876391f25f26ccf3297d78d34a1922dcc16c54fcaa51e8622e90bbc6fc96e80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:25 GMT
cache-control: max-age=31536000, public
last-modified: Wed, 01 Jan 2020 00:00:00 GMT
server: Apache
age: 101398
content-length: 1772
content-type: image/png

GET
H2 200 unfriendly.gif
bitbeat7.com/p/ Frame 44A0 0
358 B 38ms
37ms Image
image/gif 99.84.88.66
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bitbeat7.com/p/unfriendly.gif?i=spt4ntkb5q5ru2l99px
Requested by: Host: bitbeat7.com
URL: https://bitbeat7.com/t.js?i=spt4ntkb5q5ru2l99px&cb=3788821689115884139
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.88.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-88-66.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
x-amz-version-id: EE9hgHBeXFHY2gb85mUsL1p1qwyR4gS_
via: 1.1 5d6d1ee413c782ab05cc32e601576462.cloudfront.net (CloudFront)
last-modified: Mon, 14 Feb 2022 17:22:36 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-C1
age: 81499
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: Origin
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 0
x-amz-cf-id: IDDMJzZ1TOjTwU5RKyepU6bXngAUiTbUroXCTgiLpj_tzAPNqnyKYQ==

GET
H2 200 300x18.png
placehold.jp/24/cccccc/000000/ Frame 44A0 2 KB
2 KB 882ms
274ms Image
image/png 160.16.238.49
SAKURA-B SAKURA I...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://placehold.jp/24/cccccc/000000/300x18.png
Requested by: Host: bitbeat7.com
URL: https://bitbeat7.com/t.js?i=spt4ntkb5q5ru2l99px&cb=3788821689115884139
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 160.16.238.49 Tokyo, Japan, ASN9370 (SAKURA-B SAKURA Internet Inc., JP),
Reverse DNS: tk2-261-40045.vs.sakura.ne.jp
Software: Apache /
Resource Hash: 7876391f25f26ccf3297d78d34a1922dcc16c54fcaa51e8622e90bbc6fc96e80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:25 GMT
cache-control: max-age=31536000, public
last-modified: Wed, 01 Jan 2020 00:00:00 GMT
server: Apache
age: 101398
content-length: 1772
content-type: image/png

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 82A3 345 KB
119 KB 93ms
29ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19549

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbcb528af7c43cf9a3bad6ba2c2539e89722848b62ea05d11be29ea1949eafd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121723
x-xss-protection: 0
expires: Tue, 11 Jul 2023 22:51:24 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ Frame 82A3 398 KB
128 KB 89ms
88ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: gzip
last-modified: Mon, 29 May 2023 18:51:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Tue, 18 Jul 2023 22:51:24 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame E183 2 KB
975 B 81ms
31ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=280&slotname=6444949229&adk=4082077109&adf=3927512983&pi=t.ma~as.6444949229&w=970&fwrn=16&fwrnh=100&lmt=1689114300&rafmt=1&format=970x280&url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&fwr=0&fwrattr=true&rw=970&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689115884002&bpp=2&bdt=731&idt=187&shv=r20230710&mjsv=m202306290101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3311523031480&frm=22&ife=1&pv=1&ga_vid=1596421245.1689115884&ga_sid=1689115884&ga_hid=71987472&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=1843544316&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C31075758%2C31075881%2C44788442%2C21065724&oid=2&pvsid=413980555089297&tmod=845280809&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=2.1oxg8e5xb3ne&fsb=1&xpc=Ioj73wlDL6&p=https%3A//www.nefisyemektarifleri.com&dtd=193

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4f393315ffc75417c9c350e709bbcca2d2e9d5640fa0925b32088ff1ed6c84f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 22:24:08 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 11 Jul 2023 22:51:24 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/ Frame E183 2 KB
945 B 77ms
23ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 19:59:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10330
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 19:59:14 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame E183 19 KB
19 KB 104ms
43ms Image
image/jpeg 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcRPQcxOzclBTlqbqehd7FK6DLfADIZJ9oIpB0ss22UOyRCuDyG2YOoSNsSZyw&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aeac4ebed11cf054b58fc877bbde0d561e61c2cc80f7ed01df60fa884c0dd13d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 08 Jul 2023 22:31:39 GMT
x-content-type-options: nosniff
age: 260385
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19577
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 09:00:42 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sun, 07 Jul 2024 22:31:39 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame E183 94 KB
95 KB 82ms
27ms Image
image/jpeg 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcSXgHl-vAHob9pe0coHqCgnRULJ1kkzjZwxS73uw1SgUXZi9o80tjqVWSI2t4E&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec71b67d2791201d5d8b71b62df5b5d299636fe9d721a818d4712139dd19d63b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 08 Jul 2023 19:48:27 GMT
x-content-type-options: nosniff
age: 270177
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 96725
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 02:29:24 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sun, 07 Jul 2024 19:48:27 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame E183 34 KB
34 KB 81ms
20ms Image
image/jpeg 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcQn494gDplYbNi95p87mg-YL9PAzYhYfLd9oVEZxF3EDpQA8mD-8zIR7k8vPg&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fed4ec348a9d1021f19419fe3ffee35e4aaca192ba7cb78571f5222265f0437d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 01:52:01 GMT
x-content-type-options: nosniff
age: 507563
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34570
x-xss-protection: 0
last-modified: Thu, 19 Jan 2023 06:12:39 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Fri, 05 Jul 2024 01:52:01 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame E183 18 KB
19 KB 74ms
20ms Image
image/jpeg 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcReYNG10ow02M1OAxvdK25quwrvHBV6pF-W8lZ5bWP3wNnY7SfygRo-zF3IyA&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d22d46c8634370ea3db9cef192614da0f698628dd8625fda01ee205d74c2cddb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 15:17:37 GMT
x-content-type-options: nosniff
age: 372827
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18880
x-xss-protection: 0
last-modified: Wed, 04 Aug 2021 01:55:22 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sat, 06 Jul 2024 15:17:37 GMT

GET
H2

200

12902815231273958923
tpc.googlesyndication.com/simgad/ Frame E183
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgODKz-eDfhCwCRiwCTIIjV9upJawnso
https://tpc.googlesyndication.com/simgad/12902815231273958923

60 KB
60 KB

24ms
24ms

Image
image/jpeg

2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12902815231273958923

Requested by

Protocol

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7031af00729209abd53f8e19a20c8b5970439a80d48990de31c8685ffe564fbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 08 Jul 2023 21:28:39 GMT
x-content-type-options: nosniff
age: 264165
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61527
x-xss-protection: 0
last-modified: Wed, 08 Mar 2023 15:49:44 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 07 Jul 2024 21:28:39 GMT

Redirect headers

date: Tue, 11 Jul 2023 12:27:55 GMT
x-content-type-options: nosniff
server: cafe
age: 37409
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/12902815231273958923
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 10 Aug 2023 12:27:55 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230710/r20110914/ Frame E183 23 KB
9 KB 71ms
24ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230710/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 19:59:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10330
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9104
x-xss-protection: 0
server: cafe
etag: 12939045362079141464
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 19:59:14 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/ Frame E183 3 KB
1 KB 70ms
23ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 19:59:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10330
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 19:59:14 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/ Frame E183 20 KB
9 KB 67ms
20ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 19:59:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10330
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 19:59:14 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E183 179 KB
57 KB 96ms
42ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79cbf9d3dc9d8df1616dd585c95022e1104e8b2700974ba07a9c1a26187bf3e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57331
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1688990556196721"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Jul 2023 22:51:24 GMT

GET
H2 200 2a76cf1338a212cd33ad52adb05195b7.js Show response
www.gstatic.com/mysidia/ Frame E183 33 KB
14 KB 78ms
21ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/2a76cf1338a212cd33ad52adb05195b7.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ac22a80a1517c4b3751f554c5ea17e9906473d3fff568baa668e37588ba753d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 22:59:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 431509
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14183
x-xss-protection: 0
last-modified: Thu, 06 Jul 2023 22:47:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 04 Oct 2023 22:59:35 GMT

GET
H2 200 container.html Show response
2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C278 6 KB
3 KB 23ms
22ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 22:51:24 GMT
expires: Wed, 10 Jul 2024 22:51:24 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame AA0E 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 22:51:24 GMT
expires: Wed, 10 Jul 2024 22:51:24 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 09D2 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 22:51:24 GMT
expires: Wed, 10 Jul 2024 22:51:24 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 63EC 6 KB
3 KB 22ms
21ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 22:51:24 GMT
expires: Wed, 10 Jul 2024 22:51:24 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame C278 8 KB
823 B 31ms
30ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 21:52:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 11 Jul 2023 22:51:24 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/ Frame C278 15 KB
3 KB 22ms
21ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.css

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d4095ea226f3f80d6d4fc62e3737dd5107fd9d4aa4a443cac11378b102f64b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 18:51:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 359975
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2883
x-xss-protection: 0
last-modified: Wed, 17 May 2023 00:43:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jul 2024 18:51:49 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/ Frame C278 371 KB
127 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

464be521d749b2ba1c7e8c1f87223b56a03ee0bd05484baa0e9067ce9eb9d2be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 10:39:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 475938
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 130330
x-xss-protection: 0
last-modified: Wed, 17 May 2023 00:43:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 05 Jul 2024 10:39:06 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/ Frame C278 20 KB
8 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 19:59:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10330
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 19:59:14 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame C278 24 KB
7 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 557313
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 04 Jul 2024 12:02:51 GMT

GET
H2 200 creative_add_on.js Show response
cti.w55c.net/ct/ Frame AA0E 5 KB
3 KB 103ms
26ms Script
application/javascript 2600:9000:20c3:bc00:3:4706:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cti.w55c.net/ct/creative_add_on.js?w=300&h=250&zindex=0&ci=Xmwo1n97Q8&ei=GOOGLE&ob=0&ai=0DaDXCcU00&epid=R0wxNTIyMg&fiu=WG1FS1o4a2t0eA&s=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941&ciu=XROhqscfgR&btid=NzgwNDMyM0MxNUI2QTE1ODMzQThGODk0MTNEQTVEODV8R0ZRekJIMWJQSXwxNjg5MTE1ODg0NTAyfDF8WG1FS1o4a2t0eHxYUk9ocXNjZmdSfDE4NzI2NjI2NjVfRVh8NDcwNzJ8fHx8LjBQfFVTRA&c=DE&dt=2dt0005&sd=nefisyemektarifleri.com&cip=1&hmt=1&uidu=CAESEP_S1bUwbHSjSXduWYp6k4U&spidu=GOOGLE&pidu=15222&hmpvu=f9fc04c2-dc68-4a61-99f9-abca77ee38c5&hmtsu=3&odtu=2&mtfu=1&crdmu=300x250&cridu=XROhqscfgR&

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:bc00:3:4706:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e8090651b52c256938df2fb0582f24521fe0476939aab81d01b7f31a7ac75beb

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: 0IYa12QvFdrNK.CC2JhaeEJAYjkhUjCe
content-encoding: gzip
via: 1.1 c4c822c878c22be90d0bb70ab49a395a.cloudfront.net (CloudFront)
date: Mon, 10 Jul 2023 05:08:35 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-amz-cf-pop: MUC50-C1
age: 150169
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 17 Sep 2021 21:17:39 GMT
server: AmazonS3
etag: W/"a6c8a5bdec77729759b220b95bf503f9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: must-revalidate
x-amz-cf-id: cpS91vFXwc3vxmE3Yz8MynpmOB200mh8co2fzpaogZ00rYDKCbbgoA==

GET
H2 200 XassetCEYbEcSW.png
ads.w55c.net/t/d/ Frame AA0E 64 KB
64 KB 104ms
30ms Image
image/png 2600:9000:26da:1800:1b:f040:3600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.w55c.net/t/d/XassetCEYbEcSW.png?at=0&rtbhost=conf01-europe-west1.rtb.roku.com&btid=NzgwNDMyM0MxNUI2QTE1ODMzQThGODk0MTNEQTVEODV8R0ZRekJIMWJQSXwxNjg5MTE1ODg0NTAyfDF8WG1FS1o4a2t0eHxYUk9ocXNjZmdSfDE4NzI2NjI2NjVfRVh8NDcwNzJ8fHx8LjBQfFVTRA&ei=GOOGLE&ac=WFM2YVdYQTl2bjpYU2YwU29uZW43fDB8MHxFVVI7&js=0&ob=0&ccw=SUFCMjQjMS4w&ci=Xmwo1n97Q8&psid=NTkzOTA4MTEyNTc&s=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941&ts=1689115884505&c=DE&r=G-BE&epid=R0wxNTIyMg&mi=d2Vi&wp_exchange=NWP
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26da:1800:1b:f040:3600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7cc53b9adf139d3c48666f76e1d316281c5e9065f7eeaa3fb329057c397f83e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: pTSK_3aD6MH1NhuW2vrruciFx4wLs9g_
date: Tue, 11 Jul 2023 08:19:08 GMT
via: 1.1 42dac3d09c367576dbfe5b6113ecddce.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P4
age: 53933
x-amz-server-side-encryption: AES256
x-amz-meta-width: 300
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-meta-filesize: 65085
x-amz-meta-height: 250
content-length: 65085
last-modified: Wed, 03 May 2023 17:26:36 GMT
server: AmazonS3
etag: "38988cf71c0e9e66d0bb0693f05250c3"
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: -SySJJeVBf9h67Jxb5OCfDf2KzXvfEMm2qBYmllo0tApOZEX0iAG2w==

GET
H/1.1 200
OK pixel.php
t.hspvst.com/ Frame AA0E 95 B
922 B 194ms
47ms Image
image/png 154.58.197.185
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.hspvst.com/pixel.php?id=2677&t=P&cb=8158759786028598
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 154.58.197.185 , Indonesia, ASN174 (COGENT-174, US),
Reverse DNS: staticip-hv4m185.hispavista.com
Software: Apache / PHP/5.4.45-1~dotdeb+7.1
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 11 Jul 2023 22:51:24 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-1~dotdeb+7.1
Transfer-Encoding: chunked
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Content-Type: image/png
Cache-Control: max-age=315360000
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Keep-Alive: timeout=3, max=1000
Expires: Fri, 08 Jul 2033 22:51:24 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/ Frame AA0E 3 KB
1 KB 26ms
24ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/window_focus_fy2021.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 19:59:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10330
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 19:59:14 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/ Frame AA0E 20 KB
8 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 19:59:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10330
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 19:59:14 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame AA0E 0
0 80ms
27ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTkx9YH_e8Xb6wiOdBBaTewc1Xaf1yaAePgjPc5ORipY6S7FoSczDt4l9NxYqdnafLWrqweqVLL3kzA_ne8ozyfAOBKaA
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame AA0E 24 KB
6 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 557313
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 04 Jul 2024 12:02:51 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AA0E 179 KB
56 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79cbf9d3dc9d8df1616dd585c95022e1104e8b2700974ba07a9c1a26187bf3e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57331
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1688990556196721"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Jul 2023 22:51:24 GMT

GET
H2 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/ Frame 09D2 34 KB
13 KB 34ms
34ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7f3232e16c5af1b4d3192ed6be46c39b4902ecef8717b7a1dc69da6b8fe34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 18:04:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17233
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13672
x-xss-protection: 0
server: cafe
etag: 2805512053162071780
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 18:04:11 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 09D2 24 KB
6 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 557313
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 04 Jul 2024 12:02:51 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 09D2 179 KB
56 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79cbf9d3dc9d8df1616dd585c95022e1104e8b2700974ba07a9c1a26187bf3e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57331
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1688990556196721"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Jul 2023 22:51:24 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230710/r20110914/ Frame 09D2 23 KB
9 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230710/r20110914/abg_lite_fy2021.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 19:59:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10330
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9104
x-xss-protection: 0
server: cafe
etag: 12939045362079141464
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 19:59:14 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/ Frame 09D2 3 KB
1 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/window_focus_fy2021.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 19:59:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10330
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 19:59:14 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/ Frame 09D2 20 KB
8 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 19:59:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10330
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 19:59:14 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 09D2 0
0 28ms
27ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTYLFDoinObxzJVrkJl4JgxrngTS3bmDsiQg1uRPPOUh3NSmmTgBLLahEJjWPGmuOxOg5GYkxG_IL2yL9IDZ6Vu0mZMIQ
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 container.html Show response
2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D5D0 6 KB
3 KB 23ms
22ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 22:51:24 GMT
expires: Wed, 10 Jul 2024 22:51:24 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 51D9 624 B
242 B 35ms
34ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQt9LfAhjFzOfbATAB&v=APEucNUt-QpygHiaz4OZ-f-2k7fVqARrtJWGkw3sE1Z4g8rV44e2BqTkT0iZyxUImRryeo_GgnN0qriWbJA0FfU9OF6B5wCzqkI5gie_ayqaQIiiYAJUmVj-P_jShAii0hQMkZw3QSYsnBH4EdvSIlOFHdAuHLXMbAcn_2ueJ1yHF6MOHOfij2A

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 22:51:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 63EC 85 KB
29 KB 93ms
92ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b5c05892bdce212e19d0503253b600faaeedca47fa2db97964d412c8c11934e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29781
x-xss-protection: 0
server: cafe
etag: 4315658989838864570
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 11 Jul 2023 22:51:24 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 63EC 42 B
63 B 56ms
55ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ArCksUU6-8SB1uoSNFwYORI4YhfMvJDpFws_rfVf7_vGgnPaKx_lych6KpjhP7aR94zENjrc3HbNxmvKyHLI8xkIUIYOY0Xod20Ax0PvUvejuWUsY

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 63EC 0
20 B 56ms
55ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1892159041868644298&x=1&ct=76

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/ Frame 63EC 3 KB
1 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/window_focus_fy2021.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 19:59:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10330
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 19:59:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/ Frame 63EC 20 KB
8 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 19:59:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10330
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 19:59:14 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 63EC 0
0 41ms
28ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSGK0y0qbIwdgnffGqm9Ev9KGxOxSeFlAG2odMpwYP92ecyK8Ptvsq5N4aYKt6zp17tVO5B2CAqJWsntfDh3LoBRZtJbQ
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 63EC 179 KB
56 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79cbf9d3dc9d8df1616dd585c95022e1104e8b2700974ba07a9c1a26187bf3e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57331
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1688990556196721"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Jul 2023 22:51:24 GMT

GET
DATA 200
OK truncated
/ Frame E183 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2c0b4cb7dced20c65ea2309b62a78e048f299549d8084e4eeadad4efdf1766a9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 276C 6 KB
3 KB 21ms
21ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 22:51:24 GMT
expires: Wed, 10 Jul 2024 22:51:24 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 51D9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJPOXT_2uhEdk3sIUx4g9Us&google_cver=1

43 B
766 B

21ms
21ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJPOXT_2uhEdk3sIUx4g9Us&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQt9LfAhjFzOfbATAB&v=APEucNUt-QpygHiaz4OZ-f-2k7fVqARrtJWGkw3sE1Z4g8rV44e2BqTkT0iZyxUImRryeo_GgnN0qriWbJA0FfU9OF6B5wCzqkI5gie_ayqaQIiiYAJUmVj-P_jShAii0hQMkZw3QSYsnBH4EdvSIlOFHdAuHLXMbAcn_2ueJ1yHF6MOHOfij2A
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jul 2023 22:51:25 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:24 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJPOXT_2uhEdk3sIUx4g9Us&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 51D9
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZK3c7JItjehVWzs..FW3SAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJPOXT_2uhEdk3sIUx4g9Us&google_cver=1&google_hm=2

43 B
766 B

28ms
28ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJPOXT_2uhEdk3sIUx4g9Us&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQt9LfAhjFzOfbATAB&v=APEucNUt-QpygHiaz4OZ-f-2k7fVqARrtJWGkw3sE1Z4g8rV44e2BqTkT0iZyxUImRryeo_GgnN0qriWbJA0FfU9OF6B5wCzqkI5gie_ayqaQIiiYAJUmVj-P_jShAii0hQMkZw3QSYsnBH4EdvSIlOFHdAuHLXMbAcn_2ueJ1yHF6MOHOfij2A
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jul 2023 22:51:25 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=495
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJPOXT_2uhEdk3sIUx4g9Us&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 51D9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEN1_Ha_Sz1iFHuWeOKfGaU8&google_cver=1

43 B
840 B

29ms
29ms

Image
image/gif

185.89.210.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEN1_Ha_Sz1iFHuWeOKfGaU8&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQt9LfAhjFzOfbATAB&v=APEucNUt-QpygHiaz4OZ-f-2k7fVqARrtJWGkw3sE1Z4g8rV44e2BqTkT0iZyxUImRryeo_GgnN0qriWbJA0FfU9OF6B5wCzqkI5gie_ayqaQIiiYAJUmVj-P_jShAii0hQMkZw3QSYsnBH4EdvSIlOFHdAuHLXMbAcn_2ueJ1yHF6MOHOfij2A

Protocol

Server

185.89.210.90 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
an-x-request-uuid: 5678c6d2-09d8-458b-8d5e-8713830b9754
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.183; 84.19.175.183; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:24 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEN1_Ha_Sz1iFHuWeOKfGaU8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 51D9
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDk0MjM1OTA0NDEzMDE5MjMwOQ%3D%3D

170 B
188 B

31ms
31ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDk0MjM1OTA0NDEzMDE5MjMwOQ%3D%3D

Requested by

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
an-x-request-uuid: 944e4004-bc6e-48f3-aff0-2d30a6e03db0
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDk0MjM1OTA0NDEzMDE5MjMwOQ%3D%3D
x-proxy-origin: 84.19.175.183; 84.19.175.183; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/ Frame D5D0 34 KB
13 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7f3232e16c5af1b4d3192ed6be46c39b4902ecef8717b7a1dc69da6b8fe34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 18:04:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17233
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13672
x-xss-protection: 0
server: cafe
etag: 2805512053162071780
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 18:04:11 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame D5D0 24 KB
6 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 557313
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 04 Jul 2024 12:02:51 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D5D0 179 KB
56 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79cbf9d3dc9d8df1616dd585c95022e1104e8b2700974ba07a9c1a26187bf3e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57331
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1688990556196721"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Jul 2023 22:51:24 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230710/r20110914/ Frame D5D0 23 KB
9 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230710/r20110914/abg_lite_fy2021.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 19:59:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10331
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9104
x-xss-protection: 0
server: cafe
etag: 12939045362079141464
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 19:59:14 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/ Frame D5D0 3 KB
1 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/window_focus_fy2021.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 19:59:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10331
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 19:59:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/ Frame D5D0 20 KB
8 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 19:59:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10330
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 19:59:14 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame C278 0
234 B 88ms
27ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~ljyvzi24&c=7596939883806&slotId=3798469941903&qqid=CNyVi4Lfh4ADFdSh_QcdgVECqQ&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C44752538%2C75259414%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:24 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C278 15 KB
16 KB 75ms
21ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 08 Jul 2023 17:04:15 GMT
x-content-type-options: nosniff
age: 280029
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Jul 2024 17:04:15 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C278 15 KB
15 KB 79ms
27ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 08 Jul 2023 03:30:27 GMT
x-content-type-options: nosniff
age: 328857
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Jul 2024 03:30:27 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C278 0
20 B 57ms
56ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CqRU-7NytZNzvCtTD9u8PgaOJyAr-0_evXM7PvdjqAsCNtwEQASAAYJWCgICgB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEF4AIAqAMByAMCqgTWAk_Q1upzr7cU4tfawJZTh9iRXSzNUV6NnERZduYV95IGYOSrBYptNs-LclMnnYYSO0vlMMCe2wmy2ucyc4RGvI4KsuV7QSh9TNOricHob3uagKCHi8vgmj9-PhyI3UuBCjhJmU4ijBTqIjUM-E9SMgUWPpGAFcRbuEbvXGi1_IQ_d0JsRxkzx5y04AfwRe2UeOhBt0-zQ1g5jyaKTZrciILuWUKUe8sUEAmJbLcMccS70fHIaAqhQ5XSf7XAx-Qh2jl1fntGDm0w1qCy-ezH3WmSQGFCuNg6G72BIZ31JJgzIJIFZhE2wAjlBxgPV-nYdbJz20tFFUizYDwD5hFtj3apN-zPJ4rYOPwgGqrAh_ouNVkAJlmNLq91CxaYlgoxREgCprkPAcsMDqoe08AOhBTwgpl5M229pjzrS5VST8iFJ_FWYV4CZ8enZfEcPvUSLPAwYPaocuAEAYAGibfA_vS0426gBiqoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTYxNDU3NjA5ODQyODMxMzP6CwIIAYAMAdAVAYAXAQ&eventType=clickstring&clientTime=1689115884884&ai=CqRU-7NytZNzvCtTD9u8PgaOJyAr-0_evXM7PvdjqAsCNtwEQASAAYJWCgICgB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEF4AIAqAMByAMCqgTWAk_Q1upzr7cU4tfawJZTh9iRXSzNUV6NnERZduYV95IGYOSrBYptNs-LclMnnYYSO0vlMMCe2wmy2ucyc4RGvI4KsuV7QSh9TNOricHob3uagKCHi8vgmj9-PhyI3UuBCjhJmU4ijBTqIjUM-E9SMgUWPpGAFcRbuEbvXGi1_IQ_d0JsRxkzx5y04AfwRe2UeOhBt0-zQ1g5jyaKTZrciILuWUKUe8sUEAmJbLcMccS70fHIaAqhQ5XSf7XAx-Qh2jl1fntGDm0w1qCy-ezH3WmSQGFCuNg6G72BIZ31JJgzIJIFZhE2wAjlBxgPV-nYdbJz20tFFUizYDwD5hFtj3apN-zPJ4rYOPwgGqrAh_ouNVkAJlmNLq91CxaYlgoxREgCprkPAcsMDqoe08AOhBTwgpl5M229pjzrS5VST8iFJ_FWYV4CZ8enZfEcPvUSLPAwYPaocuAEAYAGibfA_vS0426gBiqoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTYxNDU3NjA5ODQyODMxMzP6CwIIAYAMAdAVAYAXAQ

