pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Submission: On July 11 via api (July 11th 2023, 1:27:25 am UTC) from TR — Scanned from DE

Summary HTTP 308 Redirects Behaviour Indicators

Summary

This website contacted 46 IPs in 11 countries across 47 domains to perform 308 HTTP transactions. The main IP is 20.60.220.36, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pcloak.blob.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on March 22nd 2023. Valid for: a year.

This is the only time pcloak.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	20.60.220.36 20.60.220.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NIOBEBILI...) (NIOBEBILISIMHIZMETLERI)
3	94.138.206.83 94.138.206.83	49126 (AS49126) (AS49126)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
40	2a02:6ea0:c70... 2a02:6ea0:c700::19	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
2	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	104.75.88.126 104.75.88.126	16625 (AKAMAI-AS) (AKAMAI-AS)
20	185.7.176.222 185.7.176.222	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
2	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
31	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
40	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
3	13.224.192.181 13.224.192.181	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	108.138.9.235 108.138.9.235	16509 (AMAZON-02) (AMAZON-02)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
3	185.7.176.223 185.7.176.223	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
32	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
4 11	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
28	2a00:1450:400... 2a00:1450:4001:82a::2006	15169 (GOOGLE) (GOOGLE)
1 3	92.222.252.174 92.222.252.174	16276 (OVH) (OVH)
8 36	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
2 4	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
4 5	185.89.210.153 185.89.210.153	29990 (ASN-APPNEX) (ASN-APPNEX)
2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1 4	104.75.89.75 104.75.89.75	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a02:fa8:8806... 2a02:fa8:8806:12::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	85.114.159.118 85.114.159.118	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
4 4	37.157.3.20 37.157.3.20	198622 (ADFORM) (ADFORM)
1	178.250.7.11 178.250.7.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5 5	54.171.31.19 54.171.31.19	16509 (AMAZON-02) (AMAZON-02)
3 5	51.89.9.251 51.89.9.251	16276 (OVH) (OVH)
1 8	188.165.145.88 188.165.145.88	16276 (OVH) (OVH)
2	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5 5	35.158.39.51 35.158.39.51	16509 (AMAZON-02) (AMAZON-02)
2 2	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	2600:9000:205... 2600:9000:2057:ac00:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
4	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:de2e:c7b3:55c0:d5a0	16509 (AMAZON-02) (AMAZON-02)
1 1	185.29.134.244 185.29.134.244	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	52.57.153.48 52.57.153.48	16509 (AMAZON-02) (AMAZON-02)
2 2	213.155.156.166 213.155.156.166	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1	185.86.139.101 185.86.139.101	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	35.204.158.49 35.204.158.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
2 2	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
2	141.101.90.97 141.101.90.97	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4002:414::2003	15169 (GOOGLE) (GOOGLE)
1	146.59.30.96 146.59.30.96	16276 (OVH) (OVH)
308	46

4 20.60.220.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pcloak.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NIOBEBILISIMHIZMETLERI, TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 94.138.206.83 (Turkey)

ASN49126 (AS49126, TR)

ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a02:6ea0:c700::19 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

cdn.ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.75.88.126 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-126.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 185.7.176.222 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

static.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng2.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.192.181 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-192-181.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.9.235 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-9-235.fra56.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.7.176.223 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

c1.imgiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

feed.pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 2a00:1450:4001:82a::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 92.222.252.174 (Paris, France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip174.ip-92-222-252.eu

trgde.adocean.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 172.217.18.2 (United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.80.39.216 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.89.210.153 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.75.89.75 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-89-75.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:fa8:8806:12::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.118 (Bad Durrheim, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.3.20 (Denmark) 4 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 54.171.31.19 (Dublin, Ireland) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-31-19.eu-west-1.compute.amazonaws.com

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 51.89.9.251 (London, United Kingdom) 3 redirects

ASN16276 (OVH, FR)
PTR: ip251.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 188.165.145.88 (France) 1 redirects

ASN16276 (OVH, FR)

gdetr.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.158.39.51 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-39-51.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:ac00:1b:5138:8a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.75.62.37 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:de2e:c7b3:55c0:d5a0 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.244 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.153.48 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-153-48.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.166 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.101 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.158.49 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.158.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.245.213 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.101.90.97 (United States)

ASN13335 (CLOUDFLARENET, US)

portal.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4002:414::2003 (Ireland)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.59.30.96 (France)

ASN16276 (OVH, FR)
PTR: ip96.ip-146-59-30.eu

ls.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
78	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 135 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 160	579 KB
71	doubleclick.net 8 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 216 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 cm.g.doubleclick.net — Cisco Umbrella Rank: 254 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 346	447 KB
43	ye-mek.net ye-mek.net cdn.ye-mek.net	648 KB
28	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 325	1 MB
20	virgul.com static.virgul.com — Cisco Umbrella Rank: 81866 ng.virgul.com — Cisco Umbrella Rank: 65490 ng2.virgul.com — Cisco Umbrella Rank: 74231	234 KB
13	google.com 4 redirects adservice.google.com — Cisco Umbrella Rank: 113 www.google.com — Cisco Umbrella Rank: 10	1 KB
9	gemius.pl 1 redirects gdetr.hit.gemius.pl — Cisco Umbrella Rank: 63561 ls.hit.gemius.pl — Cisco Umbrella Rank: 13098	71 KB
5	bidswitch.net 5 redirects x.bidswitch.net — Cisco Umbrella Rank: 359	2 KB
5	onetag-sys.com 3 redirects onetag-sys.com — Cisco Umbrella Rank: 857	1 KB
5	360yield.com 5 redirects match.360yield.com — Cisco Umbrella Rank: 2409	2 KB
5	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 257 secure.adnxs.com — Cisco Umbrella Rank: 469	4 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 391	110 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 205	281 KB
4	adform.net 4 redirects c1.adform.net — Cisco Umbrella Rank: 633	3 KB
4	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1425	775 B
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 635	3 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 353 aax.amazon-adsystem.com — Cisco Umbrella Rank: 438	62 KB
4	windows.net pcloak.blob.core.windows.net	3 KB
3	openx.net us-u.openx.net — Cisco Umbrella Rank: 496 rtb.openx.net — Cisco Umbrella Rank: 982	663 B
3	adocean.pl 1 redirects trgde.adocean.pl — Cisco Umbrella Rank: 56628	194 KB
3	imgiz.com c1.imgiz.com — Cisco Umbrella Rank: 136022	165 KB
2	gstatic.com csi.gstatic.com	288 B
2	o2online.de portal.o2online.de — Cisco Umbrella Rank: 61931	1 KB
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 422	955 B
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 5037	646 B
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 1044	2 KB
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 812	1 KB
2	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 383	529 B
2	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 3235	207 B
2	pghub.io pghub.io — Cisco Umbrella Rank: 2090 feed.pghub.io — Cisco Umbrella Rank: 2360	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 173	89 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 13228	6 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 433 imasdk.googleapis.com — Cisco Umbrella Rank: 500	152 KB
2	cloakan.co www.cloakan.co	1 KB
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 981	715 B
1	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 922	45 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 374	461 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 577	727 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 862	463 B
1	yahoo.com ups.analytics.yahoo.com — Cisco Umbrella Rank: 338	125 B
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 822	441 B
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 2276	174 B
1	criteo.com dis.criteo.com — Cisco Umbrella Rank: 608	363 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 8041	553 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1777	584 B
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2484	361 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	81 KB
308	47

	Domain	Requested by
40	pagead2.googlesyndication.com	static.virgul.com pagead2.googlesyndication.com 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net securepubads.g.doubleclick.net www.googletagservices.com
40	cdn.ye-mek.net	ye-mek.net cdn.ye-mek.net
36	cm.g.doubleclick.net	8 redirects googleads.g.doubleclick.net ye-mek.net 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
32	tpc.googlesyndication.com	5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com ye-mek.net cdn.ampproject.org pcloak.blob.core.windows.net tpc.googlesyndication.com s0.2mdn.net pagead2.googlesyndication.com
28	s0.2mdn.net	ye-mek.net 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com cdn.ampproject.org pcloak.blob.core.windows.net s0.2mdn.net
17	googleads.g.doubleclick.net	pagead2.googlesyndication.com 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com ye-mek.net
14	securepubads.g.doubleclick.net	static.virgul.com securepubads.g.doubleclick.net 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com ye-mek.net s0.2mdn.net
11	www.google.com	4 redirects 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com ye-mek.net tpc.googlesyndication.com
8	gdetr.hit.gemius.pl	1 redirects trgde.adocean.pl gdetr.hit.gemius.pl
8	ng.virgul.com	static.virgul.com ye-mek.net ng2.virgul.com
7	static.virgul.com	ye-mek.net static.virgul.com pcloak.blob.core.windows.net
6	5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	x.bidswitch.net	5 redirects
5	onetag-sys.com	3 redirects ye-mek.net 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
5	match.360yield.com	5 redirects
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	www.googletagservices.com	5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
5	ng2.virgul.com	static.virgul.com ye-mek.net
4	googleads4.g.doubleclick.net	pcloak.blob.core.windows.net
4	c1.adform.net	4 redirects
4	sync.teads.tv	1 redirects googleads.g.doubleclick.net 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	pcloak.blob.core.windows.net	pcloak.blob.core.windows.net
3	trgde.adocean.pl	1 redirects ng2.virgul.com trgde.adocean.pl
3	c1.imgiz.com	static.virgul.com ng2.virgul.com c1.imgiz.com
3	c.amazon-adsystem.com	static.virgul.com c.amazon-adsystem.com
3	ye-mek.net	www.cloakan.co ye-mek.net
2	csi.gstatic.com	securepubads.g.doubleclick.net
2	portal.o2online.de	ye-mek.net
2	eb2.3lift.com	2 redirects
2	d5p.de17a.com	2 redirects
2	pm.w55c.net	2 redirects
2	image6.pubmatic.com	2 redirects
2	match.adsrvr.org	5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
2	dclk-match.dotomi.com	5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
2	us-u.openx.net	googleads.g.doubleclick.net
2	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
2	connect.facebook.net	ye-mek.net connect.facebook.net
2	images.dmca.com	ye-mek.net
2	www.cloakan.co	pcloak.blob.core.windows.net
1	ls.hit.gemius.pl	gdetr.hit.gemius.pl
1	rtb.openx.net	5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
1	um.simpli.fi	1 redirects
1	ssbsync.smartadserver.com	5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
1	pixel.rubiconproject.com	1 redirects
1	secure.adnxs.com	1 redirects
1	sync.mathtag.com	1 redirects
1	cms.quantserve.com	5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
1	ups.analytics.yahoo.com	5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
1	s.ad.smaato.net	1 redirects
1	tr.blismedia.com	5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
1	dis.criteo.com	5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
1	ads.travelaudience.com	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	imasdk.googleapis.com	c1.imgiz.com
1	feed.pghub.io	pghub.io
1	pghub.io	static.virgul.com
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	s7.addthis.com	ye-mek.net
1	www.googletagmanager.com	ye-mek.net
1	ajax.googleapis.com	ye-mek.net
308	62

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2023-03-22` - `2024-03-22`	a year	crt.sh
cpanel.cloakan.co R3	`2023-07-03` - `2023-10-01`	3 months	crt.sh
www.ye-mek.net RapidSSL TLS RSA CA G1	`2023-07-04` - `2024-07-06`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
1099124734.rsc.cdn77.org R3	`2023-06-13` - `2023-09-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
images.dmca.com R3	`2023-05-13` - `2023-08-11`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
*.virgul.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-24` - `2023-09-28`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-04-19` - `2023-07-18`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
*.imgiz.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-27` - `2023-09-09`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
teads.tv R3	`2023-06-26` - `2023-09-24`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-12` - `2023-08-10`	3 months	crt.sh
*.hit.gemius.pl Sectigo ECC Domain Validation Secure Server CA	`2022-09-13` - `2023-09-25`	a year	crt.sh
*.adocean.pl Sectigo ECC Domain Validation Secure Server CA	`2023-01-30` - `2024-02-06`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-06-09` - `2023-09-07`	3 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-02-21` - `2023-08-16`	6 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
portal.o2online.de E1	`2023-05-25` - `2023-08-23`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh

This page contains 34 frames:

Primary Page: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Frame ID: 4975C1107A0DD29633E214D3A81A70E4
Requests: 6 HTTP requests in this frame

Frame: https://ye-mek.net/
Frame ID: A502281A854D8D861A1FE4FF2170BC4A
Requests: 90 HTTP requests in this frame

Frame: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Frame ID: EC15139B3A09C6CEFC61102FD593BFEB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230706/r20190131/zrt_lookup.html
Frame ID: 496624DD9E4F0D4E6AC09B621C7C4D05
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689038841143&bpp=3&bdt=680&idt=87&shv=r20230706&mjsv=m202307050101&ptt=9&saldr=aa&nras=1&correlator=2326758356116&frm=24&ife=1&pv=2&ga_vid=1101404077.1689038841&ga_sid=1689038841&ga_hid=1121006933&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=31075630%2C44759875%2C44759842%2C44759926%2C31075757%2C31075814%2C31075873%2C31075881%2C44788441%2C44796632&oid=2&pvsid=2674859333090803&tmod=1922573078&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.48z839jzo52z&fsb=1&dtd=104
Frame ID: 1461ECBC8EFBC2B06472BB9DFCCDA248
Requests: 1 HTTP requests in this frame

Frame: https://ng2.virgul.com/adview?a=64954933e4b03f04e549367e&r=153366@site_geneli@yemek_net:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&cs=1689038841226&mt=1689038841041&userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6&vmn=64954933e4b03f04e549367e___1533661919502793
Frame ID: 28337F58BC71E9344CAC62807CFE4699
Requests: 9 HTTP requests in this frame

Frame: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: AFE4C7B37D720ECEFFA855B5BDAB18A5
Requests: 1 HTTP requests in this frame

Frame: https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D
Frame ID: 46E170EE9BD9760C1A8D5E817F6BE321
Requests: 1 HTTP requests in this frame

Frame: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 0052723ADAF57A3F8A6AA26EDBD4A915
Requests: 13 HTTP requests in this frame

Frame: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 86A95B1BC9AE27A7E6F1133E2BEE850C
Requests: 20 HTTP requests in this frame

Frame: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 5D9A840B00381DF7E97C95A236CF9C35
Requests: 13 HTTP requests in this frame

Frame: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 350DF642B85C5726647F9FCE8F6BB3C3
Requests: 13 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012306202201000/amp4ads-v0.mjs
Frame ID: 10FD6A34E0FBF07B9026D62CFE4CA312
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjPmbXcATAB&v=APEucNU1bh_R44H_7gZhizKqpYkF368MhEKsy8_yASLA0Oo3dgSt5Dd-v_jv8g-zOCD6hOmVVKw0S5FExeVS6bT6uw977K6JWwmq8WBT-3lhIY62tksEYGbuBM3tK-6WBx1yajq1MzLxs2sdLQS--eUEuD3DRD3zWgXGi5D6HnUuiYbAFkggUug
Frame ID: 41A02A822A28D1349C68E7AC10001FBD
Requests: 5 HTTP requests in this frame

Frame: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 65329F0B1FC30C016D38B9BD21FA1416
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjNmbXcATAB&v=APEucNURidlBqXeAXLyKy-Mj7h_5Ql9m1KE18nyapPXXu7PF9uJ5yVqfRe2nRLiCrnho3wJwn7g3-c_RdtR_xscYMiL0VFO0szkOuRVitisLLYg6mK8GiQObhRHpDjPH3KeGRXOMdnK0lpGTjgwoAze85KhsQN6bE44kVGBt6of6edVO9-EAXrI
Frame ID: 1EC54D9881512307A8097DDA778AA069
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 70DE78EC1B3C08265910C8E9F526D6DB
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 77FCE98258AD2168E91D0946D48343DD
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 6A6966DFC7C9FCD10841DE80F94D3B3E
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 123ACA52744B35CA727FC424B0646037
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: EA6075328FB86C1AFAD469A162DAA7E7
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: AC1CA151FCF00C70A5AFB2260B3A6A66
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4044B02E93E3707DAD123FB7B05B1349
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=u60bNXXIrJ&t=1&renderingType=2&ev=01_250
Frame ID: 6C348A8311CD21DADCD36B7E8B71AA7D
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2CBB3BBE57FD0AA3FE30EF05A967DF2F
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 6F9287E38C0680EFEBCD416AE7B08F79
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=zd4DGDglWW&t=1&renderingType=2&ev=01_250
Frame ID: EE924F2FE749772CEC1B155641FD5E03
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F0725347E513210814D7510F08863E31
Requests: 3 HTTP requests in this frame

Frame: https://gdetr.hit.gemius.pl/gdejs/xgde.html
Frame ID: 9DAEC4BFE5CF93BDB2B97816C2B3218A
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js
Frame ID: 9DC694293F6ACDA6FA8E354EE94D0DED
Requests: 1 HTTP requests in this frame

Frame: https://ls.hit.gemius.pl/lsget.html
Frame ID: 1700C167FC996CE2C58147A5F469AF4D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 66177FDA09CCB841A3CE6C583D2C114E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 40269C918EB38AD9E337F9761A36DB53
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js
Frame ID: 158E01E4A5BFFED562BA38A3BC4BAF88
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

AdOcean (Advertising) Expand

Overall confidence: 80%
Detected patterns

adocean\.pl

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Gemius (Analytics) Expand

Overall confidence: 80%
Detected patterns

hit\.gemius\.pl

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

308
Requests

89 %
HTTPS

31 %
IPv6

47
Domains

62
Subdomains

46
IPs

11
Countries

4655 kB
Transfer

9596 kB
Size

32
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 140

https://trgde.adocean.pl/_1689038841944/ad.js?id=Ltih8RaczJRSpKHvU3Ue8Rl9s8MAVzINIskf9usDc0L.37/nc=0/gdpr=0/gdpr_consent=/redir=https://ng.virgul.com/ct/64954933e4b03f04e549367e?userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6&sdr=&et=&r=153366@site_geneli@yemek_net:site_geneli&l=&info=&t=banner&cs=1689038841406&m= HTTP 301
https://trgde.adocean.pl/__/_1689038841944/ad.js?id=Ltih8RaczJRSpKHvU3Ue8Rl9s8MAVzINIskf9usDc0L.37/nc=0/gdpr=0/gdpr_consent=/redir=https://ng.virgul.com/ct/64954933e4b03f04e549367e?userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6&sdr=&et=&r=153366@site_geneli@yemek_net:site_geneli&l=&info=&t=banner&cs=1689038841406&m=

Request Chain 141

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOE5oMYOwSB1HL276EIouKo&google_cver=1

Request Chain 142

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZKyv.cEbUkl96I2myTSYWAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOE5oMYOwSB1HL276EIouKo&google_cver=1&google_hm=2

Request Chain 143

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECacKoWfXM3S941JZUtLots&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESECacKoWfXM3S941JZUtLots%26google_cver%3D1

Request Chain 144

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTYyMTgxNzUyOTY0MDQ0NTU2

Request Chain 165

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEH6Tf1VbX7umH-TPXBVvync&google_cver=1

Request Chain 167

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEKWJyPT-36L9CwLPRBke0DA&google_cver=1

Request Chain 169

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 189

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEAIUVfyfBq3yy4Z2-Wg05ME&google_cver=1&google_push=AaAOQGGtv87wlzDX__9v37EaitkZdrCV5ujk1_joJSNs1_aMyIuelkE_32BJKrM9E8Wdf1X8pIaU_ILCt86PWaiSbwKw8NnvWjon HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1NDM2NjU4ODA3MTA0OTM1Nw%3D%3D&google_push=AaAOQGGtv87wlzDX__9v37EaitkZdrCV5ujk1_joJSNs1_aMyIuelkE_32BJKrM9E8Wdf1X8pIaU_ILCt86PWaiSbwKw8NnvWjon

Request Chain 190

https://ads.travelaudience.com/google_pixel?google_gid=CAESEIsRiVmWFwXYYtxBP5Ksd6c&google_cver=1&google_push=AaAOQGGcw9azzb_ZgIRxqqgiqfH3Fq8LSyGCg7KsBxmZbXsEZdKfDj--_5V1_Xrm1r7oxXZ2BCKbWmkmT06RGl45PScgTsNmubDc HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=TamVKT_xQuOPrbG8-3B7uQ2&google_push=AaAOQGGcw9azzb_ZgIRxqqgiqfH3Fq8LSyGCg7KsBxmZbXsEZdKfDj--_5V1_Xrm1r7oxXZ2BCKbWmkmT06RGl45PScgTsNmubDc