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame C278 0
54 B 75ms
28ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~ljyvzi39&c=7596939883806&slotId=3798469941903&qqid=CNyVi4Lfh4ADFdSh_QcdgVECqQ&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.m5&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:24 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame C278 31 KB
17 KB 148ms
65ms XHR
text/xml 142.250.13.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-DSGI4aIcT3DyE7mdZc2RNnTWpcXbchQwxR6guFD0C9zcu-gEtL84zkAOqgZ5svAQJlN4lbnSj-73_LRVeF3MC5fdsQww&cry=1&dbm_d=AKAmf-CewuN_w2tWWIFucIo4uu0XVf0z2nu9spDRkY_sJwGU2mSHpuSYWcFrpXljkm0CWM7bA7lVz8AWRA-7a1zteEG9BtzrNSzcDGYuNLJMznJtg3-7HgdF8rzX1xzkfqv3qeHYKKfEr7BbcUSyU9GDdszucdnRDI1tRc-863Czoj7lUtEAReYRIdGNNX1LklTe93xDSnYNgQ8Vu3Jc8walMBUfK3X18Dvwn9303qw3mDKgLQb1CMQNcoYTlsT_0HtTr1tywGwg6UjkyjqeNB6skrZ-AMnUZy-NjyY8zgiDcYaCbfaMZv49MRauKM52K8GOJBDBl9UZySCYDLTi5IYvWjLdAVHEvFIamWVy9e37reRIfpHjPSihf52QdRZmBgiAHWGo6Q3VC7FAUFxTHC4FjoSESMxKuciuIm-YqXCn4qmUxhVQ-5ccPfBQw3ho1aSVG1eOuswxi4zezymF6X8deI0CpsNlCIE3IpMuf3QaBwG1s1VdlrGukD9lCmJBr8oYK2RYACMxvHsgSB-0ERHQHKerpAb7V1ETFI0l5gIMIpn6_LqCd_QQBQKVBvkVr3k3EjQjrf7NQWIOnbMWYsPROTkKgh_mlX0TMsN8WSB6lbcJPo7wGbLg102ry3o9kT_BJkv7zDLoUCflfb2PJB_2AjLMKyLjgr-Rmz9JpZC4suh-e8IV0m6xKXaGm1O8fJ_79gWMDWq80Llbr8aQeOhAS7Ntzr4RFjl5kIGt5zSaIqB3bx37Fi695W1HLHC6z7vHYzSEKEF8SMa8D6oMhPrC0GCDsMcEoNjEHSRwFto4j3e4pD09Ev6EXTwVVv_HZKn2MX_7fVzy9PAgj7HZHATSHQ6V5ZepYW9VCba1uuMKPFulfkSgdqyN2dvB3gjRl-ahM6Nnya72pPJBzP7VtsIbVo3t8NOT5uRi_2e2nLUIDmMfVy-B8rmQPinHUnF-UWf31A_z3OaOAyVHZRlQsR9zkjyFzr2bA4nOcOqjyZYWZ61L_wHB-q9vODo14lg3fy6KFzLTXnGQvH6YQaMMDPbd7U4b1qV-MV56y9NgiJv3tLxzIQvCtopFINbgEe5uyPRwMo4tFzIej6sq3COPKfUxJsb_fjZDn5dqSOJiAKt04ml0TBCPtVXEHJ6qUeU_GLz59IxgYw8SBebSvXbL3wolsoY_BUUc8kElZrPXSOjcW87Vwol2DrZghJoqOaIMmREayzZNjeK57vYqLTAUkZV-xADFW8PN1KLdYRnT7FHAovnvTIvPK2KilSeL6z3uZ_U3SrKxt6y6YRUhnZuoLbeP8NMxqifLhdbiSGm7yZFnuXCp-tHzaIx9puytOTrNQH0H62O_WRW-cAasQeVWgxtZ71b1XDURzDqU2v-LcpXK0TD1k5tatM4lU6jjzdA1Swu7vscVZ2fVxE9oMEHX9PaGYNN7uVy_9ut4nAAplRx68f2qaCqzVp2VV_jDgoesDeOXB7D-x_wPZosO7ajoP0oSbOsskP4vKdSad7ZukuAxYSyB-7pdXDXoMbyW1YHLYriuXA-5ap7fii1X4XZChwD6hcnxmR2w8ymx06D5OkwylsfqbWrvRJguVcKS3RXP-2auAxvTOuKW8tGPJ__c60iCy47FPYoNPuyGRW21wrSz1OvDZpqZ01HilhhEyQPES5iSpzE95e-W2du74oj1eTw86m1CEfRsKdHzBLhRbxCPCrxPygQNpVZKJwBU8Jfw6Ih28pq8KhYk-Ulsvob2eYdbRic679FcIYQQYFkOc9FdkBCSE3UKNlcA9GDUGelwYWfLRrgY7no-v2K20-vwIfm7V6Gzj5pfjPVLqLBC7LdXbScKWLgk9627147M1FzUmvr1-43IV6V84t6RvORLStpnbNWyaxRgObxYvmxhHcG-5lyTCBHXYO7GDB9VjsA7bOfkwF-GlnC6dkWrSwoD_s-Da97fRe5iwFBzHM4jxszkz7GuD1yaxvK3a9YuB-il8hlz0UxKnKBf2BRqWSSmQhyr1hM9jzK7v6VXf4IbDDa1l6vbgJD-aeTTWa9FgY79Bmy06cCYA08Zi_usclEqxB27VMMYKVPmIk1f3_QzdE6xWQ83i8ZK_eE3PtCFavl468irH7NcP8mko5pj3wqgO4uEXFt4gbrceX5KRTez5cmy9n_m0WmYkTbHW-QKEXiQ2qXjNMIZynqTMUy8JN8cV3F_sd_6relACNluenY4O41r5MJ5_bDkl5UJT-cjM8Ww-RSR6azqAM_8HKUUCy9_TgP9vOxGBv3KKL6GDf_QHBl2TgaxerMfNr-MOvqZiCWPq0ItsdoNIOc9tZaNCBxenX1z1rbP-Oyh_sWznzUhfjD6P3g_a3qcVdY5nyefa7AYArbcqLlhyQDJdsZawVtlvPO9iPktn2XbMxGDtb-EsfhPJ3_XfU8G7rNOEm6QZaxvYmEIYuG6eOzRmhMXtJGS4frMDc4S48ZhHf177R1qHk2PZppzWK4jX-iHC9nOA_Ibo_evRvO3czFAHBpUAAt65Yc2Tck7brLHkp9WBiWdw2gfNmLvfugVlgSGWFfGWfHvzyqi13PzU1Y_-fvv4wjaWlAPT2ZnYc_sfdDXuzkxYPyLIYKOin4YxE1_NUr2f39oZgUo5Q5EisWfT2N6xRFJPoIbLK9o923Vqe2CkkkUAdDMPcQ3GN4OKq0hEQ-PcOJl9G3EMK4lGVtszRts5bYSN8T-7gBEp7vxUdtIFfpZ7ud5BeRySuRZZX89PeBTbHYk3AgSokFOMS4FiterH7-kZBaj4o5008_o5mVoODPEeRnQSrEaIKEIuaasb6ibd9wT7lFAC73MrfVTW8ITSIgs4r5HQU3W-rI84NijAGTbjRCe3XibuiDaBoPRZeQcT6pOp8XKlOxMzZlM_aaGpZWpl3rhFccGeVI41IYnzlpqFugEPsWifc2FP10ZmJUO7Yh1GYhkwYj_sTojEyxoCWxP_Lnf-hRXZkYxHCtGDPE0xgOZEf_onZ3_Rdn5CKx9BBFs04Z2KZ1fqASdhUv9obkL8ky1e6SyXlxngII7yL9SjKiptj7biLu-Ij5iAwQfi8bBgsLk98R28-UFFlzVzN9ICne4XE-hfmr3OzRYMT6A_h2deplN2LsonjBW3-q4mxS7puVR5CKT-gkI52ZAJTTBMfhJNOZ1rcujjWJUynlYvBR-5nWoAiGAIrobIeP0KoMA3mqMCUBT0-uKd7JQbOcC8eHm4GtIMH5E3kfHFQker5hKuLwN66S0WU9V0P9gxu-ZCsvt2B-cN5Nb7QnAR-ifgu2TmYfxKkoAQS2pvlR7P2vvN7OXZt2IUrIF92ijNWKT9wHTSStXJLiqs9xeQj3TRXNU1_XS8SBZGbKTSQ7IlR9BUhmVq0NsXAUOr4ppy80LCGCC-rnP9MdPBvwkVuhjbnQ83GTia71NcupAx0sG9WRpwYA_8w3RtYQUvv6sIxGk6vAbKpMTbXlSA74dhm3XHTKw_3Px-U5OWwAMAv0UGSkY1WzJ3R6bQXIjSqU0fxwJ_ys9HQOt7GDUXC8bZ9Ecu12ntFi8nSp3vkK0ZlDuYHR3Uv6NE2qZGCRQl0v-OEYgyPyXTKijjd0oDnz4-jzrox4IbtQ-arheVZU8lks8TrXgsdGPf9vcTA8bT6M7yRp2HN2rQj0o95YcZumMDPBD_5lT6KXlY-1Pow&cid=CAQSGwBpAlJWdsuQLMvGC8z8o8JOBoBKVjD7HLf2xBgB&pr=8%3AF49C3BBC4F2F695B&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.13.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

we-in-f154.1e100.net

Software

cafe /

Resource Hash

f6da869b814fa204f7109593d8e47387126a282befa031432539fbae24e81cd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16857
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame E183 20 KB
20 KB 71ms
44ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 08 Jul 2023 16:40:42 GMT
x-content-type-options: nosniff
age: 281442
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20784
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:21:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Jul 2024 16:40:42 GMT

GET
H2 200 15629682945020113348
s0.2mdn.net/simgad/ Frame 09D2 73 KB
73 KB 90ms
25ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15629682945020113348

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

01809882be6214883d2ace81489261074e4f535c00b81fef0a8e740a62bbdc21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 14:55:15 GMT
x-content-type-options: nosniff
age: 28569
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74838
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 09:33:22 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 10 Jul 2024 14:55:15 GMT

GET
H2 200 2508361087320220711
s0.2mdn.net/simgad/ Frame 09D2 15 KB
16 KB 84ms
20ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/2508361087320220711

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3da90bde27fee4f5ade69c8712a93955fa6f00fe97577a7f26a0496b9d51b121

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 14:55:15 GMT
x-content-type-options: nosniff
age: 28569
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15797
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 09:33:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 10 Jul 2024 14:55:15 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C278 0
0 59ms
59ms Fetch
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=ChgwT7NytZNzvCtTD9u8PgaOJyAr-0_evXM7PvdjqAsCNtwEQASAAYJWCgICgB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEF4AIAqAMBqgTTAk_Q1upzr7cU4tfawJZTh9iRXSzNUV6NnERZduYV95IGYOSrBYptNs-LclMnnYYSO0vlMMCe2wmy2ucyc4RGvI4KsuV7QSh9TNOricHob3uagKCHi8vgmj9-PhyI3UuBCjhJmU4ijBTqIjUM-E9SMgUWPpGAFcRbuEbvXGi1_IQ_d0JsRxkzx5y04AfwRe2UeOhBt0-zQ1g5jyaKTZrciILuWUKUe8sUEAmJbLcMccS70fHIaAqhQ5XSf7XAx-Qh2jl1fntGDm0w1qCy-ezH3WmSQGFCuNg6G72BIZ31JJgzIJIFZhE2wAjlBxgPV-nYdbJz20tFFUizYDwD5hFtj3apN-zPJ4rYOPwgGqrAh_ouNVkAJlmNLq91CxaYlgoxREgCprkPAcsMDqoe08AOxhbQEEzi2FkWTX9Wn4vrs3-5D_h4ef6pq9kek08CEu3FkwMEy-AEAYAGibfA_vS0426gBiqoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTYxNDU3NjA5ODQyODMxMzOACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNzk4MzY1MTI1NzgzODI4MhjqwW0&sigh=aQg3zfNdNms&uach_m=[UACH]&cid=CAQSLQBpAlJW9a-_N3gFuYcQWzm7lILKjR3nadDWvUIDItWRv03V7Ce_qnAFXYx60RgB&vt=10
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame BDBE 624 B
242 B 38ms
36ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbIhtYEEM2TpN8EGPjkxe8BMAE&v=APEucNW0mhUJ4LlfMtwmf-p63pxMsTBl1JIKQ4unzFa-OgeNHi6DwSSvSk-D5EbaD8QrUVmxP2LZeEuarUXgzt0_jW8JpWSzsgkerCRxWnCphHYZzgjMBtwrAecUe6Tr3NF0HB5m2B7dJF-kkBxalh6O253KUoNpfVc4jz5lq9Zw80lIHo44X7I

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 22:51:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 276C 85 KB
29 KB 67ms
66ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b5c05892bdce212e19d0503253b600faaeedca47fa2db97964d412c8c11934e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29781
x-xss-protection: 0
server: cafe
etag: 4315658989838864570
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 11 Jul 2023 22:51:24 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 276C 42 B
63 B 57ms
55ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D4VYZVcQ3MuOf_6SKTta2YTwHCXvv6Uo6gO6uhXHGL0tnzIRPWCEuD_zgCJcHKn-W2aCMGRyDEUkYdmfMjnwWzc9xZSI0_lCyypthB_8dIJnbHkP0

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 276C 0
20 B 57ms
56ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=2536823769720020102&x=1&ct=76

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/ Frame 276C 3 KB
1 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/window_focus_fy2021.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 19:59:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10330
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 19:59:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/ Frame 276C 20 KB
8 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230710/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 19:59:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10330
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 19:59:14 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 276C 0
0 30ms
28ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQpqvTucUOexgvZRkbCkQjdDnsPvMG4wvDktcSEgze0KQB6e-dm2yr4ZJ-VFK1g0XCFtfwqhZaVx7k8lD9z5-b_yoCkaA
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 276C 179 KB
56 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79cbf9d3dc9d8df1616dd585c95022e1104e8b2700974ba07a9c1a26187bf3e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57331
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1688990556196721"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Jul 2023 22:51:24 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 63EC 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2753371522020&version=m202306200101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 63EC 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2753371522020&version=m202306200101&ct=76&x=1&cor=1892159041868644400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 63EC 98 KB
39 KB 71ms
70ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DbeE3W2OiLHGXeWMeUuo57_GWcGIs-hUmjAVJDexOahovZD_F1u8FhLN_cXX_lm4Byfur3otZsho-45xJHEzk3VAIbyytOeF9kAsKiBpqrZWQ6x08&cry=1&dbm_d=AKAmf-D6GACynMarnSPqdmyww_UtWj2FKcbLVYhEJ-wY98YT2Ha_Clrm-67dJO-xqQdgNuAh0346ZH0bwNUgOdMBMGi_ii7SXXfbj8yIvBKaBVJBuwX-87r2K4gkoa6oMLgAtoC4f0EiMPCkk-bE-a28ePjU0FBjpmlMzEUDpdwuYmQO_fmIQkJ8Um6uOFSWjGVDKVPeulMDZ-XbFpHJKOlOGogeRa1C821HDJuBYqgc1xVdUUQFuAIzCcaKJCLKcgNrVkhETWkYC_pQ8aZqG0uk_01gxefWOIOHFP2SPr4KkU38iDX5KPPibSyIu05GVOGfWzTHy83ab_r7eoEOV4mF65WnkRv4ZF2tDmJvdK0NQwfOrT-syHCHls2oe9OLvF-6EW5sLGjgZzMa_XBPK5e61hLPgQoerSu_D2ggTXiyS8TAfO2PqCEj9sgGICd40at6cJL9ahai-kTkfZpZl8wTWl7MFW0tAdzh4SDY3RmJTEHgC_u2OMvN_gW4ziejkpGE1F_oEy-vr0hkNl48_i02RQuuN3DXZTP-SVmKShPhKOsFz64eoIaoOfl3vtGk2zvFFy7qu9HpIihzdCRtOcAUa-W5xa3FPw4A3sEouslI30LHx6nGIlaHBagxcn-f0aqcySs6LYThemUi3UJyALmrOr9DCPvajEgHE8eXoSlPPV5ybPu_rrm9ssL5bet4Z_iWB8CwuTco_pGs3aOXTJCi2QdOQC8qgLGEQEiwf3wLgRI_IE77Pa4OGp5KE6zGZJ5YXkgxLKUPd79V_V2YowzYNQNHXiH64zHmlLwrtCAC2_oW3lJKVAGKew6yp6eiTBXx_ilV6blfsTZnQ1MA48Q5v-GiQOfUGVcx6kOXcxPbl-DpSYSnlbKYxxn2uBKJq6KUB9_ve51BHHgNqcw7HYboyf6aqfmnEeRqQtOCGsdkyIvVvOi1dmqCEqXOBHrgKvPMFTXeG-hkXxCBmBYW_zFE5KDGFgG-1oaustxFf0-RZCWuX17kxAWRZRTui12BfAuPGqZHyPkT2V0Gp73YMmRJx3KHrB-1PbhocWaBVVp6nV_xKih4ff7qx8-P4thrkVFFgg5L7moVVrg658fUbpyVqi11klVvv_12eJtGN7gpdTWrSmFyZP3a5O8zHbpmmJwYMI09IuyWFFiATH9R9ksLezotqgIVEVb6_V21jB2KcCgTj8o48ZLRWBGmkST0Csu7SoKq5Izm_RTsF1kqBb_pxTblnOfCn5nnMRsGhdb9dRtat0mrkgvKAbnWH4Rg-giRk0J66JgtwbQBy6xDTf8sjq-GUKoGaJl4RJU9Z7M_Mrd46DToeypAAKiCl8FJfvJhKc8yIKqUfW8mkJV-OdxQfNVae2D07lnm4MoWZH_3ESVV_QaIQDsNzFGbyEleCh_DIA50bG_bfe-AM9iyIAXgvCor0offkHY0AC8F7y7Nf-az_Ou0PSQP65Z9KihX97fp3AGo7qa36So3PjoNRHKHWyrd-1okGI4k0kRYSoyBwtLduCbmpm4sWtSl-EFm_BOmGwY4UwHiS8kazRaWEJ7GEmtroUlkzGZFX_8VmKJJCus9dMryz19o30TKIT-VyBzAk3ra5XeVEKSoyNOj5fd-LelroyGVAhd1OQhcwP7usAcG0y8DvDY_9CsH3Z1OQY8wMlF59D7XOBuFXNPd6Vh7RpfupG4flcZZnCbwt4pqqqDWbcBS8DlxCCmcBTSCjdUDw3uUPoqy_wGENfGqL0iJitF_u2Ju2tgX5sfE-LqOWRUHI6hqLFR9SSOOvfP_0fuep-nj86bfnk-IOTH9aKh3_aFpoOsnAkONslR9rHrg1G4H5XPvz-fOl6-slBAoDzxrzbrQEXWfdedFD8gI1KsBUcw_b9SRPvJrzjDvYKgjsQecCSFAdOLuL3tp_IJaTtOivmMaOxc5O1JYxTji470WTzABv6c5YpMVtGxSqi3EV7dhfmvaIhlIIc474ZgM9qba6hs8H9l8BFl6GyGoUPSnHwNdRx0Cqmq36XINQ1HPwLGquTA4SCsETHWRSafW5DmhXm569Jq3rzLuypeGt2Y8K_9YECdxn7J-2K5CFM_yNIxRRCpSWfSD6_IRZsriZbKUY2fkNpb5b797VrVcBRk6a28CBGW75J1AbJz7y5pbSqXsGzSxi9fFfyuqsJA4uPJaZiQNzhkMpiM_zIdSj_PTtz8wYCUir5kUJbpDkR-2shrn9TUDGfGPyzZT4LGTPAshdXn9HRccU_eAA6ybue8YPpEbDJjq7QdzvDx1L7AKddJWszpBUcINWxbW9WU_ETKjucEOiLNEL-4E2LjFsvw2H9wwiRPUUMWJrggFoCI5DOlyFYo67qMGVQW_uyE2J5y2rc1m0DtAp0QjM_qUn-CVLgR-o9ErgmGAZI39n3BCqyeJvT1qXsXObU9uCdrzyhhpBrZjQ7hM0swpfFR1tsXkX61bCBprqwFXoC85Ed8alBGNOfy8rFXA5ULkYVa5A_yOOarPjmdN9SbIIA303QRNR15ke9krzXa4KzXjuJTqaUUeP-REYKhnMyoTkGW4Gvt5Z2TPI29jSS4ulJbo8tZgKAbh5ZoXv2NQ18guMbznzCdIXMDhaMow2DPAJ-5aP_UzCFkfD6e38D3OveS3TYghSjJmSED9f1adcwwi2VKlL91Bx4mW-dmcQknl0t37IbYXAO_QHL1XaAPW5sH01vxw3yCPhX3IlYUIirSEMG8JlT-CCBzCM2A28vb_CpiNRFprkZsL76dLxQP307Ic2h90k4eHDDTrWhdAud4vSSFhyTdkDjAEBh9oSeeDzA2mXhtOC8Wfn4UvwHD_LYCD6tMnl1c36IbykkkHcHFxvq4qQ1ORu24eBGqTJH97hx_fXFerIb0KM8l3GYNIedqiJzlgh0YrSPm3_ExqnVhXWWbIIS064N_1BuXoWkJO2UOUv7nj06SFaW1_wOGUVL2lLbPcfaOOmDaXZI47IgJcYHxV6a3A6IC8wvcwteKsuwhzKWS6OxXbvqBe1naknF_JuBAR_vIKH-1boEIZgmU2_aC40L2PyDrfmNnG5xeB7C9EVhPtyEgayFAOS6xQK1fg5mVBvSz7Kfq5clnJDgz_HmvzAeZ4V3-XKpvJHRGAGj2rawOy-XSL3AI-VocgFEd0i80oyfgumrPT5TsTSA4-78L8rCb6KXImUFo5CcUpd3SiLlJSPOFzxGzYZ8mlGkqY-BwZik3n5HRni7rP258osQhC4xaH-aP9swqwES5kC3PZ9pEiqp-vQpQfhyt-6GZmQ4hOItvgY4EVwS6BnknELYfO35dSAuKo6pise9Dhnc6lNLSTzd8_JC_QFSgTIktXiMJBjpWvYfXXJx6qsb8x80CKE2hS9ROjVEEsPOE0Y60JCtP9XBFH7nZPMhSfw9-mA6yTnO2DwVpJQ9o1wQOJhOXgwo1yy3dD1_3Y_dPZiuzBrZuDQFaHlil5oi7Pw7UAR-s97UQQ1R1DeLpiU0i_rNOXe-3W2UXBIXQoHAY9mLfy3p-N-1rF5RjBW0jZI7RD2pyPG2P1XaH9zU9sZCKR6VlJrB4HrfaqFDZgQh-3ibmHpBlH8xVdvYgmoGr1JBT_m6nqhXyEV-7qLoW6xveyGY0j2084I3vbHG0&cid=CAQSOwBpAlJWGRlRduoLJVDvI4dLCYM0Y0A0xIwDcjzBBK2YD1ZZ6FAmZwORfTb9VycXaVd73wiB1VrZvVq0GAE&dv3_ver=m202306200101&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=1892159041868644400&adk=3563752640&idt=94&cac=0&dtd=16

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2c2dc02f807ed24b4676773299c7934e0e1b746bb37b41a088902abecfdcb34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:24 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39518
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame C278 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4cd8527ea46e45c657ae0a65f4b2cef4e3fd6a5acd68f436a6ceaf7ad12eebed

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 64072230e4b01f2c7579523a
ng2.virgul.com/tck/imp/ Frame 82A3 0
222 B 79ms
79ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/64072230e4b01f2c7579523a?g=1&t=adsensecode&r=153183@site_geneli@nefisyemektarifleri:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&mt=1689115883758&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.nefisyemektarifleri.com
date: Tue, 11 Jul 2023 22:51:25 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 179B 1 KB
643 B 21ms
21ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 21528
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 16:52:36 GMT
etag: 48472445140208031
expires: Wed, 12 Jul 2023 16:52:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame AA0E 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 175c106d387520c55fa4e30c138847d3da86b2ab8f70f2a3168801fc48b0e5f0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BDBE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJPOXT_2uhEdk3sIUx4g9Us&google_cver=1

43 B
766 B

21ms
21ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJPOXT_2uhEdk3sIUx4g9Us&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbIhtYEEM2TpN8EGPjkxe8BMAE&v=APEucNW0mhUJ4LlfMtwmf-p63pxMsTBl1JIKQ4unzFa-OgeNHi6DwSSvSk-D5EbaD8QrUVmxP2LZeEuarUXgzt0_jW8JpWSzsgkerCRxWnCphHYZzgjMBtwrAecUe6Tr3NF0HB5m2B7dJF-kkBxalh6O253KUoNpfVc4jz5lq9Zw80lIHo44X7I
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jul 2023 22:51:25 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJPOXT_2uhEdk3sIUx4g9Us&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BDBE
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZK3c7JItjehVWzs..FW3SAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJPOXT_2uhEdk3sIUx4g9Us&google_cver=1&google_hm=2

43 B
632 B

22ms
22ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJPOXT_2uhEdk3sIUx4g9Us&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbIhtYEEM2TpN8EGPjkxe8BMAE&v=APEucNW0mhUJ4LlfMtwmf-p63pxMsTBl1JIKQ4unzFa-OgeNHi6DwSSvSk-D5EbaD8QrUVmxP2LZeEuarUXgzt0_jW8JpWSzsgkerCRxWnCphHYZzgjMBtwrAecUe6Tr3NF0HB5m2B7dJF-kkBxalh6O253KUoNpfVc4jz5lq9Zw80lIHo44X7I
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jul 2023 22:51:25 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJPOXT_2uhEdk3sIUx4g9Us&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame BDBE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEN1_Ha_Sz1iFHuWeOKfGaU8&google_cver=1

43 B
839 B

29ms
29ms

Image
image/gif

185.89.210.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEN1_Ha_Sz1iFHuWeOKfGaU8&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbIhtYEEM2TpN8EGPjkxe8BMAE&v=APEucNW0mhUJ4LlfMtwmf-p63pxMsTBl1JIKQ4unzFa-OgeNHi6DwSSvSk-D5EbaD8QrUVmxP2LZeEuarUXgzt0_jW8JpWSzsgkerCRxWnCphHYZzgjMBtwrAecUe6Tr3NF0HB5m2B7dJF-kkBxalh6O253KUoNpfVc4jz5lq9Zw80lIHo44X7I

Protocol

Server

185.89.210.90 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
an-x-request-uuid: b71ef870-2317-45ce-8491-07b94eb79831
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 84.19.175.183; 84.19.175.183; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEN1_Ha_Sz1iFHuWeOKfGaU8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BDBE
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDk0MjM1OTA0NDEzMDE5MjMwOQ%3D%3D

170 B
188 B

30ms
30ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDk0MjM1OTA0NDEzMDE5MjMwOQ%3D%3D

Requested by

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
an-x-request-uuid: 27d65df2-63f9-4a53-871f-09a88c1f430a
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDk0MjM1OTA0NDEzMDE5MjMwOQ%3D%3D
x-proxy-origin: 84.19.175.183; 84.19.175.183; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame E183 0
19 B 65ms
65ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CIH787NytZOCKDoGZywXJqpz4A8Gdrs5x4dWUuegR8qif1po5EAEg37fwaWCVgoCAoAegAfuUlcoDyAEJqQKZ6G7ZRneyPqgDAcgDywSqBIMCT9C7SC31oXGPubFplhAR-LNTixLO2f9KkRWY1F17uLroXr3Lm82jHNGxfiiBhtuMgeyrYrE2KBURPtJHvVtXQarJD66Du3iGjKcLlzJuiX6WShJsIMigE99sne5vT9hwoi6aEFqQwREb65v1cJfGUAAludBtzYEidbW3QSVsjkfzkmI9yUP-uJVHk6uKf5UmJDW0LRYM57U_BBcPWasMR1eelhlCZxLs4ELxCc-Yto1pong4YByKRazmWbWqHj-BmYd7ujjmRktgwvFYguCRUNNcGEmXEVXLR49nnCcp563-DnV8f_Wv4mY-LvPCL36SYuUXkra4s_-BrExZz-y5i65gY8AEmOjPtdEBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB7_mpoEBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgHpr4b2AcA8gcEEK7pAtIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgHICwHYEwuIFAHQFQGAFwGyFxwKGggAEhRwdWItNjU5MzUyMzIxMDAxMDE1NBgA&sigh=bh0g5lDc-cE&uach_m=[UACH]&cid=CAQSGwBpAlJW-kw_mC-yGQ0bPaks-1JyHyfIGRLQmxgB&template_id=494&cbvp=2&vis=1

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=280&slotname=6444949229&adk=4082077109&adf=3927512983&pi=t.ma~as.6444949229&w=970&fwrn=16&fwrnh=100&lmt=1689114300&rafmt=1&format=970x280&url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&fwr=0&fwrattr=true&rw=970&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689115884002&bpp=2&bdt=731&idt=187&shv=r20230710&mjsv=m202306290101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=3311523031480&frm=22&ife=1&pv=1&ga_vid=1596421245.1689115884&ga_sid=1689115884&ga_hid=71987472&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=1843544316&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C31075758%2C31075881%2C44788442%2C21065724&oid=2&pvsid=413980555089297&tmod=845280809&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=2.1oxg8e5xb3ne&fsb=1&xpc=Ioj73wlDL6&p=https%3A//www.nefisyemektarifleri.com&dtd=193
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 11 Jul 2023 22:51:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B492 143 B
166 B 22ms
21ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2379
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 22:11:46 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame BFAB 1 KB
643 B 22ms
21ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 21529
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 16:52:36 GMT
etag: 48472445140208031
expires: Wed, 12 Jul 2023 16:52:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 15629682945020113348
s0.2mdn.net/simgad/ Frame D5D0 73 KB
73 KB 21ms
20ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15629682945020113348

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

01809882be6214883d2ace81489261074e4f535c00b81fef0a8e740a62bbdc21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 14:55:15 GMT
x-content-type-options: nosniff
age: 28570
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74838
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 09:33:22 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 10 Jul 2024 14:55:15 GMT

GET
H2 200 2508361087320220711
s0.2mdn.net/simgad/ Frame D5D0 15 KB
15 KB 23ms
23ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/2508361087320220711

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3da90bde27fee4f5ade69c8712a93955fa6f00fe97577a7f26a0496b9d51b121

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 14:55:15 GMT
x-content-type-options: nosniff
age: 28570
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15797
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 09:33:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 10 Jul 2024 14:55:15 GMT

GET
DATA 200
OK truncated
/ Frame 09D2 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 53fe8422ed4742589fa5494ec2615bc58525c89a62a54755f77778dd8661630f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js Show response
pagead2.googlesyndication.com/bg/ Frame 1F74 37 KB
14 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26ec4365620d6bba2d1f06a2b02ab2312abb8b043209f1eafcb8673525346f65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 11:40:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 126649
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14572
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 09 Jul 2024 11:40:36 GMT

GET
H3 200 ad
googleads.g.doubleclick.net/dbm/ Frame 09D2 42 B
63 B 46ms
45ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C8vWUC-Bt-Hw_UI_exFXQmsoYF0dIjEf-jv06joaEniL5rmmm3Pq-aHnQQbJWgmJ4nxdaQugsEQoLEsY-TrTjyr5iqLmnYuB9gYS_icZxBgdLRedCIxev2uoWaihTPt0qVYqSNn66ylizQ6OBZhdr5xKNdHw&dbm_d=AKAmf-AGc2ByF-jnwUZw_oIBH0Gp8arY83so9wdUBjykTUn5UtKQERMZXOBaRmnoEsnCayilM2_inxbE4pjwnBH4RYO1JGgnYXZ5zYx5R4e1XZomk17C-kyK57mJt3T56uWzsWCv4eyM4jDEj3DyRgBhetH2WeO4fbpGbFTDF-PwDQ_rGSkFbRJXjNcV7lon3Y4x-79grvlc7u4fSiLrgqWqWJa_Xqo-Ekp8LP1G_S7RQwgH-NQGJ6XlM2ZIgRP1aOfN5NavLLUIL3IWSoYKn_mliwlnSpb-OkLT9wHf5YBpHT2SlpVxR2WisLl8G6QagBDZt-QgXLbB-OZjIFfOJ5Hwyrf05PXKTIcedoDLh0R43wtW57mMJk534SoeMKbkEeVvO7segPmByXF6kr9LN9b_3-fm_JwkTPaaZLkuEKW8zSVUO1V-A6LQZs3sHsMQiBsn2Y4OmDObe6uaTmKgteyMXeSd0Uz67T0UJiNcZL1ofQ0pbpzn8pwReSYlms9wUFwXTSOoaSC-kdWLfDXC9ffUnsfSj-Ff8VrEgOid_QtTiQGCWvGAklvKMGsVleHulw9kfDm4nSbJY5QSR2T1ieE4XFyFv5Oo0MwHkgUjbxayNPC-lk5JJMB6Y95bVLJmSpFu0t1qy5P8kzlq_uZwPmMOPd_sNHfoK6-3d6ijqaiVtYEAM-_Y2r_EZrEO9cyFPTbWP4GEKvnNHXKh98DBjB7GYHZiUP9nZGzw4DpTw8H9HpCb5y60C05dw3Ko0tbYdZM5q9DRjU6he5YqNxbqm3_sgbgrm9OEUp0gpUXeudwGvh5edt6ykhqs6I-J1sYT89DOpA7HAVyoC36_u9fVmK6gPSxOxjBroSyxV0EQO02oJWePPOwBB5BXEj-FpiK0XCZnCfUuhxDBPEKm4sLgNQmALgg_o-GZYrARBDBhN9zq8g0GpAH7TMLYbJjhIcAsljvNGKimdMPFTG6eFWDrs37fzgvN_5cJ_fzdkraYuTiE522sCvMy_1EZFc5d-pFvVt0wdNZzslzEY5yaza2H0IcLNYjsuGibmk-FsMVIgwS64QgH03hqJNYdrN5aAH7gTuMW2gtjMA4KJkcG8_ExDkXTJbHcjd93uQHXBtXJ82cBWaDmxVs_kODnxYNi0rzISG-rI9tC32xhRQUhLVkUCEfDgNocCOKTO6bsmP4yfR14gBoyIPVBkQ_mN5876R3S0qDsUggQ7whY50vsjoTrGF_hqU5WpYBjxhGbvIJxMZHzFq6HRkEj88UdbabtuD0gN3lxxz8umamBAIc4Sus1kzRP05l68jwujAbztI7QipN67dfl_jI0-gwQTer3EPkeM9x3rKOxs-jAkMe-hQW-EI-axdUySlWNsQl-FEq-B5b7v1vx3WXmdIEtQ4XeHAbD58125kl3Si_ZKdraFx6nEkwvM1k4qa7k2WTiq_R4_ifJdIsexacgeFguTaGlH-5hIaTMoD1BS9Nwcb_NyhJqJg9WLBLPLsKJw9vLCrQR3VwszigrPwf0cuA18NeGEmcZOrbnw_ixSjH1iMDdbjdDF7grnDpzpqoB7OKrCmzECaoQF_SfxVA7ACv31-y-WlUxEzVUBmvY_01AYAXVJppEgbBJgS2-reIVT5pBYdaoaTQ7k0nYJzDSvy_FbuupCCDravZZ6QedKiMQJiCDTcRxq0qYpQ-9Iqu0LVRXb4CLPHKQADC_g_hr-t5cYJmBmkoMKs7vCpnIDcXb_JTJDCzc45PD0d84gC3L39EZz3QEXtY1Q776i8AaKuhF75sq4K8RZhJ8tc9M7pk7LDAcUh8cwq8v9IdpvkJVKMAhKYx_lvV6CSvIcRVoHCvaaGvuVRdbXaB1m3OqAZiZ_BoQXteEcIG4qwuiNXjAQtma65tb0G_fv07BePHE-fnHPgq6lg3S144yssaGqq5P-MBAUS7uCAfsmWO_hTv9lasup2Mu-ZflCHRpxnVYybnPtVWaa08rvDlxoK6KZMo_3fSLGtb9xY7evRz0G4eMN8I7hmHbJAJmRXDqYsANFj0aWmuFQ6d8rSIygwD18r17JrsYzQaunisc92i_gMjZzfdU4821slUPJYwvuEw-H2bBwiLyhaFjBL_hEYzsuKrPFcY1NVkM8jo_DdAZvH2TQPS_SojmlnkDWDtBbvZCSPp_3ZnpT-UQ3FX5RVXXgEBS0QrNmvZ-gcNEPqKo5me0WpUjW6L2h2IwH4pTkE2nUOvmwdPG-9gS949F_gYnzdbitOZC6h98GW7jc7KbGL-2PBAuUJvTTcEq8RgZv1IlpTFt6Sorlkelr2qfZeLVauKFqbh1FFzDm4tBSmeKwzWpksaa9w7lpJuuHv4ia04Vr8JYBaWa3MDdlCQTe-rD3y60-8F6jgd-G12x3nL90Ob2ZPCwREayYbUnpVRHswc-LrYcfN4p90YRox8FkR_5yJrc2lt-bC7kp-McdIQb56FaWXVhuBVCeupsURQX1zuCZSjBz8kGxHhgPjKfaz-JsM_7BGsW_A-V4hUywjafDCxfXPnzV4FcRdncTy8WxzjbQuoh6zgdta3yU-bN6blC_ucAR5veEEjjwRwg-GVERYudJYwlQJmEQ-E0BgJvBUB7WL7S4ZUMEbWJKrT1v4Sl29odypHYLFThwm9npX_m3jYkhm5F35D_j4bx2F_V1cXLlq6s_dZ68CEbwU3k9wrIi5olGw5wGgUYv2YIh2TxwqBl9uGRM1wrQEZxmkuh0bsFi1t8NeSMQZQdZ6yrWsiywPLu48rWbLdhvjm_ZMoR95mna1lQk8zIrxUgUf7rVWBne9n6oRlstrwnWS3iI4bycBbjcYsZm0XSPMIJGR-zC8ggEfUdXAK0qfr8h7BYFXCYavgLPw7uBU0bMecqsQDMYSw66aMOWalFXhN4TS7ZUyb4lKz_5Ba1Yd8hs5E6n92fDFepxV-_VZWLfM3AJBIjwAHirPyq-V9Z_ajXwxtrkbi2pq5x6kiY4xEnwXB8g9r6kmstaDcWfHuFvkYhxR-S7Wf3SsCmgtlr_ib6igGY8cY1iMuddUJXCpy0XPFeKJPlq_jTA3XYIa1NcTuJSQ2ASzfZShyX6OIe5KBdXx6gDcy_tlXmcFIxqaQjxPRoOy3HcKkbzFs6mRZHVQ1AZhEvPYivmOS6PhrLLzlGVf4dRSjKjM8ilhtOkdJhhB5opS1eOY6t8ZRO3Tiph9zD3lVH3LfZ4rPqvG84JucPjGG0s5Hf3l_gu0HQTEOS72jFFDvWpxaffAOvk3NENLUHTuSbUowW0iDwEfdX4aCkYE3AAs8naV93T9dHUlo32onw-qH9Cc287mW1qvruTHe2FSvlDngnc1wZyS1OCazx3P8NV6b9rpHMI8lmA59WOuwI2xvdLMjY3TgzzPbUTfta4rRTUG-JLxYp8RHMPs3SXuZVYXREg8E_-ZCth27k8gfhCyVIo_3qU1ARIIhL9xdBAh6bcIIqX0MDbhfte5-n8g5UgseH0VRr_uM3GIRUXuEK4YuF_GA6pTlth5g-JVJtuqcrCLCQ9jEO1u664EAcjQyW2qJr9oRiIBM2QWipww4QHolbpx5MWT4iBWSlPDEVlCTmThI9jsaUKJS5zXNkH41qiUhIWdvHeklf56dhn4pIjsiesEjOxpGD8_kihuympGWc01ifl_vA6OcbnWAYxNIiaZQoe_NnaTN3ptTj7qZqNRldiElQapCLVDzNSkoOMcLKeM35&cid=CAQSOwBpAlJWW2VjagLIRBN4aJNw55HXc0CUywDKm2KrZ6uWIZndf_qBoYtvnJ13wGmoJMQJ2FSESoqY9isVGAE&dc_exteid=31158688434270079318330334673203248&dc_pubid=4&cbvp=2

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 09D2 0
0 60ms
59ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C07mR7NytZOOZGfKI9u8P7fCw2AbXuuDNcYeAi7PMEc6Focr2ARABIMCygmtglfrwgYwHoAGLseeRKcgBBqkCmehu2UZ3sj6oAwGqBJECT9B5_48Bgi0GEgJj9-e0jNiLeOWstTVJGwOoH56DjJzq37YvuYK2bwH22mUe_O3BiEkeGBCe-N8G6Xj_BRcvGw-MF1XO1kGX8WM7SerinNE5Phm8xKbTQTjl_qX0ZRBzWOrqxD7uv_lAQZ_DKPgj0AqdrL5jy4Fnq44ECuHRR97h2TxWv8UldVQwKAJD8sxHmD_Or7hgo3yXSTVStTHg3AgxQbalMKp1Rt-1DuozqUow7lbz4k0JxJMrjOwJaRKgPe4ST86hWPO6eYVqpEgZQLJoDRD0B5AFs2JmqEsIjO_ETRxWvxrlom0d3dbW4mx0O27EjmdZN_5iIHnfa-42YlUWJ-vLVA_ObAeWGXnx46CAwATI8aD6tATgBAOIBb2ShutLkgUGCAMQARgBkgUGCBsQARgBkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAY3gAeL6bfxA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcKEI3fDhjS_q7wAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTYxNDU3NjA5ODQyODMxMzOACgPICwGwE-CChhTIE5yvnOMD0BMA2BMK2BQB0BUBgBcBshceChwIABIUcHViLTY1OTM1MjMyMTAwMTAxNTQY6sFt6BcB&sigh=yLqz0aZVPco&uach_m=[UACH]&cid=CAQSOwBpAlJWW2VjagLIRBN4aJNw55HXc0CUywDKm2KrZ6uWIZndf_qBoYtvnJ13wGmoJMQJ2FSESoqY9isVGAE&template_id=509&vt=10&cbvp=2&vis=1
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

POST
H2 204 csi
csi.gstatic.com/ Frame C278 0
54 B 30ms
28ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~ljyvzi3m&c=7596939883806&slotId=3798469941903&qqid=CNyVi4Lfh4ADFdSh_QcdgVECqQ&fb=outstream-lima&vast_v=3.0&vmfc=12&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame C278 41 KB
15 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 17:15:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 365767
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jul 2024 17:15:18 GMT

HEAD
H/1.1

200
OK

file.mp4
r1---sn-4g5ednss.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720651885/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame C278
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720651885/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signa...
https://r1---sn-4g5ednss.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720651885/sparams/acao,ctier,expire,id,ip,ipbits,ita...

0
0

105ms
20ms

Fetch
video/mp4

2a00:1450:4001:6b::6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r1---sn-4g5ednss.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720651885/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/1A47E32EE2C09EDF53A23C49736E02321F89D9EB.754592A5F564A60B8E05BF64B1C683669516B57B/key/cms1/cms_redirect/yes/mh/xb/mip/2001:1b60:1010:2:1012:39f8:745c:d74/mm/42/mn/sn-4g5ednss/ms/onc/mt/1689115415/mv/u/mvi/1/pl/29/file/file.mp4

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

HTTP/1.1

Server

2a00:1450:4001:6b::6 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 11 Jul 2023 22:51:25 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 2220696
Last-Modified: Fri, 07 Jul 2023 14:34:05 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Tue, 11 Jul 2023 22:51:25 GMT

Redirect headers

date: Tue, 11 Jul 2023 22:51:25 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 665
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
location: https://r1---sn-4g5ednss.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720651885/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/1A47E32EE2C09EDF53A23C49736E02321F89D9EB.754592A5F564A60B8E05BF64B1C683669516B57B/key/cms1/cms_redirect/yes/mh/xb/mip/2001:1b60:1010:2:1012:39f8:745c:d74/mm/42/mn/sn-4g5ednss/ms/onc/mt/1689115415/mv/u/mvi/1/pl/29/file/file.mp4
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame AA0E 0
0 65ms
65ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C6ENF7NytZKP5Gena7_UP2_qb8AO6iLSPXJzX7u6pCMCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMByAMCqgS1Ak_QOpaVuXTMmVLRk8Uj1amQj8BxYA5ISr40lz9xE8tNbVbAxXtY3GEOhJWQ9jsQdlHTDIbZAtzkQpPNDtoBKGt-doUSgIs90gxl-prr_UoqNECz-bkQzBpkmFwUysL2V-Q8EHFt2w9AbtizbymNNRHWCRoTRWwq4r0vFaKjck_Wv0qN3Tb-jDl1FOjVmP0tzxyy-LDuFEDpMg7Yuxu0LJ923fvOgCstFEpeAcWTITCVXdi6fza-uGyAPhAGF7LuqgDRFToTCbTIVQ0KZq9X7oPvw7yY9mDoTDGyQ0yG8tEhZcYHHONDwmsgA721Bh6SWN6GBQUs-7XtLuHTCbA8z0ahccJU8ARWsA-fkAsMnzAWFPW7rfRK5oJgqGHzB5WAxj-CseQV27kP6c2S0iAfwy3jOnUeseAEAYAGqtCz49CR94-5AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNjE0NTc2MDk4NDI4MzEzM4AKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi03OTgzNjUxMjU3ODM4MjgyGOrBbQ&sigh=s7YLfL0y5bk&uach_m=[UACH]&cid=CAQSOwBpAlJWzEugDOMrEWrLGVGBSxWVsv8mem99UQiXEZvZlPzkG2m2N8uuipFfk8zFv6DdJ2CsyY0KDNJDGAE&cbvp=2&vis=1
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H/1.1 200 a.gif
i.w55c.net/ Frame AA0E 42 B
576 B 186ms
43ms Image
image/gif 34.248.62.209
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.w55c.net/a.gif?t=0&rtbhost=conf01-europe-west1.rtb.roku.com&rts=1&btid=NzgwNDMyM0MxNUI2QTE1ODMzQThGODk0MTNEQTVEODV8R0ZRekJIMWJQSXwxNjg5MTE1ODg0NTAyfDF8WG1FS1o4a2t0eHxYUk9ocXNjZmdSfDE4NzI2NjI2NjVfRVh8NDcwNzJ8fHx8LjBQfFVTRA&ei=GOOGLE&wp_exchange=ZK3c7AAGfKMIu-1pAAb9Wy556NWFNHvR8KXUmQ&ac=WFM2YVdYQTl2bjpYU2YwU29uZW43fDB8MHxFVVI7&psid=NTkzOTA4MTEyNTc&js=0&ob=0&ccw=SUFCMjQjMS4w&ci=Xmwo1n97Q8&fiu=WG1FS1o4a2t0eA&fid=XmEKZ8kktx&sd=nefisyemektarifleri.com&s=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941&ts=1689115884505&dvdp=i.w55c.net/dv.jpg&ai=0DaDXCcU00&c=DE&r=G-BE&rnd=8158759786028598&epid=R0wxNTIyMg&ct=b126c92c760c4964ba6058483a07fa14&os=Mm8wMDAy&dc=NzI4NWEyMmNjZmE2NGM1Y2JmMzBmYzExNmQzNGFhNGU&dv=MUxWSXJn&dm=MU1udVZVV21Ndg&l=dHJ8fA&ri=2rxtlU&cip=1&alg=TGcwMDA4&v=0&euid=Q0FFU0VQX1MxYlV3YkhTalNYZHVXWXA2azRV&mt=2cmt0001&mi=d2Vi&dt=2dt0005&tz=RXVyb3BlL0Jlcmxpbg&sg=XuIzuX7-K-InRNw0uKBe_Q&buid=Xdb4DXiaK1Q&hmt=1&hmdp=s.h.w55c.net/2/948461/analytics.gif&hmtiu=9484611643830741015000&uidu=CAESEP_S1bUwbHSjSXduWYp6k4U&spidu=GOOGLE&pidu=15222&hmpvu=f9fc04c2-dc68-4a61-99f9-abca77ee38c5&hmtsu=3&odtu=2&mtfu=1&crdmu=300x250&cridu=XROhqscfgR&naoh=i.w55c.net/na.gif&ndgh=i.w55c.net/ng.gif&cbvp=2

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.248.62.209 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-248-62-209.eu-west-1.compute.amazonaws.com

Software

PixelTracking/v2.0.30-782-g97d928b#rel-ec2-master i-08cd5a4b21ac21a7e@eu-west-1b@dxedge-app-eu-west-1-prod-asg /

Resource Hash

47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jul 2023 22:51:24 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PixelTracking/v2.0.30-782-g97d928b#rel-ec2-master i-08cd5a4b21ac21a7e@eu-west-1b@dxedge-app-eu-west-1-prod-asg
Content-Type: image/gif
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 42
Expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 276C 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1421145234849&version=m202306200101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 276C 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1421145234849&version=m202306200101&ct=76&x=1&cor=2536823769720020000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 276C 105 KB
40 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DFVGlaLxO4xAN7B3BIv78_h4ORyHSfmMNVE8a4Pt51WNanHxOJW8umlxEBjBzy3NPmCHeDjNwMo4EgpxAutha7u54hjw&cry=1&dbm_d=AKAmf-BEOICdutSJZi2ZphTXlkB28h1D3uG0drn-1OsPRGXlCH8xUlmDv1zQ83C5Ke-FqjvEuosNEnpxB1BUtRXqVq4-getwiN2lcku88vh43e5HrdmbtQPtYiL7hkkXPaLTmjlreUOtaD6fUIJIAJKFb_OJCrmiqlzB3XOBXSr9O_osjayIUvliERKAIAPEqUg3xIPZyL2lJSCsv3QtORxzkaa8Ttu1X19u-muX6bqvo2rIPAfens0I25fI6X_tu4lrKQ0LS5vePfHb5kz1cyaGA-ElXRSFUBzA-_8438nJJvqLJd5YAvi0jFseHl1mk5PNvJ2qlS5bvPyCSQlOq66Wjpa3u9P0wM20DOjmd85ftBBA4vR7DokMdLkwNUsms9FPNc5c5bFkz0QeGOZ7NdlBgQjXvkmvIu9FhhhjdbtQVNVbM-Bh4GQQArTRAmZK7rVyuMM_EMquv060qr3Zsxh1sS2vsIMm2mF_CbelKc1Zcvk0f6j5lCUoATlEtGCRIhW_Jrm9VYtIhcRwjZwDr-RF9TwF8RC7qdIsrV_BGuHcZvCZVdtoEcP9n-3Bvx_XsLk9oamVNK9N4KvtjU3hgaH5RNmSfAW_rc9vKx_y9HtX49uVYuqICCzLsYiipW6ouiu-75vhl1Q6RZgbUOpOWKjoqQ3NtZl-wCkj910yApLrHFiR0fzhRfszPX2-FojWkQqiqD7HUqjUNiyh0KO4r3bMfDvDVgUgXolKhX2Ri-PHHwhSkWcx5QZrKWNNmbpY-gWBxapK198poE2bBrF7RvpUg59rM8vuoTxOQRih0uouSJZcOevgDQKIkKSS6G2aG172XWCyGPUASJ3GyJqsZKhkJVhrawhil-wKS8e99OJczTM0rmyT4t62CBtcVHLFFA-88wiVoIwZH7TYTaiB6lC3Od2ARbC02OYh7lXflfRrS9vQxpg--VUNEyVW4foveat4UhfQ6HzkHvq8l8dqMStOq5f_Oq9ZZoUGYVa1nukkwGPSeyjwq27_lgby9oW4TzOdKRyAJA_9XOVHd4NTwUExx-S6Ja5vVf7kOrnCl51ritMbHnf4cubgeEvqhUKjMuBSHJhD3v3KTAlAiawMFEfC1QU5q9sflGyJKlwG0YBJJWod5fdHuY2_gQQ-LFr6bEl8aH05OF7HG-hIfeNmymRNVtbIz-JrCYXCx43uFbLzfOmfUCLlQ_6iKhFPEk9cvujux1wnDoAYh4HBOKsV4GgwIb0MRI5fvwTKrRmLC72XpuySzNsnt0AqfatwufmBcs_DnIS6xL6o4GvQQovAgZtHWD_bOW_mL3mYcEZ6VjHA6QAu0sgtkOGInj_NDZiDixH5lENozl_cfHfUXyT9lp4Z02lVxQdKTkyc93TlJEMvCT1IGuNsnzXYX_4-63g6eToVWABq6oKKU2YE-XGCtlMkJ-EyGq8U05jtoiWzKIjWxC6URF11cgiq4oKGBY0OAvPz4OfTIIYjkYXqiOgYRZ-12Ch530D3OmbZRBfFLMW7l7VlrRfJ9TJmdwdSoLHKPmvtY6tCDQSgyBmfLTOOtz7pZMp1fhLT3V5bx2-TGfOyOQAsAFRWGaEsV9MKdWE_fQlHCWhqBKpSoxISkac-SsVl3dxhdd8XJ72seXGqll3XUlNrx6oQ7JLbi3N1KTgDUikNuz4H4LWimTkVqwq5moSIT-rcti1CaV8s7YlRVkr-y9U1bBoTNIpiOwNEEhPhEwHc48EA0AnlGwWjVgtCYQl2Vn9SVuTP7hy4Jb5CbUb5Z6mzqnnzRU9X8mJhDQC96Q61DOFKYBoNcOh9aQQLmX3pgMwzsP7uVtgAqVJx5NBJ8okNpDNaWWGhzdfhosQQAm7GJOkbY55YLTzCb2BVTa1DI7ZO4ty0MRAGvZ86COP6qZXrgIvUt5ARRzbdeOotNrk-_Bb7tGXEmGzazfZ0q7nxYABDrYYEkdHwN5LXJUks0PwCf_kbo_FZxPIFZDtd23z7klZfA2hOyp-xI1uooAzmsdyyLjjx7-bUTsz-LXsIq-3wj-DklsgRyEyNrcusA-oypg6H_lxDBK0MM74VWAieHFt4oL7fT5OI2Ob4Z4CJpD4NZBHGvz9-BqpMAdKQMECz3ewXprFaUQC5pWQk1QUz_K2UnjCDqOuG7bZgWO-Gryi8g2SSQuZzJkuFMR7CgPYpYubrSq28p1_pEZ18mDpe_Rw87CKZGBTLCD8XKx2FKAgjy0Dfg-W_tU-42tUkcBdbwQGVVuT05aYb7gw88WrupubHkIt1_300KFOzkAO7fib0ObSJYgm-cemLjULX-RbjDlU11LP31w-OrmKSUVQ97kMfLRFarxJalzpsoHhqeq0Aqg_2BgeIcQNwTXyy6W3LLRhpAnvnbSQvQaksHSZNoKqhPaHCOrQiQ_pq9DBdiPQN2062hXRtfB2LR01-X6TIdFvFiwerzsSS0Miq_3V6uEbSdSz7-uYp3irAuMTOh2pmv0sxdT2RJCGaEXrFPONbOTVShfd9bKxQ8bXtCyva53ag_gvBXOmozJnv2QNZSxltG3mFJRwDbmWw25RQF15vNz5MiQzSl8snFH9U7Mmw_XsQnB-W1b9jf4eBpwrKBJmzg8gKiFHkIKVt9jySmEwneHjMMMLpd8P8VdKItuYQPbxMwRhqQNKNc4BWzXAutp8BDYsW_JoBi2pF0nSENTikkD7dflark-B3oL2Fffec_pAdNiTvy6M6Fm2V6srvtoHQYVu7D1E_DL5mr7aQDtOQvo8LQrDJpO5BWE15JaSBV5ZCDN6UtYH1sjJwjg1OES2lv51MhKNARcWxupKkNReAPHdv8UwSyzxPG7Ai5r5JtQnnEwFMkv4mV3SAEEYgZlEyJ78fxin4ISXDP4rx5OFC7CM85SO4Yf00iIqlJWEntgL3Sk8yEyWkLROwgGUtewctT1whYPrvWr1dhtHOWblyl9t29ppYNE5xK8Drzx99zowCXTSAcv_vVIx4u9ae3OfirGj1CqLGrwGPAx-ZTBFgvns79NcT0tzWkKOUEPZ6hqZIzlvCGS3AYjGAinVMbLBRsC2u_WIzuJWWApgK9z94nGd14K7HZBvp-KhDrV2Y-dLk3Vtzx8Mgojt8ybTWxYaC88oxueNsrZRSzlW8ZVV-ZQc6xaJpXO3eiWZeibvfzcKRHaSHstuSWpCaTkuvQYDM5vlPiBMfLcFOFrJkzV3290PmTdG5oqd9y3wJJCx4RvzO7Er9KP9pKqjQPYvwB9as1ARLa_z_K-uU1dr_4PfnPlXdNMqgfqDoJ8nywPsbOXXlP9xLSaoXw_5ocC4ecLb89RD9VvawRoVncy46k6U54M065_yQkxASZMRMyBtTx96r2DAJp5m6GGm36AuURZtbqYDWmcW08sOwD9lZysVddQ9U-tai25YOLp2iygXi4sZ4lH29fYJXnTaN6cmQEDnxCqhAiw16QXV3LZ6g9zo_TLCYJuK204BvDSDl057Knn64KFno-F5xp-TzPzdXzvL5qILGkhzZmsSbFgROhM5ztmXHD_JEAFmcmiMxCwwJD1UjZxBFN3oVhQ8fC4xdqYJqctGrFMDW2FtDAt23Szs3sGmlBOdRFU_SOLCMRYZb53w7zwy7dESTjZFAM5cauDmkt_Ndr7pcedaxkhHmDvGcxn3XkDxcJWhB_UJtLfL0sP0J_s-_1w&cid=CAQSOwBpAlJWKh_fXRSFD5g-_YJZ7oJXXOcHMpqMvAOjHg--R5qDyuKe1cNiqLHkSkgPiKHaKHXVffOVxdEyGAE&dv3_ver=m202306200101&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=2536823769720020000&adk=3844175693&idt=99&cac=0&dtd=9

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ddc6600d27eef589fc81f168ebaed0fd98c2afd3004935b3f75bb7ccd9aa688

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41256
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 63EC 172 KB
60 KB 61ms
20ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
Origin: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 14:24:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 12 Jul 2023 14:24:45 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230710/r20110914/elements/html/ Frame 63EC 11 KB
4 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230710/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DbeE3W2OiLHGXeWMeUuo57_GWcGIs-hUmjAVJDexOahovZD_F1u8FhLN_cXX_lm4Byfur3otZsho-45xJHEzk3VAIbyytOeF9kAsKiBpqrZWQ6x08&cry=1&dbm_d=AKAmf-D6GACynMarnSPqdmyww_UtWj2FKcbLVYhEJ-wY98YT2Ha_Clrm-67dJO-xqQdgNuAh0346ZH0bwNUgOdMBMGi_ii7SXXfbj8yIvBKaBVJBuwX-87r2K4gkoa6oMLgAtoC4f0EiMPCkk-bE-a28ePjU0FBjpmlMzEUDpdwuYmQO_fmIQkJ8Um6uOFSWjGVDKVPeulMDZ-XbFpHJKOlOGogeRa1C821HDJuBYqgc1xVdUUQFuAIzCcaKJCLKcgNrVkhETWkYC_pQ8aZqG0uk_01gxefWOIOHFP2SPr4KkU38iDX5KPPibSyIu05GVOGfWzTHy83ab_r7eoEOV4mF65WnkRv4ZF2tDmJvdK0NQwfOrT-syHCHls2oe9OLvF-6EW5sLGjgZzMa_XBPK5e61hLPgQoerSu_D2ggTXiyS8TAfO2PqCEj9sgGICd40at6cJL9ahai-kTkfZpZl8wTWl7MFW0tAdzh4SDY3RmJTEHgC_u2OMvN_gW4ziejkpGE1F_oEy-vr0hkNl48_i02RQuuN3DXZTP-SVmKShPhKOsFz64eoIaoOfl3vtGk2zvFFy7qu9HpIihzdCRtOcAUa-W5xa3FPw4A3sEouslI30LHx6nGIlaHBagxcn-f0aqcySs6LYThemUi3UJyALmrOr9DCPvajEgHE8eXoSlPPV5ybPu_rrm9ssL5bet4Z_iWB8CwuTco_pGs3aOXTJCi2QdOQC8qgLGEQEiwf3wLgRI_IE77Pa4OGp5KE6zGZJ5YXkgxLKUPd79V_V2YowzYNQNHXiH64zHmlLwrtCAC2_oW3lJKVAGKew6yp6eiTBXx_ilV6blfsTZnQ1MA48Q5v-GiQOfUGVcx6kOXcxPbl-DpSYSnlbKYxxn2uBKJq6KUB9_ve51BHHgNqcw7HYboyf6aqfmnEeRqQtOCGsdkyIvVvOi1dmqCEqXOBHrgKvPMFTXeG-hkXxCBmBYW_zFE5KDGFgG-1oaustxFf0-RZCWuX17kxAWRZRTui12BfAuPGqZHyPkT2V0Gp73YMmRJx3KHrB-1PbhocWaBVVp6nV_xKih4ff7qx8-P4thrkVFFgg5L7moVVrg658fUbpyVqi11klVvv_12eJtGN7gpdTWrSmFyZP3a5O8zHbpmmJwYMI09IuyWFFiATH9R9ksLezotqgIVEVb6_V21jB2KcCgTj8o48ZLRWBGmkST0Csu7SoKq5Izm_RTsF1kqBb_pxTblnOfCn5nnMRsGhdb9dRtat0mrkgvKAbnWH4Rg-giRk0J66JgtwbQBy6xDTf8sjq-GUKoGaJl4RJU9Z7M_Mrd46DToeypAAKiCl8FJfvJhKc8yIKqUfW8mkJV-OdxQfNVae2D07lnm4MoWZH_3ESVV_QaIQDsNzFGbyEleCh_DIA50bG_bfe-AM9iyIAXgvCor0offkHY0AC8F7y7Nf-az_Ou0PSQP65Z9KihX97fp3AGo7qa36So3PjoNRHKHWyrd-1okGI4k0kRYSoyBwtLduCbmpm4sWtSl-EFm_BOmGwY4UwHiS8kazRaWEJ7GEmtroUlkzGZFX_8VmKJJCus9dMryz19o30TKIT-VyBzAk3ra5XeVEKSoyNOj5fd-LelroyGVAhd1OQhcwP7usAcG0y8DvDY_9CsH3Z1OQY8wMlF59D7XOBuFXNPd6Vh7RpfupG4flcZZnCbwt4pqqqDWbcBS8DlxCCmcBTSCjdUDw3uUPoqy_wGENfGqL0iJitF_u2Ju2tgX5sfE-LqOWRUHI6hqLFR9SSOOvfP_0fuep-nj86bfnk-IOTH9aKh3_aFpoOsnAkONslR9rHrg1G4H5XPvz-fOl6-slBAoDzxrzbrQEXWfdedFD8gI1KsBUcw_b9SRPvJrzjDvYKgjsQecCSFAdOLuL3tp_IJaTtOivmMaOxc5O1JYxTji470WTzABv6c5YpMVtGxSqi3EV7dhfmvaIhlIIc474ZgM9qba6hs8H9l8BFl6GyGoUPSnHwNdRx0Cqmq36XINQ1HPwLGquTA4SCsETHWRSafW5DmhXm569Jq3rzLuypeGt2Y8K_9YECdxn7J-2K5CFM_yNIxRRCpSWfSD6_IRZsriZbKUY2fkNpb5b797VrVcBRk6a28CBGW75J1AbJz7y5pbSqXsGzSxi9fFfyuqsJA4uPJaZiQNzhkMpiM_zIdSj_PTtz8wYCUir5kUJbpDkR-2shrn9TUDGfGPyzZT4LGTPAshdXn9HRccU_eAA6ybue8YPpEbDJjq7QdzvDx1L7AKddJWszpBUcINWxbW9WU_ETKjucEOiLNEL-4E2LjFsvw2H9wwiRPUUMWJrggFoCI5DOlyFYo67qMGVQW_uyE2J5y2rc1m0DtAp0QjM_qUn-CVLgR-o9ErgmGAZI39n3BCqyeJvT1qXsXObU9uCdrzyhhpBrZjQ7hM0swpfFR1tsXkX61bCBprqwFXoC85Ed8alBGNOfy8rFXA5ULkYVa5A_yOOarPjmdN9SbIIA303QRNR15ke9krzXa4KzXjuJTqaUUeP-REYKhnMyoTkGW4Gvt5Z2TPI29jSS4ulJbo8tZgKAbh5ZoXv2NQ18guMbznzCdIXMDhaMow2DPAJ-5aP_UzCFkfD6e38D3OveS3TYghSjJmSED9f1adcwwi2VKlL91Bx4mW-dmcQknl0t37IbYXAO_QHL1XaAPW5sH01vxw3yCPhX3IlYUIirSEMG8JlT-CCBzCM2A28vb_CpiNRFprkZsL76dLxQP307Ic2h90k4eHDDTrWhdAud4vSSFhyTdkDjAEBh9oSeeDzA2mXhtOC8Wfn4UvwHD_LYCD6tMnl1c36IbykkkHcHFxvq4qQ1ORu24eBGqTJH97hx_fXFerIb0KM8l3GYNIedqiJzlgh0YrSPm3_ExqnVhXWWbIIS064N_1BuXoWkJO2UOUv7nj06SFaW1_wOGUVL2lLbPcfaOOmDaXZI47IgJcYHxV6a3A6IC8wvcwteKsuwhzKWS6OxXbvqBe1naknF_JuBAR_vIKH-1boEIZgmU2_aC40L2PyDrfmNnG5xeB7C9EVhPtyEgayFAOS6xQK1fg5mVBvSz7Kfq5clnJDgz_HmvzAeZ4V3-XKpvJHRGAGj2rawOy-XSL3AI-VocgFEd0i80oyfgumrPT5TsTSA4-78L8rCb6KXImUFo5CcUpd3SiLlJSPOFzxGzYZ8mlGkqY-BwZik3n5HRni7rP258osQhC4xaH-aP9swqwES5kC3PZ9pEiqp-vQpQfhyt-6GZmQ4hOItvgY4EVwS6BnknELYfO35dSAuKo6pise9Dhnc6lNLSTzd8_JC_QFSgTIktXiMJBjpWvYfXXJx6qsb8x80CKE2hS9ROjVEEsPOE0Y60JCtP9XBFH7nZPMhSfw9-mA6yTnO2DwVpJQ9o1wQOJhOXgwo1yy3dD1_3Y_dPZiuzBrZuDQFaHlil5oi7Pw7UAR-s97UQQ1R1DeLpiU0i_rNOXe-3W2UXBIXQoHAY9mLfy3p-N-1rF5RjBW0jZI7RD2pyPG2P1XaH9zU9sZCKR6VlJrB4HrfaqFDZgQh-3ibmHpBlH8xVdvYgmoGr1JBT_m6nqhXyEV-7qLoW6xveyGY0j2084I3vbHG0&cid=CAQSOwBpAlJWGRlRduoLJVDvI4dLCYM0Y0A0xIwDcjzBBK2YD1ZZ6FAmZwORfTb9VycXaVd73wiB1VrZvVq0GAE&dv3_ver=m202306200101&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=1892159041868644400&adk=3563752640&idt=94&cac=0&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 19:59:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10322
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 19:59:23 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230710/r20110914/ Frame 63EC 30 KB
11 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230710/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 20:05:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9936
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 20:05:49 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 63EC 41 KB
13 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32330
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Jul 2024 13:52:35 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 179B
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESECxj97dEpEbQOtd_-hVjwt8&google_cver=1&google_push=AaAOQGFuV8TDkZnJrLba8xEqkhT6Rbxp09FV1BdLv4O8V2wOGk7rC4uth-jP-dtq5QbzlqKUIl34XhaGYgJsUFbI45e9WI2owuHJT...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESECxj97dEpEbQOtd_-hVjwt8&google_cver=1&google_push=AaAOQGFuV8TDkZnJrLba8xEqkhT6Rbxp09FV1BdLv4O8V2wOGk7rC4uth-jP-dtq5QbzlqKUIl34XhaGYgJsUFbI45e9WI2owuH...