Request Chain 191

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESELt53h7GRmVhOsf2fq6nNyo&google_cver=1&google_push=AaAOQGE3i32xMJuT-MGcbFezD3SgVSOnY-FYB_eFkUk4y6Cfyq4mn6j4UjVU69zljyXOVPrKcdASSVdKAbiSmpSerJOa--UhOiP1 HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESELt53h7GRmVhOsf2fq6nNyo&google_cver=1&google_push=AaAOQGE3i32xMJuT-MGcbFezD3SgVSOnY-FYB_eFkUk4y6Cfyq4mn6j4UjVU69zljyXOVPrKcdASSVdKAbiSmpSerJOa--UhOiP1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODI2NzI2NzUwMjQwMDU5MzUyMQ&google_push=AaAOQGE3i32xMJuT-MGcbFezD3SgVSOnY-FYB_eFkUk4y6Cfyq4mn6j4UjVU69zljyXOVPrKcdASSVdKAbiSmpSerJOa--UhOiP1

Request Chain 193

https://match.360yield.com/match/ebda?google_gid=CAESECxKMylw99DmsUZjRCsutRw&google_cver=1&google_push=AaAOQGGoi9Tlbu3aRaoZzkRGT0AViHpsQ6JWlfqVHc1zgDf-2LDzKjCB37KoD7Q-13YPhbH5saT_-Z_EID03C0ugs1DcSPT2tnXU HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESECxKMylw99DmsUZjRCsutRw&google_cver=1&google_push=AaAOQGGoi9Tlbu3aRaoZzkRGT0AViHpsQ6JWlfqVHc1zgDf-2LDzKjCB37KoD7Q-13YPhbH5saT_-Z_EID03C0ugs1DcSPT2tnXU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=t-_wInyLRDKcI7nTmdcmQw&google_push=AaAOQGGoi9Tlbu3aRaoZzkRGT0AViHpsQ6JWlfqVHc1zgDf-2LDzKjCB37KoD7Q-13YPhbH5saT_-Z_EID03C0ugs1DcSPT2tnXU

Request Chain 194

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEM810FUAWJ1QoX3_mNuSt_A&google_cver=1&google_push=AaAOQGFAhVKpAXrdCQYbmTbguIdUUhZHRNh9FxjkvK-UPQaSBOISAczd_oEzLp_A4G-s9j6d31lPxcM1i85gWQYqoY9juoN-rffl HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGFAhVKpAXrdCQYbmTbguIdUUhZHRNh9FxjkvK-UPQaSBOISAczd_oEzLp_A4G-s9j6d31lPxcM1i85gWQYqoY9juoN-rffl HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 205

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 213

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEGZPTxotDupKuBjjqaefQ6A&google_cver=1&google_push=AaAOQGG8MlYPXYCX2QLdt3vKfJvTbBjzBedD-7T1JUAXtNVotXoIQ1bDryw4wtthptvf6ijv8qVR33tQwaOAF-MZkJq0IV1a6YQj HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEGZPTxotDupKuBjjqaefQ6A&google_cver=1&google_push=AaAOQGG8MlYPXYCX2QLdt3vKfJvTbBjzBedD-7T1JUAXtNVotXoIQ1bDryw4wtthptvf6ijv8qVR33tQwaOAF-MZkJq0IV1a6YQj HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGG8MlYPXYCX2QLdt3vKfJvTbBjzBedD-7T1JUAXtNVotXoIQ1bDryw4wtthptvf6ijv8qVR33tQwaOAF-MZkJq0IV1a6YQj&google_hm=0Gaq4q1yQOenhc-ruDhLSA==

Request Chain 214

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBAQIXQ_EfBEYz-qPQcMKrM&google_cver=1&google_push=AaAOQGGeU4lDty3rSxV_-UyUX-iMVBgqC10KCQESiBo1sWxwFndx0Y3ZxuAi9bM8ePC-c3kr6_lhtgm1DZs6qKDXTfDZIKqjceNp HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBAQIXQ_EfBEYz-qPQcMKrM&google_cver=1&google_push=AaAOQGGeU4lDty3rSxV_-UyUX-iMVBgqC10KCQESiBo1sWxwFndx0Y3ZxuAi9bM8ePC-c3kr6_lhtgm1DZs6qKDXTfDZIKqjceNp&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=t39Ki4bORQKndVz4An3gbQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGGeU4lDty3rSxV_-UyUX-iMVBgqC10KCQESiBo1sWxwFndx0Y3ZxuAi9bM8ePC-c3kr6_lhtgm1DZs6qKDXTfDZIKqjceNp

Request Chain 215

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEPWVV-blgDKYpezAp3yVn3s&google_cver=1&google_push=AaAOQGGvz_OnhvIxlN9aiSFDfG0SZs8FzPzlDTgKWmuKr_g7Y11EsH56kNdLmGEFqXushrGAysh9I1eRn0oFoT4Iv1jn0549j4Xz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AaAOQGGvz_OnhvIxlN9aiSFDfG0SZs8FzPzlDTgKWmuKr_g7Y11EsH56kNdLmGEFqXushrGAysh9I1eRn0oFoT4Iv1jn0549j4Xz

Request Chain 217

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEKd0-PAx3w0B6_jflJzZeDo&google_cver=1&google_push=AaAOQGGCzs8fFUR5bRvDxvSdsbvf5Y4DOlnM4x1ScfKjkFnE390Ce1Y6id3A5RL2wAdMSqoDLfPpIGXMbz4tyB08k14-oriJRLbpaA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AaAOQGGCzs8fFUR5bRvDxvSdsbvf5Y4DOlnM4x1ScfKjkFnE390Ce1Y6id3A5RL2wAdMSqoDLfPpIGXMbz4tyB08k14-oriJRLbpaA HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 223

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEP6JAOeEkLTb7R3dclF2smo&google_cver=1&google_push=AaAOQGGZAGz2Cw7fhfuUj039xS3UWhIQv7a_NTeTXdiL9hO-w_GZK2zISbU6EYVbNV5eHdCxtCoWdoe5V2r2FYwlXSY1sLrYyA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGGZAGz2Cw7fhfuUj039xS3UWhIQv7a_NTeTXdiL9hO-w_GZK2zISbU6EYVbNV5eHdCxtCoWdoe5V2r2FYwlXSY1sLrYyA

Request Chain 224

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEBrwwlU0cUfoMiWCESWk-2o&google_cver=1&google_push=AaAOQGFAsAiDXdmLAXQmP8bCs_NPSeFsO3hwNDHb2EOHKXGnM5hyA9FP3G7QWwwX-gWUS29smo3StYhCV-8wnbzVs1VROqwo8w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzcwNjIwNTc5Mzg4NjQ1MTA0Ng&google_push=AaAOQGFAsAiDXdmLAXQmP8bCs_NPSeFsO3hwNDHb2EOHKXGnM5hyA9FP3G7QWwwX-gWUS29smo3StYhCV-8wnbzVs1VROqwo8w

Request Chain 225

https://match.360yield.com/match/ebda?google_gid=CAESEI14BqVX-uE_vSzSM9n_9IA&google_cver=1&google_push=AaAOQGFoq8_F10WSSgEmVUGvFXoD6iRisaulPkAQENWHPSVAEFG8o0JRWDmjF-NWmFcGQe_WK0me97P0_3R8Nb5GwqEGKuOSvwI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=t-_wInyLRDKcI7nTmdcmQw&google_push=AaAOQGFoq8_F10WSSgEmVUGvFXoD6iRisaulPkAQENWHPSVAEFG8o0JRWDmjF-NWmFcGQe_WK0me97P0_3R8Nb5GwqEGKuOSvwI

Request Chain 226

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEP3sTaqsXe7Rmz2-btfjbN0&google_cver=1&google_push=AaAOQGGydWMfGOy26H0JzHUwR1m_khlkBYf2mOLN91hYyCW8-sHd-P4XXxeSclHc3mJ_OwOndJ726KFYnUtlzdHJK6rU1UMBt58 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGGydWMfGOy26H0JzHUwR1m_khlkBYf2mOLN91hYyCW8-sHd-P4XXxeSclHc3mJ_OwOndJ726KFYnUtlzdHJK6rU1UMBt58 HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 227

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEKDlOfESPhnNiCa3eZePOPw&google_cver=1&google_push=AaAOQGGhIzV-yoePTACcyoxcA8YtdhnFdOMCalVv5gWFntyi-A0wRMwUKFIoL7Xk4BT6X5meX8PjY0JV7pni20zlhidHY7dMfxQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MTYyMTgxNzUyOTY0MDQ0NTU2&google_gid=CAESEKDlOfESPhnNiCa3eZePOPw&google_cver=1&google_push=AaAOQGGhIzV-yoePTACcyoxcA8YtdhnFdOMCalVv5gWFntyi-A0wRMwUKFIoL7Xk4BT6X5meX8PjY0JV7pni20zlhidHY7dMfxQ

Request Chain 232

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHu7yJsgBRLiEwlJjsdORqw&google_cver=1&google_push=AaAOQGG8pe8tUu8mYKr8cIcfBPuulcCrsQQjgwFd0Yv-3Mp2Q_2Gw24ARTVWjX0xn64p4TGiY9Tq6MRsNyJAVSUO9lhLi_QKBPY HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHu7yJsgBRLiEwlJjsdORqw&google_cver=1&google_push=AaAOQGG8pe8tUu8mYKr8cIcfBPuulcCrsQQjgwFd0Yv-3Mp2Q_2Gw24ARTVWjX0xn64p4TGiY9Tq6MRsNyJAVSUO9lhLi_QKBPY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cUJ6blpveFIxUWoyOVk1&google_gid=CAESEHu7yJsgBRLiEwlJjsdORqw&google_cver=1&google_push=AaAOQGG8pe8tUu8mYKr8cIcfBPuulcCrsQQjgwFd0Yv-3Mp2Q_2Gw24ARTVWjX0xn64p4TGiY9Tq6MRsNyJAVSUO9lhLi_QKBPY

Request Chain 234

https://d5p.de17a.com/cookies/google?google_gid=CAESELPSKJZ5sBk-MLgrVRmYB14&google_cver=1&google_push=AaAOQGFA4cZ4OGnKfY_f4Km2EroptG9tnK8qGNRYlgCJ_LNRB2tOhlMUV37ZZ1gF_VT5mCRTfINC6LQqN6jeIUCJ0FqKhT3JaaMa HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESELPSKJZ5sBk-MLgrVRmYB14&google_cver=1&google_push=AaAOQGFA4cZ4OGnKfY_f4Km2EroptG9tnK8qGNRYlgCJ_LNRB2tOhlMUV37ZZ1gF_VT5mCRTfINC6LQqN6jeIUCJ0FqKhT3JaaMa HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGFA4cZ4OGnKfY_f4Km2EroptG9tnK8qGNRYlgCJ_LNRB2tOhlMUV37ZZ1gF_VT5mCRTfINC6LQqN6jeIUCJ0FqKhT3JaaMa

Request Chain 235

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEB1zfF63aYqAgHpoZYLLs3o&google_cver=1&google_push=AaAOQGGlYUFkvn7kPL2Rf-cyYEh-laQLUTEv8iFoIdXlMLikQakohekIRwWQAnqHP_W2dhUpCMrs8nepXMj-QX2-GKayl1ZG09RW HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpYTTQ3U0gtMUUtNkpKUQ==&google_push=AaAOQGGlYUFkvn7kPL2Rf-cyYEh-laQLUTEv8iFoIdXlMLikQakohekIRwWQAnqHP_W2dhUpCMrs8nepXMj-QX2-GKayl1ZG09RW

Request Chain 236

https://match.360yield.com/match/ebda?google_gid=CAESEIteqhSF41j90B_ZajRn4-A&google_cver=1&google_push=AaAOQGGtDvN9cawsgeM8fGpDUDtnrizP7M9FoclBr1T3TFDQEjEn6ZPCwLHWXw6B7BRvAqv-XvhJ3HKQOnBuiCw641YW7EwUUB0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=t-_wInyLRDKcI7nTmdcmQw&google_push=AaAOQGGtDvN9cawsgeM8fGpDUDtnrizP7M9FoclBr1T3TFDQEjEn6ZPCwLHWXw6B7BRvAqv-XvhJ3HKQOnBuiCw641YW7EwUUB0

Request Chain 238

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEAGu986GrFjMwdgUWCloB5Q&google_cver=1&google_push=AaAOQGEbLV0W74nNLlohtAAvB90U9sJXF9uf_8waxJ09XA7Xay839o85QFTBdPJ54FYWvkS2oyREtMwlhc-LxYBMiUeiFJn8oMgiGQ HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEAGu986GrFjMwdgUWCloB5Q&google_cver=1&google_push=AaAOQGEbLV0W74nNLlohtAAvB90U9sJXF9uf_8waxJ09XA7Xay839o85QFTBdPJ54FYWvkS2oyREtMwlhc-LxYBMiUeiFJn8oMgiGQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=d066aae2-ad72-40e7-a785-cfabb8384b48&%%GOOGLE_PUSH_PAIR%%

Request Chain 240

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 241

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 247

https://um.simpli.fi/gp_match?google_gid=CAESEJkHy5yxaO8pix6Vb51KjeM&google_cver=1&google_push=AaAOQGG_2UJBVKsBixzbppEkyf77P296kVHw2dWWlXW15Lw5XCkWsZsp71MKyVkMwxFi6tSr6MgoTBHMyREuLHV5KqC-_T5Xi8UL HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=1F345E96CAB34FA3A03A7E3154AAFF56&google_push=AaAOQGG_2UJBVKsBixzbppEkyf77P296kVHw2dWWlXW15Lw5XCkWsZsp71MKyVkMwxFi6tSr6MgoTBHMyREuLHV5KqC-_T5Xi8UL

Request Chain 248

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEE8b4hfFZfmU-R2HInvLBbI&google_cver=1&google_push=AaAOQGFePnamCOnqmB6L0ABnmKlwQEz1CoW7DxW1q5bn69TOT5W0Ze_JLJlztGvxKcooXqoA2xBCwOMrlQ57OfRHPSW12qeBC2F9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODI2NzI2NzUwMjQwMDU5MzUyMQ&google_push=AaAOQGFePnamCOnqmB6L0ABnmKlwQEz1CoW7DxW1q5bn69TOT5W0Ze_JLJlztGvxKcooXqoA2xBCwOMrlQ57OfRHPSW12qeBC2F9

Request Chain 250

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEDgN333M2ujNYeriYUeIblg&google_cver=1&google_push=AaAOQGEw677tleJhi58bbvEHXiVuCx5exVPHDkSYwC9L9xohTSu0BY4YGCjOClaw4K2cro2h75KSouIA5-nLawYITZZBVJTeUrB8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGEw677tleJhi58bbvEHXiVuCx5exVPHDkSYwC9L9xohTSu0BY4YGCjOClaw4K2cro2h75KSouIA5-nLawYITZZBVJTeUrB8

Request Chain 251

https://match.360yield.com/match/ebda?google_gid=CAESEFC7Z5SxJ651WrwcV9XFuPQ&google_cver=1&google_push=AaAOQGGl9PQ-xNPv9mm6rR64iEaWgIUf6BQEKl8-ZMInk8k1vxHyFBbFXHxSc4kHkB8Rsl-jQvo6wggn1Ivb-99QF03vSw_5R0RW HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=t-_wInyLRDKcI7nTmdcmQw&google_push=AaAOQGGl9PQ-xNPv9mm6rR64iEaWgIUf6BQEKl8-ZMInk8k1vxHyFBbFXHxSc4kHkB8Rsl-jQvo6wggn1Ivb-99QF03vSw_5R0RW

Request Chain 252

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESED3dTugVtf7uFRcBLcN4tfM&google_cver=1&google_push=AaAOQGFBxzuV43XXaGvYZ4F74mSXFf6sdUa4QMy-iYIgtQlGRSYXJeKadBqQWlS6OlmFJ-ZwUIWltdAv5aSsnl5DxOQLFeDzaDM HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AaAOQGFBxzuV43XXaGvYZ4F74mSXFf6sdUa4QMy-iYIgtQlGRSYXJeKadBqQWlS6OlmFJ-ZwUIWltdAv5aSsnl5DxOQLFeDzaDM&google_gid=CAESED3dTugVtf7uFRcBLcN4tfM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTU5ODU1MjQ5NDM5NzgxNDAxOTQ1MA%3D%3D&google_push=AaAOQGFBxzuV43XXaGvYZ4F74mSXFf6sdUa4QMy-iYIgtQlGRSYXJeKadBqQWlS6OlmFJ-ZwUIWltdAv5aSsnl5DxOQLFeDzaDM

Request Chain 253

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEDFZstUm3Vm15S0tTAtwgVs&google_cver=1&google_push=AaAOQGFgXfL_XVce0IYHXucqTqQGfcraSrBRKKbKhMGOOk9EvAeqoxq8Bxp8MO1lZ4s_EATfuRjqmwIEMmhN3F1Y8NUu2wo8MFBubw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=d066aae2-ad72-40e7-a785-cfabb8384b48&%%GOOGLE_PUSH_PAIR%%

Request Chain 299

https://gdetr.hit.gemius.pl/_1689038843249/redot.js?id=nX.qv39nv4PgrHW1zPcagGaETBj1l_xLE8FDFCYPc8D.S7/fastid=ktibmvfkqpfwcvmtnweizagzzhmv/stparam=npeqlrgurd&inner=_ch_mobile%3D0%7C_ch_wow64%3D0%7C_ch_brands%3D%7C&extra=ls%3D1%7Ctpb%3D1%7Cifr%3D1%7Cifrv%3D98%7Cifrw%3D970%7Cifrh%3D250%7Cxref%3Dhttps%3A%2F%2Fpcloak.blob.core.windows.net%7Ctq%3D1%7Chct%3D739&lsdata=xPjV3O2sv7XV7Ylw3hBttf.Tv4X2gf6lN6oFos_j.mz.M7Obyh29uzGgbv4.L1ydPFuTHBbRP0ojSpmUHNaCcDS5KTf8/eqFIBhKW7a7n8/&href=https%3A%2F%2Fng2.virgul.com%2Fadview%3Fa%3D64954933e4b03f04e549367e%26r%3D153366%40site_geneli%40yemek_net%3Asite_geneli%26l%3D%26ext%3D%252Cas%252Crc0%252Chf1%252Cvv1%252Cgprec%253Dyemek%2526rec_ing%253D%26info%3D%26cs%3D1689038841226%26mt%3D1689038841041%26userId%3Dvnet2a1b8dc7-6780-4268-998b-67200964ffb6%26vmn%3D64954933e4b03f04e549367e___1533661919502793&ref=https%3A%2F%2Fye-mek.net%2F HTTP 301
https://gdetr.hit.gemius.pl/__/_1689038843249/redot.js?id=nX.qv39nv4PgrHW1zPcagGaETBj1l_xLE8FDFCYPc8D.S7/fastid=ktibmvfkqpfwcvmtnweizagzzhmv/stparam=npeqlrgurd&inner=_ch_mobile%3D0%7C_ch_wow64%3D0%7C_ch_brands%3D%7C&extra=ls%3D1%7Ctpb%3D1%7Cifr%3D1%7Cifrv%3D98%7Cifrw%3D970%7Cifrh%3D250%7Cxref%3Dhttps%3A%2F%2Fpcloak.blob.core.windows.net%7Ctq%3D1%7Chct%3D739&lsdata=xPjV3O2sv7XV7Ylw3hBttf.Tv4X2gf6lN6oFos_j.mz.M7Obyh29uzGgbv4.L1ydPFuTHBbRP0ojSpmUHNaCcDS5KTf8/eqFIBhKW7a7n8/&href=https%3A%2F%2Fng2.virgul.com%2Fadview%3Fa%3D64954933e4b03f04e549367e%26r%3D153366%40site_geneli%40yemek_net%3Asite_geneli%26l%3D%26ext%3D%252Cas%252Crc0%252Chf1%252Cvv1%252Cgprec%253Dyemek%2526rec_ing%253D%26info%3D%26cs%3D1689038841226%26mt%3D1689038841041%26userId%3Dvnet2a1b8dc7-6780-4268-998b-67200964ffb6%26vmn%3D64954933e4b03f04e549367e___1533661919502793&ref=https%3A%2F%2Fye-mek.net%2F