43 B
414 B

199ms
190ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESECxj97dEpEbQOtd_-hVjwt8&google_cver=1&google_push=AaAOQGFuV8TDkZnJrLba8xEqkhT6Rbxp09FV1BdLv4O8V2wOGk7rC4uth-jP-dtq5QbzlqKUIl34XhaGYgJsUFbI45e9WI2owuHJTw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGFuV8TDkZnJrLba8xEqkhT6Rbxp09FV1BdLv4O8V2wOGk7rC4uth-jP-dtq5QbzlqKUIl34XhaGYgJsUFbI45e9WI2owuHJTw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7e549c6c4fdf1903-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 351
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESECxj97dEpEbQOtd_-hVjwt8&google_cver=1&google_push=AaAOQGFuV8TDkZnJrLba8xEqkhT6Rbxp09FV1BdLv4O8V2wOGk7rC4uth-jP-dtq5QbzlqKUIl34XhaGYgJsUFbI45e9WI2owuHJTw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGFuV8TDkZnJrLba8xEqkhT6Rbxp09FV1BdLv4O8V2wOGk7rC4uth-jP-dtq5QbzlqKUIl34XhaGYgJsUFbI45e9WI2owuHJTw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7e549c6a9dda1903-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 179B
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESECJsILMId5rW8dsgw4L83jg&google_cver=1&google_push=AaAOQGEqMUY4VR3S_EKQSdzEefO7EGBmfk7Q4UrzzbM5FYaKX1nuq60oc4BxjAlfFsDM9-ABQ-1bnXTq1XR...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGEqMUY4VR3S_EKQSdzEefO7EGBmfk7Q4UrzzbM5FYaKX1nuq60oc4BxjAlfFsDM9-ABQ-1bnXTq1XRXmyULoKgZL29ZFcvhSg&google_hm=4QgSJvLfQA6xgyGMiO...

170 B
188 B

31ms
31ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGEqMUY4VR3S_EKQSdzEefO7EGBmfk7Q4UrzzbM5FYaKX1nuq60oc4BxjAlfFsDM9-ABQ-1bnXTq1XRXmyULoKgZL29ZFcvhSg&google_hm=4QgSJvLfQA6xgyGMiOtDcbc

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:24 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGEqMUY4VR3S_EKQSdzEefO7EGBmfk7Q4UrzzbM5FYaKX1nuq60oc4BxjAlfFsDM9-ABQ-1bnXTq1XRXmyULoKgZL29ZFcvhSg&google_hm=4QgSJvLfQA6xgyGMiOtDcbc
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 179B
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEMezLPIF41N67ll2BMddKS4&google_cver=1&google_push=AaAOQGGKxUXUqc7gr9QzAVY0NtWhw5wegTMUCb2Hq-7AuMUb3H4F9EXNZFcUMK1qZSyiuU14DnUJ5QOYrzggmD...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1NDY5NzQ4NTIzMjg5NjE1MQ%3D%3D&google_push=AaAOQGGKxUXUqc7gr9QzAVY0NtWhw5wegTMUCb2Hq-7AuMUb3H4F9EXNZFcUMK1qZSyiuU14DnUJ5QOYrzggmDMWR_...

170 B
188 B

32ms
31ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1NDY5NzQ4NTIzMjg5NjE1MQ%3D%3D&google_push=AaAOQGGKxUXUqc7gr9QzAVY0NtWhw5wegTMUCb2Hq-7AuMUb3H4F9EXNZFcUMK1qZSyiuU14DnUJ5QOYrzggmDMWR_JxgsanMGU8Xw

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1NDY5NzQ4NTIzMjg5NjE1MQ%3D%3D&google_push=AaAOQGGKxUXUqc7gr9QzAVY0NtWhw5wegTMUCb2Hq-7AuMUb3H4F9EXNZFcUMK1qZSyiuU14DnUJ5QOYrzggmDMWR_JxgsanMGU8Xw
Date: Tue, 11 Jul 2023 22:51:25 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 179B
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GaKNndidRR-jveUq6OgFrA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

31ms
31ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GaKNndidRR-jveUq6OgFrA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHaHq6xZmvN-SNBkwP2SKKF5Qxke8dn8bMtZ1To2QQJ-A5sQwsYHCHiQrBLV2R_eBDx7qWpFQ6J4S0MccySlM0Z19YDmIwJ

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GaKNndidRR-jveUq6OgFrA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHaHq6xZmvN-SNBkwP2SKKF5Qxke8dn8bMtZ1To2QQJ-A5sQwsYHCHiQrBLV2R_eBDx7qWpFQ6J4S0MccySlM0Z19YDmIwJ
date: Tue, 11 Jul 2023 22:51:24 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 179B
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEGoBeAkuCV-8nkdNvGGjDt8&google_cver=1&google_push=AaAOQGEm_ezOVfQjQGyFYBIXoDHjMiii0F77dAJOqKFO1v5T7HXIQoDDr8G-JX__Ssc5w50cFF8BvjKvp2NR...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGEm_ezOVfQjQGyFYBIXoDHjMiii0F77dAJOqKFO1v5T7HXIQoDDr8G-JX__Ssc5w50cFF8BvjKvp2NRlGXi0exYKd40xqQkgg

170 B
188 B

31ms
31ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGEm_ezOVfQjQGyFYBIXoDHjMiii0F77dAJOqKFO1v5T7HXIQoDDr8G-JX__Ssc5w50cFF8BvjKvp2NRlGXi0exYKd40xqQkgg

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGEm_ezOVfQjQGyFYBIXoDHjMiii0F77dAJOqKFO1v5T7HXIQoDDr8G-JX__Ssc5w50cFF8BvjKvp2NRlGXi0exYKd40xqQkgg
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 179B
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEBmIT6GWn9D83sZQtSa_KwM&google_cver=1&google_push=AaAOQGG3P15tewfWiyYDW5nnztivslyKwI8X1JpyJD3Drt762EkZp6XMXGAiJQSRYcOx41JRkWNfcevBqX91_Q63EQ-dcG...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEBmIT6GWn9D83sZQtSa_KwM&google_cver=1&google_push=AaAOQGG3P15tewfWiyYDW5nnztivslyKwI8X1JpyJD3Drt762EkZp6XMXGAiJQSRYcOx41JRkWNfcevBqX91_Q63...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=dGMJ18AAQxumdCjJzDMIpQ&google_push=AaAOQGG3P15tewfWiyYDW5nnztivslyKwI8X1JpyJD3Drt762EkZp6XMXGAiJQSRYcOx41JRkWNfcevBqX91_Q6...

170 B
188 B

32ms
32ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=dGMJ18AAQxumdCjJzDMIpQ&google_push=AaAOQGG3P15tewfWiyYDW5nnztivslyKwI8X1JpyJD3Drt762EkZp6XMXGAiJQSRYcOx41JRkWNfcevBqX91_Q63EQ-dcG-z1peFog

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=dGMJ18AAQxumdCjJzDMIpQ&google_push=AaAOQGG3P15tewfWiyYDW5nnztivslyKwI8X1JpyJD3Drt762EkZp6XMXGAiJQSRYcOx41JRkWNfcevBqX91_Q63EQ-dcG-z1peFog
access-control-allow-origin: *
date: Tue, 11 Jul 2023 22:51:25 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 179B
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEI...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AaAOQGF-14aP1L_FDcTHj5dy11VoPduARQuhVDVp9wAH3CFdW1IQyBCnTOOGX6xigRfA_Gjv3x2ol_mjMmun0DssZoWsiI48tCCO&redir=https%3A%2F%2Fcm.g.doubl...
https://sync.targeting.unrulymedia.com/csync/RX-d31a465d-2612-4819-880a-62be39e763be-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAaAOQGF-14aP1L_FDcTHj5dy1...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGF-14aP1L_FDcTHj5dy11VoPduARQuhVDVp9wAH3CFdW1IQyBCnTOOGX6xigRfA_Gjv3x2ol_mjMmun0DssZoWsiI48tCCO&google_hm=A9MaRl0mEkgZiApivjnnY74

170 B
188 B

31ms
30ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGF-14aP1L_FDcTHj5dy11VoPduARQuhVDVp9wAH3CFdW1IQyBCnTOOGX6xigRfA_Gjv3x2ol_mjMmun0DssZoWsiI48tCCO&google_hm=A9MaRl0mEkgZiApivjnnY74

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGF-14aP1L_FDcTHj5dy11VoPduARQuhVDVp9wAH3CFdW1IQyBCnTOOGX6xigRfA_Gjv3x2ol_mjMmun0DssZoWsiI48tCCO&google_hm=A9MaRl0mEkgZiApivjnnY74
date: Tue, 11 Jul 2023 22:51:25 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXd31a465d26124819880a62be39e763be003
content-type: text/html

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 179B 0
12 B 30ms
28ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LMhIc1YpextWDUgg4uNmjWyPwn1yen33nfkQvEI8dN61MdKrxJYG4i8ctt-YZ-qRZLKYXs

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EA60 143 B
166 B 22ms
21ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2379
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 22:11:46 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame DEBC 1 KB
643 B 22ms
21ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 21529
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 16:52:36 GMT
etag: 48472445140208031
expires: Wed, 12 Jul 2023 16:52:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame D5D0 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 53ee5ad93dc23224b5d9ec613e93e7e006bdbea82e880c02be4e948a297edb57

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B3EF 1 KB
643 B 21ms
21ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 21529
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 16:52:36 GMT
etag: 48472445140208031
expires: Wed, 12 Jul 2023 16:52:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 63EC 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1ad5747edeb5f3e7d0a61b217844a817c7c1d48f0fecdec3d20580230f40c339

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 ad
googleads.g.doubleclick.net/dbm/ Frame D5D0 42 B
63 B 45ms
45ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AK8lJs0cTCr7k7fuDIGAL1TlXTTNxRQlhik3D3EpkmILgLXf_QnlkDHX0SSswfDnkW5W8GjQS3op7M3_6T63w40Qp-kNHQgJwBktq5-2Sc-dYru8FZyMpSbJWF1ssrIP3xHqd_XeQbNnLPcZ-uEZXKMreaFg&dbm_d=AKAmf-Bqm49ytVgPqbmMDe0W5zS1pdJvRnayTfOBK5abOd3U_YNdrVECHj6Pto3B1Vj63DbiZKrUfH0C6l82LXlj0jHs6sB1jMCjDwGPuyAIRLzl8bPbqPEA1a0nqR6COFSDXGnoYhXI_PJAqQ9bj_GaAWI4W5ZZ_cwct0tlm4qCANRT4RtuZ_I_OgMgDlzD9xbrBisY4hxgYpT48cF0w4ynzaZy_6Q4lHQv7hJQrJDRZohPfSXk4nJXNH--pBXwHW3-lwv4mG4eZPbMaNVrdYuRVPq_AzQlBuukQhky4MTY_1VrDumjpsQOfVEaU0F44qDYnhnFb-h0BDK7E9zt40r8BlUkhklqNLllu75YrHykWoZYxD68uLxGJUNE0QWorv8e-guq0-iUSD4SksjWpVsjR7C_dZM4l3T0ZGtDZKUr4CNJLL5puZWxKEKN7gLZPDtZvf4LxA_wE1rwL7dy-G_cQUQQarZ0k0zk52cuXepMjVlaVXhyTk2flA_5NPWJtIUEebPeJEqGDyU4mYTWwhASOX03tZrOcuEHv-x2LDHODdWLD2Bq2jLXtOLxLfTF583gwnInEHuJgqKpxF49Wp1vjHYmFMYWi4Ro1nkW5P2Py3sH4WYEaLHn1YAKvouoes7yJfQW8h1FeawzG0vBsZXULovi7GDCFlXxnri8MyieXmfIXNksmaTLAINls-RiMyYxaiM3R9M0MUQLLnXd5CTwwP4Ang5-00hCV_YBOM8_MESn0vuZ8E8hH1ZrtASiP6afOYw6T1gLlaxndMEDk1i5RGEkUG5f3bd3ONImjMGoLZ73ByO_inZE6MBc1p9-VKwP3Quntg5eq3RzDjpwNAQ_XoMcy8aUK9Uj5CwXQlb3eHCrOSTpPUUvambyARFsK5bsI3IT5komkQT3uIV7zmp53fJiZt63QSHLJf9mEu8W0JojgbD6MLexCOr9Fyu4AfB7FDWGj1M2cJFGocIKUqEAUTHbz0UZg_9wPRi7tgYQBCW-oYGS7CNVheYrZ87t8njYyL7DOPychRlg0L7a5lkhWG6Lvq6gVeaEDwn67ixDowfUjoSUI8U6L_uKMv7Dv4gFXaLkfGetKCajIRKdtvGwyh6-d0lswTYUoTkjoKG69uPrqKyaguU8stiacI_Zk_XB1yQmJbQXqbYJjoWxq9HJjm7Hj7NcHEz0CYGxUpF2g1NScVmafKnN4f5K1sCtP7gcFyVAdsfvhof6vA7in6hdpx5eJZQEbnKibWwsjZrBf4Zyc4zK5BxYtgleU3_4enTWn9QVjWuerYoBKmDHjy5t_Bb9r7P7MaPenNA5XNs27ZTnbs0BqMDHJHGFrWrCBGvu59KupSFHD5NQITZrWAc40r2brFYK8Uvk138xVKdIr08pXJfOosZ931FckY4YooaZc92eRfFW-EhXCo5ZDdopWJ0q52mrm5Y_c-qi7fxS6Z5LkP_uLhvpgHHY_wZlNOokV6cMCQMgV0yz_sagKQ86HUEbWzPHLgB49zyODVcgHtcZGOyjgxZcVKDoBQ3yiq5eLRWHm0VfAie2Jd6khkGlaQKKrcbaDDlsZG9fIJ4FVJuFY5ockGqCSz-oNMZ4JryrSIBZ3BH83cbOINMSQ0VLPUoemkyyQ-UMjek0zOpK-fYlE_CbxhzNg8k5Mx-h1GQNNWn1GLm1PMqXyZCYkrVgBKC-g8dk8tYEyEaJoVmhxKGynB1mNsXGtMzv2kH9RUeZWhSUAft4Dkp98YBRjK2YRNEP-WHslD4cd8n6FlXG_1D1M9EaW59oUMAInzW2YgKDf2mWKeRSc2SEPQ0wKZiXeGTtuTHz3Ql7xCjka5r5NfJl172AMIFyCwRHvgDVetpn7ZnLKds5qSJHK1wWhWcUJk4uFd-tL0bdjtY22dheAPPrxbEYcXKIRHxKUUZVaDxNXHF9s4OSH_2JnlrOHIJivXD5ZqL80W8iN51RSZOSI2ZuNZ3TgJkcFAvS6cpG5-3zPcvynUnir26LpkNIqFFVMh9L_3oLP9nC2bDv2J4wKbQSohiJwul4uX5dUKASxZUHjdPozYKagZ0aF4Tibg6uRo1UMOEOFVwjMGRrLNu6OhX6aRZRz0-IXTStNDXYeb-dyUVu4MWr3TYc2tC-Qh3WpTQ-8jriMGCzJ7Cai92DAznA1ZVZlRAPe78dJCG_II7H7Ny-7UzLlxUjV7Z5ZQKDlMv5jA74uT4Tvg25HN09T5berboMgdPj4xmXjmhIOHS8F0QNDG-Ob5E1ldF6PhzL32_Jopdx5HGwKqKqKBx4UO5gGFdzi7I2zutRNPOaV-YxR0kH8XerufZwABl1TTcXC8aFS6zUL9VfB6S1YWKu-O8tRKR0DMHbHCMbk1VjBvId9tKFsyCo1D1SNUsese1o3EUqh-kUKXptSmgl5Q98--u0EMT3b6-uKG73cHWigSUcd597PCkBys-DFrwTHNxmDx1Pvrq3l4RkzjBRXtBwW5BEmN5Pd0hniy7bwER9gqbeJg3ZChJCQbh8Gg5Yi-lAsCV5tvf_Z1t5DKTWFzT2VIusxlapOQ5GbuL2WavHAGiMyBuCvyBFz_TcLoal8RF1sclJz16kxZKxmYQMdJGeJRZt4nDhXn71rZ_yleM2mVeg1U3lLKD376YS5zthyOF5OEkNWocKQ8q9fHwgHJVnkrhjUUoHMV83h8VbXQtSeddo3-IxIQmg7Zekn_aferzUByRS3dzrRFSEzL8UTqaZmsKS4fbVv2w5cRLIvidCXuEa10tbUFGXyT1FOgDYjmz1E9Lb_tEv3L75Q8p9Aq8HmRU32SB6COXptzCgaYfKzaPwiMs_nyqXIBmBqqoT8LELRrG04r3murJ0Po5Q8COdTDQ7hQGphE7aDd6rOA1AWYxmrSieLisFcjKGIBvHrkL4xvgIFQnkyM8b8HGGEK8KlZ-xdBLUvgcHve-BRMCk2PthoVhmECuvMwvQpMOyc-0JPdnHZZOBcAD_5QSxAdGtj1_niNanymtuvr3ylid22O48wdts5t5GRUF1Jh6DlAAKBD1Tl3EPniJRnsljl6ChZQ2TX7Il7RnnPRZvvPD0_qbNoHss_CiFHk-e58VvNRCQJbNAmuPCnEX54p2Xo3OX55bkLlExTqeI00QlLWvIVSXRpcdbxgPMLBlwapHYtg4sKg8fEEuJmBMpgipSrSYpOZzo-Kyg7m1W5w5hsHTQ42tHvyrWamuZGlTwYwtpi560ykC6vZlka4TMmeTdhQ_qeHQA4iqKEO_vqSfcivGDyYCykxrbt36xGRhXeLxXtKMmOxjQEjoiAFn9G1LHhCCD8nT8Q7Z3gVOuxolxxb6vuW1K5t6dk9O4PInzaQzv8yWEfx5KdAz1ihi7n8k7AdRghZkcBCLWxCKhOQX3vpCLRMQVBP8w3Kww3WkP7-ffzNG-ZIvktBCyW1CcpXKxRJ3FtPyafutwAzaScQ5SRO6lh-eZECzhOlW1y7JQi1o9xTvqd7Iyf9TxDhQGmyhx4E-9s1l8l8FKGGFPnRCEA1NMLK8Y7GFXVpb_LqXFROsc-NSph6LSBzCI_Xdx16Q6H-famfkjXPd8z1TorWvv3gPjGCgSzL9OVR2VgxesCkMeCeGJqXzOlevULZvCtboddBmz7rVsTebDj4RmlYtXKQOc16w7nZLG1qAgswX7q9UC_7gag3baYm0fgA&cid=CAQSOwBpAlJWJccOMhb8z1WCHWysJBzttrarw2mLBFUfKvQrTyUKLhAViRZcQewE2bKPU3ggoxuAjBVFTnCRGAE&dc_exteid=31158688436005216959394372737258285&dc_pubid=4&cbvp=2

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D5D0 0
0 60ms
60ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CbBlJ7NytZLaeGr2n9u8PzvSOkAXXuuDNcYeAi7PMEc6Focr2ARABIMCygmtglfrwgYwHoAGLseeRKcgBBqkCmehu2UZ3sj6oAwGqBIgCT9AORwv_afw3saTQrovr3eWUFwR2GucfwJrwdFj7LuQdsZkDteGNPB_N17WQnnwoZ6wQpiH-Bo2DAVJQ5mbrCNRvQbneSGJyV22i9wsjtB12-Lpk7LFmm2F0NEdL7dWX42z0TGkjbUPBYdPepGQ3Jp3fS_D3kg4bt0nd-u35Wd9Uu5AXlavdq_C0Yw9X049UFhIa2z9Rg8H8lUz_ZkzuCxf7yh-3yAoSr8agpn5TKwWKmQwM6_ffefZWuZ4ai9dFf6X6RO_v3xlSZ27DjY4pQYDrJGfYGJsL_SGXtFg5A1HpAhY18ymA0lw1UNBaQLFKoorr7Z82GIdaYJDtUx8bUTFxwO1KIr-dwATI8aD6tATgBAOIBb2ShutLkgUGCAMQARgBkgUGCBsQARgBkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAY3gAeL6bfxA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcKEJbXFRjS_q7wAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTYxNDU3NjA5ODQyODMxMzOACgPICwGwE-CChhTIE5yvnOMD0BMA2BMK2BQB0BUBgBcBshceChwIABIUcHViLTY1OTM1MjMyMTAwMTAxNTQY6sFt6BcB&sigh=_JXeLh4GK9Y&uach_m=[UACH]&cid=CAQSOwBpAlJWJccOMhb8z1WCHWysJBzttrarw2mLBFUfKvQrTyUKLhAViRZcQewE2bKPU3ggoxuAjBVFTnCRGAE&template_id=509&vt=10&cbvp=2&vis=1
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 bridge3.580.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame F7FC 713 KB
228 KB 21ms
21ms Document
text/html 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.580.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79c277fbe5ccce5c88a681d39733fba8d6c31f1812f8952ec3a5e35b2b0beab4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 344171
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 233312
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Fri, 07 Jul 2023 23:15:14 GMT
expires: Sat, 06 Jul 2024 23:15:14 GMT
last-modified: Fri, 07 Jul 2023 23:05:23 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 82A3 44 KB
16 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 22:51:25 GMT

POST
H/1.1 200
OK 10710800 Show response
panel.izlesene.com/api/player/npm_nefisyemektarifleri/ Frame 82A3 1 KB
1 KB 437ms
136ms XHR
application/json 185.7.176.4
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://panel.izlesene.com/api/player/npm_nefisyemektarifleri/10710800
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.4 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: nginx/1.4.4 /
Resource Hash: b3944f49dff08c01aaa04c97cecc55aafe381b05c7af1a8728725458e066c46f

Request headers

Referer: https://www.nefisyemektarifleri.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Tue, 11 Jul 2023 22:51:25 GMT
Content-Encoding: gzip
Server: nginx/1.4.4
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 2ADD 39 KB
13 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ea555c1e979c28e1d20d729c64ff36b267b83dcabdefe96460d9ae860e4082f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:44:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 433
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13681
x-xss-protection: 0
last-modified: Wed, 05 Jul 2023 22:37:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 11 Jul 2023 23:44:12 GMT

GET
H3 200 nyt-logo-duo-200.png
mn.nytcdn.com/wp-content/assets/img/ Frame 82A3 3 KB
4 KB 63ms
63ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mn.nytcdn.com/wp-content/assets/img/nyt-logo-duo-200.png

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3002e63c4d3d76bb53d4618f047d2c0a50b692602ea8d6f19ef19bd1dfade34

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:25 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 3269
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Mar 2022 06:41:37 GMT
server: cloudflare
etag: "623c12a1-cc5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8waHEinWwLMYX12WdyJYR9rf9nV6MKLPvGMeUMi5LOmOlc%2BEWPZMS7oD78WMs2PnCU%2BxoW1F3lUKsSbWcTm8%2B3zL3jxwMhF76APe%2FgkVmz6XvBswfcb86VP%2Flg6a3wmZZ3%2F77WMEJOwRkQdg"}],"group":"cf-nel","max_age":604800}
x-varnish: 806639393 797977566
content-type: image/png
access-control-allow-origin: *
x-abc: local
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7e549c6aa8fa90d6-FRA
x-nyt-cache: hit cached

GET
H2 200 dpixel
cms.quantserve.com/ Frame BFAB 35 B
463 B 82ms
23ms Image
image/gif 2620:116:800d:21:ef75:8280:f209:5ba1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPeUx0jQJ-0-i6un55oahIU&google_cver=1&google_push=AaAOQGFvyuKXybLvaW381GPmHpjAkPMKplSnl2n56xaaF5rpUZ1UUElGAwD86HbSu7ZyS5jes0RSL9hsDlSSEEZrFcHw1rqP6thAmA

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:ef75:8280:f209:5ba1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame BFAB
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESENq0E6ZTNyMf8CcDGzF9Z20&google_cver=1&google_push=AaAOQGGWOs6zze_rTObWH9thpSRamw4xTx8tGkePHzvHJI_AK_IcU8NpgImLSBc1hCbFPTBLTdmtMbWPF2R3Vi8mM8NFL0S7N0wyW...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENq0E6ZTNyMf8CcDGzF9Z20&google_cver=1&google_push=AaAOQGGWOs6zze_rTObWH9thpSRamw4xTx8tGkePHzvHJI_AK_IcU8NpgImLSBc1hCbFPTBLTdmtMbWPF2R3Vi8mM8NFL0S7N0w...

43 B
410 B

195ms
194ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENq0E6ZTNyMf8CcDGzF9Z20&google_cver=1&google_push=AaAOQGGWOs6zze_rTObWH9thpSRamw4xTx8tGkePHzvHJI_AK_IcU8NpgImLSBc1hCbFPTBLTdmtMbWPF2R3Vi8mM8NFL0S7N0wyWA&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGGWOs6zze_rTObWH9thpSRamw4xTx8tGkePHzvHJI_AK_IcU8NpgImLSBc1hCbFPTBLTdmtMbWPF2R3Vi8mM8NFL0S7N0wyWA%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7e549c6c5feb1903-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 935
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENq0E6ZTNyMf8CcDGzF9Z20&google_cver=1&google_push=AaAOQGGWOs6zze_rTObWH9thpSRamw4xTx8tGkePHzvHJI_AK_IcU8NpgImLSBc1hCbFPTBLTdmtMbWPF2R3Vi8mM8NFL0S7N0wyWA&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGGWOs6zze_rTObWH9thpSRamw4xTx8tGkePHzvHJI_AK_IcU8NpgImLSBc1hCbFPTBLTdmtMbWPF2R3Vi8mM8NFL0S7N0wyWA%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7e549c6abdfb1903-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BFAB
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEFeC7lRQDk8aakQfh9C8WmE&google_cver=1&google_push=AaAOQGF8VJty8-BksnGJ4uSzW-FA_IQpV8e5Ojujlz-FrS4o9AyryliNGV7KSglq8behX7P8PjeeLv5F...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEFeC7lRQDk8aakQfh9C8WmE&google_cver=1&google_push=AaAOQGF8VJty8-BksnGJ4uSzW-FA_IQpV8e5Ojujlz-FrS4o9AyryliNGV7KSglq8behX7P8Pje...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTE5MzU5MTgyMjAxNjMzMjk1Nw&google_push=AaAOQGF8VJty8-BksnGJ4uSzW-FA_IQpV8e5Ojujlz-FrS4o9AyryliNGV7KSglq8behX7P8PjeeLv...

170 B
188 B

33ms
33ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTE5MzU5MTgyMjAxNjMzMjk1Nw&google_push=AaAOQGF8VJty8-BksnGJ4uSzW-FA_IQpV8e5Ojujlz-FrS4o9AyryliNGV7KSglq8behX7P8PjeeLv5FBXqHNmiDSmDP6wd8UdP77A

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTE5MzU5MTgyMjAxNjMzMjk1Nw&google_push=AaAOQGF8VJty8-BksnGJ4uSzW-FA_IQpV8e5Ojujlz-FrS4o9AyryliNGV7KSglq8behX7P8PjeeLv5FBXqHNmiDSmDP6wd8UdP77A
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BFAB
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=R7dUWa-fRMqnnl7sVCyzPA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

33ms
32ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=R7dUWa-fRMqnnl7sVCyzPA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHOKE-GH0gYhMra6M3ioGsIVYB3oykqRjTVnDho8CenO41d46S4Mli9iT4zFRRqZLlIbjJWDFlAVYEed9Ck1wUzvxN6QjfL

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=R7dUWa-fRMqnnl7sVCyzPA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHOKE-GH0gYhMra6M3ioGsIVYB3oykqRjTVnDho8CenO41d46S4Mli9iT4zFRRqZLlIbjJWDFlAVYEed9Ck1wUzvxN6QjfL
date: Tue, 11 Jul 2023 22:51:24 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BFAB
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEJ...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AaAOQGHrhDWTsl8u5nOJX8lk1f0Hkprp9-5VToW172XKHFTGiK3m68SEXYCrIPLE4PgcFdmGKCIzUFrqEDm1OolBwS3HC4Mi4oyNpw&redir=https%3A%2F%2Fcm.g.dou...
https://sync.targeting.unrulymedia.com/csync/RX-d31a465d-2612-4819-880a-62be39e763be-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAaAOQGHrhDWTsl8u5nOJX8lk1...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGHrhDWTsl8u5nOJX8lk1f0Hkprp9-5VToW172XKHFTGiK3m68SEXYCrIPLE4PgcFdmGKCIzUFrqEDm1OolBwS3HC4Mi4oyNpw&google_hm=A9MaRl0mEkgZiApivjnnY74

170 B
188 B

33ms
33ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGHrhDWTsl8u5nOJX8lk1f0Hkprp9-5VToW172XKHFTGiK3m68SEXYCrIPLE4PgcFdmGKCIzUFrqEDm1OolBwS3HC4Mi4oyNpw&google_hm=A9MaRl0mEkgZiApivjnnY74

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGHrhDWTsl8u5nOJX8lk1f0Hkprp9-5VToW172XKHFTGiK3m68SEXYCrIPLE4PgcFdmGKCIzUFrqEDm1OolBwS3HC4Mi4oyNpw&google_hm=A9MaRl0mEkgZiApivjnnY74
date: Tue, 11 Jul 2023 22:51:25 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXd31a465d26124819880a62be39e763be003
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BFAB
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELGa0H5TUgVdVrNdosKRLaY&google_cver=1&google_push=AaAOQGHlCamsY-212SA-gt_mUtRb5Khj6oEPe8Iv-owfhxEUfKjElYcNQHDFFqcAqiS_NlGTJg9SdrVn0Qy3dWrFCEBebVWPEC...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AaAOQGHlCamsY-212SA-gt_mUtRb5Khj6oEPe8Iv-owfhxEUfKjElYcNQHDFFqcAqiS_NlGTJg9SdrVn0Qy3dWrFCEBebVWPECL...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzU1MDE3ODE0NTgzNzA4Njg0NzA4OQ%3D%3D&google_push=AaAOQGHlCamsY-212SA-gt_mUtRb5Khj6oEPe8Iv-owfhxEUfKjElYcN...

170 B
188 B

31ms
31ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzU1MDE3ODE0NTgzNzA4Njg0NzA4OQ%3D%3D&google_push=AaAOQGHlCamsY-212SA-gt_mUtRb5Khj6oEPe8Iv-owfhxEUfKjElYcNQHDFFqcAqiS_NlGTJg9SdrVn0Qy3dWrFCEBebVWPECLMSg

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzU1MDE3ODE0NTgzNzA4Njg0NzA4OQ%3D%3D&google_push=AaAOQGHlCamsY-212SA-gt_mUtRb5Khj6oEPe8Iv-owfhxEUfKjElYcNQHDFFqcAqiS_NlGTJg9SdrVn0Qy3dWrFCEBebVWPECLMSg
date: Tue, 11 Jul 2023 22:51:25 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

report
sync.teads.tv/um/ Frame BFAB
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEOuH_AIIpPiu...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AaAOQGFKpQzAbm0NKauL_YMKD21u5psX69VpYG57pbJwYWJb49bN6edtjXBg_N2uCa03bLkrck4TVM9UqWLS8HL9s9xIA4hc1_8vtw
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

46ms
46ms

Image
image/gif

23.192.153.28
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Server: 23.192.153.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-192-153-28.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Tue, 11 Jul 2023 22:51:25 GMT
pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame BFAB 0
12 B 29ms
29ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KE8B92JkY6wee_XfKgKkwH7h-7dPgIkMLpyu8a4M82Kb_a9zZEKLXybK5WSV1LTln82grKyg

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 249D 23 KB
8 KB 22ms
22ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 530741
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 7799
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 19:25:44 GMT
expires: Thu, 04 Jul 2024 19:25:44 GMT
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1534583/72389193/ Frame 276C 47 KB
12 KB 154ms
45ms Script
application/javascript 52.212.148.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1534583/72389193/skeleton.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.148.89 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-212-148-89.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 1a756bda29a09d6fb12756106e90cfc9a068244c340f128b19207109d706014b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 276C 172 KB
60 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
Origin: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 14:24:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 12 Jul 2023 14:24:45 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230710/r20110914/elements/html/ Frame 276C 11 KB
4 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230710/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DFVGlaLxO4xAN7B3BIv78_h4ORyHSfmMNVE8a4Pt51WNanHxOJW8umlxEBjBzy3NPmCHeDjNwMo4EgpxAutha7u54hjw&cry=1&dbm_d=AKAmf-BEOICdutSJZi2ZphTXlkB28h1D3uG0drn-1OsPRGXlCH8xUlmDv1zQ83C5Ke-FqjvEuosNEnpxB1BUtRXqVq4-getwiN2lcku88vh43e5HrdmbtQPtYiL7hkkXPaLTmjlreUOtaD6fUIJIAJKFb_OJCrmiqlzB3XOBXSr9O_osjayIUvliERKAIAPEqUg3xIPZyL2lJSCsv3QtORxzkaa8Ttu1X19u-muX6bqvo2rIPAfens0I25fI6X_tu4lrKQ0LS5vePfHb5kz1cyaGA-ElXRSFUBzA-_8438nJJvqLJd5YAvi0jFseHl1mk5PNvJ2qlS5bvPyCSQlOq66Wjpa3u9P0wM20DOjmd85ftBBA4vR7DokMdLkwNUsms9FPNc5c5bFkz0QeGOZ7NdlBgQjXvkmvIu9FhhhjdbtQVNVbM-Bh4GQQArTRAmZK7rVyuMM_EMquv060qr3Zsxh1sS2vsIMm2mF_CbelKc1Zcvk0f6j5lCUoATlEtGCRIhW_Jrm9VYtIhcRwjZwDr-RF9TwF8RC7qdIsrV_BGuHcZvCZVdtoEcP9n-3Bvx_XsLk9oamVNK9N4KvtjU3hgaH5RNmSfAW_rc9vKx_y9HtX49uVYuqICCzLsYiipW6ouiu-75vhl1Q6RZgbUOpOWKjoqQ3NtZl-wCkj910yApLrHFiR0fzhRfszPX2-FojWkQqiqD7HUqjUNiyh0KO4r3bMfDvDVgUgXolKhX2Ri-PHHwhSkWcx5QZrKWNNmbpY-gWBxapK198poE2bBrF7RvpUg59rM8vuoTxOQRih0uouSJZcOevgDQKIkKSS6G2aG172XWCyGPUASJ3GyJqsZKhkJVhrawhil-wKS8e99OJczTM0rmyT4t62CBtcVHLFFA-88wiVoIwZH7TYTaiB6lC3Od2ARbC02OYh7lXflfRrS9vQxpg--VUNEyVW4foveat4UhfQ6HzkHvq8l8dqMStOq5f_Oq9ZZoUGYVa1nukkwGPSeyjwq27_lgby9oW4TzOdKRyAJA_9XOVHd4NTwUExx-S6Ja5vVf7kOrnCl51ritMbHnf4cubgeEvqhUKjMuBSHJhD3v3KTAlAiawMFEfC1QU5q9sflGyJKlwG0YBJJWod5fdHuY2_gQQ-LFr6bEl8aH05OF7HG-hIfeNmymRNVtbIz-JrCYXCx43uFbLzfOmfUCLlQ_6iKhFPEk9cvujux1wnDoAYh4HBOKsV4GgwIb0MRI5fvwTKrRmLC72XpuySzNsnt0AqfatwufmBcs_DnIS6xL6o4GvQQovAgZtHWD_bOW_mL3mYcEZ6VjHA6QAu0sgtkOGInj_NDZiDixH5lENozl_cfHfUXyT9lp4Z02lVxQdKTkyc93TlJEMvCT1IGuNsnzXYX_4-63g6eToVWABq6oKKU2YE-XGCtlMkJ-EyGq8U05jtoiWzKIjWxC6URF11cgiq4oKGBY0OAvPz4OfTIIYjkYXqiOgYRZ-12Ch530D3OmbZRBfFLMW7l7VlrRfJ9TJmdwdSoLHKPmvtY6tCDQSgyBmfLTOOtz7pZMp1fhLT3V5bx2-TGfOyOQAsAFRWGaEsV9MKdWE_fQlHCWhqBKpSoxISkac-SsVl3dxhdd8XJ72seXGqll3XUlNrx6oQ7JLbi3N1KTgDUikNuz4H4LWimTkVqwq5moSIT-rcti1CaV8s7YlRVkr-y9U1bBoTNIpiOwNEEhPhEwHc48EA0AnlGwWjVgtCYQl2Vn9SVuTP7hy4Jb5CbUb5Z6mzqnnzRU9X8mJhDQC96Q61DOFKYBoNcOh9aQQLmX3pgMwzsP7uVtgAqVJx5NBJ8okNpDNaWWGhzdfhosQQAm7GJOkbY55YLTzCb2BVTa1DI7ZO4ty0MRAGvZ86COP6qZXrgIvUt5ARRzbdeOotNrk-_Bb7tGXEmGzazfZ0q7nxYABDrYYEkdHwN5LXJUks0PwCf_kbo_FZxPIFZDtd23z7klZfA2hOyp-xI1uooAzmsdyyLjjx7-bUTsz-LXsIq-3wj-DklsgRyEyNrcusA-oypg6H_lxDBK0MM74VWAieHFt4oL7fT5OI2Ob4Z4CJpD4NZBHGvz9-BqpMAdKQMECz3ewXprFaUQC5pWQk1QUz_K2UnjCDqOuG7bZgWO-Gryi8g2SSQuZzJkuFMR7CgPYpYubrSq28p1_pEZ18mDpe_Rw87CKZGBTLCD8XKx2FKAgjy0Dfg-W_tU-42tUkcBdbwQGVVuT05aYb7gw88WrupubHkIt1_300KFOzkAO7fib0ObSJYgm-cemLjULX-RbjDlU11LP31w-OrmKSUVQ97kMfLRFarxJalzpsoHhqeq0Aqg_2BgeIcQNwTXyy6W3LLRhpAnvnbSQvQaksHSZNoKqhPaHCOrQiQ_pq9DBdiPQN2062hXRtfB2LR01-X6TIdFvFiwerzsSS0Miq_3V6uEbSdSz7-uYp3irAuMTOh2pmv0sxdT2RJCGaEXrFPONbOTVShfd9bKxQ8bXtCyva53ag_gvBXOmozJnv2QNZSxltG3mFJRwDbmWw25RQF15vNz5MiQzSl8snFH9U7Mmw_XsQnB-W1b9jf4eBpwrKBJmzg8gKiFHkIKVt9jySmEwneHjMMMLpd8P8VdKItuYQPbxMwRhqQNKNc4BWzXAutp8BDYsW_JoBi2pF0nSENTikkD7dflark-B3oL2Fffec_pAdNiTvy6M6Fm2V6srvtoHQYVu7D1E_DL5mr7aQDtOQvo8LQrDJpO5BWE15JaSBV5ZCDN6UtYH1sjJwjg1OES2lv51MhKNARcWxupKkNReAPHdv8UwSyzxPG7Ai5r5JtQnnEwFMkv4mV3SAEEYgZlEyJ78fxin4ISXDP4rx5OFC7CM85SO4Yf00iIqlJWEntgL3Sk8yEyWkLROwgGUtewctT1whYPrvWr1dhtHOWblyl9t29ppYNE5xK8Drzx99zowCXTSAcv_vVIx4u9ae3OfirGj1CqLGrwGPAx-ZTBFgvns79NcT0tzWkKOUEPZ6hqZIzlvCGS3AYjGAinVMbLBRsC2u_WIzuJWWApgK9z94nGd14K7HZBvp-KhDrV2Y-dLk3Vtzx8Mgojt8ybTWxYaC88oxueNsrZRSzlW8ZVV-ZQc6xaJpXO3eiWZeibvfzcKRHaSHstuSWpCaTkuvQYDM5vlPiBMfLcFOFrJkzV3290PmTdG5oqd9y3wJJCx4RvzO7Er9KP9pKqjQPYvwB9as1ARLa_z_K-uU1dr_4PfnPlXdNMqgfqDoJ8nywPsbOXXlP9xLSaoXw_5ocC4ecLb89RD9VvawRoVncy46k6U54M065_yQkxASZMRMyBtTx96r2DAJp5m6GGm36AuURZtbqYDWmcW08sOwD9lZysVddQ9U-tai25YOLp2iygXi4sZ4lH29fYJXnTaN6cmQEDnxCqhAiw16QXV3LZ6g9zo_TLCYJuK204BvDSDl057Knn64KFno-F5xp-TzPzdXzvL5qILGkhzZmsSbFgROhM5ztmXHD_JEAFmcmiMxCwwJD1UjZxBFN3oVhQ8fC4xdqYJqctGrFMDW2FtDAt23Szs3sGmlBOdRFU_SOLCMRYZb53w7zwy7dESTjZFAM5cauDmkt_Ndr7pcedaxkhHmDvGcxn3XkDxcJWhB_UJtLfL0sP0J_s-_1w&cid=CAQSOwBpAlJWKh_fXRSFD5g-_YJZ7oJXXOcHMpqMvAOjHg--R5qDyuKe1cNiqLHkSkgPiKHaKHXVffOVxdEyGAE&dv3_ver=m202306200101&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=2536823769720020000&adk=3844175693&idt=99&cac=0&dtd=9

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 19:59:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10322
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 19:59:23 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230710/r20110914/ Frame 276C 30 KB
11 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230710/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 20:05:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9936
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 25 Jul 2023 20:05:49 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 276C 41 KB
13 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32330
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Jul 2024 13:52:35 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B492
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

32ms
31ms

Document
text/html

2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 22:51:25 GMT
expires: Tue, 11 Jul 2023 22:51:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 22:51:25 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3772 1 KB
643 B 21ms
21ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 21529
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 16:52:36 GMT
etag: 48472445140208031
expires: Wed, 12 Jul 2023 16:52:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 276C 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c80365b3d61748da70094a8ea95488ae260e3f6051d830f590a54b82cf795141

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DEBC
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEDMz-MNS3AGJjQI9nmnikVw&google_cver=1&google_push=AaAOQGHdAlPOa23DNoBq-m4E63abrrYj3AeSVP1w10VyLVMRc1PClQWqBs...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AaAOQGHdAlPOa23DNoBq-m4E63abrrYj3AeSVP1w10VyLVMRc1PClQWqBs25p-8d8ze9kEAcOA_uL2dt9aU-Yre_aht6CqTQB0A&google_hm=tBAKHyYpbJsqK...

170 B
188 B

33ms
33ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AaAOQGHdAlPOa23DNoBq-m4E63abrrYj3AeSVP1w10VyLVMRc1PClQWqBs25p-8d8ze9kEAcOA_uL2dt9aU-Yre_aht6CqTQB0A&google_hm=tBAKHyYpbJsqK7kcIGuisw

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AaAOQGHdAlPOa23DNoBq-m4E63abrrYj3AeSVP1w10VyLVMRc1PClQWqBs25p-8d8ze9kEAcOA_uL2dt9aU-Yre_aht6CqTQB0A&google_hm=tBAKHyYpbJsqK7kcIGuisw
date: Tue, 11 Jul 2023 22:51:25 GMT
cache-control: private, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DEBC
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEAdmLEBnn6cWzUI45eJSxFA&google_cver=1&google_push=AaAOQGHIesXo-GD9z4YoEbL6EXXW4WzR2JKUgl2igZesTzMGsR1p3R0T5BpCGXx9CYO0zXeuJq4fwXWat6OVmiSEIbsht9PgBKU
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=EA2ED22C10FA4FF8BBD9D899C80FC3DE&google_push=AaAOQGHIesXo-GD9z4YoEbL6EXXW4WzR2JKUgl2igZesTzMGsR1p3R0T5BpCGXx9CYO0zXeuJq4fwXWat6OVmiS...

170 B
188 B

31ms
30ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=EA2ED22C10FA4FF8BBD9D899C80FC3DE&google_push=AaAOQGHIesXo-GD9z4YoEbL6EXXW4WzR2JKUgl2igZesTzMGsR1p3R0T5BpCGXx9CYO0zXeuJq4fwXWat6OVmiSEIbsht9PgBKU

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 11 Jul 2023 22:51:25 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=EA2ED22C10FA4FF8BBD9D899C80FC3DE&google_push=AaAOQGHIesXo-GD9z4YoEbL6EXXW4WzR2JKUgl2igZesTzMGsR1p3R0T5BpCGXx9CYO0zXeuJq4fwXWat6OVmiSEIbsht9PgBKU
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 10 Jul 2023 22:51:25 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DEBC
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=R7dUWa-fRMqnnl7sVCyzPA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

32ms
32ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=R7dUWa-fRMqnnl7sVCyzPA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGH162mLOVNu8PoajR4FME0WsZNX7-TVFGwyG5BUbJraf5v7Yeng-cZu2hd3_cENOWGhG3yOcwYfkn3DKG6J0SXjvnQlqfc

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=R7dUWa-fRMqnnl7sVCyzPA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGH162mLOVNu8PoajR4FME0WsZNX7-TVFGwyG5BUbJraf5v7Yeng-cZu2hd3_cENOWGhG3yOcwYfkn3DKG6J0SXjvnQlqfc
date: Tue, 11 Jul 2023 22:51:24 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DEBC
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMO7eI6_BdAYwVdH_S4b8fU&google_cver=1&google_push=AaAOQGHq7b0dtAAyttvEWTcA6BRvS2tgSpYC3CfKqIhqeIy-HSiGX_95y7Fbr3Gr_nlRmo4Glyz...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpZVlpJSjktMVotMk9GNw==&google_push=AaAOQGHq7b0dtAAyttvEWTcA6BRvS2tgSpYC3CfKqIhqeIy-HSiGX_95y7Fbr3Gr_nlRmo4GlyzfiA-Ez5p8D9XcFCckyiFjIA0

170 B
188 B

32ms
32ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpZVlpJSjktMVotMk9GNw==&google_push=AaAOQGHq7b0dtAAyttvEWTcA6BRvS2tgSpYC3CfKqIhqeIy-HSiGX_95y7Fbr3Gr_nlRmo4GlyzfiA-Ez5p8D9XcFCckyiFjIA0

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpZVlpJSjktMVotMk9GNw==&google_push=AaAOQGHq7b0dtAAyttvEWTcA6BRvS2tgSpYC3CfKqIhqeIy-HSiGX_95y7Fbr3Gr_nlRmo4GlyzfiA-Ez5p8D9XcFCckyiFjIA0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DEBC
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEEZ9X6br7v5jCVMm1OprUN4&google_cver=1&google_push=AaAOQGHbIzQwsjvg84u5C_j3MgpHi3nSxLVEuVc1UeldwhXuAP68Olk5T8CEsBjUbqQwITEUQYWuw2AqKuviqe64AtnIhO...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=dGMJ18AAQxumdCjJzDMIpQ&google_push=AaAOQGHbIzQwsjvg84u5C_j3MgpHi3nSxLVEuVc1UeldwhXuAP68Olk5T8CEsBjUbqQwITEUQYWuw2AqKuviqe6...

170 B
188 B

32ms
31ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=dGMJ18AAQxumdCjJzDMIpQ&google_push=AaAOQGHbIzQwsjvg84u5C_j3MgpHi3nSxLVEuVc1UeldwhXuAP68Olk5T8CEsBjUbqQwITEUQYWuw2AqKuviqe64AtnIhOuzTug

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=dGMJ18AAQxumdCjJzDMIpQ&google_push=AaAOQGHbIzQwsjvg84u5C_j3MgpHi3nSxLVEuVc1UeldwhXuAP68Olk5T8CEsBjUbqQwITEUQYWuw2AqKuviqe64AtnIhOuzTug
access-control-allow-origin: *
date: Tue, 11 Jul 2023 22:51:25 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DEBC
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEPUuu4aI_skni67xljB62LY&google_cver=1&google_push=AaAOQGF-AOy-86RMi...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NDk0MjM1OTA0NDEzMDE5MjMwOQ%3D%3D&google_gid=CAESEPUuu4aI_skni67xljB62LY&google_cver=1&google_push=AaAOQGF-AOy-86RMiAymEMrzdIFDyWLxrf...

170 B
188 B

31ms
31ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NDk0MjM1OTA0NDEzMDE5MjMwOQ%3D%3D&google_gid=CAESEPUuu4aI_skni67xljB62LY&google_cver=1&google_push=AaAOQGF-AOy-86RMiAymEMrzdIFDyWLxrfFqJ3MjcgxuWIR8z7KpNJ2tLoS2StbExI7c79tfFiDMc7-wE1OjmdBvZCaPAi7CD765

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
an-x-request-uuid: 9d7036ad-67bd-4b76-8640-ac684c9b811b
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NDk0MjM1OTA0NDEzMDE5MjMwOQ%3D%3D&google_gid=CAESEPUuu4aI_skni67xljB62LY&google_cver=1&google_push=AaAOQGF-AOy-86RMiAymEMrzdIFDyWLxrfFqJ3MjcgxuWIR8z7KpNJ2tLoS2StbExI7c79tfFiDMc7-wE1OjmdBvZCaPAi7CD765
x-proxy-origin: 84.19.175.183; 84.19.175.183; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DEBC
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESENCljyD2J...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESENC...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=2c904e7c-1719-4cc0-a134-5aa114d71e23&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

31ms
31ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=2c904e7c-1719-4cc0-a134-5aa114d71e23&%%GOOGLE_PUSH_PAIR%%

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=2c904e7c-1719-4cc0-a134-5aa114d71e23&%%GOOGLE_PUSH_PAIR%%
date: Tue, 11 Jul 2023 22:51:25 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame DEBC 0
12 B 30ms
29ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KwrS-vOUXyvA40amiYNxQzpYH-yu7wOUiqo4-PARqV_-FkFIovPMbOuOMhBBbOltAxCGbmPTo

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B3EF
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEO6zwXUX5mLLtSbjpXeRFtI&google_cver=1&google_push=AaAOQGHgbQvwvrR1lVtANIwjxqF7k4ncsmzH5ij_5rsmjnUnjCh-xXxaYEdYd9vpIy9rBS6YyOsj_fEi71UTr4AJ...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGHgbQvwvrR1lVtANIwjxqF7k4ncsmzH5ij_5rsmjnUnjCh-xXxaYEdYd9vpIy9rBS6YyOsj_fEi71UTr4AJleUQg4I4kfqr

170 B
188 B

31ms
31ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGHgbQvwvrR1lVtANIwjxqF7k4ncsmzH5ij_5rsmjnUnjCh-xXxaYEdYd9vpIy9rBS6YyOsj_fEi71UTr4AJleUQg4I4kfqr

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 11 Jul 2023 22:51:25 GMT
Server: MT3 1031 59fd23a master zrh zrh-pixel-x13 config_version:"1524"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGHgbQvwvrR1lVtANIwjxqF7k4ncsmzH5ij_5rsmjnUnjCh-xXxaYEdYd9vpIy9rBS6YyOsj_fEi71UTr4AJleUQg4I4kfqr
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 11 Jul 2023 22:51:24 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame B3EF
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEMnjClYZAOOYbGi_FzIvrq0&google_cver=1&google_push=AaAOQGEVKVwDQuu--u7OfbGXHQ8u83fwZr0LELAY5cJuSAW5QYiJLDpWAfnO6CpU1R6i-lLEjqelO6hmUbM9v80wDSSRAJN9YAk&r...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEMnjClYZAOOYbGi_FzIvrq0&google_cver=1&google_push=AaAOQGEVKVwDQuu--u7OfbGXHQ8u83fwZr0LELAY5cJuSAW5QYiJLDpWAfnO6CpU1R6i-lLEjqelO6hmUbM9v80wDSSRAJN9YAk...

43 B
389 B

189ms
189ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEMnjClYZAOOYbGi_FzIvrq0&google_cver=1&google_push=AaAOQGEVKVwDQuu--u7OfbGXHQ8u83fwZr0LELAY5cJuSAW5QYiJLDpWAfnO6CpU1R6i-lLEjqelO6hmUbM9v80wDSSRAJN9YAk&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGEVKVwDQuu--u7OfbGXHQ8u83fwZr0LELAY5cJuSAW5QYiJLDpWAfnO6CpU1R6i-lLEjqelO6hmUbM9v80wDSSRAJN9YAk%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7e549c6cc85a1903-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 325
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEMnjClYZAOOYbGi_FzIvrq0&google_cver=1&google_push=AaAOQGEVKVwDQuu--u7OfbGXHQ8u83fwZr0LELAY5cJuSAW5QYiJLDpWAfnO6CpU1R6i-lLEjqelO6hmUbM9v80wDSSRAJN9YAk&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGEVKVwDQuu--u7OfbGXHQ8u83fwZr0LELAY5cJuSAW5QYiJLDpWAfnO6CpU1R6i-lLEjqelO6hmUbM9v80wDSSRAJN9YAk%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7e549c6b8f391903-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B3EF
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMGXCrHGiTsssr72tCqNB24&google_cver=1&google_push=AaAOQGEjw7-QdjrPDlIcIUmMkM788vfeGf0gOPkqSUy8iYl_--oOw0IzrmJK902rJL_vhfPCg3Hal28BJfEWD9CEZg4rX8J...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGEjw7-QdjrPDlIcIUmMkM788vfeGf0gOPkqSUy8iYl_--oOw0IzrmJK902rJL_vhfPCg3Hal28BJfEWD9CEZg4rX8JVZG9G&google_hm=eS1paTBWWXY5RTJwRzhxUG...