308 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 6x6uf5z9e3262.html Show response
pcloak.blob.core.windows.net/web/ 1 KB
2 KB 488ms
99ms Document
text/html 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 22fee539734d38c9e84e3982188b21bafc9457236279a136ce1b3b9d55667437

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 1324
Content-MD5: XPHdOVCmWyxrVVstkB9xGw==
Content-Type: text/html
Date: Tue, 11 Jul 2023 01:27:18 GMT
ETag: 0x8DB5ED08476F0C5
Last-Modified: Sat, 27 May 2023 16:36:27 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 9e336f0e-401e-005d-3a96-b34889000000
x-ms-version: 2009-09-19

GET
H/1.1 404
The specified blob does not exist. jquery.min.js
pcloak.blob.core.windows.net/web/ 0
0 95ms
95ms Script
application/xml 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/jquery.min.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-request-id: 9e336f62-401e-005d-7f96-b34889000000
Date: Tue, 11 Jul 2023 01:27:18 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 200
OK cloakan.js Show response
pcloak.blob.core.windows.net/web/ 308 B
717 B 288ms
95ms Script
text/javascript 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Tue, 11 Jul 2023 01:27:19 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: zPiKctHo6j8i1UGOFPpInw==
ETag: 0x8DA4D4A263C11C2
Content-Type: text/javascript
x-ms-request-id: 9e336fc8-401e-005d-5596-b34889000000
x-ms-version: 2009-09-19
Content-Length: 308

GET
H/1.1 200
OK style.css
pcloak.blob.core.windows.net/web/ 166 B
568 B 192ms
97ms Stylesheet
text/css 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/style.css
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Tue, 11 Jul 2023 01:27:18 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 9ruAIrm4XHnQO3/sM8J0AQ==
ETag: 0x8DA4D4A26527CA0
Content-Type: text/css
x-ms-request-id: 9e336f99-401e-005d-2c96-b34889000000
x-ms-version: 2009-09-19
Content-Length: 166

GET
H2 200 px.php Show response
www.cloakan.co/ 743 B
681 B 279ms
140ms XHR
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/px.php?id=6x6uf5z9e3262
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:19 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 404

GET
H2 200 nv.php Show response
www.cloakan.co/ 232 B
385 B 276ms
167ms Script
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/nv.php?id=6x6uf5z9e3262-m
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:19 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 112

GET
H2 200 / Show response
ye-mek.net/ Frame A502 77 KB
78 KB 320ms
56ms Document
text/html 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/
Requested by: Host: www.cloakan.co
URL: https://www.cloakan.co/nv.php?id=6x6uf5z9e3262-m
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 797255b9062dc8576102bba5f6e0c0e0a9691e4ca8560066e943b1d10f4f0846

Request headers

Referer: https://pcloak.blob.core.windows.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-length: 79232
content-type: text/html; charset=utf-8
date: Tue, 11 Jul 2023 01:27:20 GMT
expires: -1
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame A502 90 KB
33 KB 36ms
8ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:03:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 314628
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33018
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jul 2024 10:03:32 GMT

GET
H2 200 yemeknet.js Show response
ye-mek.net/js/ Frame A502 10 KB
11 KB 78ms
78ms Script
application/javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/js/yemeknet.js?v=1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Tue, 11 Jul 2023 01:27:20 GMT
last-modified: Tue, 20 Aug 2019 13:15:54 GMT
server: Microsoft-IIS/10.0
etag: "0a144655957d51:0"
x-powered-by: ASP.NET
content-type: application/javascript
cache-control: max-age=691200
accept-ranges: bytes
content-length: 10691

GET
H2 200 maincss.css
cdn.ye-mek.net/ Frame A502 40 KB
12 KB 70ms
13ms Stylesheet
text/css 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ye-mek.net/maincss.css?v=434
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 7229387
x-accel-date: 1681809453
x-77-nzt: AcO1qhE0wwD/y09uAA
x-accel-expires: @1713345453
last-modified: Tue, 24 Nov 2020 00:00:32 GMT
server: CDN77-Turbo
etag: W/"5fbc4d20-9e5b"
x-77-nzt-ray: 4c156224ece2435af8afac64b558111f
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame A502 232 KB
81 KB 67ms
23ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6B70JBQEWN

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

63d0138a5c7998c3d0690e64e8d065ab684b7da702f79944b3d331a337451d9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:20 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82252
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 11 Jul 2023 01:27:20 GMT

GET
H2 200 WebResource.axd Show response
ye-mek.net/ Frame A502 23 KB
23 KB 41ms
41ms Script
application/x-javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/WebResource.axd?d=xwF-CVWGs0k2lJ8ip0ltQBvYOlWZ3nxI7sNmsquLqhxC3wTfa1kdA29N3phJuWbv_nUJs9Azpgpdd-B-kYWqGiXJhxTS8DyEfjW0cssdPWM1&t=637811837229275428
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Tue, 11 Jul 2023 01:27:20 GMT
last-modified: Wed, 23 Feb 2022 00:28:42 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: application/x-javascript
cache-control: public
content-length: 23063
expires: Tue, 09 Jul 2024 09:26:44 GMT

GET
H2 200 searchButton.png
cdn.ye-mek.net/App_UI/Img/ Frame A502 542 B
895 B 16ms
12ms Image
image/png 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/searchButton.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7229452
x-accel-date: 1681809388
content-length: 542
x-77-nzt: AcO1qhEjIxz/DFBuAA
x-accel-expires: @1713345388
last-modified: Sat, 22 Oct 2022 20:00:57 GMT
server: CDN77-Turbo
etag: "63544bf9-21e"
x-77-nzt-ray: 4c156224ece2435af8afac6486e9ed20
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ara.png
cdn.ye-mek.net/App_UI/Img/ Frame A502 2 KB
2 KB 18ms
12ms Image
image/png 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/ara.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7229387
x-accel-date: 1681809453
content-length: 1651
x-77-nzt: AcO1qhEBWjP/y09uAA
x-accel-expires: @1713345453
last-modified: Mon, 14 May 2018 22:41:08 GMT
server: CDN77-Turbo
etag: "5afa1084-673"
x-77-nzt-ray: 4c156224ece2435af8afac642b210821
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 etli-bezelye-yemegi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/07/ Frame A502 13 KB
14 KB 22ms
17ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/07/etli-bezelye-yemegi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4e7d16b44de4787422f67972c2e5347dd152e896847b27b42fcf965397e4e491

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 10532
x-accel-date: 1689028308
content-length: 13529
x-77-nzt: AcO1qhFv8YL/JCkAAA
x-accel-expires: @1720564308
last-modified: Mon, 10 Jul 2023 21:59:36 GMT
server: CDN77-Turbo
etag: "64ac7f48-34d9"
x-77-nzt-ray: 4c156224ece2435af8afac64e7220c21
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cool-lime-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/07/ Frame A502 13 KB
14 KB 27ms
21ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/07/cool-lime-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e16b6becd83b0ee3de5d41e31dd0931ce182abb90e7abaea50edcff471dd0147

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 97675
x-accel-date: 1688941165
content-length: 13780
x-77-nzt: AcO1qhHt24v/i30BAA
x-accel-expires: @1720477165
last-modified: Sun, 09 Jul 2023 21:48:57 GMT
server: CDN77-Turbo
etag: "64ab2b49-35d4"
x-77-nzt-ray: 4c156224ece2435af8afac64aafc0f21
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tzatziki-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/07/ Frame A502 13 KB
13 KB 33ms
27ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/07/tzatziki-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e275863e71c35954e13772523d1350408cdae8157d816efa000330991b7bfb13

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 183936
x-accel-date: 1688854904
content-length: 13356
x-77-nzt: AcO1qhG64QX/gM4CAA
x-accel-expires: @1720390904
last-modified: Sat, 08 Jul 2023 22:02:11 GMT
server: CDN77-Turbo
etag: "64a9dce3-342c"
x-77-nzt-ray: 4c156224ece2435af8afac64a12f1321
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ciger-sote-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/07/ Frame A502 16 KB
16 KB 38ms
32ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/07/ciger-sote-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 273e7d56a956cc63c4bbf086755eaed2502fc8b47c35270fd084ea28ec24c3a0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 269755
x-accel-date: 1688769085
content-length: 16272
x-77-nzt: AcO1qhEbYob/ux0EAA
x-accel-expires: @1720305085
last-modified: Fri, 07 Jul 2023 22:04:55 GMT
server: CDN77-Turbo
etag: "64a88c07-3f90"
x-77-nzt-ray: 4c156224ece2435af8afac644da71621
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ciftlik-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/03/ Frame A502 17 KB
18 KB 42ms
36ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/03/ciftlik-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 0fb87da221f6bd6ca2145dbfdc42e0d7d4a73fe418fb409cc2b019ce0a3506d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7229349
x-accel-date: 1681809491
content-length: 17645
x-77-nzt: AcO1qhE5Qv7/pU9uAA
x-accel-expires: @1713345491
last-modified: Mon, 20 Mar 2023 20:46:38 GMT
server: CDN77-Turbo
etag: "6418c62e-44ed"
x-77-nzt-ray: 4c156224ece2435af8afac64f9bb1821
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sulu-et-kavurma-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/02/ Frame A502 14 KB
14 KB 42ms
37ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/02/sulu-et-kavurma-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: f5bc40f0b27ed579e44b85aa0f4f6213464143adc31ae92ad6894f8b5f37698c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7225741
x-accel-date: 1681813099
content-length: 14369
x-77-nzt: AcO1qhHNKwP/jUFuAA
x-accel-expires: @1713349099
last-modified: Mon, 27 Feb 2023 20:59:38 GMT
server: CDN77-Turbo
etag: "63fd19ba-3821"
x-77-nzt-ray: 4c156224ece2435af8afac64eb9c1a21
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 fellah-koftesi-resimli-yemek-tarifi(24).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/03/ Frame A502 15 KB
15 KB 42ms
37ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/03/fellah-koftesi-resimli-yemek-tarifi(24).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 274d7c618c1972083333f7020a9768ca0d10519473f54110f184e09d269bdb47

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7227709
x-accel-date: 1681811131
content-length: 15478
x-77-nzt: AcO1qhHVFoD/PUluAA
x-accel-expires: @1713347131
last-modified: Wed, 01 May 2019 22:56:32 GMT
server: CDN77-Turbo
etag: "5cca2420-3c76"
x-77-nzt-ray: 4c156224ece2435af8afac64b4491c21
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sebzeli-firin-tava-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/05/ Frame A502 16 KB
16 KB 42ms
37ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/05/sebzeli-firin-tava-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9b0cb6e6dea44f630d8b2ff60353714c253e2756a4a792d58326ea10df0f9780

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7227644
x-accel-date: 1681811196
content-length: 16376
x-77-nzt: AcO1qhHqCE7//EhuAA
x-accel-expires: @1713347196
last-modified: Tue, 05 May 2020 23:50:47 GMT
server: CDN77-Turbo
etag: "5eb1fbd7-3ff8"
x-77-nzt-ray: 4c156224ece2435af8afac64cf66a621
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 trilece-resimli-yemek-tarifi(36).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/01/ Frame A502 9 KB
9 KB 42ms
37ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/01/trilece-resimli-yemek-tarifi(36).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 117c21886ab79c6c187ae55ffd97aec5c3776357e77f9fd4a67b3fb429c794d2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7229421
x-accel-date: 1681809419
content-length: 9194
x-77-nzt: AcO1qhE0WJj/7U9uAA
x-accel-expires: @1713345419
last-modified: Wed, 01 May 2019 23:28:43 GMT
server: CDN77-Turbo
etag: "5cca2bab-23ea"
x-77-nzt-ray: 4c156224ece2435af8afac642826a921
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yufkadan-findik-lahmacun-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/01/ Frame A502 16 KB
17 KB 42ms
37ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/01/yufkadan-findik-lahmacun-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d82c4906e4b728e92a7fcec80c1f8bcb5b16502d30a9de09a361dc503a70145a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7229364
x-accel-date: 1681809476
content-length: 16684
x-77-nzt: AcO1qhFXRpH/tE9uAA
x-accel-expires: @1713345476
last-modified: Wed, 01 May 2019 22:52:17 GMT
server: CDN77-Turbo
etag: "5cca2321-412c"
x-77-nzt-ray: 4c156224ece2435af8afac6465dcaa21
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ev-usulu-firinda-urfa-kebap-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/10/ Frame A502 13 KB
13 KB 42ms
37ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/10/ev-usulu-firinda-urfa-kebap-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: fb9ee137734c9d4933d908d02325dc37c4dd86dd58614a2c7d9d5a01890aefd2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7228064
x-accel-date: 1681810776
content-length: 12802
x-77-nzt: AcO1qhGiC1D/oEpuAA
x-accel-expires: @1713346776
last-modified: Wed, 01 May 2019 22:49:22 GMT
server: CDN77-Turbo
etag: "5cca2272-3202"
x-77-nzt-ray: 4c156224ece2435af8afac646f78ac21
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 hatay-usulu-acuka-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/02/ Frame A502 13 KB
13 KB 42ms
38ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/02/hatay-usulu-acuka-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d36dfe6d6d9da7b8fca74c7e5587a057a719eed2d2d1eae4fcd7af0e2d12f21f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7227580
x-accel-date: 1681811260
content-length: 13255
x-77-nzt: AcO1qhGCaHD/vEhuAA
x-accel-expires: @1713347260
last-modified: Thu, 03 Feb 2022 00:09:16 GMT
server: CDN77-Turbo
etag: "61fb1d2c-33c7"
x-77-nzt-ray: 4c156224ece2435af8afac645b88ae21
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 hatay-kagit-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/04/ Frame A502 15 KB
16 KB 42ms
38ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/04/hatay-kagit-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: cc768907a13ed8d1731eea6ea6d8feeab05c62f17dbd7bcd97b8bc6b03994fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7229399
x-accel-date: 1681809441
content-length: 15699
x-77-nzt: AcO1qhF5CWD/109uAA
x-accel-expires: @1713345441
last-modified: Fri, 01 Apr 2022 09:29:32 GMT
server: CDN77-Turbo
etag: "6246c5fc-3d53"
x-77-nzt-ray: 4c156224ece2435af8afac64651bb021
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-etli-karnabahar-yemegi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/11/ Frame A502 16 KB
16 KB 42ms
38ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/11/firinda-etli-karnabahar-yemegi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 537d42962737bc550bbf34d1404e336cebc1b46ced111cc3c5b1ab744d38bb85

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7228870
x-accel-date: 1681809970
content-length: 16427
x-77-nzt: AcO1qhFzvof/xk1uAA
x-accel-expires: @1713345970
last-modified: Wed, 01 May 2019 22:50:41 GMT
server: CDN77-Turbo
etag: "5cca22c1-402b"
x-77-nzt-ray: 4c156224ece2435af8afac64677fb121
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 etli-sogan-dolmasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/03/ Frame A502 13 KB
13 KB 43ms
38ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/03/etli-sogan-dolmasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: f973d75ead19729433907ba993cee75784ac0ba25a5f229c3091e7f45966b1a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7228746
x-accel-date: 1681810094
content-length: 12894
x-77-nzt: AcO1qhH7I8j/Sk1uAA
x-accel-expires: @1713346094
last-modified: Wed, 01 May 2019 22:39:26 GMT
server: CDN77-Turbo
etag: "5cca201e-325e"
x-77-nzt-ray: 4c156224ece2435af8afac6412f0b221
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 hasanpasa-koftesi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/03/ Frame A502 11 KB
11 KB 43ms
38ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/03/hasanpasa-koftesi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: bcd5fa5d7dbca071d56d8dbd96ea4b73018dabd55ba191b2cd111719765f384c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7228717
x-accel-date: 1681810123
content-length: 11290
x-77-nzt: AcO1qhGzd0P/LU1uAA
x-accel-expires: @1713346123
last-modified: Wed, 01 May 2019 23:32:07 GMT
server: CDN77-Turbo
etag: "5cca2c77-2c1a"
x-77-nzt-ray: 4c156224ece2435af8afac64406ab421
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sebzeli-soslu-tavuk-yemegi-resimli-yemek-tarifi(24).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/03/ Frame A502 16 KB
16 KB 43ms
38ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/03/sebzeli-soslu-tavuk-yemegi-resimli-yemek-tarifi(24).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 680026f318b1fd16bc8e7b24ba4e32073bc98978f5bd67f19c1b30019a6decf0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7229371
x-accel-date: 1681809469
content-length: 16450
x-77-nzt: AcO1qhErfNz/u09uAA
x-accel-expires: @1713345469
last-modified: Mon, 22 Mar 2021 22:09:22 GMT
server: CDN77-Turbo
etag: "60591592-4042"
x-77-nzt-ray: 4c156224ece2435af8afac644c15b621
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-tavuk-sis-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/05/ Frame A502 14 KB
14 KB 43ms
38ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/05/firinda-tavuk-sis-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: cc9b3925630f6d074bcab26519f1ec19a2e400175ab07ba7b2a79ac78e89dc87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7228666
x-accel-date: 1681810174
content-length: 14359
x-77-nzt: AcO1qhGUpqr/+kxuAA
x-accel-expires: @1713346174
last-modified: Mon, 11 May 2020 01:16:56 GMT
server: CDN77-Turbo
etag: "5eb8a788-3817"
x-77-nzt-ray: 4c156224ece2435af8afac64d865b721
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavada-tavuk-baget-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/07/ Frame A502 16 KB
16 KB 43ms
39ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/07/tavada-tavuk-baget-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 153e16434e35bbd9bbcff26425cd7d24a240b15f44b9e04cd8f9c3efb3d052f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7229089
x-accel-date: 1681809751
content-length: 16274
x-77-nzt: AcO1qhHpG1H/oU5uAA
x-accel-expires: @1713345751
last-modified: Sun, 12 Jul 2020 00:28:21 GMT
server: CDN77-Turbo
etag: "5f0a5925-3f92"
x-77-nzt-ray: 4c156224ece2435af8afac64ed45b921
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tencerede-tavuk-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/04/ Frame A502 13 KB
14 KB 43ms
39ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/04/tencerede-tavuk-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8cf97490bbe44aa43c01097db31f7bea02acaf111fbc3b6dde31745faf9d8d18

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7227399
x-accel-date: 1681811441
content-length: 13718
x-77-nzt: AcO1qhHWEbj/B0huAA
x-accel-expires: @1713347441
last-modified: Sat, 23 Apr 2022 23:47:42 GMT
server: CDN77-Turbo
etag: "6264901e-3596"
x-77-nzt-ray: 4c156224ece2435af8afac64b0acba21
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-peynirli-pirasa-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/12/ Frame A502 12 KB
13 KB 43ms
39ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/12/firinda-peynirli-pirasa-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a922254e89c4606e02b4490153175d02cb137c4799e0dc602a28216816980817

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 833701
x-accel-date: 1688205139
content-length: 12735
x-77-nzt: AcO1qhFET+n/pbgMAA
x-accel-expires: @1719741139
last-modified: Wed, 01 May 2019 23:10:09 GMT
server: CDN77-Turbo
etag: "5cca2751-31bf"
x-77-nzt-ray: 4c156224ece2435af8afac64828cbc21
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 zeytinyagli-taze-fasulye-oturtma-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/05/ Frame A502 12 KB
13 KB 43ms
39ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/05/zeytinyagli-taze-fasulye-oturtma-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 42d7836906cd2028c5a93a533f6bf85e125db2140198068d61c119e8a1293f47

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7227220
x-accel-date: 1681811620
content-length: 12719
x-77-nzt: AcO1qhE88NP/VEduAA
x-accel-expires: @1713347620
last-modified: Wed, 01 May 2019 23:34:09 GMT
server: CDN77-Turbo
etag: "5cca2cf1-31af"
x-77-nzt-ray: 4c156224ece2435af8afac64afffbd21
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 korili-kremali-patates-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/03/ Frame A502 15 KB
16 KB 43ms
39ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/03/korili-kremali-patates-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: aab46de6d65b0109879b01732a6660ccbebee7f07022642bf38ccecd4d501da4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7229250
x-accel-date: 1681809590
content-length: 15622
x-77-nzt: AcO1qhG+qxT/Qk9uAA
x-accel-expires: @1713345590
last-modified: Fri, 11 Mar 2022 22:38:25 GMT
server: CDN77-Turbo
etag: "622bcf61-3d06"
x-77-nzt-ray: 4c156224ece2435af8afac64e2a9bf21
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 misir-tempura-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/02/ Frame A502 14 KB
14 KB 43ms
39ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/02/misir-tempura-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 6003a2f2c3891e74c7e2f6b11f46977551c5543bc59b3f4d11fbdacc7321797e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7228666
x-accel-date: 1681810174
content-length: 14469
x-77-nzt: AcO1qhH8qjj/+kxuAA
x-accel-expires: @1713346174
last-modified: Mon, 20 Feb 2023 22:19:13 GMT
server: CDN77-Turbo
etag: "63f3f1e1-3885"
x-77-nzt-ray: 4c156224ece2435af8afac64b343c121
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 dort-4-kasik-corbasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/03/ Frame A502 16 KB
16 KB 43ms
39ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/03/dort-4-kasik-corbasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 25f2cf0d92927ea6a032fa0eca112d4e69207864db577150d8bd82fd05a3ff7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7229342
x-accel-date: 1681809498
content-length: 15924
x-77-nzt: AcO1qhFGR1D/nk9uAA
x-accel-expires: @1713345498
last-modified: Wed, 15 Mar 2023 22:01:57 GMT
server: CDN77-Turbo
etag: "64124055-3e34"
x-77-nzt-ray: 4c156224ece2435af8afac64b02fc321
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yalanci-tarhana-corbasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/10/ Frame A502 8 KB
8 KB 43ms
40ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/10/yalanci-tarhana-corbasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 93e5322cdb119a013712c129c176cd347dc0bfcdacb0f8f610259918b8faabf4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7228509
x-accel-date: 1681810331
content-length: 8282
x-77-nzt: AcO1qhEOL0f/XUxuAA
x-accel-expires: @1713346331
last-modified: Sun, 10 Oct 2021 21:34:02 GMT
server: CDN77-Turbo
etag: "61635c4a-205a"
x-77-nzt-ray: 4c156224ece2435af8afac64bea8c421
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 valide-sultan-corbasi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/04/ Frame A502 11 KB
12 KB 43ms
40ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/04/valide-sultan-corbasi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 81edaeb1fa8ee92d6ff74b25c17ee3c4281188958a1e5506ccb8fca25469a639

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 920901
x-accel-date: 1688117939
content-length: 11543
x-77-nzt: AcO1qhHL/cv/RQ0OAA
x-accel-expires: @1719653939
last-modified: Wed, 01 May 2019 23:15:03 GMT
server: CDN77-Turbo
etag: "5cca2877-2d17"
x-77-nzt-ray: 4c156224ece2435af8afac64efe4c521
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mahluta-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/11/ Frame A502 12 KB
13 KB 43ms
40ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/11/mahluta-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 837d63620657b055c980948022e01ba5c63c986d3d08ca7db80558411eab45d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7227343
x-accel-date: 1681811497
content-length: 12542
x-77-nzt: AcO1qhGUx5f/z0duAA
x-accel-expires: @1713347497
last-modified: Wed, 01 May 2019 23:07:46 GMT
server: CDN77-Turbo
etag: "5cca26c2-30fe"
x-77-nzt-ray: 4c156224ece2435af8afac640a4fc721
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 erikli-tart-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/12/ Frame A502 14 KB
14 KB 43ms
40ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/12/erikli-tart-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d48402a3dbce81a21d0cd9300f37d4cc3633a8e7ad45e88d50b9996e6c318104

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 139268
x-accel-date: 1688899572
content-length: 14038
x-77-nzt: AcO1qhGcQcP/BCACAA
x-accel-expires: @1720435572
last-modified: Sun, 01 Dec 2019 19:29:18 GMT
server: CDN77-Turbo
etag: "5de4148e-36d6"
x-77-nzt-ray: 4c156224ece2435af8afac6456d3c821
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 biskuvili-yalanci-tavuk-gogsu-tatlisi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/06/ Frame A502 11 KB
12 KB 44ms
40ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/06/biskuvili-yalanci-tavuk-gogsu-tatlisi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 839faa9eb1804c943ab253022ef5b9f91c5d2c8f5b30f96a967542ac1db45c16

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7229315
x-accel-date: 1681809525
content-length: 11437
x-77-nzt: AcO1qhEroV7/g09uAA
x-accel-expires: @1713345525
last-modified: Wed, 01 May 2019 23:19:46 GMT
server: CDN77-Turbo
etag: "5cca2992-2cad"
x-77-nzt-ray: 4c156224ece2435af8afac64e57aca21
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 istiridye-tatlisi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/11/ Frame A502 14 KB
14 KB 44ms
40ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/11/istiridye-tatlisi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b051db9511dc29e804cacb729965ce83a3bc4d377539b7371bbe9577a0f57b67

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7228802
x-accel-date: 1681810038
content-length: 14200
x-77-nzt: AcO1qhFjUYr/gk1uAA
x-accel-expires: @1713346038
last-modified: Wed, 01 May 2019 23:41:51 GMT
server: CDN77-Turbo
etag: "5cca2ebf-3778"
x-77-nzt-ray: 4c156224ece2435af8afac648dcccb21
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 susamli-tepsi-keki-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/12/ Frame A502 13 KB
14 KB 44ms
41ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/12/susamli-tepsi-keki-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 6a5c3836f01af05b52f926264495b7bac8dcef94acc6cfdbb3fbfa5054e941d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7225597
x-accel-date: 1681813243
content-length: 13737
x-77-nzt: AcO1qhHY3Y///UBuAA
x-accel-expires: @1713349243
last-modified: Wed, 01 May 2019 23:09:05 GMT
server: CDN77-Turbo
etag: "5cca2711-35a9"
x-77-nzt-ray: 4c156224ece2435af8afac64445bcd21
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yesil-zeytin-salatasi-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/01/ Frame A502 12 KB
13 KB 44ms
41ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/01/yesil-zeytin-salatasi-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 86a3bf695558f201298520ee57f86cccdc36caee8822201c83142997663a5ceb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 124694
x-accel-date: 1688914146
content-length: 12605
x-77-nzt: AcO1qhFb87X/FucBAA
x-accel-expires: @1720450146
last-modified: Mon, 27 Jan 2020 20:48:50 GMT
server: CDN77-Turbo
etag: "5e2f4cb2-313d"
x-77-nzt-ray: 4c156224ece2435af8afac64a6d0ce21
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kasik-pogacasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/05/ Frame A502 11 KB
12 KB 44ms
41ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/05/kasik-pogacasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 732ca7374ef774a17a4e674e5a158f7991385c5e54afdd2eb91880d3d1d2ccc3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 815888
x-accel-date: 1688222952
content-length: 11726
x-77-nzt: AcO1qhF0w1f/EHMMAA
x-accel-expires: @1719758952
last-modified: Wed, 01 May 2019 23:17:45 GMT
server: CDN77-Turbo
etag: "5cca2919-2dce"
x-77-nzt-ray: 4c156224ece2435af8afac64cb5ed021
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 simit-pisi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/02/ Frame A502 13 KB
13 KB 44ms
41ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/02/simit-pisi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: abcfc66c4fb4bb9a1493824f5acd764bd8e06bc80a03f7cc2817159b22486ba6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7227917
x-accel-date: 1681810923
content-length: 13453
x-77-nzt: AcO1qhEcPx7/DUpuAA
x-accel-expires: @1713346923
last-modified: Sun, 07 Feb 2021 23:16:25 GMT
server: CDN77-Turbo
etag: "602074c9-348d"
x-77-nzt-ray: 4c156224ece2435af8afac647fd7d121
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sarimsakli-peynirli-patates-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/09/ Frame A502 15 KB
15 KB 44ms
41ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/09/sarimsakli-peynirli-patates-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 05ad270153c2331d92114277b25d13e46449f8133b38786a8c52c2ce6328d791

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7228816
x-accel-date: 1681810024
content-length: 15315
x-77-nzt: AcO1qhFmJ+H/kE1uAA
x-accel-expires: @1713346024
last-modified: Thu, 22 Sep 2022 22:06:23 GMT
server: CDN77-Turbo
etag: "632cdc5f-3bd3"
x-77-nzt-ray: 4c156224ece2435af8afac649f3cd321
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 _dmca_premi_badge_5.png
images.dmca.com/Badges/ Frame A502 5 KB
6 KB 33ms
10ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_5.png?ID=da1d399b-5fd3-4da3-b5cd-8af692c19999
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:20 GMT
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: Microsoft-IIS/10.0
etag: "8ae3cdbd420cc1:0"
x-powered-by: ASP.NET
x-hw: 1689038840.cds343.fr8.hn,1689038840.cds153.fr8.c
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/_dmca_premi_badge_5.png>; rel="canonical"
content-length: 5605

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ Frame A502 56 B
361 B 330ms
17ms Script
text/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 11 Jul 2023 01:27:20 GMT
server: Oracle API Gateway
opc-request-id: /B2DF3BD575A66E2E95634C1D88A6D25B/3867448BEAC00DE8D973F470B0904912
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H2 200 DMCABadgeHelper.min.js Show response
images.dmca.com/Badges/ Frame A502 465 B
585 B 34ms
11ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://images.dmca.com/Badges/DMCABadgeHelper.min.js
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:20 GMT
content-encoding: gzip
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
server: Microsoft-IIS/10.0
etag: "26b181f16d28d51:0"
x-powered-by: ASP.NET
x-hw: 1689038840.cds343.fr8.hn,1689038840.cds057.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/DMCABadgeHelper.min.js>; rel="canonical"
content-length: 395

GET
H2 200 outside.js Show response
static.virgul.com/theme/mockups/adcode/ Frame A502 75 KB
26 KB 436ms
49ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:20 GMT
content-encoding: gzip
last-modified: Fri, 23 Jun 2023 06:55:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=43200

GET
H2 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame A502 3 KB
2 KB 26ms
8ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

55d8e361dbd9836fd30cb84086a892dbea320718876beb3cd7843acc68c57c9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 11 Jul 2023 01:27:20 GMT
content-md5: UWDhVEnJNGuS3XCbFUSKcw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1690
x-fb-debug: rGRWOXbuGRz5/TMDvud8QQ8Uc1BLv66qpuUOJUbgm9gQvJRMcf0xts4+uOkPaEMTgS5ekfxcbAvrSE04f5ubmg==
x-fb-content-md5: 3aa0a1d3202250cd5b2db323961c3100
cross-origin-opener-policy: same-origin-allow-popups
etag: "65f3fd0bb5ef958e38ba83b03b1f19ce"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Tue, 11 Jul 2023 01:32:00 GMT

GET
H2 200 sprite_3.png
cdn.ye-mek.net/grafik/ Frame A502 21 KB
21 KB 19ms
19ms Image
image/png 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/grafik/sprite_3.png
Requested by: Host: cdn.ye-mek.net
URL: https://cdn.ye-mek.net/maincss.css?v=434
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.ye-mek.net/maincss.css?v=434
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Tue, 11 Jul 2023 01:27:20 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 7229387
x-accel-date: 1681809453
content-length: 21525
x-77-nzt: AcO1qhHkm8H/y09uAA
x-accel-expires: @1713345453
last-modified: Mon, 14 May 2018 20:55:05 GMT
server: CDN77-Turbo
etag: "5af9f7a9-5415"
x-77-nzt-ray: 4c156224ece2435af8afac64dc90bd22
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H3 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame A502 307 KB
87 KB 20ms
10ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js?hash=6681e0a658571a41dab9fc82ca55369a

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/tr_TR/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

adf27d0b8603ad3a168c513fd1cdca4b84a56b13cc17e54586c90939e6de6e8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 11 Jul 2023 01:27:20 GMT
content-md5: gY4vcrP1lEIoGNXFYPkNXw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88850
x-fb-debug: nGsM9mZapdWPj58oFF0/OMCkPMsXY1LAObA8BFCNS2hXBXFh9GKORz+QQ8LJ7t9NBk40VCUZP0YSHi2HEwJ8AA==
x-fb-content-md5: b72193f134c46481c4ce38daf0916693
cross-origin-opener-policy: same-origin-allow-popups
etag: "d6509bce5fccfc4097ee03e05ed7d142"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Tue, 09 Jul 2024 22:51:56 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame A502 76 KB
26 KB 114ms
30ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

503974bd88bc7eb0e1ea7da872beb05f6d94673ae21c4d4f5b193d6d6d3af8cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26082
x-xss-protection: 0
server: cafe
etag: 124 / 19549 / 31075865 / config-hash: 18038137322586664424
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 11 Jul 2023 01:27:21 GMT

GET
H2 200 ads.js Show response
static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ Frame A502 120 B
306 B 49ms
49ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ads.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
last-modified: Wed, 21 Dec 2022 18:47:42 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 120

GET
H2 200 str.html Show response
static.virgul.com/theme/mockups/outside/ Frame EC15 891 B
1 KB 49ms
48ms Document
text/html 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
content-length: 891
content-type: text/html
date: Tue, 11 Jul 2023 01:27:21 GMT
last-modified: Wed, 28 Sep 2022 10:07:57 GMT
server: openresty/1.15.8.3

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame A502 145 KB
50 KB 61ms
30ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

80fb91f02d602edb4c0b521986ec93600dfd1d65953d3ad41caac2da083caf5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50761
x-xss-protection: 0
server: cafe
etag: 4103626429030809731
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 11 Jul 2023 01:27:21 GMT

GET
H2 200 prebid7.38.0.js Show response
static.virgul.com/theme/mockups/outside/ Frame A502 489 KB
182 KB 52ms
52ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: gzip
last-modified: Mon, 27 Mar 2023 14:56:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame A502 236 KB
58 KB 61ms
8ms Script
application/javascript 13.224.192.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-181.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:37:57 GMT
content-encoding: gzip
via: 1.1 ec1ac21acdbd36c971eca9d6b61d0744.cloudfront.net (CloudFront), 1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
last-modified: Thu, 29 Jun 2023 21:03:20 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA2-C1
age: 2965
x-amz-server-side-encryption: AES256
etag: W/"9352f20e556bff9fea6fd0461aac850d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: SCWyTVSNxWRZ2diRxgNMUGlTnD6bB6pp1DG9E6XPfwpxQxVlavLO8A==

GET
H2 200 pageview Show response
ng.virgul.com/ Frame A502 32 KB
5 KB 210ms
85ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/pageview?c=site_geneli&mt=1689038841041&v=https%3A%2F%2Fye-mek.net%2F&r=yemek_net:site_geneli&userId=&tp=&os=&call=noktaad.ads.vvad&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc0,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.9683576074390217
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: b0c2617cc32996420f89cdde2c7212f9c0a7510373007786ed582ac2d7a06c53

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/fallback/ Frame A502 12 KB
2 KB 47ms
47ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/fallback/yemek_net.js?dts=19549
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: gzip
last-modified: Tue, 20 Jun 2023 21:45:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 hb Show response
ng.virgul.com/ Frame A502 50 KB
5 KB 179ms
58ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/hb?call=noktaad.setHbParameters&site=yemek_net&dts=469177
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d78ac7736c81e9619f1cfc2840167113a9f050e5ed5221a6523cbc6f917f98c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
cache-control: max-age=3600
access-control-allow-credentials: true

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame A502 0
306 B 9ms
9ms XHR
text/plain 13.224.192.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fye-mek.net&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-181.fra2.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 22:41:08 GMT
via: 1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
age: 9972
x-cache: Hit from cloudfront
access-control-allow-origin: https://ye-mek.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: sTTKWdnDiPehlO7yhSXMAUZKvhP8vZWlrdpE9jFnTyCkimuN3kHhXw==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame A502 6 KB
3 KB 25ms
8ms XHR
application/javascript 13.224.192.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-181.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: rBtfgJUMGYsy5fZuQwMAU7hSD.fVdF76
content-encoding: gzip
via: 1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
date: Mon, 10 Jul 2023 07:01:27 GMT
x-amz-cf-pop: FRA2-C1
age: 66355
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sat, 24 Jun 2023 09:19:11 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: bVh4JaVPtZvjkYkhKxDXtS2_Sm7deO2ErwwhTxVdsYdxMjEkrnLGGw==

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307050101/ Frame A502 354 KB
122 KB 59ms
43ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net&bust=31075873

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

928dcf3448d1da863637f27c782d7f25fec98000d12f9298005504e44c53a1e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 124509
x-xss-protection: 0
server: cafe
etag: 2212113372413792193
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 11 Jul 2023 01:27:21 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230706/r20190131/ Frame 4966 10 KB
5 KB 13ms
7ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230706/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 21775
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4544
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 19:24:26 GMT
etag: 12368291122986407432
expires: Mon, 24 Jul 2023 19:24:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307050101/ Frame A502 392 KB
125 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307050101/pubads_impl.js?cb=31075865

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0407c967f9b56d97e40232370eda7a905d27c980d1ddcfdf55c719bae9c3b444

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 15:36:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35451
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127640
x-xss-protection: 0
server: cafe
etag: 3200400604667924725
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 09 Jul 2024 15:36:30 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame A502 107 B
456 B 41ms
16ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net&bust=31075873

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1461 603 B
67 B 29ms
28ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689038841143&bpp=3&bdt=680&idt=87&shv=r20230706&mjsv=m202307050101&ptt=9&saldr=aa&nras=1&correlator=2326758356116&frm=24&ife=1&pv=2&ga_vid=1101404077.1689038841&ga_sid=1689038841&ga_hid=1121006933&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=31075630%2C44759875%2C44759842%2C44759926%2C31075757%2C31075814%2C31075873%2C31075881%2C44788441%2C44796632&oid=2&pvsid=2674859333090803&tmod=1922573078&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.48z839jzo52z&fsb=1&dtd=104

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:27:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 empowerwebplayer3.js Show response
static.virgul.com/theme/mockups/outside/ Frame A502 10 KB
3 KB 47ms
46ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: gzip
last-modified: Tue, 13 Jun 2023 13:36:40 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 adview Show response
ng2.virgul.com/ Frame 2833 2 KB
3 KB 171ms
47ms Document
text/html 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng2.virgul.com/adview?a=64954933e4b03f04e549367e&r=153366@site_geneli@yemek_net:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&cs=1689038841226&mt=1689038841041&userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6&vmn=64954933e4b03f04e549367e___1533661919502793
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e477a0e0f51eb6fae3b1a7e13fc4b2a12e809f1e51dc995b2b8e1d6c351d3971

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://ye-mek.net
content-length: 2461
content-type: text/html
date: Tue, 11 Jul 2023 01:27:21 GMT
expires: Tue, 04 Jan 2022 10:49:40 GMT
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
server: openresty/1.15.8.3

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ Frame A502 23 B
458 B 158ms
110ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pr=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pid=LoLfUBLs4KGqE&cb=0&ws=1600x1200&v=23.612.1758&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338221728129623web_yemeknet_right_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_right_tower%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338321728129623web_yemeknet_left_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_left_tower%22%7D%5D&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: TY537Q8FYRQKG09ES91D
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: RoTNczL0U7im5guS8c-m3pOjhcPb4PKjbwgm0QJJNkjpeYaiyYA3Xg==

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/sites/ Frame A502 11 KB
5 KB 47ms
47ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/sites/yemek_net.js?dts=469177
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 9ae24c597cdaad090110b675ecd31a3f4a0c2bfc255b34d1fad45faa293ba272

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: gzip
last-modified: Mon, 10 Jul 2023 13:26:31 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ Frame A502 17 KB
5 KB 41ms
7ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:32:08 GMT
content-encoding: gzip
age: 3313
x-guploader-uploadid: ADPycdu5R-9LIGxS9wliKsYyn0ZpSnCstIf8ov3fsyKWB52s1rV1pXHaaDlhBTZjny9LSdo2_0IgHFDNUNMYMQ5GlhxQoA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5009
last-modified: Mon, 05 Jun 2023 16:36:50 GMT
server: UploadServer
etag: "47a886353056caf33a998c6041e20896"
vary: Accept-Encoding
x-goog-generation: 1685983010517890
x-goog-hash: crc32c=aHj4lg==, md5=R6iGNTBWyvM6mYxgQeIIlg==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 5009
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 zoneview
ng.virgul.com/ Frame A502 0
209 B 46ms
46ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1689038841265&v=https%3A%2F%2Fye-mek.net%2F&r=153366@153377@153378@153379@153379@153382@153383:yemek_net&userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.5291151721246796
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 11 Jul 2023 01:27:21 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A502 116 KB
42 KB 294ms
294ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2674859333090803&correlator=3572027075662297&eid=31074947%2C31075865&output=ldjh&gdfp_req=1&vrg=202307050101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=2&adks=3733009076&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1689038841041%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet2a1b8dc7-6780-4268-998b-67200964ffb6%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet2a1b8dc767804268998b67200964ffb6&sc=1&cdm=ye-mek.net&abxe=1&dt=1689038841296&lmt=1689038841&dlt=1689038840463&idt=750&adxs=436&adys=2665&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=jrncnm49596g&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1101404077.1689038841&ga_sid=1689038841&ga_hid=1121006933&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307050101/pubads_impl.js?cb=31075865