170 B
188 B

31ms
30ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGEjw7-QdjrPDlIcIUmMkM788vfeGf0gOPkqSUy8iYl_--oOw0IzrmJK902rJL_vhfPCg3Hal28BJfEWD9CEZg4rX8JVZG9G&google_hm=eS1paTBWWXY5RTJwRzhxUGZyeGZaVXJNcVlUODVWODF1T35B

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 11 Jul 2023 22:51:25 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGEjw7-QdjrPDlIcIUmMkM788vfeGf0gOPkqSUy8iYl_--oOw0IzrmJK902rJL_vhfPCg3Hal28BJfEWD9CEZg4rX8JVZG9G&google_hm=eS1paTBWWXY5RTJwRzhxUGZyeGZaVXJNcVlUODVWODF1T35B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B3EF
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESELJEf1NPBthlHXrU5y-wWXc&google_cver=1&google_push=AaAOQGEWn0JBvaNH_G7AkhBlSRVWsHT4k395L_6e2aHF0k7k_7UtIlphYM_bN7Xrq9ca6IXR3Sn98AM-1MHz4mh7C9l1din...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESELJEf1NPBthlHXrU5y-wWXc&google_cver=1&google_push=AaAOQGEWn0JBvaNH_G7AkhBlSRVWsHT4k395L_6e2aHF0k7k_7UtIlphYM_bN7Xrq9ca6IXR3Sn98AM-1MHz4mh7C9l1d...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGEWn0JBvaNH_G7AkhBlSRVWsHT4k395L_6e2aHF0k7k_7UtIlphYM_bN7Xrq9ca6IXR3Sn98AM-1MHz4mh7C9l1dinJnEWH

170 B
188 B

33ms
32ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGEWn0JBvaNH_G7AkhBlSRVWsHT4k395L_6e2aHF0k7k_7UtIlphYM_bN7Xrq9ca6IXR3Sn98AM-1MHz4mh7C9l1dinJnEWH

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGEWn0JBvaNH_G7AkhBlSRVWsHT4k395L_6e2aHF0k7k_7UtIlphYM_bN7Xrq9ca6IXR3Sn98AM-1MHz4mh7C9l1dinJnEWH
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 dds
rtb.openx.net/sync/ Frame B3EF 43 B
245 B 80ms
29ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESELXpK21fBpzGAbTk0Fhxch0&google_cver=1&google_push=AaAOQGHDpHmpwMSjB0vnVgG1YEBZIwPii1j_dHdA-mev1s2YOFJfxBZW5uO3QP3iNNuGgz9PjAZ8DX0FHerwaaVD1X5RqHbvqRk
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame B3EF 0
45 B 206ms
45ms Image
text/plain 185.86.139.102
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEBnbr7VnBBq79HUuoWFnJf0&google_cver=1&google_push=AaAOQGHsGUTIi4xCuQSAuG-7dwsh0fEZodSYGTWqnfO4i6CSCYUkkCGecMzdUfth7tyXp39ivfArRU0sPHMwzh1i_UGX3arSM_Y
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.102 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:25 GMT
content-length: 0

GET
H2

200

/
onetag-sys.com/match/ Frame B3EF
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEC2lCEslld4rWCdZ1QSWUX0&google_cver=1&google_push=AaAOQGGrcBAOPL77-YvOLkLWq-f4yXdzfKpsdtONlwdtqRrMlasGjiPKf38zrMMSKWh-BgUsb63U0RaBRXw...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGGrcBAOPL77-YvOLkLWq-f4yXdzfKpsdtONlwdtqRrMlasGjiPKf38zrMMSKWh-BgUsb63U0RaBRXwtngGq6gTr9QeHdlm60Q
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

23ms
22ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame B3EF 0
12 B 30ms
29ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LYSWQKo5nMtQTJuBb0xbeY2Qe41wJ7_Gidu_Lu0ynOCq_ojCZr2Y55rnAOmVMlXgVqHg0-Tg

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/10776139036581716392/ Frame 942D 1 KB
766 B 28ms
28ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10776139036581716392/index.html?e=69&leftOffset=0&topOffset=0&c=WldR1jgurf&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b7d8e9e3fcf576554fb627441842f75490a7ad42fb89bbc00aed6e9c208d189

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 738
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 22:51:25 GMT
expires: Wed, 10 Jul 2024 22:51:25 GMT
last-modified: Sun, 23 Oct 2022 18:55:22 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 63EC 0
0 134ms
67ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstNCyeR1VF3cxJL96XmsEBu5zexnT-nlZN8xr8360fgW4_ybt94OxyrRgHA4OoR7YPA9AfLo15A2F0wB-0Dq5pc4Rsb9_omyLlAJyTfGy6S06tHeFoqEkrdTZfrlAywQmxTxuDXYnOBH4DG3tKBE_mQDji3pkHBzXhfXDn7uZF6WqavqbAw2iBBKwUUmD_L8liOBp2154mLCGnsTBI1KhQClNg6ubWHr46pEnL_shrGdrQHvOJ4o5VPHZSredMZVSZ-ET3PtNT-tFEO3vU6bkFJHpoKBiC31KcxwPxMpKi7PJwl_qRAuWcjkxrokmWUffG23IlSBnlcM5tCPmHBxRj8oux41FnnqHX77_bNS6uU-hJOX7TAPfKpkEn6cbGr0H3eq4zFjH2KB9g2WjbQ3PAQPF6Sj-w8XvjDERsyY3Y_Ge7KOw1MUOOKbot0quGWSj0Rv3Sxvr4V5o3LGFGS8Ebs5_geYNYFzmury8LeepJLvNOi73Su8D1cxoXkcQ3dYEUneJoZsKC-MRW4iV-iaK0rYigUGtKhjfLV0T-EhGLgS8CHZwtH8dRMnOzS05vFLxnBteDwNS-isa7uMS0O1oPNi0LKySjcQ3c8jh7cE-B9VFTIjpUDItPCsU0U8u4JhTpa2y39ysG3h5tSpz0DPhJ0L-p2l7nu1HPV3-8mI3u32ImuuqOQkE2fWGQinRh8fEe6zJCh2iO1i-yzPBLljK-rFzMwN4vaSDuPxvum4SKEKeDuyf7fUxetjxsfRV5eMZc4jTRraOCcQ4-RM6Ss8r18HPdJHbsyPWw75Elxxlbh3bJqad5BZ-aZAZxJ1OYIOGp1Xv4Y_zil6EWNMl1E79ypn1UpALeiiBqk1kTTrxIRY76JjkzySDSTxjVrrg_SkD9zg8u32_R_8MZSh696wRGTwAJc5zXCzd0yX_1vqRdKPPlhuX2swgBERVxXR-LmpN_nSM3eJIvQ35ohZjzBVip21r2UcCJd9dNUX0MyQIb-QWFpwoQqfelfCoyIB2dbTSi8DkKLU5xsG4Zcx_rNwkAxfBmLx0avf_W-y3iVMVheihQXwQTwsdNRowCcUwzHk-Hzr8nHbGYOuSobR4foy595vvkwmckOMHlUg6q4c1B2B_hcPMoF9hRcRIBcs0DHYXhvICTimVetA142kDwgcY4UYkULRUrhxqLOBN12MrrgzYUHuPV24xZcDSZq5GDGgtUnPxgANI88wEFV-MGeR4X3TaUOHVDX-EZ1qdc7Vgtz1xndzL_iHL0OyP3VAEvD5B-fWjrZ5Xa2C53jGZydJ1lSRGyzW2QS84WkhbWV7x_k-UIVD_eNaYygZhxs1VQz_Omd5_P0RnvCRRrP_Ea5qU2T7tQAilUhzkBycH-DS13Nt4V1JBjKytOxlkkV5D0hcEM2oTUoGQ2iFw&sai=AMfl-YQqCnbQnutHFYJjrxc5WaGF8SiS5xif8bSUsq5qiLzllBy2dAkGlLoLztHaSbNeN4dwqbETe05KZUAzcAN6hOFP89Q2_661bY0yFwaFN-LNDEHKNDW7Y7BJ9hBlsJACDIgsNJu-S0jdJMGP5TwLkbsuaR7geMhA8nYRoNk6u-36-UJ-dq1g7AJXYg_NYoNtvVTG-KLoJoozet8iH9_nlUZTO0-_H5uMOIs-2uQUFwoX0C5Okejh0XBk_K0em7RSQ9V2&sig=Cg0ArKJSzJiHY_u4E6qFEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=294&cbvp=1&cstd=286&cisv=r20230710.25472&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 11 Jul 2023 22:51:25 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 11 Jul 2023 22:51:25 GMT

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame 63EC 60 B
60 B 114ms
30ms Image
image/gif 213.202.235.9
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lx-mindshare&extProvApi=lx_de&extLi=29013028&extCr=180885357&extPm=354328380&gdpr_consent=&gdpr=

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

213.202.235.9 Grenzach-Wyhlen, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 11 Jul 2023 22:51:24 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Di, 11 Jul 2023 10:51:25 GMT
X-ET-Code: 0
Content-Type: image/gif
Cache-Control: max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-ET-Camp: 1894
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B69B 22 KB
8 KB 21ms
21ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 458315
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:32:50 GMT
expires: Fri, 05 Jul 2024 15:32:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EA60
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

36ms
36ms

Document
text/html

2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 22:51:25 GMT
expires: Tue, 11 Jul 2023 22:51:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 22:51:25 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 206 file.mp4
r1---sn-4g5ednss.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720651885/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame C278 2 MB
2 MB 44ms
20ms Media
video/mp4 2a00:1450:4001:6b::6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6b::6 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

9b279f62d8ab632481b6d6fda4c49c8b9ee7fd77988c13e4b8baa7007d37b10c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Range: bytes=0-

Response headers

expires: Tue, 11 Jul 2023 22:51:25 GMT
date: Tue, 11 Jul 2023 22:51:25 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-2220695/2220696
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 2220696
last-modified: Fri, 07 Jul 2023 14:34:05 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
client-protocol: quic

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 942D 113 KB
38 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10776139036581716392/index.html?e=69&leftOffset=0&topOffset=0&c=WldR1jgurf&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10776139036581716392/index.html?e=69&leftOffset=0&topOffset=0&c=WldR1jgurf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 22:51:25 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 942D 118 KB
40 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10776139036581716392/index.html?e=69&leftOffset=0&topOffset=0&c=WldR1jgurf&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10776139036581716392/index.html?e=69&leftOffset=0&topOffset=0&c=WldR1jgurf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 13:52:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32329
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 12 Jul 2023 13:52:36 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3772
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEKp4HQ6eLMzon9v8xsrwxEU&google_cver=1&google_push=AaAOQGFx-xjpF-TWZ0Rd031Z7rReAgquqKbfYhrO2FAyLGhYiOJcHgdLHdTBGlclEEs8vtrehgdUU-6Y9XMzvzZdcuaBeacRS7Mu
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=EA2ED22C10FA4FF8BBD9D899C80FC3DE&google_push=AaAOQGFx-xjpF-TWZ0Rd031Z7rReAgquqKbfYhrO2FAyLGhYiOJcHgdLHdTBGlclEEs8vtrehgdUU-6Y9XMzvzZ...

170 B
188 B

32ms
32ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=EA2ED22C10FA4FF8BBD9D899C80FC3DE&google_push=AaAOQGFx-xjpF-TWZ0Rd031Z7rReAgquqKbfYhrO2FAyLGhYiOJcHgdLHdTBGlclEEs8vtrehgdUU-6Y9XMzvzZdcuaBeacRS7Mu

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 11 Jul 2023 22:51:25 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=EA2ED22C10FA4FF8BBD9D899C80FC3DE&google_push=AaAOQGFx-xjpF-TWZ0Rd031Z7rReAgquqKbfYhrO2FAyLGhYiOJcHgdLHdTBGlclEEs8vtrehgdUU-6Y9XMzvzZdcuaBeacRS7Mu
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 10 Jul 2023 22:51:25 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3772
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESELU0-tf6_lKD0XoJXv6K35U&google_cver=1&google_push=AaAOQGEz-VCnf2KgORbf2ds1Q8lgEtWD23OHb6LvAklJFQe8G7smiZjN5pge1wdXkv1rCqkQcR_-eoKTLb9vqMi8BY2o5UB...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGEz-VCnf2KgORbf2ds1Q8lgEtWD23OHb6LvAklJFQe8G7smiZjN5pge1wdXkv1rCqkQcR_-eoKTLb9vqMi8BY2o5UBuBnJQag&google_hm=eS1paTBWWXY5RTJwRzhx...

170 B
188 B

32ms
31ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGEz-VCnf2KgORbf2ds1Q8lgEtWD23OHb6LvAklJFQe8G7smiZjN5pge1wdXkv1rCqkQcR_-eoKTLb9vqMi8BY2o5UBuBnJQag&google_hm=eS1paTBWWXY5RTJwRzhxUGZyeGZaVXJNcVlUODVWODF1T35B

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 11 Jul 2023 22:51:25 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGEz-VCnf2KgORbf2ds1Q8lgEtWD23OHb6LvAklJFQe8G7smiZjN5pge1wdXkv1rCqkQcR_-eoKTLb9vqMi8BY2o5UBuBnJQag&google_hm=eS1paTBWWXY5RTJwRzhxUGZyeGZaVXJNcVlUODVWODF1T35B
content-length: 0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 3772 43 B
363 B 89ms
27ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEIoqgM4nCYWVXuBWZO2c3Cw&google_cver=1&google_push=AaAOQGFoGF7z35GDNfobI1AtGe3iZABh2sr_1oF_Jyrxq-cZkridcC0EEtxVsOKo2gUE20H_REINjhssAhHi84Bd3uO2ZELt4gMe

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 176942
expires: Tue, 11 Jul 2023 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 3772 43 B
103 B 30ms
29ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEFjt5vC56cZRKeYLTHWPlaM&google_cver=1&google_push=AaAOQGFjvVgjGTqlrj011-rcD7TTh8kYExf78b43NRujsMnWrKJiFlbEWrlwLy_MO9zfdJAA0Sn_Ft33HTabtQX5wDPk_5RV9Gjmhg
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3772
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEF9evX3cJU0tuowrRXwdpbY&google_cver=1&google_push=AaAOQGFhP43jTJ938QJXNzOZTXdsXAEdwjTjPq-WTeUKHYn5EZKZ8p9rXqkhzuCZl_AJCkrasjMdyWmVbq1q...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGFhP43jTJ938QJXNzOZTXdsXAEdwjTjPq-WTeUKHYn5EZKZ8p9rXqkhzuCZl_AJCkrasjMdyWmVbq1q4BYh4sBIXnQ6HER6

170 B
188 B

32ms
32ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGFhP43jTJ938QJXNzOZTXdsXAEdwjTjPq-WTeUKHYn5EZKZ8p9rXqkhzuCZl_AJCkrasjMdyWmVbq1q4BYh4sBIXnQ6HER6

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGFhP43jTJ938QJXNzOZTXdsXAEdwjTjPq-WTeUKHYn5EZKZ8p9rXqkhzuCZl_AJCkrasjMdyWmVbq1q4BYh4sBIXnQ6HER6
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58281/ Frame 3772 0
125 B 108ms
26ms Image
text/plain 3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEK7cEINhAjAoSbWtiVdj-wo&google_cver=1&google_push=AaAOQGFTZMremAwt4rCPHmVrm3ZjqqKIFu8hrZsmxXCIZeb7gwKr3BxYPt1fEe0OyAEBTJMrRL9TOO5R7nMUiRygrblJGSz0MBoCDQI

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:25 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3772
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESENnErwH9A...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=2c904e7c-1719-4cc0-a134-5aa114d71e23&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

31ms
31ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=2c904e7c-1719-4cc0-a134-5aa114d71e23&%%GOOGLE_PUSH_PAIR%%

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=2c904e7c-1719-4cc0-a134-5aa114d71e23&%%GOOGLE_PUSH_PAIR%%
date: Tue, 11 Jul 2023 22:51:25 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 3772 0
12 B 29ms
28ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I8Rq9MzNoXFGnOye_B67dlsUnBq64TD4n4IxlHJN9A6I2j1hXnJCT4x8p_zqb7npJcMEHOF9o

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:25 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js Show response
pagead2.googlesyndication.com/bg/ Frame 249D 38 KB
14 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00e8a28586e393b1b23d23dec44dcfa2b38a457a287d33c5f0d8ef9008257387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 09:49:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46902
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14768
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 10 Jul 2024 09:49:43 GMT

GET
H2 200 main.19.8.427.js Show response
static.adsafeprotected.com/ Frame 276C 204 KB
64 KB 115ms
30ms Script
application/javascript 2600:9000:26da:fe00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.427.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/1534583/72389193/skeleton.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26da:fe00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b445986c019347798ad617e4f430afca3618c8284e21bb0af67e57c349610fb8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:18:30 GMT
x-amz-version-id: viAUynJgAIn66dlitVD8ck8iSZOBHuBj
content-encoding: gzip
via: 1.1 7949f2957c23173b6f2b16db26ab42f6.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P4
age: 19976
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 10 Jul 2023 20:47:49 GMT
server: AmazonS3
etag: W/"506c4292d1b190f254067aa99ecfa709"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: YKYBzllvyMuTpXHmGiPQQmFZqsU1dmlGtZzsGXjHl5Lw5NNNUNzHkg==

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5ADD 22 KB
8 KB 24ms
21ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 458315
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:32:50 GMT
expires: Fri, 05 Jul 2024 15:32:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/12339641061559367785/ Frame 9B2A 14 KB
3 KB 29ms
28ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12339641061559367785/index.html?e=69&leftOffset=0&topOffset=0&c=rlPKL8Z2GL&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc63e14bc579599e80c325c723a80ade67a77f614e1376c769a44d1f43d7f840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2951
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 22:51:25 GMT
expires: Wed, 10 Jul 2024 22:51:25 GMT
last-modified: Fri, 12 May 2023 09:19:47 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 276C 0
0 70ms
69ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsshMQtCOvH0oK5sHd9HlhOJHuCR2R3Dlu8wqSY_qVcbIXxgAcZOM285cCKORE1oSnQFy6Gim9_Hxis30ErsEvrGegGYhSq_5hOE_j6leK6jj398_KQN4LHgaeizRbSLd1sj_mP1E7hJAuc2uDDkkXTEvotCv95B6q1-zJYIcBeQo8NYpHXlNow9vOR2U_RMJZUghBC-5M8U6Z2jBHbF1qJSrzePiPCT7QVwLVdp8gvdfgA1VR3LcxU4867fPEMBvqPhH7dgJLghhQa5bIKLj1kR-ZKJTUfDXgyLenqq1FMfym08cjj7YLlHdDALDgJs9wVSt0RZZ5MK-dyMrLYsLw1gZI9am-KCgJ4cWUwB8wJqw7zWg-WDuTMR69sAzRVS5tLE2cAX6yFMdJWn_3atxy1SJ1W3RNV_TBIrU0QMSJOS_GmKFq63q0F1dvO8JeN3Oxwg6Ew2NAvQzvIjXqLenm02buQ2wOEPrMj5orwax4CGqgp7Gl9Ap6FJlqT-awoGcdPU3iAK5SaTgmi7fGsGKPA5AKltHJXZcdiMYbSqMh91zWlRDI33f9MCqS2zPapps5Sfq7i0emmtozluV82xj_JGO96ec5UsQHi8wBpd5W1Xr0XMXn2rdFg1xZSHBuh-pVzIGGnP85a2wLTVnb60SUDU5qsrcqwSeVDkSunaR7pghnPyzdyxWloxdUMsu5zQb1QooS-b19Pz9iNo5BbWqp-O6bU_BJBvsvSIopth5xIZZbYDOplfW6PrYmsClC6UWb6inBPWdw2ro6WXogxFQzaNw1Q62ERa64xaoit40_ILQ7_tY40YlH8IMMDA2scPEiyFZ6jDHxflDf2DLGFpinC1xePSDUcKbcLLHOIawYJShNUJr6-UIEfG1IS2JaIk7rVU8EKmcx5rqnRaWh9KfJCYTa4MUJITd4Tbfe9XpSXXw7vb2qmpAFJby-zbCkVRFQXSFfxiuev_YzY8JCB7E0rN5-s12qiZtJWiFMZAFyh9Sz49HGOW0TDvju-DbNP0xGok3DgmGI3Zv_dFAd1nGmDhi1uNY-msasaGxdCJc-Q1gkN1p7MlPzccS_2_Pq24mduMuSSBrhlGS6P789IWzXaYVv2Aez1eNhOFBCoTiYbVYpA9c4uBB21s4VMJajRvH4ToPOLEKcWrkcJtbA-Xh_tPq77_hEVj8lPDgyLseViX_WMv_bPK9Yd2VIWwZKvNJ92qfybBm7k0dFElXi5cw3d8XCuz_51DJB5mnknLf6vWLceJp0pnyRdIhsHz4QRSE_O_jFxplU1vIkQSuzDVc7777KwSuv52hXitznvwsxeRV7Q7QyLnXrAgKMn5ZTdVcJcepoHIsnvSdKyRJ12P7vV6HohtGwiAkT8HvyE6hfCHanLfg18ylPsRP2DccPcy2KO7KyKF_9muoqhu6egjOqCmxI9AffyoM-3c1f0MkIjT1Ty-RNkpt0kUf_uXNw&sai=AMfl-YSCqb6ccL0oDuhaZpiTV02Iix7qDBc7Z6nE9Q5L3XWpngZcNRcZruLoI58Z_jDc36L1G3qdKaCGBFum6Z2xWSC1K-ZEAjQ9flYdlrpU2M-PGB-EzY5MXRR7jMuOd6ON8QlSxnsmq71sRQqMOsfockjzwINKgGZvAhgzkK4Y6EavQyBOTeMR66QwDJhOzGkXKtiSbSiXNJsB4GIftFBe6x5cYs2p2--JMpmzZAT846uyAJ6la72PFMWP83lIMtyRfCY0zOwcLmZ7bOdHwWdzoHIgPaDAC68&sig=Cg0ArKJSzC_LnabLZvX4EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=264&cbvp=1&cstd=258&cisv=r20230710.23124&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 11 Jul 2023 22:51:25 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 11 Jul 2023 22:51:25 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 82A3 0
20 B 55ms
54ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ima_sdk_v&pvsid=413980555089297&v=h.3.580.0

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js Show response
pagead2.googlesyndication.com/bg/ Frame B69B 37 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26ec4365620d6bba2d1f06a2b02ab2312abb8b043209f1eafcb8673525346f65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 11:40:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 126649
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14572
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 09 Jul 2024 11:40:36 GMT

GET
H3 200 styles.css
s0.2mdn.net/sadbundle/12339641061559367785/css/ Frame 9B2A 6 KB
2 KB 22ms
22ms Stylesheet
text/css 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12339641061559367785/css/styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12339641061559367785/index.html?e=69&leftOffset=0&topOffset=0&c=rlPKL8Z2GL&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435205911189c1d7f16109a127f2dc4f3c0dbab6d8d226088216bd5c6c3ef9ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12339641061559367785/index.html?e=69&leftOffset=0&topOffset=0&c=rlPKL8Z2GL&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 16:13:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23862
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1585
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:47 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 10 Jul 2024 16:13:43 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 9B2A 120 KB
41 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12339641061559367785/index.html?e=69&leftOffset=0&topOffset=0&c=rlPKL8Z2GL&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12339641061559367785/index.html?e=69&leftOffset=0&topOffset=0&c=rlPKL8Z2GL&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 13:53:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32302
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 12 Jul 2023 13:53:03 GMT

GET
H3 200 overlay.png
s0.2mdn.net/sadbundle/12339641061559367785/img/ Frame 9B2A 95 B
122 B 20ms
20ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12339641061559367785/img/overlay.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12339641061559367785/index.html?e=69&leftOffset=0&topOffset=0&c=rlPKL8Z2GL&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12339641061559367785/index.html?e=69&leftOffset=0&topOffset=0&c=rlPKL8Z2GL&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 16:13:43 GMT
x-content-type-options: nosniff
age: 23862
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 10 Jul 2024 16:13:43 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/12339641061559367785/img/ Frame 9B2A 5 KB
2 KB 20ms
20ms Image
image/svg+xml 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12339641061559367785/img/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12339641061559367785/index.html?e=69&leftOffset=0&topOffset=0&c=rlPKL8Z2GL&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

312ea37c961106b2df0601ca18d37f89c74ec7b28932d79c012c0864169a11ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12339641061559367785/index.html?e=69&leftOffset=0&topOffset=0&c=rlPKL8Z2GL&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 16:13:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23862
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2331
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:47 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 10 Jul 2024 16:13:43 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 9B2A 60 KB
24 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12339641061559367785/index.html?e=69&leftOffset=0&topOffset=0&c=rlPKL8Z2GL&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12339641061559367785/index.html?e=69&leftOffset=0&topOffset=0&c=rlPKL8Z2GL&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 22:51:25 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 63EC 0
0 62ms
61ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstNCyeR1VF3cxJL96XmsEBu5zexnT-nlZN8xr8360fgW4_ybt94OxyrRgHA4OoR7YPA9AfLo15A2F0wB-0Dq5pc4Rsb9_omyLlAJyTfGy6S06tHeFoqEkrdTZfrlAywQmxTxuDXYnOBH4DG3tKBE_mQDji3pkHBzXhfXDn7uZF6WqavqbAw2iBBKwUUmD_L8liOBp2154mLCGnsTBI1KhQClNg6ubWHr46pEnL_shrGdrQHvOJ4o5VPHZSredMZVSZ-ET3PtNT-tFEO3vU6bkFJHpoKBiC31KcxwPxMpKi7PJwl_qRAuWcjkxrokmWUffG23IlSBnlcM5tCPmHBxRj8oux41FnnqHX77_bNS6uU-hJOX7TAPfKpkEn6cbGr0H3eq4zFjH2KB9g2WjbQ3PAQPF6Sj-w8XvjDERsyY3Y_Ge7KOw1MUOOKbot0quGWSj0Rv3Sxvr4V5o3LGFGS8Ebs5_geYNYFzmury8LeepJLvNOi73Su8D1cxoXkcQ3dYEUneJoZsKC-MRW4iV-iaK0rYigUGtKhjfLV0T-EhGLgS8CHZwtH8dRMnOzS05vFLxnBteDwNS-isa7uMS0O1oPNi0LKySjcQ3c8jh7cE-B9VFTIjpUDItPCsU0U8u4JhTpa2y39ysG3h5tSpz0DPhJ0L-p2l7nu1HPV3-8mI3u32ImuuqOQkE2fWGQinRh8fEe6zJCh2iO1i-yzPBLljK-rFzMwN4vaSDuPxvum4SKEKeDuyf7fUxetjxsfRV5eMZc4jTRraOCcQ4-RM6Ss8r18HPdJHbsyPWw75Elxxlbh3bJqad5BZ-aZAZxJ1OYIOGp1Xv4Y_zil6EWNMl1E79ypn1UpALeiiBqk1kTTrxIRY76JjkzySDSTxjVrrg_SkD9zg8u32_R_8MZSh696wRGTwAJc5zXCzd0yX_1vqRdKPPlhuX2swgBERVxXR-LmpN_nSM3eJIvQ35ohZjzBVip21r2UcCJd9dNUX0MyQIb-QWFpwoQqfelfCoyIB2dbTSi8DkKLU5xsG4Zcx_rNwkAxfBmLx0avf_W-y3iVMVheihQXwQTwsdNRowCcUwzHk-Hzr8nHbGYOuSobR4foy595vvkwmckOMHlUg6q4c1B2B_hcPMoF9hRcRIBcs0DHYXhvICTimVetA142kDwgcY4UYkULRUrhxqLOBN12MrrgzYUHuPV24xZcDSZq5GDGgtUnPxgANI88wEFV-MGeR4X3TaUOHVDX-EZ1qdc7Vgtz1xndzL_iHL0OyP3VAEvD5B-fWjrZ5Xa2C53jGZydJ1lSRGyzW2QS84WkhbWV7x_k-UIVD_eNaYygZhxs1VQz_Omd5_P0RnvCRRrP_Ea5qU2T7tQAilUhzkBycH-DS13Nt4V1JBjKytOxlkkV5D0hcEM2oTUoGQ2iFw&sai=AMfl-YQqCnbQnutHFYJjrxc5WaGF8SiS5xif8bSUsq5qiLzllBy2dAkGlLoLztHaSbNeN4dwqbETe05KZUAzcAN6hOFP89Q2_661bY0yFwaFN-LNDEHKNDW7Y7BJ9hBlsJACDIgsNJu-S0jdJMGP5TwLkbsuaR7geMhA8nYRoNk6u-36-UJ-dq1g7AJXYg_NYoNtvVTG-KLoJoozet8iH9_nlUZTO0-_H5uMOIs-2uQUFwoX0C5Okejh0XBk_K0em7RSQ9V2&sig=Cg0ArKJSzJiHY_u4E6qFEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=487&vt=11&dtpt=193&dett=3&cstd=286&cisv=r20230710.25472&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 11 Jul 2023 22:51:25 GMT

GET
H3 200 JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js Show response
pagead2.googlesyndication.com/bg/ Frame 5ADD 37 KB
14 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26ec4365620d6bba2d1f06a2b02ab2312abb8b043209f1eafcb8673525346f65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 11:40:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 126649
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14572
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 09 Jul 2024 11:40:36 GMT

POST
H2 200 count
logger.virgul.com/ Frame 82A3 0
116 B 90ms
78ms Ping
image/jpeg 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=infoLoad&g=m&r=npm_nefisyemektarifleri:13::10710800&o=400-500&iv=&wVID=&info=10710800@117240@117240@13:30@@&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 11 Jul 2023 22:51:25 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
H3 200 FordAntennaCondMedium.subline.woff
s0.2mdn.net/sadbundle/12339641061559367785/fonts/ Frame 9B2A 13 KB
13 KB 23ms
21ms Font
font/woff 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12339641061559367785/fonts/FordAntennaCondMedium.subline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12339641061559367785/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/12339641061559367785/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 16:13:43 GMT
x-content-type-options: nosniff
age: 23862
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13336
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 10 Jul 2024 16:13:43 GMT

GET
H3 200 FordAntennaBlack.headline.woff
s0.2mdn.net/sadbundle/12339641061559367785/fonts/ Frame 9B2A 12 KB
12 KB 27ms
26ms Font
font/woff 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12339641061559367785/fonts/FordAntennaBlack.headline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12339641061559367785/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/12339641061559367785/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 16:13:43 GMT
x-content-type-options: nosniff
age: 23862
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11876
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 10 Jul 2024 16:13:43 GMT

GET
H3 200 FordAntennaRegular.legal.woff
s0.2mdn.net/sadbundle/12339641061559367785/fonts/ Frame 9B2A 14 KB
14 KB 24ms
23ms Font
font/woff 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12339641061559367785/fonts/FordAntennaRegular.legal.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12339641061559367785/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/12339641061559367785/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 16:13:43 GMT
x-content-type-options: nosniff
age: 23862
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14468
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 10 Jul 2024 16:13:43 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/creatives/assets/4672102/ Frame 942D 4 KB
2 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4672102/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10776139036581716392/index.html?e=69&leftOffset=0&topOffset=0&c=WldR1jgurf&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

decfbe8c158a2cba02ca73b8bdf79f27b58757217a01cf6a492feb29d25d9458

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10776139036581716392/index.html?e=69&leftOffset=0&topOffset=0&c=WldR1jgurf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:40:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 654
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1793
x-xss-protection: 0
last-modified: Mon, 15 May 2023 11:48:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 22:55:31 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 942D 7 KB
6 KB 63ms
62ms XHR
application/json 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ba9d330b78f248ea27a859a13a86a8d65e737a6f79f1370f0a52cb7a06e292a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5733
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 9B2A 8 KB
6 KB 62ms
62ms XHR
application/json 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8da45626edae55c76cee4eaf4867a8301ca7980ade6751502f20bbf0b27a22f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5810
x-xss-protection: 0

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame 276C
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1534583/72389193/skeleton.js?adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2F&adsafe...
https://static.adsafeprotected.com/skeleton.js

17 B
466 B

26ms
26ms

Script
application/javascript

2600:9000:26da:fe00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2600:9000:26da:fe00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 09 May 2023 06:47:57 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 7949f2957c23173b6f2b16db26ab42f6.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P4
age: 5501009
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: cMK1c4Pd0G7UXqAZbe5XNHs6jVTLHPnJeHIvLfH6k5Z0WhoXNz8XzQ==

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
server: nginx
x-server-name: app14.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 9B6C 91 KB
23 KB 29ms
29ms Script
application/javascript 2600:9000:26da:fe00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26da:fe00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 08 Jun 2023 21:19:49 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 7949f2957c23173b6f2b16db26ab42f6.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P4
age: 2856697
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: hh1Ku2sReYjQNsvHlbfjJHo3W96OpiTRX_iu_9AvDlLm8kEACJWvSg==

GET
H3 200 160x600_js.png
s0.2mdn.net/creatives/assets/4672102/ Frame 942D 71 KB
71 KB 20ms
20ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4672102/160x600_js.png

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a275065d1843e7068685f13f7a0374b5a2756e41293faaaedc5cfa360014824

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/10776139036581716392/index.html?e=69&leftOffset=0&topOffset=0&c=WldR1jgurf&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:39:58 GMT
x-content-type-options: nosniff
age: 687
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73107
x-xss-protection: 0
last-modified: Wed, 19 Apr 2023 09:53:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 22:54:58 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 942D 17 KB
6 KB 34ms
34ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Jul 2023 22:51:25 GMT

POST
H2 200 count
logger.virgul.com/ Frame 82A3 0
116 B 79ms
79ms Ping
image/jpeg 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=adDataLoad&g=m&r=npm_nefisyemektarifleri:preroll:100&o=&iv=&wVID=&info=10710800@117240@117240@13:30@@&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 11 Jul 2023 22:51:25 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
H2 200 zoneview
ng.virgul.com/ Frame 82A3 0
222 B 79ms
79ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1689115885868&v=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F%26vi%3D10710800%40&r=153182:nefisyemektarifleri&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%20sal%C3%A7as%C4%B1%40karabiber%40kuru%20so%C4%9Fan%40nohut%40pul%20biber%40s%C4%B1v%C4%B1%20ya%C4%9F%40sivri%20biber%40su%40tuz%26nyt_cat%3Dpost&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.31025898645104855
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.nefisyemektarifleri.com
date: Tue, 11 Jul 2023 22:51:25 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H2 200 count
logger.virgul.com/ Frame 82A3 0
116 B 78ms
78ms Ping
image/jpeg 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=videoActivateError&g=m&r=npm_nefisyemektarifleri:windows:Chrome_114.0.5735.198&o=&iv=&wVID=&info=10710800@117240@117240@13:30@@&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 11 Jul 2023 22:51:25 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
DATA 200
OK truncated
/ Frame 82A3 1016 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6823cdc5c5bc297bd4ac06187687fecb2a5c110658ebd5efba820132571fe6a2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 276C 43 B
216 B 532ms
175ms Image
image/gif 2600:1f13:800:7781:137e:246c:f226:35e4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1534583&asId=2dffbaa2-f741-71db-eb2d-2a6ebf9195ae&tv=%7Bc:i6nEpt,pingTime:-3,time:332,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:251%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:332,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:251,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B102~0%5D,as:%5B102~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tJKe7jy+111%7C112%7C113%7C114%7C115%7C116%7C117%7C118%7C119%7C11a1%7C11b11%7C11c1%7C11d1%7C11d2%7C11e1%7C11e2%7C11e3%7C11e41%7C11f1%7C11f2%7C11g*.1534583-72389193%7C11g1%7C11g2%7C11g3%7C11g4%7C11h%7C11i1%7C11j,idMap:11g*,rmeas:1,rend:0,renddet:na,siq:252%7D&br=c
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:137e:246c:f226:35e4 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:26 GMT
server: nginx
x-server-name: dt06.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 276C 43 B
215 B 530ms
175ms Image
image/gif 2600:1f13:800:7781:137e:246c:f226:35e4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1534583&asId=2dffbaa2-f741-71db-eb2d-2a6ebf9195ae&tv=%7Bc:i6nEpv,pingTime:-6,time:333,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:333,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:251,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B103~0%5D,as:%5B103~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tJKe7jy+111%7C112%7C113%7C114%7C115%7C116%7C117%7C118%7C119%7C11a1%7C11b11%7C11c1%7C11d1%7C11d2%7C11e1%7C11e2%7C11e3%7C11e41%7C11f1%7C11f2%7C11g*.1534583-72389193%7C11g1%7C11g2%7C11g3%7C11g4%7C11h%7C11i1%7C11j,idMap:11g*,rmeas:1,rend:0,renddet:na,siq:252%7D&tpiLookup=ao:pcloak.blob.core.windows.net*%2Cwww.nefisyemektarifleri.com*&br=c
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:137e:246c:f226:35e4 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:26 GMT
server: nginx
x-server-name: dt08.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 5e2588ac6f82ad050a013a34
ng2.virgul.com/tck/imp/ Frame 82A3 0
222 B 79ms
79ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5e2588ac6f82ad050a013a34?g=1&t=gb&r=153193@site_geneli@nefisyemektarifleri:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&mt=1689115883758&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.nefisyemektarifleri.com
date: Tue, 11 Jul 2023 22:51:25 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 9B2A 17 KB
6 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Jul 2023 22:51:25 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 276C 0
0 59ms
59ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsshMQtCOvH0oK5sHd9HlhOJHuCR2R3Dlu8wqSY_qVcbIXxgAcZOM285cCKORE1oSnQFy6Gim9_Hxis30ErsEvrGegGYhSq_5hOE_j6leK6jj398_KQN4LHgaeizRbSLd1sj_mP1E7hJAuc2uDDkkXTEvotCv95B6q1-zJYIcBeQo8NYpHXlNow9vOR2U_RMJZUghBC-5M8U6Z2jBHbF1qJSrzePiPCT7QVwLVdp8gvdfgA1VR3LcxU4867fPEMBvqPhH7dgJLghhQa5bIKLj1kR-ZKJTUfDXgyLenqq1FMfym08cjj7YLlHdDALDgJs9wVSt0RZZ5MK-dyMrLYsLw1gZI9am-KCgJ4cWUwB8wJqw7zWg-WDuTMR69sAzRVS5tLE2cAX6yFMdJWn_3atxy1SJ1W3RNV_TBIrU0QMSJOS_GmKFq63q0F1dvO8JeN3Oxwg6Ew2NAvQzvIjXqLenm02buQ2wOEPrMj5orwax4CGqgp7Gl9Ap6FJlqT-awoGcdPU3iAK5SaTgmi7fGsGKPA5AKltHJXZcdiMYbSqMh91zWlRDI33f9MCqS2zPapps5Sfq7i0emmtozluV82xj_JGO96ec5UsQHi8wBpd5W1Xr0XMXn2rdFg1xZSHBuh-pVzIGGnP85a2wLTVnb60SUDU5qsrcqwSeVDkSunaR7pghnPyzdyxWloxdUMsu5zQb1QooS-b19Pz9iNo5BbWqp-O6bU_BJBvsvSIopth5xIZZbYDOplfW6PrYmsClC6UWb6inBPWdw2ro6WXogxFQzaNw1Q62ERa64xaoit40_ILQ7_tY40YlH8IMMDA2scPEiyFZ6jDHxflDf2DLGFpinC1xePSDUcKbcLLHOIawYJShNUJr6-UIEfG1IS2JaIk7rVU8EKmcx5rqnRaWh9KfJCYTa4MUJITd4Tbfe9XpSXXw7vb2qmpAFJby-zbCkVRFQXSFfxiuev_YzY8JCB7E0rN5-s12qiZtJWiFMZAFyh9Sz49HGOW0TDvju-DbNP0xGok3DgmGI3Zv_dFAd1nGmDhi1uNY-msasaGxdCJc-Q1gkN1p7MlPzccS_2_Pq24mduMuSSBrhlGS6P789IWzXaYVv2Aez1eNhOFBCoTiYbVYpA9c4uBB21s4VMJajRvH4ToPOLEKcWrkcJtbA-Xh_tPq77_hEVj8lPDgyLseViX_WMv_bPK9Yd2VIWwZKvNJ92qfybBm7k0dFElXi5cw3d8XCuz_51DJB5mnknLf6vWLceJp0pnyRdIhsHz4QRSE_O_jFxplU1vIkQSuzDVc7777KwSuv52hXitznvwsxeRV7Q7QyLnXrAgKMn5ZTdVcJcepoHIsnvSdKyRJ12P7vV6HohtGwiAkT8HvyE6hfCHanLfg18ylPsRP2DccPcy2KO7KyKF_9muoqhu6egjOqCmxI9AffyoM-3c1f0MkIjT1Ty-RNkpt0kUf_uXNw&sai=AMfl-YSCqb6ccL0oDuhaZpiTV02Iix7qDBc7Z6nE9Q5L3XWpngZcNRcZruLoI58Z_jDc36L1G3qdKaCGBFum6Z2xWSC1K-ZEAjQ9flYdlrpU2M-PGB-EzY5MXRR7jMuOd6ON8QlSxnsmq71sRQqMOsfockjzwINKgGZvAhgzkK4Y6EavQyBOTeMR66QwDJhOzGkXKtiSbSiXNJsB4GIftFBe6x5cYs2p2--JMpmzZAT846uyAJ6la72PFMWP83lIMtyRfCY0zOwcLmZ7bOdHwWdzoHIgPaDAC68&sig=Cg0ArKJSzC_LnabLZvX4EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=597&vt=11&dtpt=333&dett=3&cstd=258&cisv=r20230710.23124&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:25 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 11 Jul 2023 22:51:25 GMT

GET
H2

206

10710800-480_2-170k.mp4
istr-n23.nktcdn.com/data/videos/10710/ Frame 82A3
Redirect Chain

https://istr.izlesene.com/data/videos/10710/10710800-480_2-170k.mp4?token=ghJqF0FTY48xkzVo1nmRhA&ts=1689205885&playername=npm_nefisyemektarifleri
https://istr-n23.nktcdn.com/data/videos/10710/10710800-480_2-170k.mp4?playername=npm_nefisyemektarifleri&token=BSSx8LbI3Jtom91JaiPM2g&ts=1689202286

400 KB
0

400ms
84ms

Media
video/mp4

185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://istr-n23.nktcdn.com/data/videos/10710/10710800-480_2-170k.mp4?playername=npm_nefisyemektarifleri&token=BSSx8LbI3Jtom91JaiPM2g&ts=1689202286
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
Content-Range: bytes 0-22366387/22366388
date: Tue, 11 Jul 2023 22:51:26 GMT
last-modified: Tue, 06 Sep 2022 14:04:31 GMT
server: openresty/1.15.8.3
Content-Length: 22366388
content-type: video/mp4

Redirect headers

date: Tue, 11 Jul 2023 22:51:26 GMT
server: openresty/1.15.8.3
content-type: text/html
location: https://istr-n23.nktcdn.com/data/videos/10710/10710800-480_2-170k.mp4?playername=npm_nefisyemektarifleri&token=BSSx8LbI3Jtom91JaiPM2g&ts=1689202286
access-control-allow-origin: *
cache-control: max-age=0
content-length: 151
expires: Tue, 11 Jul 2023 22:51:26 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 276C 43 B
215 B 496ms
176ms Image
image/gif 2600:1f13:800:7781:137e:246c:f226:35e4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1534583&asId=2dffbaa2-f741-71db-eb2d-2a6ebf9195ae&tv=%7Bc:i6nEq5,pingTime:-2,time:369,type:a,im:%7Bsf:0,pci:%7Btdr:97%7D,pom:1,prf:%7BbdA:460,bdZ:616,beA:718,beZ:719,mfA:945,cmA:946,inA:946,inZ:950,prA:950,prZ:965,si:970,poA:971,poZ:984,cmZ:984,mfZ:984,loA:1051,loZ:1053,ltA:1087,ltZ:1087,mdA:719,mdZ:864%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:160.600,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:251%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:369,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:251,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B139~0%5D,as:%5B139~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tJKe7jy+111%7C112%7C113%7C114%7C115%7C116%7C117%7C118%7C119%7C11a1%7C11b11%7C11c1%7C11d1%7C11d2%7C11e1%7C11e2%7C11e3%7C11e41%7C11f1%7C11f2%7C11g*.1534583-72389193%7C11g1%7C11g2%7C11g3%7C11g4%7C11h%7C11i1%7C11j,idMap:11g*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:252,sinceFw:116,readyFired:true%7D&br=c
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:137e:246c:f226:35e4 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:26 GMT
server: nginx
x-server-name: dt10.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 276C 43 B
215 B 491ms
176ms Image
image/gif 2600:1f13:800:7781:137e:246c:f226:35e4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1534583&asId=2dffbaa2-f741-71db-eb2d-2a6ebf9195ae&tv=%7Bc:i6nEq9,pingTime:0,time:373,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:251%7D,%7Bpiv:100,vs:i,r:,t:373%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:373,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:251,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B143~0%5D,as:%5B143~160.600%5D%7D%7D,%7Bsl:i,t:373,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B0~100%5D,as:%5B0~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tJKe7jy+111%7C112%7C113%7C114%7C115%7C116%7C117%7C118%7C119%7C11a1%7C11b11%7C11c1%7C11d1%7C11d2%7C11e1%7C11e2%7C11e3%7C11e41%7C11f1%7C11f2%7C11g*.1534583-72389193%7C11g1%7C11g2%7C11g3%7C11g4%7C11h%7C11i1%7C11j,idMap:11g*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:252%7D&br=c
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:137e:246c:f226:35e4 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:26 GMT
server: nginx
x-server-name: dt09.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
DATA 200
OK truncated
/ Frame 942D 25 KB
25 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3be09dc0c3a62f0a8397706bf1d6fc53d4dbcadf38863aaf6b87ceb0f1eb3d18

Request headers

Referer
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 942D 25 KB
25 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 32ee695fc5354fb6448cbc5453ec1d15f01c7d5f74539da5f93126188b9fda22

Request headers

Referer
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H3 200 star_alliance.svg Show response
s0.2mdn.net/creatives/assets/4669666/ Frame 942D 4 KB
2 KB 21ms
21ms XHR
image/svg+xml 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4669666/star_alliance.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3117435f29e0de48ea6ed19bbe21500a39ac0901bb4962f6b65a938162f54b8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10776139036581716392/index.html?e=69&leftOffset=0&topOffset=0&c=WldR1jgurf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:44:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 426
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1838
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:06:43 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 22:59:19 GMT

GET
H3 200 MadeOfSwitzerland.svg Show response
s0.2mdn.net/creatives/assets/4669666/ Frame 942D 9 KB
3 KB 21ms
20ms XHR
image/svg+xml 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4669666/MadeOfSwitzerland.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33db53c59f86658a2a1c5a8515a4332b2837162b2ec8c13af379f32f122ea18b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10776139036581716392/index.html?e=69&leftOffset=0&topOffset=0&c=WldR1jgurf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:44:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 426
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2792
x-xss-protection: 0
last-modified: Tue, 04 Oct 2022 10:19:40 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 22:59:19 GMT

GET
H3 200 de_swiss_rgb.svg
s0.2mdn.net/creatives/assets/4669666/ Frame 942D 2 KB
881 B 21ms
20ms Image
image/svg+xml 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4669666/de_swiss_rgb.svg

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

354a25f44878b2935ae4bb47c8c285c749b3d439526c270e69a0404d01050399

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10776139036581716392/index.html?e=69&leftOffset=0&topOffset=0&c=WldR1jgurf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:42:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 549
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 849
x-xss-protection: 0
last-modified: Thu, 15 Sep 2022 15:45:22 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 22:57:16 GMT

GET
H3 200 Abendstimmung_Offer_160x600.jpg
s0.2mdn.net/creatives/assets/4669663/ Frame 942D 16 KB
16 KB 21ms
20ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4669663/Abendstimmung_Offer_160x600.jpg

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fac11484c63257da7052d00d2d2f8dffd6c68b748a1bf83027684514edad4c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10776139036581716392/index.html?e=69&leftOffset=0&topOffset=0&c=WldR1jgurf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:05 GMT
x-content-type-options: nosniff
age: 20
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16216
x-xss-protection: 0
last-modified: Wed, 16 Nov 2022 16:53:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 23:06:05 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 249D 0
20 B 58ms
58ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=Becp07dytZNgWlJD1-A_2gau4AwAAAAA4AeAEAg&bg=!nJ-ln8vNAAb90kgr3dI7ADkAdvg8WiJGDoSvluGLU8bu_U5murHCN7Tb6DHtVKniTY7WW2Pb5XsgsBpWzePaPi0MWT8eQVoTjQUCAAABBFIAAAAHaAEHmQMjxDJn5x9wkgPriWScrNhgA3O4uU7-RZf1oOdkAtd6qV2nyUKh05ahsTvTkpX0f_FUN5VutnUBpec-0_J8tqBSfJsX20OPEekl8Hysd47AxQxKoqxCns1WbUZTTwFXcCvRar_Glz8Zm6Mv8X1FtwxlNaz-SPxaggSwizmsXtx5kSRj2Q1_YPeyjWKvT9cb18XMvQg8zSbalW23wGao76HzpHZC8VFQ2R8ONAfz6rkwFyXkxVfrOgTVFawH5j2F2xKfS29MdUjDNEVOLLO2zEbbcEpUMoFc9QJ4jN6H2th9MEnE_q06hQifgbQ2iGRJwTysEaJse0LAB5dG5eaNwFZe4BY8FkoMCsa2y__1I5LC5CuELixsayT6cRz1m0Hg6bA0twr_BDDJ919LKEvdy5tHi1qCCHZ4ycdn5g1G7Uaes4AUanAHYe1TAmfCfAFpMFLi0ro5d7S7yR2XLMcKIDnH55ZAZ_Q1wmEtQBatIznNHX-38uD6vLvnMJ_h9Mslvyc5r9YA2WqoWWeBVua5XWKySxMyhNtUXWK53VeqSq3E6T5POHdsrR25tPWYHpgwglP2l6Bk6ZWpWgFBB9LQRkJ6-YP-vvGgsIE7j-oiDhMqMWGxXNBJG5NgkesDfRep9F5FX8PcUvctxxGztk1gnKwcOz29mwvWaiC51cWQCPw_TXGCMTtI5sFNYdMURVO9Htycv7ieaAKDbMOjChnsjMLDv93w7a0bAGbhKP4IkZ8zCGqiTEAg-O7OaqE12LiRRulqVg-nzNZHwuvqZADG8csCieC80Yw-AgoIMVq3CO99tuZw2jPfUuT7InhgFdkOCqZE37yIMWrkr2ObIvjFPtgNj6LTn138Tp-q00KU6rNuKd0KpM-B0fYwxyEJjhKDcAj0_r5dHLP_5r15f3TYAaFWsh56Tmfi1XI-3cI8EUnS7dNkz4oIxfg05Cf9SKPFDf3o7mtDMfg-Q7ho66JqtEZwDeo8mHMDReK0Ib2nD_Z28jdpBJuhEdW_elrOQlF7ME-PytOoY5s4-NxJwMqA4WvmQTr0In9iUP-mpqDvaz4krxC9IjE

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B69B 0
20 B 61ms
61ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B3QW27NytZN-PPMHB9u8Pys6SkAwAAAAAOAHgBAI&bg=!AgGlAVXNAAb90kgr3dI7ADkAdvg8Wj_xT78Kf0jjVk0uRP0yjzGBXBxBJQBb9mqhH8XXTCpDMWfqOrwR9tLpeLpmHAbQ2Q7Osq8CAAAA7FIAAAAIaAEHmQMh2GvWIEYMqX-l8ENgH5pOuxMLJoBo-yvPNM5w9YPsH-wIo687KfaqrE2U8ItBAuZNc-OzYcQ8HG1-OXHJb75G_8xYOVdqaBqr1xC83tB-MQ3Jb3W-t16g1gZeVWcToUzoD3uJ5iQUv_xhB3gDfkFgYPzSYscufqbmemNbZ1lgI_hYoAurZrjelj8RSYgVBrqSZeF_3Z8VNl52AAOPLUsTUHdBMB0d-8HddFazgI79Uwaj01tHF03gCHt0ZQHhUEiRxIDd0z3lJYOxxWKBxFG2DnBB6NfZ-lwT6LZZJmZ4EJJG--kJpo8Wh8yKtiaHDTzgul4k6M_fVVl1-ycRWFPEtUNaUqxbuskslB-Oi-qilIpaaeW_1T8DwrMDGmPvoC78JSjIpBQEq7lCC4mh332pQSZ1O-LmoR1nsmb0wwy84to6guZpj2bu7NSNHEYcm112KNyaBkTddTvCHB_UzOb2ZCuhiLlzJbzQ_6MRt6PYlWtpFrFczXFO_4uLJcHuuWrlF3FBf8gUX7nydpOGDC8dF41jtoKZTLc1f0tN_c_ld9Ty0rq1kdZL4vBGKqt941hfU6Ijb29407DhCLeKjM9ltUx-bPFt_UGpXGnugEi-TQMIv0CQCK_CWjP4fJv3aQZPi1i4kfEFhjy8oYsGVIBhmY4tPUWA07X8sim_vBUue-ISqzoYxmEipqFNGTB1Gb3LMBAumPnSiHa2_mHNSxUmMfiPf7F-UYPvQJAxVZXKRaKsTvc68FWQeDIFihWkLJmpz0ftiBcoK91M37pWqun531WgGL6saO4VN54yq4r-8cXvIWfFuZ6Y9vjxOzYoj3tkcf_5Qcg2E-cCgU-X8cgwTpktUvW3aYu8R8czE78d6OnBKiW6IPVliAHsV6Tc7pVyzlZvXgM2dCbqaWt_ghpJE2MZAgYakmzxDgA4xEU5FgaYzlWv5vVv82E4hcJnS1MHQEi5iG_OVjtBc2d4vn1FLQJVk8ZWPMQb9zQwr7WcNe6BD59ADEkVayHXVyfFYwaQQFK4f_umFyGMJ7NFJAD2noenHIAjpgDZNLg2vSiU8KTH

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js Show response
pagead2.googlesyndication.com/bg/ Frame 8AE3 37 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26ec4365620d6bba2d1f06a2b02ab2312abb8b043209f1eafcb8673525346f65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 11:40:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 126649
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14572
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 09 Jul 2024 11:40:36 GMT

GET
H3 200 JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js Show response
pagead2.googlesyndication.com/bg/ Frame 4C62 37 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26ec4365620d6bba2d1f06a2b02ab2312abb8b043209f1eafcb8673525346f65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 11:40:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 126650
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14572
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 09 Jul 2024 11:40:36 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E183 42 B
64 B 58ms
58ms Fetch
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvZlECrOhqjsyxciPM4rz4uZqfAGZmCgSQR7yFkWipjdI1PW4YNSkg4PN6z6aWmy4wzWzzowwiv20dEBYXEG4FDFEmySa7mGmosy-mWMcub2-Z5QQkGpYwhMuSS1DIP6GYVMId0rwp6vunx&sai=AMfl-YTGwEcEhoWr3P2PqFUYsdbn2gQeqTHAQ1TLSbOk_R74_v6GmE3He7fAkvJ32Lzp0I6FTrtrF425GrU7&sig=Cg0ArKJSzL4qcbsW6aKqEAE&cid=CAQSGwBpAlJW-kw_mC-yGQ0bPaks-1JyHyfIGRLQmxgB&id=lidar2&mcvt=1023&p=0,0,280,970&mtos=1023,1023,1023,1023,1023&tos=1023,0,0,0,0&v=20230710&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=4082077109&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1689115884196&rpt=845&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 276C 43 B
215 B 275ms
176ms Image
image/gif 2600:1f13:800:7781:137e:246c:f226:35e4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1534583&asId=2dffbaa2-f741-71db-eb2d-2a6ebf9195ae&tv=%7Bc:i6nEtE,time:590,type:e,im:%7Bimprf:%7Bttecl:717,ecd:140,tsecr:66%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:217,o:373,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:251,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B143~0%5D,as:%5B143~160.600%5D%7D%7D,%7Bsl:i,t:373,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B217~100%5D,as:%5B217~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tJKe7jy+111%7C112%7C113%7C114%7C115%7C116%7C117%7C118%7C119%7C11a1%7C11b11%7C11c1%7C11d1%7C11d2%7C11e1%7C11e2%7C11e3%7C11e41%7C11f1%7C11f2%7C11g*.1534583-72389193%7C11g1%7C11g2%7C11g3%7C11g4%7C11h%7C11i1%7C11j,idMap:11g*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:252,sis:459%7D&br=c
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:137e:246c:f226:35e4 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:26 GMT
server: nginx
x-server-name: dt07.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5ADD 0
22 B 58ms
58ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BO7bb7dytZP_2BsHB9u8Pys6SkAwAAAAAOAHgBAI&bg=!fH-lfyvNAAb90kgr3dI7ADkAdvg8WodU_3GZkQN3sWuAY5fFmKxtrtcQmWPNquLRDOyvdkYF13Xoa-t_tv6_ZE73eVBnei1Iz4QCAAABFFIAAAAFaAEHCgBWdvZ4QOrKfJ2rBhh2Ol1aNxrXJsGOXPeKRiomEY7u-TFlVOfzHjYjdIHw8EVapwzBwEvYx3IcYQSPLLU5hjJcHjNgXglF0amU0fo-I3uPxwMogcU3ySCZAy86zbddXkJ7BSflX8pdf1PckJu4YJ9dBDifrrWbkY9jFF70F70ziL_Yeqd0YaF5K36kZpq4wmdZmrMJeQl0Dxmkk9Den6a1yortiUHcR_aA4729-2sx_RdRCY0HQacBzZZ08rjPsFhd9KoBZ0zCPFH6Qla-dIMQfg876-EBXlONdivKJ9Vn6fL1hLIwY-bbCaxty7wHg4B6oJ1KQloE-BHWe3Uv-ccyEDAB-xu1x1BdzcPW0faY-u3zM4VbdJkaFfN863SuUxobG_TlyS_Gexiy3FzRR2iGhNan1_mv_Ji_0b5GHpumabzwd0R-avcdnREXVgAm8ro_t2kuoSbXMbgsG84Sd1zUE7K8TijEKWVzlF2FRy-OA0ucA6Blc03rAZAumO1bIxcs42-MXUIJTUgAxojc2FDhsKBRzO4ldKOF-VcXWb_rjjZH5NrqkWaLNc_5jIEdUrGXbWkZ5jONSe15Hs2ZJ6SJSEUZYoD9E1GoPXkpQryv0qYgQzntrSLw1EzE1_DI-bJX3l-sHm2gz6q_O5Baz2OF8wQeJ1rWalhbDUFgnbXFi3eHxtzDxJ-gWVFo1fvvXc2pGhKlY0aq-VrY_fCr8duBZOiBHeHpxyoRkPzaqCqLBNEGNgNoOrV5fXhyapSZrhD6ZsHcCjB5s-Aze2INp9AH5TuRgBK7yeJojIYcO6BbSv0s-Du1iSWZ3CpuZFDgneY68JF9bcBnxQhn0Lx8bXx2U4Hvp1KmGQTyQTzJlmoRYUBNUBbE2DUSzm8zz0Kx7ao_VpvHFfDuZjLlNLf11U_sOv4XtiARA4v0SQlls8mVZJWhCKyFaWqdn1ihmna54sR39jblBNBvEUan68odR1BqvjOj6-wofKs7vg9fP0uHwgyLKEHfLa7jOTuCvnTq0xTUBTmkuKW2pxBRNTGj8iZ4yRAVNUp2PoEVWYvTO2kyqFHOlvgtz9Y6hOdqITTaQ1YUXnvfdOy5_WYXn615tRK2oecbGYHTFngvGk0jC71h2Hm0L4leCAmS2P8vLCv6siSR4IvQmr0tbiqVxiRNNNmVXEe7Qk37p1Sa0dLsaZfQgDwtkeUD5VDRTw

Requested by

Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame C278 0
17 B 28ms
28ms Ping
image/gif 2001:4860:4802:32::3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~ljyvzi8h&c=7596939883806&slotId=3798469941903&qqid=CNyVi4Lfh4ADFdSh_QcdgVECqQ&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=1000&br=988&mt=video%2Fmp4&vs=640x360&msm=1&aits=0%2C18%2C22%2C37%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=343&vsrc=web_video_ads&hcn=0&met.4=arp_a_e.r5&ape=1&ple=1&umsem=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:26 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 276C 43 B
215 B 175ms
175ms Image
image/gif 2600:1f13:800:7781:137e:246c:f226:35e4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1534583&asId=2dffbaa2-f741-71db-eb2d-2a6ebf9195ae&tv=%7Bc:i6nEvq,pingTime:-10,time:700,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE0LjAuNTczNS4xOTggU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1689115886244%7C%7Cd43fb5355064665bba67eed6ba6a28b0%7C%7Cdc0a08e416cd7f8471c71ad711523ca3%7C%7Ca5d9c9ea5d772d00e5233e398745cfb3%7C%7C57f0e490bc97099223143a8785c6ee14%7C%7C5f84d895ee31aa227ab9508e340e7242%7C%7C4e18099fd29c509b11446147fcf54620%7C%7Cd806df2e20c1b595893c491bfe666d5a%7C%7C1663701684%7D
Requested by: Host: 2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
URL: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:137e:246c:f226:35e4 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:26 GMT
server: nginx
x-server-name: dt11.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 visual.jpg
s0.2mdn.net/sadbundle/12339641061559367785/img/ Frame 9B2A 32 KB
32 KB 20ms
20ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12339641061559367785/img/visual.jpg