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

677994db31330e102362f8d43e2b48d5d1b1dbd948158a741b7a82018f3d5374

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42944
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame AFE4 6 KB
3 KB 66ms
15ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307050101/pubads_impl.js?cb=31075865

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:27:21 GMT
expires: Wed, 10 Jul 2024 01:27:21 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ Frame A502 7 KB
3 KB 429ms
49ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19549
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Tue, 18 Jul 2023 01:27:21 GMT

GET
H2 200 tag Show response
feed.pghub.io/ Frame 46E1 13 B
257 B 61ms
23ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Tue, 11 Jul 2023 01:27:21 GMT
strict-transport-security: max-age=31536000
via: 1.1 google

GET
H2 200 zoneview
ng.virgul.com/ Frame A502 0
209 B 46ms
46ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1689038841338&v=https%3A%2F%2Fye-mek.net%2F&r=153394@153493:yemek_net&userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.021936635256962544
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 11 Jul 2023 01:27:21 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 jquery-3.3.1.min.js Show response
c1.imgiz.com/js/site/ Frame 2833 85 KB
35 KB 310ms
50ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/js/site/jquery-3.3.1.min.js
Requested by: Host: ng2.virgul.com
URL: https://ng2.virgul.com/adview?a=64954933e4b03f04e549367e&r=153366@site_geneli@yemek_net:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&cs=1689038841226&mt=1689038841041&userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6&vmn=64954933e4b03f04e549367e___1533661919502793
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: gzip
last-modified: Wed, 16 May 2018 07:27:31 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Tue, 18 Jul 2023 01:27:21 GMT

GET
H2 200 64954933e4b03f04e549367e
ng.virgul.com/tck/imp/ Frame 2833 0
212 B 46ms
46ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/imp/64954933e4b03f04e549367e?userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6&mt=1689038841041&sdr=&et=&r=153366@site_geneli@yemek_net:site_geneli&l=&info=&t=banner:153366@site_geneli@yemek_net:site_geneli&os=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&cs=1689038841406
Requested by: Host: ng2.virgul.com
URL: https://ng2.virgul.com/adview?a=64954933e4b03f04e549367e&r=153366@site_geneli@yemek_net:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&cs=1689038841226&mt=1689038841041&userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6&vmn=64954933e4b03f04e549367e___1533661919502793
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ng2.virgul.com
date: Tue, 11 Jul 2023 01:27:21 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame A502 107 B
165 B 16ms
15ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307050101/pubads_impl.js?cb=31075865

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A502 61 KB
14 KB 322ms
321ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2674859333090803&correlator=4493011930678970&eid=31074947%2C31075865&output=ldjh&gdfp_req=1&vrg=202307050101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_right_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=3&adks=3203893797&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1689038841041%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet2a1b8dc7-6780-4268-998b-67200964ffb6%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet2a1b8dc767804268998b67200964ffb6&sc=1&cdm=ye-mek.net&abxe=1&dt=1689038841459&lmt=1689038841&dlt=1689038840463&idt=750&adxs=1318&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=xa7sg5dohlmm&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=1101404077.1689038841&ga_sid=1689038841&ga_hid=1121006933&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307050101/pubads_impl.js?cb=31075865

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f87a7cb961b0230a13d3eb0726a3f00b162fccd98b9b67f13ba570568377e11e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14622
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A502 117 KB
42 KB 271ms
271ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2674859333090803&correlator=1635309398739350&eid=31074947%2C31075865&output=ldjh&gdfp_req=1&vrg=202307050101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=4&adks=345722362&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1689038841041%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet2a1b8dc7-6780-4268-998b-67200964ffb6%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet2a1b8dc767804268998b67200964ffb6&sc=1&cdm=ye-mek.net&abxe=1&dt=1689038841464&lmt=1689038841&dlt=1689038840463&idt=750&adxs=436&adys=1389&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=rhhy32m4vupu&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1101404077.1689038841&ga_sid=1689038841&ga_hid=1121006933&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307050101/pubads_impl.js?cb=31075865

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ff2c4473a2b378c031f0789160eaa65929196be9a5d402930b5f5dd13da4dccb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43132
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A502 23 KB
11 KB 262ms
262ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2674859333090803&correlator=2207300661880243&eid=31074947%2C31075865&output=ldjh&gdfp_req=1&vrg=202307050101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_left_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=5&adks=3299242717&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1689038841041%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet2a1b8dc7-6780-4268-998b-67200964ffb6%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet2a1b8dc767804268998b67200964ffb6&sc=1&cdm=ye-mek.net&abxe=1&dt=1689038841469&lmt=1689038841&dlt=1689038840463&idt=750&adxs=122&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=3egudgvnrwc&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=1101404077.1689038841&ga_sid=1689038841&ga_hid=1121006933&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307050101/pubads_impl.js?cb=31075865

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

121274f84490f52bb8323475b5f346338e3ed799b15aec6d6c2ac5f7b762008e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11262
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A502 28 KB
12 KB 390ms
389ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2674859333090803&correlator=669669169270570&eid=31074947%2C31075865&output=ldjh&gdfp_req=1&vrg=202307050101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_ust_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=6&adks=456810305&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1689038841041%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet2a1b8dc7-6780-4268-998b-67200964ffb6%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet2a1b8dc767804268998b67200964ffb6&sc=1&cdm=ye-mek.net&abxe=1&dt=1689038841473&lmt=1689038841&dlt=1689038840463&idt=750&adxs=436&adys=751&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=ygv0pvl3v7c7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1101404077.1689038841&ga_sid=1689038841&ga_hid=1121006933&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307050101/pubads_impl.js?cb=31075865

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5157278c00662adeaef676d943c2150691103322d36a3ec6e587b01cb3a7fb3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12630
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A502 116 KB
42 KB 278ms
277ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2674859333090803&correlator=1682385407650048&eid=31074947%2C31075865&output=ldjh&gdfp_req=1&vrg=202307050101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=7&adks=2157304621&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1689038841041%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet2a1b8dc7-6780-4268-998b-67200964ffb6%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet2a1b8dc767804268998b67200964ffb6&sc=1&cdm=ye-mek.net&abxe=1&dt=1689038841477&lmt=1689038841&dlt=1689038840463&idt=750&adxs=436&adys=2027&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=anq3l5r9tu3a&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1101404077.1689038841&ga_sid=1689038841&ga_hid=1121006933&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307050101/pubads_impl.js?cb=31075865

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7f5845e5923297b8c95bc7eda18709c9c4a31dc532f19526357f3be6c55910c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42836
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0052 6 KB
3 KB 9ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307050101/pubads_impl.js?cb=31075865

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:27:21 GMT
expires: Wed, 10 Jul 2024 01:27:21 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/ Frame 0052 34 KB
13 KB 41ms
8ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7f3232e16c5af1b4d3192ed6be46c39b4902ecef8717b7a1dc69da6b8fe34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 19:25:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21707
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13672
x-xss-protection: 0
server: cafe
etag: 2805512053162071780
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 19:25:34 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 0052 24 KB
7 KB 45ms
14ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 480270
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 04 Jul 2024 12:02:51 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0052 179 KB
57 KB 59ms
20ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79cbf9d3dc9d8df1616dd585c95022e1104e8b2700974ba07a9c1a26187bf3e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57331
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1688990556196721"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Jul 2023 01:27:21 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/ Frame 0052 23 KB
9 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/abg_lite_fy2021.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:54:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27172
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9104
x-xss-protection: 0
server: cafe
etag: 12939045362079141464
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:54:29 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/ Frame 0052 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/window_focus_fy2021.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:53:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27206
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:53:55 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/ Frame 0052 20 KB
9 KB 38ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:53:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27206
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:53:55 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 0052 0
0 17ms
17ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTXjSmpXrUtWhR3KWpQMiu1AnL12IBOxMkJMGAs_EwamsXM0SApWHrfrMu_T7U7AxriE4UoM6uAkNYsg-2tDjaLw1qZyw
Requested by: Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 container.html Show response
5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 86A9 6 KB
3 KB 9ms
8ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307050101/pubads_impl.js?cb=31075865

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:27:21 GMT
expires: Wed, 10 Jul 2024 01:27:21 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame A502 345 KB
119 KB 54ms
21ms Script
text/javascript 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19549

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbcb528af7c43cf9a3bad6ba2c2539e89722848b62ea05d11be29ea1949eafd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121723
x-xss-protection: 0
expires: Tue, 11 Jul 2023 01:27:21 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ Frame A502 398 KB
128 KB 59ms
59ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: gzip
last-modified: Mon, 29 May 2023 18:51:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Tue, 18 Jul 2023 01:27:21 GMT

GET
H3 200 container.html Show response
5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5D9A 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307050101/pubads_impl.js?cb=31075865

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:27:21 GMT
expires: Wed, 10 Jul 2024 01:27:21 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 350D 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307050101/pubads_impl.js?cb=31075865

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:27:21 GMT
expires: Wed, 10 Jul 2024 01:27:21 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012306202201000/ Frame 10FD 222 KB
61 KB 92ms
16ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306202201000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307050101/pubads_impl.js?cb=31075865

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5af185c4ee2f05f5e2f6407594cd75cb32129871c2ec0f0957be6d3129a8cf54

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 05 Jul 2023 17:10:51 GMT
age: 461790
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61909
x-xss-protection: 0
server: sffe
etag: "f919e19544cf979d"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jul 2024 17:10:51 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012306202201000/v0/ Frame 10FD 15 KB
5 KB 103ms
27ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306202201000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307050101/pubads_impl.js?cb=31075865

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c52e2a15cba5be54e6986bd808f5a6aa6705b0efffd9379feb005dabdb748e32

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 06 Jul 2023 22:13:03 GMT
age: 357258
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5217
x-xss-protection: 0
server: sffe
etag: "64cbd7fca0464c6f"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 05 Jul 2024 22:13:03 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012306202201000/v0/ Frame 10FD 94 KB
29 KB 85ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306202201000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307050101/pubads_impl.js?cb=31075865

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

01204747c552676cceff27ecab875807de15fc28860715608db3d368ba736b3e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 05 Jul 2023 16:18:55 GMT
age: 464906
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28896
x-xss-protection: 0
server: sffe
etag: "4dcd9a8c59f0d36a"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jul 2024 16:18:55 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012306202201000/v0/ Frame 10FD 5 KB
2 KB 102ms
26ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306202201000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307050101/pubads_impl.js?cb=31075865

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

52337cf2499996a25da3c2f17c8e0492c2d728c4b22bdd9b4da2089fcedac9ba

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 05 Jul 2023 16:19:04 GMT
age: 464897
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1898
x-xss-protection: 0
server: sffe
etag: "b82574a955fb50a0"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jul 2024 16:19:04 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012306202201000/v0/ Frame 10FD 40 KB
13 KB 100ms
24ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306202201000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307050101/pubads_impl.js?cb=31075865

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b17d2d0a88d045b86c025e6a7978189716ddd6776e975bb9de1ad43be17348f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 05 Jul 2023 16:18:58 GMT
age: 464903
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12958
x-xss-protection: 0
server: sffe
etag: "5e14f2792a869535"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 04 Jul 2024 16:18:58 GMT

GET
DATA 200
OK truncated
/ Frame 10FD 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cd253de2db573d215e4e8879f8d87afb505613800ee261716a2a69c6789da872

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 7900091963577414448
s0.2mdn.net/simgad/ Frame 10FD 44 KB
44 KB 49ms
12ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7900091963577414448

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25b451f3cad26104f57800c79546bf5a40295d0cecf5623e623f4479b94d0ddd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 17:07:03 GMT
x-content-type-options: nosniff
age: 462018
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44765
x-xss-protection: 0
last-modified: Wed, 05 Jul 2023 10:29:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 04 Jul 2024 17:07:03 GMT

GET
H2 200 16421770815431758339
s0.2mdn.net/simgad/ Frame 10FD 10 KB
10 KB 56ms
19ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/16421770815431758339

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 17:07:03 GMT
x-content-type-options: nosniff
age: 462018
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Wed, 05 Jul 2023 10:29:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 04 Jul 2024 17:07:03 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 10FD 0
0 38ms
16ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSuNbyzKijpQ-ffRcQHxWdm7G2Psx1FaOLKLM2NaNLrc4dOA4V1RnYgRPmhVFTXbh2ETJXoMvSjT0Ox-JQNTCbFAxKhHw
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 tr.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 10FD 3 KB
3 KB 8ms
8ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 15:32:50 GMT
x-content-type-options: nosniff
server: cafe
age: 35671
etag: 9957912877679239782
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3057
x-xss-protection: 0
expires: Tue, 11 Jul 2023 15:32:50 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 10FD 344 B
474 B 8ms
7ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 19:03:49 GMT
x-content-type-options: nosniff
server: cafe
age: 23012
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Tue, 11 Jul 2023 19:03:49 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 41A0 624 B
242 B 26ms
25ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjPmbXcATAB&v=APEucNU1bh_R44H_7gZhizKqpYkF368MhEKsy8_yASLA0Oo3dgSt5Dd-v_jv8g-zOCD6hOmVVKw0S5FExeVS6bT6uw977K6JWwmq8WBT-3lhIY62tksEYGbuBM3tK-6WBx1yajq1MzLxs2sdLQS--eUEuD3DRD3zWgXGi5D6HnUuiYbAFkggUug

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:27:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 86A9 78 KB
27 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 11 Jul 2023 01:27:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 86A9 42 B
63 B 44ms
42ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Ch8QxxQX2piGggRdmhULVq_VEXqWJ0um5ECUrAFcMKu8sqqYwY4Vp2nrTP3dQo2zxXMSxARPEX0UHnfWorLQzblca4CLT-LIcsVyJQtu-t9xqbCpc

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 86A9 0
20 B 44ms
42ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=4910307427543805693&x=1&ct=76

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/ Frame 86A9 3 KB
1 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/window_focus_fy2021.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:53:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27206
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:53:55 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/ Frame 86A9 20 KB
8 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:53:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27206
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:53:55 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 86A9 0
0 22ms
20ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQU-iqmvKOS6BaD7JjT1ycXkRy4FJheAhF1bMbEeE35SoGdRfql7ffhfACX6oSworq5hh5IBDHV3eudrXbD9_uUhb2oqw
Requested by: Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 86A9 179 KB
56 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79cbf9d3dc9d8df1616dd585c95022e1104e8b2700974ba07a9c1a26187bf3e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57331
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1688990556196721"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Jul 2023 01:27:21 GMT

GET
H3 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/ Frame 5D9A 34 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7f3232e16c5af1b4d3192ed6be46c39b4902ecef8717b7a1dc69da6b8fe34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 19:25:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21707
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13672
x-xss-protection: 0
server: cafe
etag: 2805512053162071780
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 19:25:34 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 5D9A 24 KB
6 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 480270
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 04 Jul 2024 12:02:51 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5D9A 179 KB
56 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79cbf9d3dc9d8df1616dd585c95022e1104e8b2700974ba07a9c1a26187bf3e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57331
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1688990556196721"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Jul 2023 01:27:21 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/ Frame 5D9A 23 KB
9 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/abg_lite_fy2021.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:54:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27173
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9104
x-xss-protection: 0
server: cafe
etag: 12939045362079141464
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:54:29 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/ Frame 5D9A 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/window_focus_fy2021.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:53:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27207
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:53:55 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/ Frame 5D9A 20 KB
8 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:53:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27206
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:53:55 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 5D9A 0
0 16ms
15ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSwiJ7qE7I6iIEngZ0wilxkTpNnSMVxyTEBIDSOtP0CrLxFWlE69luRHP8hBwKd85NtOHozwQLwxl0bFup7Fnr-xN9DJQ
Requested by: Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 container.html Show response
5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6532 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307050101/pubads_impl.js?cb=31075865

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:27:21 GMT
expires: Wed, 10 Jul 2024 01:27:21 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/ Frame 350D 34 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7f3232e16c5af1b4d3192ed6be46c39b4902ecef8717b7a1dc69da6b8fe34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 19:25:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21707
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13672
x-xss-protection: 0
server: cafe
etag: 2805512053162071780
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 19:25:34 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 350D 24 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 480270
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 04 Jul 2024 12:02:51 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 350D 179 KB
56 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79cbf9d3dc9d8df1616dd585c95022e1104e8b2700974ba07a9c1a26187bf3e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57331
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1688990556196721"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Jul 2023 01:27:21 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/ Frame 350D 23 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/abg_lite_fy2021.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:54:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27173
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9104
x-xss-protection: 0
server: cafe
etag: 12939045362079141464
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:54:29 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/ Frame 350D 3 KB
1 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/window_focus_fy2021.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:53:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27207
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:53:55 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/ Frame 350D 20 KB
8 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:53:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27206
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:53:55 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 350D 0
0 16ms
15ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSGCHrBcoCnSzTvktpNMZ6qXBsXXnJ6RnwJc2p6gku4cnckgtDbgiydgcgSgICSUL5QFRbKRgsDLyfWIQflTdYhJrF5SA
Requested by: Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 15356227853785638869
s0.2mdn.net/simgad/ Frame 0052 261 KB
261 KB 13ms
11ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15356227853785638869

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0e2f6c277ff5d8359dec23dff73f2e1ea64f512f3cf966ba7432e76e90846fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 23:03:16 GMT
x-content-type-options: nosniff
age: 267845
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 267179
x-xss-protection: 0
last-modified: Fri, 07 Jul 2023 15:44:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 06 Jul 2024 23:03:16 GMT

GET
H2 200 10712056371763284463
s0.2mdn.net/simgad/ Frame 0052 10 KB
10 KB 12ms
11ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/10712056371763284463

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 23:03:16 GMT
x-content-type-options: nosniff
age: 267845
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Fri, 07 Jul 2023 15:44:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 06 Jul 2024 23:03:16 GMT

GET
H2

200

ad.js Show response
trgde.adocean.pl/__/_1689038841944/ Frame 2833
Redirect Chain

https://trgde.adocean.pl/_1689038841944/ad.js?id=Ltih8RaczJRSpKHvU3Ue8Rl9s8MAVzINIskf9usDc0L.37/nc=0/gdpr=0/gdpr_consent=/redir=https://ng.virgul.com/ct/64954933e4b03f04e549367e?userId=vnet2a1b8dc7...
https://trgde.adocean.pl/__/_1689038841944/ad.js?id=Ltih8RaczJRSpKHvU3Ue8Rl9s8MAVzINIskf9usDc0L.37/nc=0/gdpr=0/gdpr_consent=/redir=https://ng.virgul.com/ct/64954933e4b03f04e549367e?userId=vnet2a1b8...

3 KB
1 KB

20ms
20ms

Script
application/x-javascript

92.222.252.174
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://trgde.adocean.pl/__/_1689038841944/ad.js?id=Ltih8RaczJRSpKHvU3Ue8Rl9s8MAVzINIskf9usDc0L.37/nc=0/gdpr=0/gdpr_consent=/redir=https://ng.virgul.com/ct/64954933e4b03f04e549367e?userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6&sdr=&et=&r=153366@site_geneli@yemek_net:site_geneli&l=&info=&t=banner&cs=1689038841406&m=
Requested by: Host: ng2.virgul.com
URL: https://ng2.virgul.com/adview?a=64954933e4b03f04e549367e&r=153366@site_geneli@yemek_net:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&cs=1689038841226&mt=1689038841041&userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6&vmn=64954933e4b03f04e549367e___1533661919502793
Protocol: H2
Server: 92.222.252.174 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: ip174.ip-92-222-252.eu
Software: GAD /
Resource Hash: 78c22d82748b1c24bea00726147dc80fa1a93895cc9f6e82e52c2b57d4fb051a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
content-encoding: gzip
server: GAD
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 985
expires: Mon, 10 Jul 2023 01:27:22 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: GAD
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1689038841944/ad.js?id=Ltih8RaczJRSpKHvU3Ue8Rl9s8MAVzINIskf9usDc0L.37/nc=0/gdpr=0/gdpr_consent=/redir=https://ng.virgul.com/ct/64954933e4b03f04e549367e?userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6&sdr=&et=&r=153366@site_geneli@yemek_net:site_geneli&l=&info=&t=banner&cs=1689038841406&m=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 0
expires: Mon, 10 Jul 2023 01:27:22 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 41A0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOE5oMYOwSB1HL276EIouKo&google_cver=1

43 B
766 B

9ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOE5oMYOwSB1HL276EIouKo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjPmbXcATAB&v=APEucNU1bh_R44H_7gZhizKqpYkF368MhEKsy8_yASLA0Oo3dgSt5Dd-v_jv8g-zOCD6hOmVVKw0S5FExeVS6bT6uw977K6JWwmq8WBT-3lhIY62tksEYGbuBM3tK-6WBx1yajq1MzLxs2sdLQS--eUEuD3DRD3zWgXGi5D6HnUuiYbAFkggUug
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jul 2023 01:27:22 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOE5oMYOwSB1HL276EIouKo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 41A0
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZKyv.cEbUkl96I2myTSYWAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOE5oMYOwSB1HL276EIouKo&google_cver=1&google_hm=2

43 B
766 B

8ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOE5oMYOwSB1HL276EIouKo&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjPmbXcATAB&v=APEucNU1bh_R44H_7gZhizKqpYkF368MhEKsy8_yASLA0Oo3dgSt5Dd-v_jv8g-zOCD6hOmVVKw0S5FExeVS6bT6uw977K6JWwmq8WBT-3lhIY62tksEYGbuBM3tK-6WBx1yajq1MzLxs2sdLQS--eUEuD3DRD3zWgXGi5D6HnUuiYbAFkggUug
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jul 2023 01:27:22 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOE5oMYOwSB1HL276EIouKo&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 41A0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECacKoWfXM3S941JZUtLots&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESECacKoWfXM3S941JZUtLots%26google_cver%3D1

43 B
885 B

14ms
14ms

Image
image/gif

185.89.210.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESECacKoWfXM3S941JZUtLots%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjPmbXcATAB&v=APEucNU1bh_R44H_7gZhizKqpYkF368MhEKsy8_yASLA0Oo3dgSt5Dd-v_jv8g-zOCD6hOmVVKw0S5FExeVS6bT6uw977K6JWwmq8WBT-3lhIY62tksEYGbuBM3tK-6WBx1yajq1MzLxs2sdLQS--eUEuD3DRD3zWgXGi5D6HnUuiYbAFkggUug

Protocol

Server

185.89.210.153 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
an-x-request-uuid: 677f27f2-b878-4332-9bf8-3f06f5a2e0f9
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 37.58.58.244; 37.58.58.244; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
an-x-request-uuid: 6d2ec39a-f5f1-4664-a29f-528e43547131
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESECacKoWfXM3S941JZUtLots%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 37.58.58.244; 37.58.58.244; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 41A0
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTYyMTgxNzUyOTY0MDQ0NTU2

170 B
188 B

17ms
17ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTYyMTgxNzUyOTY0MDQ0NTU2

Requested by

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
an-x-request-uuid: 35bbf3e3-ebfc-440f-9ddd-018e8367dd3a
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTYyMTgxNzUyOTY0MDQ0NTU2
x-proxy-origin: 37.58.58.244; 37.58.58.244; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 86A9 0
20 B 42ms
42ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4922972434662&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 86A9 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4922972434662&version=m202301230201&ct=76&x=1&cor=4910307427543806000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 86A9 93 KB
37 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ASXEcHFyyi_RE28UkECGve9a9yXjurVqH_V86uZOu-FrZwTUb-poD6QpDQB09JhNnZaS0QACHbEDnzGGMmj_IiMFSTunTXJX76d6U0jePvKXvnhk0&cry=1&dbm_d=AKAmf-BY-YNMjn9NxzpMz97bZqdH4HhjE6OkwFkk_8Rav5N2RpJj4tp-ZJi6HoQd2qIu9iE8DEavHvhn2jBsgMA7IXIfZ_Jf9H5HsL590p6CPH7rX_lCmC7OmgXSm7Gfu6g1L_0B3gZACCyHHoTxbfZgNPmZMUC90s3g8RnC7D6lzXub9Pi5gOunxlItQfFFMQlK4rfSJlzQwDaafusv-SGHf9hiBJlxMR4qd908_2JYVTMTXwr7GpZS6xqFIj_ttpbwUjYmGpXjeCi9ZpMKyE-IFCDnvVORMX5J1m44yqyWhQpjfCekUwygcaFvpiKVOJi383Zz4GWHvDUJfTBuj2Zw6CbqQ5u4Cd1XJU4d1zfJNdD7Q6LUnaWNRNUpVHDL8kpTIfcDVtePLdOS9On9fbgJie8KDp3MA9puV5yoUZGIwk02pNzVKniwZ9Xz-qo2bm7QFX8PzJ1hrI0XznZDcXz6aqdUGdxzUByZtHqqBX_LSKbVTkw58TpjBALOy-PwCz01CMgSf3osNTAbOQzA7DNITSkOHXRV0oEnW6PRH2ePRzDq0jRbRyxpqSxY5-BKSpnBu32bLLklRLYEl9gBYtHWVL2y9cpAumTl9hjr5TzOZxSgbvEXctSPf2bcTqdwQOetiFGmVnC8u9zz_qGLAXfv3KxhcNF1oy4dD24f7Blqjm9ouYGVjx0ifNl6uofNNtcrpBEAcGjLnIuO0HMvBoFT2NhiVaJHD2BR60XYmuUIcEqvJ9gh-MB9LeUf7wZXOkr61B5uQunoq3L1c16vHqtxwc8SAFGoOJR3KXcGAdfNQTmBKBl99Q_9rRPA7QcA8jt2_o9a2Nc-PV7pwi9TgdAk13d77RmW5YFUOlVfXmN2TOMZK5UsRQd6Rs4DUTXcFP0tNsqlhjWW2aAfsIrjM4RTXs2Duf3VZFvij565XMwK2S1MdN92e5FgJnuzB-Jc5ajzqUJVq1JX8lHRFtN8L_n3LIQ_tOwsfFb5hCj4jmNAlQ3CeYhf_6utSk4NCjFLEs03PVwFd3NkGFBtBiNiO4YQYFd5zEc1xHLQQpb6cHmbxzwEpxbRekUUj2tmulahxufFVNF9ZpL4VnbHBmAa3t6U10tphEenvW5hL1BFTBJrjNG2_7RoDlVimiPPhoh6Y_ye-T2AyilnIk61bIQJ76GhHXs-Ed2QeEJu9vTKq6goCO3Rpq9PDZNgn4_YFmCBgZfAbrHNOvF4hP98UcUhC-_cHygXHphpU_QqGCuhr9YwC3uX5zpino8S5NEMwA-fwzL9KQ5AfMeJfcF5QHmh1Z3NxUcW3ZGJGGN4fIIQ8PXcZmcHWzR3oLbdQ4SgOb4Sk6AfsbqfteJnmhhEsWzrXM5TjUIaAVEbDg5HvDCU5DO0-VPjQKI9cDoUcwLMfpvJMmY87agIGINIl6PV3qYfp-FlYi-_uNu7dmqcnXsgfTfA63uNBXTSUFULsWOffJLR0JIUEWqkBtdOIkxtO3HVtAvxVmEDdq0TEzggGr0LfLDBV6XYdt8XmIjfMGQ1HSdbitUrVV0G4jGcXS7FG6uMrLS26OYvj5P5v-0Oaz6tGOUbyDydDT_-U_tei6KWH1f6eWk-nWaTbu2rekS2WR4BxztTyMzZynG166oESJRTW9WYuaLO545lbkT1EMfSofFlj2TL7Y1-Lmn2gk_rXZxa59PMT5KVUHwqfwDU53_1O_roUrYnAE4Grrgj81zX976FdteSfic488_JaEN7wIuvT5rDmVxUoyCY5L7d5BJU9-sJmAZr4LI5GqmBzlLxYdsjEv9ece9s3u0UuSDTyt2R5sBlpq2ewM-rNM-1L_Lr78HWJIiAZAnDCsGqAg__bZvl50vYOV6tK6vEDdWaOtbprQtIgcf9pfx9DP-aoZl3PrK24lIjG4RelzVR7EVsUcr6-FjSGbaTiAepOreLT3IMXZdKrWEUC4qVf-SLi01Dw7Cfq5mjdDQOwiQTc0hnuBr42Dnk-HhuCCpwktI0Fi1roPNPgSefhLUDCuuWRnFlNHX-K40l_VAWlw6Vi5HrqsRANOYudSWdSQigT1NPEhypdgfot6lbbRc8Xeybo20zkpsWVzCwhgPKEgYm4fQPkgOCwPpb0HbpUwGRfdgYZkOvOeOX19WEzd-co9wseYSaJyb4tylcSIOPbWOzS7w78ttppYY2_2PFI3e_JEeSdY3Ja3OkC7i4qMzUJZ9ctEoWQJzBtr4joN3GtAHt6yVQm5DCN2OP2U21w-O9ADo7huqd3XpTCNJh50bF9jE6Vq0ziRTInkUDAwt9ykAK2PtPe7Pig53kLX8KHBVnPP0JfgwMStTXGZtEDtKDF1VRIQUrqmERRjy3F5FbgAEL5WSSl7H4mWS-Nh6ceBBsbmvtO1I2lsfsmOyeWZsuFbS1u-VXi0-djWfLijAESMq4NzhjHFDy-h9Toh98ETS55wAarYdNyt0MOD-K_BiXYikBSjRbLSj4356O8UTb6842gdY14H4YyCu9ad4ZipC6qWkqyMzEYpuYNANpVOOK2g9whLsUh1SFBKSf3xBhouwE9dJSus3nG-4QuiOSyWTZi0nBXGos9NOeHuwjMNjWgtN_9gCwH66foxwGOMXflatQxrULr6yCGeRnYlcqtHDySIvU4PvE60sYfAI3-DJAXi6UtO0FaVNGuIyB57PAf0Y3OCX0oKYkFIF7YmRsrWEg-EX1zhirBkVRInLJF-karIuXx8kcvCLED2p8LcxcfEXmqprf6RdSZ1rvWNHFg07a6L-lNjWFKRkpZzZV2WaqjouU9S1ZxxjQyUBmMrehD0IhexEgTnqU-rXEfSofyKvYaIZdn8-ZT06QUx0_mY9Dxj1KB4Ml1FGGeyqPLveWizLF0BKRtyME2DPCQYuop9fxpjKQy41uN45IuEgghU5k5Scb8hzftVeSlZZnpKvv3ftgLvuulXPcC_BINKQ87PO3XRv0zkKU66vgyhyiBheOIdBTUj2F0uacWA9k19wqmVeC4yWN-GaMAC4aiehg0eYY9DJxgG9hPCLXJVTLxZs-fXjUYTn2CcHAnJLyK-g_q0VkdCJ16YF9WpHlWUQ2A7sCCD2O25Fk7FPKqKoW4lTyDGvnzbPS_1d7gH67AFsEru0UKuTJ-9_UL-_xRNWWcZwfT-FKCntjSmN2WRrsw8t4-oPajqE7xnANJK86awsyElYQWw-bGfpIB-gDS3ZlhZ6Ar690hqK25egfHAwZUEkhkSoDcXFD9zOlrALUsjJwZE_O6XAg5dUJLtpOaov5zx4VoXt3vwECE9uZaWJmbSAALaNtbhrCexBrf15PC9RlqgLBBikwxOX8Fjo6xA8rtGL4Zf_01g9F6iD-3HwVDmqTip7aATpKJ5qNkoiSltJGl2m8ccf4oUtvkUIoOzEBserDKqryTuU6pOZWzV088sAyksVPLCgTYIHTZ7CGQ-s6nEqQbXWTAMTyllTiqR4n0lM5mxQw5H6zsbHDYD6y65sVj4M1SVij3dFxBkjigWNDhxy_WI8Mk7p10pCJ4yrgXdOA&cid=CAQSOwBpAlJWZrxr5oQ4UVFvFb01WBHgjroV3gSMjOunttjlxfhksIgxz0eLuzsZOMgycWu-0GlecZmTfCavGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=4910307427543806000&adk=1599433117&idt=29&cac=0&dtd=17

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f21460b090958cc601f62f041603072b4b3c4546863f64b2cafa4a352adf3446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38358
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1EC5 640 B
262 B 22ms
21ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjNmbXcATAB&v=APEucNURidlBqXeAXLyKy-Mj7h_5Ql9m1KE18nyapPXXu7PF9uJ5yVqfRe2nRLiCrnho3wJwn7g3-c_RdtR_xscYMiL0VFO0szkOuRVitisLLYg6mK8GiQObhRHpDjPH3KeGRXOMdnK0lpGTjgwoAze85KhsQN6bE44kVGBt6of6edVO9-EAXrI

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:27:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 6532 78 KB
27 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 11 Jul 2023 01:27:22 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6532 42 B
63 B 42ms
41ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Dw3PC03d3ashr25_9iha8gLEJzcaxfAbexJoOFRPmijM1WPb73Oo9CmPXeUpEGRnlku0aZKK12pm1oArWXvT_UkkjJjpjyDHhzgGKWNGx9sjPQAkA

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6532 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=9114679046717076525&x=1&ct=76

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/ Frame 6532 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/window_focus_fy2021.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:53:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27207
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:53:55 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/ Frame 6532 20 KB
8 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:53:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27207
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:53:55 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 6532 0
0 16ms
15ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ5PywWS_hrt3J8-BrDhfeeWv_wJ6Uz5gLbfXrWhS_O_5cOAqtnC_YKDpBTpE9UXTrbS0L1YY5FJDRbkq9ucZ077JgXgw
Requested by: Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6532 179 KB
56 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79cbf9d3dc9d8df1616dd585c95022e1104e8b2700974ba07a9c1a26187bf3e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57331
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1688990556196721"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Jul 2023 01:27:22 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 70DE 143 B
166 B 8ms
7ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 651
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:16:31 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 77FC 1 KB
643 B 11ms
9ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 30886
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 16:52:36 GMT
etag: 48472445140208031
expires: Tue, 11 Jul 2023 16:52:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0052 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6aea6fde833572bd59a87046f50ba96c3e3f34d910a2a74bbdebc5ee6c5f7aab

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 15356227853785638869
s0.2mdn.net/simgad/ Frame 5D9A 261 KB
261 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15356227853785638869

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0e2f6c277ff5d8359dec23dff73f2e1ea64f512f3cf966ba7432e76e90846fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 23:03:16 GMT
x-content-type-options: nosniff
age: 267846
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 267179
x-xss-protection: 0
last-modified: Fri, 07 Jul 2023 15:44:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 06 Jul 2024 23:03:16 GMT

GET
H3 200 10712056371763284463
s0.2mdn.net/simgad/ Frame 5D9A 10 KB
10 KB 12ms
12ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/10712056371763284463

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 23:03:16 GMT
x-content-type-options: nosniff
age: 267846
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Fri, 07 Jul 2023 15:44:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 06 Jul 2024 23:03:16 GMT

GET
H3 200 15356227853785638869
s0.2mdn.net/simgad/ Frame 350D 261 KB
261 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15356227853785638869

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0e2f6c277ff5d8359dec23dff73f2e1ea64f512f3cf966ba7432e76e90846fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 23:03:16 GMT
x-content-type-options: nosniff
age: 267846
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 267179
x-xss-protection: 0
last-modified: Fri, 07 Jul 2023 15:44:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 06 Jul 2024 23:03:16 GMT

GET
H3 200 10712056371763284463
s0.2mdn.net/simgad/ Frame 350D 10 KB
10 KB 11ms
10ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/10712056371763284463

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 23:03:16 GMT
x-content-type-options: nosniff
age: 267846
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Fri, 07 Jul 2023 15:44:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 06 Jul 2024 23:03:16 GMT

GET
H3 200 ad
googleads.g.doubleclick.net/dbm/ Frame 0052 42 B
63 B 32ms
32ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DkOgNm12DLWFFkciepNG_TZA8z-V1OI5_2XM5EynyEYFiq8udEdXFAy9TanihghqNejZwRzdv_Pi1Pz2obwlb8SijtU-YNQgO8GFGt_0Ms-V_3LM6ZjSdEApStdPiABF216zG6BupT_xRPsemyBBtDwmf5Bw&dbm_d=AKAmf-Bf5qIcEcOY2kM7Ghz4AOP0Nex9Zd7WYdcKEfRbv0sAMuYGOZRrsDCMkJu14dPTcBfH6A_jTmB0cB4MK2-M3zBvak-lgxxcDLo1-wcY3MtSo0pbryFvP_hQlX5ksD_yc2H23ATDwEczyHT8T5s6zJhhaNgSOZeJQ6MtCpezwHcot-UAKsG7mYztPzTrOv7Q7FT4JdvibZKHgaKf6L0-D_x66kXmYrW5WcC7CoC2ZKVX1IJ9agBZTZnpf2omC4NPVQjaW2j9W_Sk-kiRCO1oZrAvk2L-lNex_9_o7Vz6UW3LLtz-72kL98zg-tPAjBiFz92Wr3G_mpKd9m6vhmnRLFFsOyXxmEZrRoxT-O8P3R6p_Z4mDyuluYmsFf1_iOhUWR-eb0l6jhKGisgB8BjtQoNOhi958_sgF--oehgj4J5EWlXmpt7l0eLwqZGKUAvfntteMbUsE6C2qFRvuFfmoBQ5kmnIGVIJeuf_VxuIanS4Vb57mT32J7Em0PIvdvRu32OqpnSf2w8r7bpMiquWjrlQFM4IQkkTGnt37pLFrD0VLcQKJC4yZusNVFd_XExTKli1Rru3FfElB2lPyaaL1wrG-2AnvxrBIaE2RrcxapjJoDc8xJu5B-7U7lJkcnM7bHALYf6O3yKoSkFNmI6_8JKjLCtnEcfcpS-cuu-yypWwC3LAZ_67umJyU0Fx88O_CyEhH8o23wxfQRLEdnX-dgDX9xLI4h1LJNlBoNRhGoK85VmygjcvUh0usgjdhVMKRYL0n3wmA3pK-V592XWzW0nvatU6poIHwRHvvbEyeZOgefUu3KXRwrwZrtY5Eq8iVRaxz4guQ9_BBAMzSstQ4lQ8Q5dE37mBuHhHXguCX_ajsVDs1Cko4QvUpgs6G6LiXmppE_NZI9bU6sYSxmMS32NqbQMuVd_53hm5XkWmXTlypUH07pWBSRIsrHaydGUMPyP9CiGZbDvmm_3Wqp5BnguJFAzYIsp2TSSv2Gc0uzUbUD-OtI_ruZ9su4GIRceq6EQuMHyIh7ZAFB3XgsbOkwwevqDc8yxbeCgaLvujiUh452vqAB9YT54mbvT2Pk-G-2MHUp5Dopm4e85ZIVdT0Ivv62uz8kNUL0XsBCwdd3LB7wgSF9sBiyFdqir_PccmCczq5_mdmZzXaTB-vtN5jvkJDPWRkQtZGgWx2dHnGqBnqTPVqOhD4UAho-Ay6AQvwS_WjmqE2qS1hbT7dA6viYsuYPy8iVwTFUZ2cnvhtC6UEpTUQHljpAwTXnvwr3xZdMbzFWeWayxULnoVB1svSHS17EUc9BkNl4uzNhdzqoReIztXvI5WZJZh2DVTN8-Jb1Tm3CPKS2khbOWu8jy1nPypyhTDaAqjYrxDLnWpn2r2VvpNPgEySVq8WMp0ZJbtZ5l0TvwBZmh-Uax0yxMVQ4BcqA38XLQryUS_o3oDFpyZcbfG0VkYk90OVXwYwAssTQd7DUk-MmEgeUd8qfz3NI_kMAkvRQGQ--MDrGeaI-EjmnhuL2HwqFfra7Zq6YTXS0MVs585f4NumLIA3A6JSjLIvgB6ifMYuF3JROlBARMxNgJHgejlEvmSpdVadfZ-opkPSk9GlAnXt0B4qtwru_RuA_icYDIa-CtaSpGCCCzvTZtfWuePPW5AyXqieEDXNQJBkxFh2J_WKSK3N-SVkoTZJMmZNNF6E_R9NxhqNVXUQUx1xGd2oLYfqFCeLmZQYwBQrteyBUeI3njNfUHU2Ni9T5rSwdDJlrl_QlE_h0lE_q3jRaRIlCPWHqDyovhn-djZgiMNPSr2iO1c_-tM_GlwZdsB50o7BA-t3MjF-KCL1qG8wts1NgjXxXF38tDqWc1d0-UqQNGR3l-k8ovI1wZCZs3EqlcdZw0RPr3q-NCmn7SwNgJtVlu9nSXOUz8AeQNw4mmWBonX1EXicZrTWpHRs8Y1HP28V8dBhPiR40bkiTkIx49TAW8_DbN1Uk1jywJlr6pVX4oPbqxnWSTnvSxD1HE4gyeCBvjolzO50JUCKZ_1C_J-d0pJ8CdJZwM8motrY6XMznYlQ0PG0bcsyvVeZtk5R7c2qVPRM1bF8_wTIAstpaNO7CCIjPaFg2oyYAwAEuyRr0bhlzJ00QLIJcEt2FvhplOp1lrzhQH6KgjEvBYLS-Glljxc1oGWdNu7okoAjjHuZzy5WXNv-v7Cpl7G7_Gi1EJ9oSQc-LVjipQXFxzmSIKk0gGeLHzPpOjJGml5GssdCKc44mszUOEFwGNuZp3DxgaCOljQpuAfCH5p8kMFIm2fnn6PmprjSQihCnCtcqjfxytFDaepIZng5AOKP2hMBZx8y408JIzTDRlZb2LlV7b7N50Zxq2Xney2b2go9zm_HLkcM_nC8cT-v8rmg25oulUFWGMsz39PhT7PsI3nS_nmojUwNl-kxRnYGP5rxzIecIO7hPgvREWhwhNGLWfkVe01VlAYNiD4h48mRK-N4Pc1AG7iLPZBQs-m7uYFkdAqKWcsvyyuKYyPKvYgQ1P5JZYYa5Sg0Ek0k0rwaKR9ZJVJg_iMM_41Yp4JDtkUyyDdY6j23fa7J8YUaFyNO73mKPjEBlYTRNO1ciZqsK5dDya5eq9xUUtvkTNFHzWGNU6Iy-xgirzjGGF7W3IL8kSGc9hgsZaawMKukxEHqhwiPHN-7DYw-xUNczV9kjznACQEtnUSau0fSU5fYZW9R3b54lGQPTV5KzyN9WGgZADG58R5Aueh0w-PrNhmPzeDSmH59m9DlPf5iCsvaSceypTTXNJX7nbpMxftqxHvseMFxcTMLRDpjY-7kzyRMJUbO6jdupJ4_by7bF1PsDBLX4hZ4ob7i-yMv2k9dT4zD0U0CwB1KuOqmH8NbbYeFWvEAwDcdcWA7ZV5U3UMmJDtrGc2hzMNVe9K-I017jpTUs3YCM-63Ucki0CNwplf30VQDVpu-aOIV5OvENVYjRm768UQZH2zAAKPO_6E3dBdIYELRs_pZh_inPVFaEOc0PaoChomdtwo-5Ls_OAKFxeGZHTrmBKpUcHyoM9TS_6PiE8F5vVpXYPcUSezraKE4RO1hGVRfcWhNYc1nnf8jOztA7elJRVWCWymzlbsTU5n_Qphs7SwYay2Fkgqee7c-Edcy2kvzJcSbRAvUEU-SH64_Ib_eu-MqfrM2sZTawyDek5OR1KF09d-I5UpeNMOgn-YCFy3d1dMECa4uvovEox_EpFGxrw-9xKwQzcjc43PtYt-SDpCH6tP5kDO1EZ8G5BWTPTYQgFtFbkjytMzYSdbRVg550REQaIadgftjBxrJaMSBkfNCc9oUbEOS9UkcYUXve9uvy3JsyVDoXztgg97kXsvqDJulKp-2NmTUcKbhui4b8YDJaBy77nhziZ5o-hgZ4xra-JPlO5e727zHyCsXOhSVA9ybsPNSmwwNpvG9esFUaYme4Zf3a-GU0osA6mPqvpacffo16nPNLak-43uaXFCe9qQP33sKK1roITZRJWs0-_b7TF5UHoPItS8dB6wCarb0wk6oVgkI85_BvvSPnWSxVgpcEpXQ4JwyQe2yyz0vjY&cid=CAQSOwBpAlJWhFWE8nHPgeUy8EwVCNm7Q04xOUpMQVuuG0y2SGHUhJG7JAYmalAxcQEgkoVjb81lZJC-ym1wGAE&dc_exteid=31157267241128686123991128492335605&dc_pubid=4&cbvp=2