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c881e61f8152dfbd87f6db22ca3d8252455b569c6f72bdad8f5da96dad0ef74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12339641061559367785/index.html?e=69&leftOffset=0&topOffset=0&c=rlPKL8Z2GL&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 16:13:43 GMT
x-content-type-options: nosniff
age: 23863
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32368
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 10 Jul 2024 16:13:43 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 63EC 42 B
64 B 63ms
63ms Fetch
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstTga0sVoiULS3-qSQMCluFgRjzHr4B3O_PUPCtzAKhk-kR-GItNZ15W2uZQZEb8uQQOYrZIW5kIK9_Ya0uWkj5R8ZIcJYKodOMT5YcOfuKaPEXt0FJn6pcc86QMgCvUA1Ty93yLFy03hNp&sai=AMfl-YSJs3YNdTFp8ZSyRK3bFACKW7pZ2hDhPfkTgO6liuQt77Dz-QGhmvfpnTy3g89NiRmILfY4UywNVllihAYBfudBhPCGPcVZG7sXfswkFLYCznA3MogSgBTtuXI&sig=Cg0ArKJSzFFRr8ebMQTXEAE&cid=CAQSOwBpAlJWGRlRduoLJVDvI4dLCYM0Y0A0xIwDcjzBBK2YD1ZZ6FAmZwORfTb9VycXaVd73wiB1VrZvVq0GAE&id=lidar2&mcvt=1000&p=0,119,40,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230710&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=4169634498&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1689115884701&rpt=475&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 276C 42 B
64 B 64ms
64ms Fetch
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstdYxc4zv4q36KAYqfy1N8EZKVRZUV91077Pl_f84tpWGMCxjub4Z4462bm13AVRlRNG-U097ARxp2Tb5ZSHSTU5xJ9T0IUhtkQUNbsqLxq4_jNBD2kvnhsQYnOQ44IHlbMJZRqwnMG8Ua2&sai=AMfl-YT69JczceR_sdRn8xnFilmH9Y209SHFFmVlHNtc8rnDXFoQZrkMsk7BXO8XV-xY9gw0mdo7006ir7HWq7DOKc4_NDxZ6dcFUcBsddtQW-ckXbqoiyMcBXF67fE&sig=Cg0ArKJSzHidHQnk3Ds4EAE&cid=CAQSOwBpAlJWKh_fXRSFD5g-_YJZ7oJXXOcHMpqMvAOjHg--R5qDyuKe1cNiqLHkSkgPiKHaKHXVffOVxdEyGAE&id=lidar2&mcvt=1000&p=0,119,40,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230710&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1855900369&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1689115884826&rpt=518&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 63EC 0
22 B 55ms
54ms Ping
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2753371522020&version=m202306200101&ct=76&x=1&cor=1892159041868644400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 22:51:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5e2588d56f82ad050a013c2a
ng2.virgul.com/tck/imp/ Frame 82A3 0
222 B 79ms
78ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5e2588d56f82ad050a013c2a?g=1&t=dfpcode&r=153204@site_geneli@nefisyemektarifleri:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&mt=1689115883758&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.nefisyemektarifleri.com
date: Tue, 11 Jul 2023 22:51:26 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 print.css
mn.nytcdn.com/wp-content/themes/nytheme/ Frame 82A3 1 KB
1021 B 27ms
27ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mn.nytcdn.com/wp-content/themes/nytheme/print.css?1680961699

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47d8199865dfcfbad460b752d8a5ce4b85dfdf3f46d2d1bc3ef1715909caed5e

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2878
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Mar 2022 06:41:39 GMT
server: cloudflare
etag: W/"623c12a3-58e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zQu1jHuH0cwicr%2FZt2XF9Wi%2BKyP%2BvozL1jWLhmtf0bahtObg0QH2S7LEtIbyfW0c6MxspNaw6BKKYD298vxixBlFjDrZR95Nzq9vDsfWmsJur8%2FdiH3oNMErctFpXSsDIqw1wyCSGGBsB7Wf"}],"group":"cf-nel","max_age":604800}
x-varnish: 908092582 908289460
content-type: text/css
access-control-allow-origin: *
x-abc: s3
cache-control: max-age=14400
cf-ray: 7e549c750f2490d6-FRA
x-nyt-cache: hit cached

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ Frame 82A3 7 KB
3 KB 85ms
85ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19549
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:26 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Tue, 18 Jul 2023 22:51:26 GMT

GET
H3 200 wp-emoji-release.min.js Show response
mn.nytcdn.com/wp-includes/js/ Frame 82A3 18 KB
5 KB 28ms
28ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mn.nytcdn.com/wp-includes/js/wp-emoji-release.min.js?ver=6.2.2

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5843
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 18 May 2023 13:12:05 GMT
server: cloudflare
etag: W/"64662425-4904"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ZUa9QKM5LADbyWSqYNdoGXnBQKf%2Fa9itPUEEAIIzGNxvyTwcBuBWeoosb7CkEEG0y%2F9i9GND1i9cj1bkA0ohvkoyihU2KP%2FQ05%2FjrBcxlSvqRVVHk9%2FUrYBv83Ufyv3yV1u1noJM3I3R7sp"}],"group":"cf-nel","max_age":604800}
x-varnish: 102338829 101907530
content-type: application/javascript
access-control-allow-origin: *
x-abc: s3
cache-control: max-age=14400
cf-ray: 7e549c751f2c90d6-FRA
x-nyt-cache: hit cached

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 82A3 15 KB
11 KB 71ms
71ms XHR
application/json 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202307060101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1195a2e0e487e8151d66029c2cb2c54d0872fb6020d7d6bb43058cab35b995be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11700
x-xss-protection: 0

GET dt
dt.adsafeprotected.com/ Frame 276C 0
0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 82A3 17 KB
6 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Jul 2023 22:51:26 GMT

GET
H3 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 82A3 345 KB
119 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19549

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbcb528af7c43cf9a3bad6ba2c2539e89722848b62ea05d11be29ea1949eafd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121723
x-xss-protection: 0
expires: Tue, 11 Jul 2023 22:51:26 GMT

GET
H2 200 NoktaPlayer.js
c1.imgiz.com/player_others/html5/ Frame 82A3 30 KB
0 89ms
89ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 22:51:27 GMT
content-encoding: gzip
last-modified: Mon, 29 May 2023 18:51:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Tue, 18 Jul 2023 22:51:27 GMT

GET
H3 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame FF36 13 KB
5 KB 23ms
22ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 32851
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 13:43:56 GMT
expires: Wed, 10 Jul 2024 13:43:56 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe
www.google.com/recaptcha/api2/ Frame F55F 783 B
535 B 32ms
31ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-khD8rIWLlbbwQ02mi6q4ig' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-khD8rIWLlbbwQ02mi6q4ig' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 22:51:27 GMT
expires: Tue, 11 Jul 2023 22:51:27 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET 64072230e4b01f2c7579523a
ng.virgul.com/tck/i_vb2/ Frame 82A3 0
0

GET 5e2588ae6f82ad050a013a58
ng.virgul.com/tck/i_vb2/ Frame 82A3 0
0

GET 5e2588ae6f82ad050a013a56
ng.virgul.com/tck/i_vb2/ Frame 82A3 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: dt.adsafeprotected.com
URL: https://dt.adsafeprotected.com/dt?advEntityId=1534583&asId=2dffbaa2-f741-71db-eb2d-2a6ebf9195ae&tv=%7Bc:i6nEGi,pingTime:1,time:1374,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:251%7D,%7Bpiv:100,vs:i,r:,t:373%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:1001,o:373,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:251,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B143~0%5D,as:%5B143~160.600%5D%7D%7D,%7Bsl:i,t:373,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:179,fm:tJKe7jy+111%7C112%7C113%7C114%7C115%7C116%7C117%7C118%7C119%7C11a1%7C11b11%7C11c1%7C11d1%7C11d2%7C11e1%7C11e2%7C11e3%7C11e41%7C11f1%7C11f2%7C11g*.1534583-72389193%7C11g1%7C11g2%7C11g3%7C11g4%7C11h%7C11i1%7C11j,idMap:11g*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:252,sis:459%7D&br=c

Domain: dt.adsafeprotected.com
URL: https://dt.adsafeprotected.com/dt?advEntityId=1534583&asId=2dffbaa2-f741-71db-eb2d-2a6ebf9195ae&tv=%7Bc:i6nEGj,pingTime:1,time:1375,type:c,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:251%7D,%7Bpiv:100,vs:i,r:,t:373%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:1002,o:373,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:251,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B143~0%5D,as:%5B143~160.600%5D%7D%7D,%7Bsl:i,t:373,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1002~100%5D,as:%5B1002~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:179,fm:tJKe7jy+111%7C112%7C113%7C114%7C115%7C116%7C117%7C118%7C119%7C11a1%7C11b11%7C11c1%7C11d1%7C11d2%7C11e1%7C11e2%7C11e3%7C11e41%7C11f1%7C11f2%7C11g*.1534583-72389193%7C11g1%7C11g2%7C11g3%7C11g4%7C11h%7C11i1%7C11j,idMap:11g*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:252,sis:459,metricId:grpm1,cmr:t%7D&br=c

Domain: ng.virgul.com
URL: https://ng.virgul.com/tck/i_vb2/64072230e4b01f2c7579523a?l=&r=153183@site_geneli@nefisyemektarifleri:site_geneli&cs=1689115887024&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a

Domain: ng.virgul.com
URL: https://ng.virgul.com/tck/i_vb2/5e2588ae6f82ad050a013a58?l=&r=153184@site_geneli@nefisyemektarifleri:site_geneli&cs=1689115887024&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a

Domain: ng.virgul.com
URL: https://ng.virgul.com/tck/i_vb2/5e2588ae6f82ad050a013a56?l=&r=153185@site_geneli@nefisyemektarifleri:site_geneli&cs=1689115887025&userId=vnetb9cf87df-44c8-4da2-82a0-503c8f3b7d9a

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

37 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 22:33:31	Name: IDE Value: AHWqTUlkTeqy770ERCMyWbtQwr0xsK-IEQLy-SUUbKXQ7R4nlOoO1Sqa09RKANpTxbY
.hspvst.com/	1969-12-31 23:59:59	Name: VI2677 Value: %7B%22time%22%3A1689115884%2C%22utid%22%3A%2260e44280cb21f65c6c1bc3d976d41f52%22%2C%22t%22%3A%22P%22%2C%22s%22%3A%22%22%7D
.hspvst.com/	1969-12-31 23:59:59	Name: VIP2677 Value: 1
.casalemedia.com/	1970-01-20 21:57:31	Name: CMID Value: ZK3c7JItjehVWzs..FW3SAAA
.casalemedia.com/	1970-01-20 15:21:31	Name: CMPS Value: 5189
.casalemedia.com/	1970-01-20 15:21:31	Name: CMPRO Value: 5189
.adnxs.com/	1970-01-20 15:21:31	Name: uuid2 Value: 4942359044130192309
.adnxs.com/	1970-01-20 15:21:31	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?htAMue!]tbPl1M>e)ZlrFUfJ+tGXxp6DH$-BLzTC_ZSP*nKhNR(V]<QFOyzL9lV$6?3If)y3KL9D3I?--4Hfl/
.doubleclick.net/	1970-01-20 17:31:07	Name: APC Value: Aa3gxNohZd2W-GUNMG7bOqnqmXedaaPo0gYophpTvrzMjxyUiiGQbQ
.ctnsnet.com/	1970-01-20 21:57:31	Name: cid_e1081226f2df400eb183218c88eb4371 Value: 1
.ctnsnet.com/	1970-01-20 21:57:31	Name: gid_CAESECJsILMId5rW8dsgw4L83jg Value: 1
.adfarm1.adition.com/	1970-01-20 15:21:31	Name: UserID1 Value: 7254697485232896151
.pubmatic.com/	1970-01-20 13:13:22	Name: KTPCACOOKIE Value: YES
.w55c.net/	1970-01-20 22:43:36	Name: wfivefivec Value: rNYocAs91QjmcB5
.3lift.com/	1970-01-20 15:21:31	Name: tluid Value: 3550178145837086847089
.quantserve.com/	1970-01-20 15:21:31	Name: d Value: EAkBCQG4KYEA
.quantserve.com/	1970-01-20 22:42:10	Name: mc Value: 64addced-473bb-4ad87-16ecd
.360yield.com/	1970-01-20 15:21:31	Name: tuuid Value: 746309d7-c000-431b-a674-28c9cc3308a5
.360yield.com/	1970-01-20 15:21:31	Name: tuuid_lu Value: 1689115885
.adform.net/	1970-01-20 13:56:34	Name: C Value: 1
.pubmatic.com/	1970-01-20 21:57:31	Name: KADUSERCOOKIE Value: 47B75459-AF9F-44CA-A79E-5EEC542CB33C
.1rx.io/	1970-01-20 21:57:31	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-d31a465d-2612-4819-880a-62be39e763be-003%22%7D
.doubleclick.net/	1970-01-20 13:11:59	Name: DSID Value: NO_DATA
.quantserve.com/	1970-01-20 15:21:31	Name: sp Value: CgsI2WUSBgjtubelBg==
.bidswitch.net/	1970-01-20 21:57:31	Name: tuuid Value: 2c904e7c-1719-4cc0-a134-5aa114d71e23
.bidswitch.net/	1970-01-20 21:57:31	Name: c Value: 1689115885
.bidswitch.net/	1970-01-20 21:57:31	Name: tuuid_lu Value: 1689115885
.simpli.fi/	1970-01-20 21:58:58	Name: suid Value: EA2ED22C10FA4FF8BBD9D899C80FC3DE
.mathtag.com/	1970-01-20 13:55:07	Name: mt_mop Value: 4:1689115886
.adform.net/	1970-01-20 14:38:19	Name: uid Value: 1193591822016332957
.de17a.com/	1970-01-20 21:50:19	Name: guid Value: 1.8562915577072696682
.yahoo.com/	1970-01-20 21:57:53	Name: A3 Value: d=AQABBO3crWQCENDUAMtLJW-u2zHzf2IcRf4FEgEBAQEur2S3ZAAAAAAA_eMAAA&S=AQAAAmwPo4Jn2KwbClMKuruQyxU
m.exactag.com/	1970-01-20 15:21:31	Name: exactag_new_gk Value: 98227831e3b84c008032fbc21f7d1b65%7C09.09.2023%2022%3A51%3A25
m.exactag.com/	1970-01-20 17:31:07	Name: exactag_new_uk Value: 98b7a8a8eb0341ba8f5ac7ae90fc3ca1%7C
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: fa645cabfb17487db5af3774
.targeting.unrulymedia.com/	1970-01-20 21:57:31	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-d31a465d-2612-4819-880a-62be39e763be-003%22%7D
.tribalfusion.com/	1970-01-20 15:21:31	Name: ANON_ID Value: aWnseFujieEo7YxU36h42cjZdMcSUdXOGDV5bZbVYajLkhFTOZdppwFt2ZcxhYaAwpTFXW2AJg1a52P3aA9S3rWt

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pcloak.blob.core.windows.net/web/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689115883954&bpp=4&bdt=683&idt=219&shv=r20230710&mjsv=m202306290101&ptt=9&saldr=aa&nras=1&correlator=3311523031480&frm=24&ife=1&pv=2&ga_vid=1596421245.1689115884&ga_sid=1689115884&ga_hid=71987472&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=1843544316&scr_x=-12245933&scr_y=-12245933&eid=44759837%2C44759875%2C44759926%2C31075758%2C31075881%2C44788442%2C21065724&oid=2&pvsid=413980555089297&tmod=845280809&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.i0yur3un8s5j&fsb=1&dtd=232 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2c2d8e643e1d178926aa1c2ea8e50a45.safeframe.googlesyndication.com
a.tribalfusion.com
aax.amazon-adsystem.com
ads.w55c.net
adservice.google.com
ampcid.google.com
ampcid.google.de
bid.g.doubleclick.net
bitbeat7.com
c.amazon-adsystem.com
c.nefisyemektarifleri.com
c1.adform.net
c1.imgiz.com
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
csi.gstatic.com
cti.w55c.net
d5p.de17a.com
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
eb2.3lift.com
encrypted-tbn1.gstatic.com
encrypted-tbn2.gstatic.com
feed.pghub.io
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
gcdn.2mdn.net
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
i.nefisyemektarifleri.com
i.w55c.net
i2.nefisyemektarifleri.com
ib.adnxs.com
image6.pubmatic.com
imasdk.googleapis.com
istr-n23.nktcdn.com
istr.izlesene.com
logger.virgul.com
m.exactag.com
match.360yield.com
mn.nytcdn.com
ng.virgul.com
ng2.virgul.com
onetag-sys.com
pagead2.googlesyndication.com
panel.izlesene.com
pcloak.blob.core.windows.net
pghub.io
pixel.rubiconproject.com
placehold.jp
pr-bh.ybp.yahoo.com
r1---sn-4g5ednss.c.2mdn.net
rtb.openx.net
s.tribalfusion.com
s0.2mdn.net
secure.adnxs.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
static.adsafeprotected.com
static.virgul.com
sync.1rx.io
sync.mathtag.com
sync.targeting.unrulymedia.com
sync.teads.tv
t.hspvst.com
tpc.googlesyndication.com
um.simpli.fi
ups.analytics.yahoo.com
www.cloakan.co
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.nefisyemektarifleri.com
x.bidswitch.net
dt.adsafeprotected.com
ng.virgul.com
108.138.37.209
13.248.245.213
142.250.13.154
142.250.185.130
154.58.197.185
160.16.238.49
172.217.18.2
178.250.1.9
18.173.159.32
18.192.77.207
18.203.168.4
185.29.132.245
185.7.176.221
185.7.176.222
185.7.176.223
185.7.176.4
185.80.39.216
185.86.139.102
185.89.210.90
198.47.127.19
20.60.220.36
2001:4860:4802:32::3
213.155.156.168
213.202.235.9
23.192.153.28
2600:1f13:800:7781:137e:246c:f226:35e4
2600:9000:20c3:bc00:3:4706:a6c0:93a1
2600:9000:26da:1800:1b:f040:3600:93a1
2600:9000:26da:fe00:8:48e:53c0:93a1
2606:4700:10::6814:e66f
2606:4700::6812:18ad
2620:116:800d:21:ef75:8280:f209:5ba1
2a00:1450:4001:6b::6
2a00:1450:4001:800::2002
2a00:1450:4001:808::2008
2a00:1450:4001:809::2002
2a00:1450:4001:809::2003
2a00:1450:4001:80b::2001
2a00:1450:4001:80b::2002
2a00:1450:4001:80b::200e
2a00:1450:4001:811::2002
2a00:1450:4001:811::200e
2a00:1450:4001:812::2001
2a00:1450:4001:827::2004
2a00:1450:4001:828::200e
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2006
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::200a
2a00:1450:4001:82f::200e
2a00:1450:4001:830::200e
2a00:1450:4001:831::200a
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
2a05:d018:d29:3601:40e6:3444:17d5:43eb
2a06:98c1:3120::3
3.75.62.37
31.3.2.72
34.102.243.38
34.248.62.209
35.186.193.173
35.204.74.118
35.227.252.103
35.241.45.217
37.157.6.237
46.228.174.117
51.89.9.252
52.212.148.89
69.173.144.165
77.245.159.14
85.114.159.93
99.84.88.66
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
00e8a28586e393b1b23d23dec44dcfa2b38a457a287d33c5f0d8ef9008257387
01809882be6214883d2ace81489261074e4f535c00b81fef0a8e740a62bbdc21
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
08530601e844dcb94572748ea68fbf5b050c163d578ed8a20c2891e6c64fc064
0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ba9d330b78f248ea27a859a13a86a8d65e737a6f79f1370f0a52cb7a06e292a
0d6a32dfb02fde613154a6937354aced12a0180e4c1fe6dec9e2cf4073b723bd
0fd0e821ef47075614e9500f81f2077fef9be630b5a63bd40a10b7922026aed7
1150d8dd179e6cfc48aba67d1c483f57bc897e4bfb20aa1603366b666c9e0adf
1195a2e0e487e8151d66029c2cb2c54d0872fb6020d7d6bb43058cab35b995be
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
175c106d387520c55fa4e30c138847d3da86b2ab8f70f2a3168801fc48b0e5f0
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c
18e7f3232e16c5af1b4d3192ed6be46c39b4902ecef8717b7a1dc69da6b8fe34
19876dc14b687dbd36c0a9fe05bc73a9ddfc34da771137be8d2ed93ab2585644
1a756bda29a09d6fb12756106e90cfc9a068244c340f128b19207109d706014b
1ad5747edeb5f3e7d0a61b217844a817c7c1d48f0fecdec3d20580230f40c339
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
1f8d3780b783aec3093ff0950023e2f3da6ba5ff68297dd00b9c9ff0bdcdbda7
201cf00ac07e77740f495f99ec55a485cab9215bf093f0139e731bc5d7595082
26ec4365620d6bba2d1f06a2b02ab2312abb8b043209f1eafcb8673525346f65
27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea
2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f
2c0b4cb7dced20c65ea2309b62a78e048f299549d8084e4eeadad4efdf1766a9
2da988427b34614d705adbf808e2e61d91f67bf147db9049e34c99b3624171e8
2ef84904ec7747868537822254d1191370aabad9d95ac86536390eb827fc0908
3117435f29e0de48ea6ed19bbe21500a39ac0901bb4962f6b65a938162f54b8f
312ea37c961106b2df0601ca18d37f89c74ec7b28932d79c012c0864169a11ed
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
31fcf70b02f21d93a4b8d8fd817c7e0eff63c12c3665098f44a342f5bffe9a96
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
32ee695fc5354fb6448cbc5453ec1d15f01c7d5f74539da5f93126188b9fda22
33db53c59f86658a2a1c5a8515a4332b2837162b2ec8c13af379f32f122ea18b
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
354a25f44878b2935ae4bb47c8c285c749b3d439526c270e69a0404d01050399
38312b284a104dfa32e4ecfe73f542a66e04fb259e9bcd5e581e45bdeb677487
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
3ac22a80a1517c4b3751f554c5ea17e9906473d3fff568baa668e37588ba753d
3b9166033e13e81c852194510ca321d03a0f3e0f8196cc84858c874a32a0adf4
3be09dc0c3a62f0a8397706bf1d6fc53d4dbcadf38863aaf6b87ceb0f1eb3d18
3c881e61f8152dfbd87f6db22ca3d8252455b569c6f72bdad8f5da96dad0ef74
3da90bde27fee4f5ade69c8712a93955fa6f00fe97577a7f26a0496b9d51b121
3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96
3ea555c1e979c28e1d20d729c64ff36b267b83dcabdefe96460d9ae860e4082f
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3f2a26d864ec17d1dddb16b99a884abfb77c315ee0c49522de958b06c0c3ee6d
435205911189c1d7f16109a127f2dc4f3c0dbab6d8d226088216bd5c6c3ef9ab
4621960c2ce01b405da6b6652f322bd8904f3e0d867daf7db9dd5d5ad6cc6491
464be521d749b2ba1c7e8c1f87223b56a03ee0bd05484baa0e9067ce9eb9d2be
4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
47d8199865dfcfbad460b752d8a5ce4b85dfdf3f46d2d1bc3ef1715909caed5e
484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b5c05892bdce212e19d0503253b600faaeedca47fa2db97964d412c8c11934e
4b7d8e9e3fcf576554fb627441842f75490a7ad42fb89bbc00aed6e9c208d189
4cd8527ea46e45c657ae0a65f4b2cef4e3fd6a5acd68f436a6ceaf7ad12eebed
4cdcad98da3ff05ec728754dabdeaeaf5031bb1530f8cc418c820581e97b26f4
4d79af9825f1664a8d0a014d047a1b0c98e89648edd655de1f66143c9bbba534
4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
53ee5ad93dc23224b5d9ec613e93e7e006bdbea82e880c02be4e948a297edb57
53fe8422ed4742589fa5494ec2615bc58525c89a62a54755f77778dd8661630f
597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf
5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b
64bba7358df0b70cff3572ee3e5a2eee51ae741c86167cd529bc7af0e15682a6
66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492
6823cdc5c5bc297bd4ac06187687fecb2a5c110658ebd5efba820132571fe6a2
6fac11484c63257da7052d00d2d2f8dffd6c68b748a1bf83027684514edad4c3
7031af00729209abd53f8e19a20c8b5970439a80d48990de31c8685ffe564fbd
70b9f9cb8f1feda701490e7fa560a0a2e0309ef259f9d74b301c9712e56efa56
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
7876391f25f26ccf3297d78d34a1922dcc16c54fcaa51e8622e90bbc6fc96e80
79c277fbe5ccce5c88a681d39733fba8d6c31f1812f8952ec3a5e35b2b0beab4
79cbf9d3dc9d8df1616dd585c95022e1104e8b2700974ba07a9c1a26187bf3e3
7a275065d1843e7068685f13f7a0374b5a2756e41293faaaedc5cfa360014824
7b6ad08a66b7925e557e069b9c9fcab676f04fbc22535b7b12c0d8eca8d48803
7cc53b9adf139d3c48666f76e1d316281c5e9065f7eeaa3fb329057c397f83e5
7d4095ea226f3f80d6d4fc62e3737dd5107fd9d4aa4a443cac11378b102f64b6
7ef7148f577d4b8db5481c0c82ec42fc53e2b2d3c7f83b2662977759f58477ea
82ee1e40c5621a84f4cd861d9d7212c7bb94ffde5bdf1bc8cb1f4e32dff9c4e0
831c363d3e741b5551ee5bea6d427cdefb6303d735ff547ebcc7a1a5ffccff99
886a2ff3ff2a76e50d8387582d03539c71d06dbd4314cd8cc955ea08b5cf752f
98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b279f62d8ab632481b6d6fda4c49c8b9ee7fd77988c13e4b8baa7007d37b10c
9ddc6600d27eef589fc81f168ebaed0fd98c2afd3004935b3f75bb7ccd9aa688
9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a2c2dc02f807ed24b4676773299c7934e0e1b746bb37b41a088902abecfdcb34
a2ff6717bd218c66ffde415472bdaf58a1384725840a862a466317727eaaab1b
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a774d6d69744d8d30c9c2e5139e5bc2dc55ebe47d5adc0c2a77d9ddebaae6370
a883e74d2f7c31294beaf47eb691d0fa07414cc3ef857e53b768960c94f23a31
a9f55a9e4658a9960455f9485c446ea9874f2590ae283801311d84e908536cc2
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
add347e23d6d68d50f456f663e081078bf03026f868ca4aa31e6b0f8f5354e01
aeac4ebed11cf054b58fc877bbde0d561e61c2cc80f7ed01df60fa884c0dd13d
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b29ef90ab1c7c70fc47d2d1806b5526c84d81a4053c41789fd0bd7842018038c
b3944f49dff08c01aaa04c97cecc55aafe381b05c7af1a8728725458e066c46f
b445986c019347798ad617e4f430afca3618c8284e21bb0af67e57c349610fb8
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
bac1442ad76b8ed33d4a4a61e05f8ea6284a31f65ca1fa9cb2a7ba8cb0c93c5b
bc63e14bc579599e80c325c723a80ade67a77f614e1376c769a44d1f43d7f840
bd4d8b7f56b06140ad3542041b66f635d9cbd4e0da6cc7d17a0e16d014aa2498
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c
c37e721a803d1e37439533716bd2ae47c0369fe38a511b0eff753fcbd11ed973
c4f393315ffc75417c9c350e709bbcca2d2e9d5640fa0925b32088ff1ed6c84f
c7992f89295dc516db9548282b34c7b6e8cfa345ce86f1ed4a6420389bd77bb0
c80365b3d61748da70094a8ea95488ae260e3f6051d830f590a54b82cf795141
c8da45626edae55c76cee4eaf4867a8301ca7980ade6751502f20bbf0b27a22f
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cbcb528af7c43cf9a3bad6ba2c2539e89722848b62ea05d11be29ea1949eafd5
cde2d86c6323204b3e715d09b58ab41ecf370b5a10cb1d61fa76b77e0a0a75c0
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5
cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101
d076633408bf78e086b9125a46176d2fdeaf3a5d5b52bb9b3a9d562cea646006
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d22d46c8634370ea3db9cef192614da0f698628dd8625fda01ee205d74c2cddb
d3002e63c4d3d76bb53d4618f047d2c0a50b692602ea8d6f19ef19bd1dfade34
d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60
dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
decfbe8c158a2cba02ca73b8bdf79f27b58757217a01cf6a492feb29d25d9458
e0757fc98355b7ff4d0bdc506c1ef2aa69aac074686194c2e7690ffdc913035a
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e8090651b52c256938df2fb0582f24521fe0476939aab81d01b7f31a7ac75beb
ec71b67d2791201d5d8b71b62df5b5d299636fe9d721a818d4712139dd19d63b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6da869b814fa204f7109593d8e47387126a282befa031432539fbae24e81cd3
f86c74a7863cd1fa2343f0371ccbac47085bdb301f0df1785c5a4337bd044d24
f91e084516b5705858547aee3a7d3659a15c5af7fe56cb0c604d96838b4de112
fed4ec348a9d1021f19419fe3ffee35e4aaca192ba7cb78571f5222265f0437d
ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884

pcloak.blob.core.windows.net Open in urlscan Pro 20.60.220.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

317 Requests

85 %HTTPS

45 %IPv6

51 Domains

82 Subdomains

60 IPs

12 Countries

6501 kBTransfer

14106 kBSize

37 Cookies

0 Outgoing links

Redirected requests

317 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Screenshot
Live screenshot

Full Image

317
Requests

85 %
HTTPS

45 %
IPv6

51
Domains

82
Subdomains

60
IPs

12
Countries

6501 kB
Transfer

14106 kB
Size

37
Cookies

317 HTTP transactions
10 data transactions