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0052 0
0 46ms
46ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CDDGR-a-sZJivFZSe9u8PhpuoqAbRosLGcZvu54rLEZCr6cDzPRABIMCygmtglYKAgJQHoAHfwurSKcgBBqkCQZk6Lih0sj6oAwGqBNMBT9CKhlA_ZVIQBhycEhOVlAxql3SDeGHMo3ZzsqXLPOcGIxjfN8DeU7P0CIFeDnHb-eAfzcChTH_nXTH0le1JVWCMCL3lRvvUuuK9DQt83RiFcF_MRGONBwWQQjftAelVUm15BZOJH4CvuC-0VBfN7dt6dJ8zg-wl8t6aEkbnwXlh4ffoBmaNt2DTTjhJl3A4OtsARfUjjl3HyPpHyMRO8j_zuk0h33FIq2WatuGgsO0q_9f1wDR5LBAffU5n1CgdQ2S_tCtwFZD2YdlPkZsHgwLT6MAEm47kq7UE4AQDiAWbkdzjS5IFBggbEAIYAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGN4AH3_q6sgSoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHChD0pQYYvc-T8AHSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoDyAsBsBPh4oUUyBOZ_ZzjA9ATANgTDdgUAdAVAYAXAbIXHgocCAASFHB1Yi02NTkzNTIzMjEwMDEwMTU0GOrBbQ&sigh=0rJ7nCZfpOQ&uach_m=[UACH]&cid=CAQSOwBpAlJWhFWE8nHPgeUy8EwVCNm7Q04xOUpMQVuuG0y2SGHUhJG7JAYmalAxcQEgkoVjb81lZJC-ym1wGAE&template_id=509&vt=10&cbvp=2&vis=1
Requested by: Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 1EC5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEH6Tf1VbX7umH-TPXBVvync&google_cver=1

43 B
114 B

16ms
15ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEH6Tf1VbX7umH-TPXBVvync&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjNmbXcATAB&v=APEucNURidlBqXeAXLyKy-Mj7h_5Ql9m1KE18nyapPXXu7PF9uJ5yVqfRe2nRLiCrnho3wJwn7g3-c_RdtR_xscYMiL0VFO0szkOuRVitisLLYg6mK8GiQObhRHpDjPH3KeGRXOMdnK0lpGTjgwoAze85KhsQN6bE44kVGBt6of6edVO9-EAXrI
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEH6Tf1VbX7umH-TPXBVvync&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 1EC5 43 B
304 B 64ms
18ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjNmbXcATAB&v=APEucNURidlBqXeAXLyKy-Mj7h_5Ql9m1KE18nyapPXXu7PF9uJ5yVqfRe2nRLiCrnho3wJwn7g3-c_RdtR_xscYMiL0VFO0szkOuRVitisLLYg6mK8GiQObhRHpDjPH3KeGRXOMdnK0lpGTjgwoAze85KhsQN6bE44kVGBt6of6edVO9-EAXrI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 1EC5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEKWJyPT-36L9CwLPRBke0DA&google_cver=1

23 B
163 B

39ms
38ms

Image
image/gif

104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEKWJyPT-36L9CwLPRBke0DA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjNmbXcATAB&v=APEucNURidlBqXeAXLyKy-Mj7h_5Ql9m1KE18nyapPXXu7PF9uJ5yVqfRe2nRLiCrnho3wJwn7g3-c_RdtR_xscYMiL0VFO0szkOuRVitisLLYg6mK8GiQObhRHpDjPH3KeGRXOMdnK0lpGTjgwoAze85KhsQN6bE44kVGBt6of6edVO9-EAXrI
Protocol: H2
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Tue, 11 Jul 2023 01:27:22 GMT
pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEKWJyPT-36L9CwLPRBke0DA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 1EC5 23 B
163 B 99ms
36ms Image
image/gif 104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjNmbXcATAB&v=APEucNURidlBqXeAXLyKy-Mj7h_5Ql9m1KE18nyapPXXu7PF9uJ5yVqfRe2nRLiCrnho3wJwn7g3-c_RdtR_xscYMiL0VFO0szkOuRVitisLLYg6mK8GiQObhRHpDjPH3KeGRXOMdnK0lpGTjgwoAze85KhsQN6bE44kVGBt6of6edVO9-EAXrI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Tue, 11 Jul 2023 01:27:22 GMT
pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 10FD
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

37ms
36ms

Image
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Redirect headers

date: Tue, 11 Jul 2023 01:27:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 7900091963577414448
s0.2mdn.net/simgad/ Frame 10FD 44 KB
44 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7900091963577414448

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012306202201000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25b451f3cad26104f57800c79546bf5a40295d0cecf5623e623f4479b94d0ddd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 17:07:03 GMT
x-content-type-options: nosniff
age: 462019
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44765
x-xss-protection: 0
last-modified: Wed, 05 Jul 2023 10:29:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 04 Jul 2024 17:07:03 GMT

GET
H3 200 16421770815431758339
s0.2mdn.net/simgad/ Frame 10FD 10 KB
10 KB 9ms
9ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/16421770815431758339

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012306202201000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 17:07:03 GMT
x-content-type-options: nosniff
age: 462019
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Wed, 05 Jul 2023 10:29:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 04 Jul 2024 17:07:03 GMT

GET
H3 200 tr.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 10FD 3 KB
3 KB 9ms
8ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012306202201000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 15:32:50 GMT
x-content-type-options: nosniff
server: cafe
age: 35672
etag: 9957912877679239782
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3057
x-xss-protection: 0
expires: Tue, 11 Jul 2023 15:32:50 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 10FD 344 B
368 B 8ms
7ms Image
image/png 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012306202201000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 19:03:49 GMT
x-content-type-options: nosniff
server: cafe
age: 23013
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Tue, 11 Jul 2023 19:03:49 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6532 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2087728927945&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6532 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2087728927945&version=m202301230201&ct=76&x=1&cor=9114679046717076000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6532 93 KB
38 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BDe18vdPgcYus7-jtbH3B1747bWHSEDF7VZBSJN_VJjy2ZQV2BbCpwxIAb42ckpm8qaUvr3UVYmF_057A96faSOz1L_QkQMZqCdE3VipOMLAAxAY0&cry=1&dbm_d=AKAmf-Bo8AAt2DV17XNCkFoQ9_KmmARV0Ewj9bx9iG_UIeqtkjzjfbYwCO6Qur8FEwuarq9ZgYG5d58kq0rcDPkTvDEuP938gvgJAoKDr09vjjG87V0VIMl3Ft6wDFuUKExd6xysT3pEvNt7SW7CS_Mi3iAkdgXl3bkJJhrq21WjkwjtRzHKGxQ-YPRqBb6OGTMtLt98KoWcP25R90EbSmoaqGP4sCBGwlA7sInoBFp7cAisnrtow9Cjs7O-EnfKvneKngYWPcD8qdOQTJig0ah4jHFH-bzIzJ8q5pZTN_BvfCxdl2N47RzgCKwQ5ojSTmiI2kY1gvpq3qLfgkppFCrXbpjcCOdclZ0889LThCxUo_HfP0ST3RNHjqvFgy8DLskwGLrZ3O0OZon5OTDMn1lTHuhPO9Y9ljMPtM7qlZjsiKt23zbyVxxL8WfsTQ8wdA4t7ZkvOW7RNBk_TT4Ss6DG8HM0UzT6FLHbO_VJT0EWbWXlCYvW0jp-cGX6WwCphOnfDKnTMFwHmVhO8mb4DK8-aLadZJVa7AzaDXXXpu-ptwmrSXegCW4MkWU6nfSsODfcxGJWMRnWYKP7BSSGMRk5SUZES6CMgnMyZKSZJfzNHHMdezMfBU39HkBcD5Hf0ic_Z8HvY9TbqvniPK7rStw0ZoUS2wMePsK4xnumu_ZSFHIhVhHfFvEbdasQtWgT0kG7z2sQhPFIgzKpy6B8oSG6A7AcxCHNDp6PV3OTzkji8ITD_L40wvQTbCzCZXMDlaYDwm4Y-S9PY5vMDEOV7fHAXEM1X1tHo8nJGDbXbd0V6RGM9BKWpPZj-wKfheedNe42nmmZM3ANLUP8sQCvOaRGLhNeIfSKm0juSyLow9HAXZEcZtVVNJO95zpQHPoAAFy8NvYg8NGW0R-kQY7AL2UC3LyhuqHLM0DvscHr2ttZvJ8GRepCjxI-5PKIIIEus6lKxSBcs0csFrYT2xj7jnZdHu9jxEbZI9qBNlZWWJgOdTzJktHcTnjytMzWl18729-0Lmnw1UXvzRYS82ho9iBLwbiq9_iC6q2IsNViP6-h115IzkmVlHAyIBc9DOwXagl_oNP8ET9Yeo9kt2v7lhXuAzHHLxjmOhjWoFrcRY3qc9QY84gaCjUQIDe3ZTxzp5kAZIwgMfazTAbPTjHGjT86e_mgScgu58yAaef3K83fjMfDEWnneP8-Kyezm1C9Gi4tHllE6QZA93gfW4ZzrPSy9I_u_3VeolpU0iYw4Xf3aI6rg7kMADDHRLX_H8wKoxMwFZTNeaBOASq6c03atQA84RjJMqXApdo-xFzLER3_BdvsGSOs3DN7yHl5FGs4EFj26BuDO53JkB0qYDnw7TToiAE_E97HPJkYpISUWJiFf1QzSwloW_bfIStFsLAyOkZGkQ8-mcYRzwTk7pBdebDaHHEwQJjf9aSM8sWCoR6JxQo0GI8BS381MqPq9JJEadj5Pomw0HrNmIa1oH-s6sdIvrPXpMTonxEDTF_HE74fXVJ-VM31AOOcSCB8XkTAo6e4si4MBP1qPkH7vlWanP8hLimasrrG9tbe3lKN2les-Ul72Z1G3XiWSvYV9Rku3QTwJxnW_au3_sMOx3BcT6YT31U0hug9PPxmsbAeVTYnXL4J56kKc8bWAj0k3QOkdvHg-b3z4gpEwfQ2g3YAcJ2ZjgUXZMCsd0G7fS0HM9p8iMtJiwRxMvpYnjjOSPMecsGgzBpeGpZU4evF_TpOGWADBzB0-XLlVMVjb35BKjQ17s9a76BgvVCIi7_omH_2f3pw0OeSXLf0e710mnJ9BiFXOQeQqh8v_7P-n5bVwidLw8GScpBiEqUmdfrqHD7C1sUVcU_ftpudetiHHWyq5Zvu8q4b0QPj0EcdD84G4FHCDwrsKqaxWbSkfmW9Hox2cDPnhWQGnq7GApF_X4luvCsgpnbZQUmYleydJxwXF53NMkVbruE-Ig0rWyo440aCeOe9TWCCZ1Jl0YZYXjqFJhzBdaHKcvTLHmJ8uAGKlQPa-KOWvVWpUOtlkKkoV4892V2eUxg_dDRfPHwCkn_SiOr8ZH_QyqwVQW4aQ2B1Cifxsg7QIqrfV4GaF6E5HBrTJvKg6kwi-Qc4px9xrV65Wygl9qkX55036VbaSNN5IGhP4adXBWoZLicKXqdkbih3DL3RXqpxPmYaVuESnsYd6mcqhbbiTSXbjLrgCG_spFgRkTSll_wOqlkbho5h_YGocVhnFlg9LSVV1XHYGvLsk3yKCco-PDhEXPfNl1YEkZZyLXGTRUZaHAiEcWm25II7JGFJuOT4c3CFdM944zvUOA8AuyecZk0bjbDPq6rkysaGLIcEvTNv_C6_GtqAazbo6XHfIqfZBI1uF9i_kZjBXq9LZPvdnHbUXNF0QKxfuqxpvPGN5fGjLYh77YTWQxAVolVPEEtokKT-RNbjCgSjibuAstYrUoKID4vMcxmU8eKHtdt5aFQEZRpLLjnIP0gaz6t9ACRaFE3Vf811I9jiY_anDDBky8uINNaa9brM7crbk46eDI32dkbRrzEJKmKKkjwHwaDKyhVGa1IsjR6X40OCR-Te73Icvob69aMq00W1G9IAegBjLyI9Yz5dgT-EEW1F84fCjkED1wOPrgn1P_WB64LGacnmHt5Oz0IgT3z9LL5Y3Zf-EdyDIx3w56EOnEEc2ArAJKSPzBcWqGFBRSGGYJk0My_2maEkVVtGyP5_v94TD_p-qAwYz6cO_IysOAeAOz2hUwqOf9hOk7NpsLRwAwIScpLlIXzUQo4-vGy8HvRHmVGY2qwdt_WG-yZqsc63QAyzY2LDtI429TN-PRV6MOiUZHr3JeTtaRIfRgv18xJZWAgZuZYrW4C7AViZ9XBEViKA3abo-PXVbPsrGuU2GmLmtPy-q4or20LR4PIQ_ki42LElRFLvHEBwHxaAnh5dzrTKLNPp1p6M0_DqWB0-Ohyrmb04tSETg4fBKy1XUkkgXUJPiFMFKkMvvxl80WemCHUsoLqbLBPwWSJnFDHyPrASfLNfQFDdBpcHTyrXXqMZ9i9matFynQYBzwvtZMkWcBWmaXEXrby74KK_PrxreIQwSt9piw7t8StrN_CGviNZb-MJwmn40yCKfO3MgdRKYvMW_2rIYKIfUON3miE9NtYOFmW3SOxC8sL_3sq-wELixbkHTrzNwDLEJdy2pZ7lRbm0n4kld2PpolQSrRagt1yBbMjbrUI4zbq532L6bmvggy0q-4eJPh3p8EufQjoN6fstm_5jOJz4gdFRgbOQ4NyKX9EQLyK4Kpc5lkglM7CbNu6dQluF3AQB0xny0jIMCYfmDgtfAvqJdKWWshp0ohL6BrOJeqIpRnv2P1k_ILPnwsmZFa92Qy87j_7Mre48rsmmDnf-7FubOnnJU47wztHEhSyHdU0b3UA27P-uE1t_UPtKmst2mR2UEiQmsFiPe-1jE0rVpjSIvlTNFftK626P1yLoboNJCtMZfzncEKSEQ_4cSxbFhcBMlBwkhkWadi7zh3gaV-KmhumrXB6qIF60r8ni9-Tm51vSKaC0M0jxFWEvrStafIBjIhYjd5r_UzjLVSl52dntrid_cpI9PasLnpCkm6Qll70cXaOYOlQPCc29G4d5tHyf9SdLqJeQ-lIUyWqKaxberUyfCHXJINgVGUd7eHEy7nZ9vds3LTgBCraDpmGpWwsLIPFbN6ZPk1CFMjYbfgt3gfDjIR0RzgZ3nHFioGQaVoM1K2YSWuVI7h_5pfhCOHhaCWx8NDOR81pTVJY44Zngiu8APWziFmAp42gaBQ&cid=CAQSOwBpAlJWonhmtlIG1kO-E3o4XRv-QgGVMQ3daby9e6mwy3XV0q3whlPjQhoA8fcFr1qlkz_SZCL2p92dGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=9114679046717076000&adk=578009112&idt=43&cac=0&dtd=10

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6912f4b175280972c27f9ecb7faef8b018147adad03e0f8b4dfccfcdfa934008

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38490
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 86A9 172 KB
60 KB 23ms
7ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
Origin: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 14:24:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39757
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 14:24:45 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/elements/html/ Frame 86A9 11 KB
4 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ASXEcHFyyi_RE28UkECGve9a9yXjurVqH_V86uZOu-FrZwTUb-poD6QpDQB09JhNnZaS0QACHbEDnzGGMmj_IiMFSTunTXJX76d6U0jePvKXvnhk0&cry=1&dbm_d=AKAmf-BY-YNMjn9NxzpMz97bZqdH4HhjE6OkwFkk_8Rav5N2RpJj4tp-ZJi6HoQd2qIu9iE8DEavHvhn2jBsgMA7IXIfZ_Jf9H5HsL590p6CPH7rX_lCmC7OmgXSm7Gfu6g1L_0B3gZACCyHHoTxbfZgNPmZMUC90s3g8RnC7D6lzXub9Pi5gOunxlItQfFFMQlK4rfSJlzQwDaafusv-SGHf9hiBJlxMR4qd908_2JYVTMTXwr7GpZS6xqFIj_ttpbwUjYmGpXjeCi9ZpMKyE-IFCDnvVORMX5J1m44yqyWhQpjfCekUwygcaFvpiKVOJi383Zz4GWHvDUJfTBuj2Zw6CbqQ5u4Cd1XJU4d1zfJNdD7Q6LUnaWNRNUpVHDL8kpTIfcDVtePLdOS9On9fbgJie8KDp3MA9puV5yoUZGIwk02pNzVKniwZ9Xz-qo2bm7QFX8PzJ1hrI0XznZDcXz6aqdUGdxzUByZtHqqBX_LSKbVTkw58TpjBALOy-PwCz01CMgSf3osNTAbOQzA7DNITSkOHXRV0oEnW6PRH2ePRzDq0jRbRyxpqSxY5-BKSpnBu32bLLklRLYEl9gBYtHWVL2y9cpAumTl9hjr5TzOZxSgbvEXctSPf2bcTqdwQOetiFGmVnC8u9zz_qGLAXfv3KxhcNF1oy4dD24f7Blqjm9ouYGVjx0ifNl6uofNNtcrpBEAcGjLnIuO0HMvBoFT2NhiVaJHD2BR60XYmuUIcEqvJ9gh-MB9LeUf7wZXOkr61B5uQunoq3L1c16vHqtxwc8SAFGoOJR3KXcGAdfNQTmBKBl99Q_9rRPA7QcA8jt2_o9a2Nc-PV7pwi9TgdAk13d77RmW5YFUOlVfXmN2TOMZK5UsRQd6Rs4DUTXcFP0tNsqlhjWW2aAfsIrjM4RTXs2Duf3VZFvij565XMwK2S1MdN92e5FgJnuzB-Jc5ajzqUJVq1JX8lHRFtN8L_n3LIQ_tOwsfFb5hCj4jmNAlQ3CeYhf_6utSk4NCjFLEs03PVwFd3NkGFBtBiNiO4YQYFd5zEc1xHLQQpb6cHmbxzwEpxbRekUUj2tmulahxufFVNF9ZpL4VnbHBmAa3t6U10tphEenvW5hL1BFTBJrjNG2_7RoDlVimiPPhoh6Y_ye-T2AyilnIk61bIQJ76GhHXs-Ed2QeEJu9vTKq6goCO3Rpq9PDZNgn4_YFmCBgZfAbrHNOvF4hP98UcUhC-_cHygXHphpU_QqGCuhr9YwC3uX5zpino8S5NEMwA-fwzL9KQ5AfMeJfcF5QHmh1Z3NxUcW3ZGJGGN4fIIQ8PXcZmcHWzR3oLbdQ4SgOb4Sk6AfsbqfteJnmhhEsWzrXM5TjUIaAVEbDg5HvDCU5DO0-VPjQKI9cDoUcwLMfpvJMmY87agIGINIl6PV3qYfp-FlYi-_uNu7dmqcnXsgfTfA63uNBXTSUFULsWOffJLR0JIUEWqkBtdOIkxtO3HVtAvxVmEDdq0TEzggGr0LfLDBV6XYdt8XmIjfMGQ1HSdbitUrVV0G4jGcXS7FG6uMrLS26OYvj5P5v-0Oaz6tGOUbyDydDT_-U_tei6KWH1f6eWk-nWaTbu2rekS2WR4BxztTyMzZynG166oESJRTW9WYuaLO545lbkT1EMfSofFlj2TL7Y1-Lmn2gk_rXZxa59PMT5KVUHwqfwDU53_1O_roUrYnAE4Grrgj81zX976FdteSfic488_JaEN7wIuvT5rDmVxUoyCY5L7d5BJU9-sJmAZr4LI5GqmBzlLxYdsjEv9ece9s3u0UuSDTyt2R5sBlpq2ewM-rNM-1L_Lr78HWJIiAZAnDCsGqAg__bZvl50vYOV6tK6vEDdWaOtbprQtIgcf9pfx9DP-aoZl3PrK24lIjG4RelzVR7EVsUcr6-FjSGbaTiAepOreLT3IMXZdKrWEUC4qVf-SLi01Dw7Cfq5mjdDQOwiQTc0hnuBr42Dnk-HhuCCpwktI0Fi1roPNPgSefhLUDCuuWRnFlNHX-K40l_VAWlw6Vi5HrqsRANOYudSWdSQigT1NPEhypdgfot6lbbRc8Xeybo20zkpsWVzCwhgPKEgYm4fQPkgOCwPpb0HbpUwGRfdgYZkOvOeOX19WEzd-co9wseYSaJyb4tylcSIOPbWOzS7w78ttppYY2_2PFI3e_JEeSdY3Ja3OkC7i4qMzUJZ9ctEoWQJzBtr4joN3GtAHt6yVQm5DCN2OP2U21w-O9ADo7huqd3XpTCNJh50bF9jE6Vq0ziRTInkUDAwt9ykAK2PtPe7Pig53kLX8KHBVnPP0JfgwMStTXGZtEDtKDF1VRIQUrqmERRjy3F5FbgAEL5WSSl7H4mWS-Nh6ceBBsbmvtO1I2lsfsmOyeWZsuFbS1u-VXi0-djWfLijAESMq4NzhjHFDy-h9Toh98ETS55wAarYdNyt0MOD-K_BiXYikBSjRbLSj4356O8UTb6842gdY14H4YyCu9ad4ZipC6qWkqyMzEYpuYNANpVOOK2g9whLsUh1SFBKSf3xBhouwE9dJSus3nG-4QuiOSyWTZi0nBXGos9NOeHuwjMNjWgtN_9gCwH66foxwGOMXflatQxrULr6yCGeRnYlcqtHDySIvU4PvE60sYfAI3-DJAXi6UtO0FaVNGuIyB57PAf0Y3OCX0oKYkFIF7YmRsrWEg-EX1zhirBkVRInLJF-karIuXx8kcvCLED2p8LcxcfEXmqprf6RdSZ1rvWNHFg07a6L-lNjWFKRkpZzZV2WaqjouU9S1ZxxjQyUBmMrehD0IhexEgTnqU-rXEfSofyKvYaIZdn8-ZT06QUx0_mY9Dxj1KB4Ml1FGGeyqPLveWizLF0BKRtyME2DPCQYuop9fxpjKQy41uN45IuEgghU5k5Scb8hzftVeSlZZnpKvv3ftgLvuulXPcC_BINKQ87PO3XRv0zkKU66vgyhyiBheOIdBTUj2F0uacWA9k19wqmVeC4yWN-GaMAC4aiehg0eYY9DJxgG9hPCLXJVTLxZs-fXjUYTn2CcHAnJLyK-g_q0VkdCJ16YF9WpHlWUQ2A7sCCD2O25Fk7FPKqKoW4lTyDGvnzbPS_1d7gH67AFsEru0UKuTJ-9_UL-_xRNWWcZwfT-FKCntjSmN2WRrsw8t4-oPajqE7xnANJK86awsyElYQWw-bGfpIB-gDS3ZlhZ6Ar690hqK25egfHAwZUEkhkSoDcXFD9zOlrALUsjJwZE_O6XAg5dUJLtpOaov5zx4VoXt3vwECE9uZaWJmbSAALaNtbhrCexBrf15PC9RlqgLBBikwxOX8Fjo6xA8rtGL4Zf_01g9F6iD-3HwVDmqTip7aATpKJ5qNkoiSltJGl2m8ccf4oUtvkUIoOzEBserDKqryTuU6pOZWzV088sAyksVPLCgTYIHTZ7CGQ-s6nEqQbXWTAMTyllTiqR4n0lM5mxQw5H6zsbHDYD6y65sVj4M1SVij3dFxBkjigWNDhxy_WI8Mk7p10pCJ4yrgXdOA&cid=CAQSOwBpAlJWZrxr5oQ4UVFvFb01WBHgjroV3gSMjOunttjlxfhksIgxz0eLuzsZOMgycWu-0GlecZmTfCavGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=4910307427543806000&adk=1599433117&idt=29&cac=0&dtd=17

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 18:00:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26794
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 18:00:48 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/ Frame 86A9 30 KB
11 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 18:10:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26192
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 18:10:50 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 86A9 41 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 560087
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Jul 2024 13:52:35 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 6A69 143 B
166 B 8ms
7ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 651
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:16:31 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 123A 1 KB
643 B 8ms
8ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 30886
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 16:52:36 GMT
etag: 48472445140208031
expires: Tue, 11 Jul 2023 16:52:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 5D9A 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 885feef3723fd2632a8134742ddaa9452b7b477ee75b08e521a99ed3423f45c5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EA60 143 B
166 B 8ms
7ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 651
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:16:31 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame AC1C 1 KB
643 B 9ms
7ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 30886
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 16:52:36 GMT
etag: 48472445140208031
expires: Tue, 11 Jul 2023 16:52:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 5ed76f76e4b07a92411bc03a
ng2.virgul.com/tck/imp/ Frame A502 0
209 B 47ms
46ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed76f76e4b07a92411bc03a?g=1&t=gb&r=153377@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1689038841041&userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 11 Jul 2023 01:27:22 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
DATA 200
OK truncated
/ Frame 350D 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 69d6aa203babe6b2291333fcb524cb8eb2fe1374b61d879e014c9df71011aef8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 77FC 0
104 B 122ms
26ms Image
text/plain 2a02:fa8:8806:12::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEJCi2l3_fehYCCgUvVXTzDA&google_cver=1&google_push=AaAOQGEkvfEkNur7x9JpqDNnqP47Tm0-uSnAY_Gi8xvF5jTtEbtmfjAgc2kDayQiGtw0qDSqy_n162GyMKOo2nXMB1h22muZQHIa
Requested by: Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 77FC
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEAIUVfyfBq3yy4Z2-Wg05ME&google_cver=1&google_push=AaAOQGGtv87wlzDX__9v37EaitkZdrCV5ujk1_joJSNs1_aMyIuelkE_32BJKrM9E8Wdf1X8pIaU_ILCt86PWa...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1NDM2NjU4ODA3MTA0OTM1Nw%3D%3D&google_push=AaAOQGGtv87wlzDX__9v37EaitkZdrCV5ujk1_joJSNs1_aMyIuelkE_32BJKrM9E8Wdf1X8pIaU_ILCt86PWaiSbw...

170 B
188 B

17ms
17ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1NDM2NjU4ODA3MTA0OTM1Nw%3D%3D&google_push=AaAOQGGtv87wlzDX__9v37EaitkZdrCV5ujk1_joJSNs1_aMyIuelkE_32BJKrM9E8Wdf1X8pIaU_ILCt86PWaiSbwKw8NnvWjon

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1NDM2NjU4ODA3MTA0OTM1Nw%3D%3D&google_push=AaAOQGGtv87wlzDX__9v37EaitkZdrCV5ujk1_joJSNs1_aMyIuelkE_32BJKrM9E8Wdf1X8pIaU_ILCt86PWaiSbwKw8NnvWjon
Date: Tue, 11 Jul 2023 01:27:22 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 77FC
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEIsRiVmWFwXYYtxBP5Ksd6c&google_cver=1&google_push=AaAOQGGcw9azzb_ZgIRxqqgiqfH3Fq8LSyGCg7KsBxmZbXsEZdKfDj--_5V1_Xrm1r7oxXZ2BCKbWmkmT06RGl45...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=TamVKT_xQuOPrbG8-3B7uQ2&google_push=AaAOQGGcw9azzb_ZgIRxqqgiqfH3Fq8LSyGCg7KsBxmZbXsEZdKfDj--_5V1_Xrm1r7oxXZ2BCKbWmkmT06RGl45PScgTsNmubDc

170 B
188 B

17ms
17ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=TamVKT_xQuOPrbG8-3B7uQ2&google_push=AaAOQGGcw9azzb_ZgIRxqqgiqfH3Fq8LSyGCg7KsBxmZbXsEZdKfDj--_5V1_Xrm1r7oxXZ2BCKbWmkmT06RGl45PScgTsNmubDc

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 11 Jul 2023 01:27:22 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=TamVKT_xQuOPrbG8-3B7uQ2&google_push=AaAOQGGcw9azzb_ZgIRxqqgiqfH3Fq8LSyGCg7KsBxmZbXsEZdKfDj--_5V1_Xrm1r7oxXZ2BCKbWmkmT06RGl45PScgTsNmubDc
x-host: tde-deliveryengine-production-84d9bf65c-9fj8r
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 77FC
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESELt53h7GRmVhOsf2fq6nNyo&google_cver=1&google_push=AaAOQGE3i32xMJuT-MGcbFezD3SgVSOnY-FYB_eFkUk4y6Cfyq4mn6j4UjVU69zljyXOVPrKcdASSVdK...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESELt53h7GRmVhOsf2fq6nNyo&google_cver=1&google_push=AaAOQGE3i32xMJuT-MGcbFezD3SgVSOnY-FYB_eFkUk4y6Cfyq4mn6j4UjVU69zljyXOVPrKcdA...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODI2NzI2NzUwMjQwMDU5MzUyMQ&google_push=AaAOQGE3i32xMJuT-MGcbFezD3SgVSOnY-FYB_eFkUk4y6Cfyq4mn6j4UjVU69zljyXOVPrKcdASSV...

170 B
188 B

18ms
18ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODI2NzI2NzUwMjQwMDU5MzUyMQ&google_push=AaAOQGE3i32xMJuT-MGcbFezD3SgVSOnY-FYB_eFkUk4y6Cfyq4mn6j4UjVU69zljyXOVPrKcdASSVdKAbiSmpSerJOa--UhOiP1

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODI2NzI2NzUwMjQwMDU5MzUyMQ&google_push=AaAOQGE3i32xMJuT-MGcbFezD3SgVSOnY-FYB_eFkUk4y6Cfyq4mn6j4UjVU69zljyXOVPrKcdASSVdKAbiSmpSerJOa--UhOiP1
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 77FC 43 B
363 B 64ms
16ms Image
image/gif 178.250.7.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEIuihc21DHhRKGnoGOOo8J4&google_cver=1&google_push=AaAOQGE3OWxxjglj3grku_JcDr5nMdvD_urnkvqCnEKTjlm5aYVTYKBEojAzuc5ePXp8hF_uuKfyh0PxMaz7Clapr_MnuPpPoZg

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 280504
expires: Tue, 11 Jul 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 77FC
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESECxKMylw99DmsUZjRCsutRw&google_cver=1&google_push=AaAOQGGoi9Tlbu3aRaoZzkRGT0AViHpsQ6JWlfqVHc1zgDf-2LDzKjCB37KoD7Q-13YPhbH5saT_-Z_EID03C0ugs1DcSP...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESECxKMylw99DmsUZjRCsutRw&google_cver=1&google_push=AaAOQGGoi9Tlbu3aRaoZzkRGT0AViHpsQ6JWlfqVHc1zgDf-2LDzKjCB37KoD7Q-13YPhbH5saT_-Z_EID03C0ug...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=t-_wInyLRDKcI7nTmdcmQw&google_push=AaAOQGGoi9Tlbu3aRaoZzkRGT0AViHpsQ6JWlfqVHc1zgDf-2LDzKjCB37KoD7Q-13YPhbH5saT_-Z_EID03C0u...

170 B
188 B

17ms
17ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=t-_wInyLRDKcI7nTmdcmQw&google_push=AaAOQGGoi9Tlbu3aRaoZzkRGT0AViHpsQ6JWlfqVHc1zgDf-2LDzKjCB37KoD7Q-13YPhbH5saT_-Z_EID03C0ugs1DcSPT2tnXU

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=t-_wInyLRDKcI7nTmdcmQw&google_push=AaAOQGGoi9Tlbu3aRaoZzkRGT0AViHpsQ6JWlfqVHc1zgDf-2LDzKjCB37KoD7Q-13YPhbH5saT_-Z_EID03C0ugs1DcSPT2tnXU
access-control-allow-origin: *
date: Tue, 11 Jul 2023 01:27:22 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

/
onetag-sys.com/match/ Frame 77FC
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEM810FUAWJ1QoX3_mNuSt_A&google_cver=1&google_push=AaAOQGFAhVKpAXrdCQYbmTbguIdUUhZHRNh9FxjkvK-UPQaSBOISAczd_oEzLp_A4G-s9j6d31lPxcM1i85...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGFAhVKpAXrdCQYbmTbguIdUUhZHRNh9FxjkvK-UPQaSBOISAczd_oEzLp_A4G-s9j6d31lPxcM1i85gWQYqoY9juoN-rffl
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

15ms
15ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 77FC 0
12 B 24ms
23ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IuuHurf0-_eWxQFqRdaQUtyoPMcNswIUdPQ_8V526p8OSgiovVf43NzY7GTZZdFrPQA5GYew

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 xgde.js Show response
gdetr.hit.gemius.pl/gdejs/ Frame 2833 56 KB
20 KB 67ms
19ms Script
application/x-javascript 188.165.145.88
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gdetr.hit.gemius.pl/gdejs/xgde.js
Requested by: Host: trgde.adocean.pl
URL: https://trgde.adocean.pl/_1689038841944/ad.js?id=Ltih8RaczJRSpKHvU3Ue8Rl9s8MAVzINIskf9usDc0L.37/nc=0/gdpr=0/gdpr_consent=/redir=https://ng.virgul.com/ct/64954933e4b03f04e549367e?userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6&sdr=&et=&r=153366@site_geneli@yemek_net:site_geneli&l=&info=&t=banner&cs=1689038841406&m=
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 188.165.145.88 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: GHC /
Resource Hash: 243ff4b38ca5fe323056ea75585fb66ec3ed73293eac13e7d215376f1418eb4a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
content-encoding: gzip
last-modified: Mon, 30 Jan 2023 07:57:30 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
etag: "63D7786A0000E1021FE82885"
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 20061
expires: Wed, 12 Jul 2023 01:27:22 GMT

GET
H2 200 970x250.jpg
trgde.adocean.pl/files/akiksqprhqe/plcrirltpv/lmpnkxqper/ Frame 2833 191 KB
192 KB 20ms
20ms Image
image/jpeg 92.222.252.174
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trgde.adocean.pl/files/akiksqprhqe/plcrirltpv/lmpnkxqper/970x250.jpg
Requested by: Host: trgde.adocean.pl
URL: https://trgde.adocean.pl/_1689038841944/ad.js?id=Ltih8RaczJRSpKHvU3Ue8Rl9s8MAVzINIskf9usDc0L.37/nc=0/gdpr=0/gdpr_consent=/redir=https://ng.virgul.com/ct/64954933e4b03f04e549367e?userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6&sdr=&et=&r=153366@site_geneli@yemek_net:site_geneli&l=&info=&t=banner&cs=1689038841406&m=
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 92.222.252.174 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: ip174.ip-92-222-252.eu
Software: GAD /
Resource Hash: 87a279c5253e6ecf14ccebb981758aaddefeb4612391f556a132da8df114aeb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
last-modified: Thu, 18 May 2023 13:45:45 GMT
server: GAD
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
etag: "64662C090002FDCB413673A4"
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: image/jpeg
cache-control: public, must-revalidate, max-age=4320000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 196043
expires: Wed, 30 Aug 2023 01:27:22 GMT

GET
H2 200 inscreen_lib.js Show response
gdetr.hit.gemius.pl/gdejs/ Frame 2833 25 KB
10 KB 66ms
19ms Script
application/x-javascript 188.165.145.88
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gdetr.hit.gemius.pl/gdejs/inscreen_lib.js
Requested by: Host: trgde.adocean.pl
URL: https://trgde.adocean.pl/_1689038841944/ad.js?id=Ltih8RaczJRSpKHvU3Ue8Rl9s8MAVzINIskf9usDc0L.37/nc=0/gdpr=0/gdpr_consent=/redir=https://ng.virgul.com/ct/64954933e4b03f04e549367e?userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6&sdr=&et=&r=153366@site_geneli@yemek_net:site_geneli&l=&info=&t=banner&cs=1689038841406&m=
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 188.165.145.88 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: GHC /
Resource Hash: c3b1ca5d98d4076ec5875d96d79179647df3148e16005ec6c2b7e131eabecbb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
content-encoding: gzip
last-modified: Wed, 28 Nov 2018 10:03:50 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
etag: "5BFE68060000651BD04AF2C1"
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 9748
expires: Wed, 12 Jul 2023 01:27:22 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4044 1 KB
643 B 10ms
10ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 30886
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 16:52:36 GMT
etag: 48472445140208031
expires: Tue, 11 Jul 2023 16:52:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 86A9 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6cc9a183b5e2429546fa85901c8a0e7c77add2b42698d50d7a5013b5fc26edc5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 ad
googleads.g.doubleclick.net/dbm/ Frame 5D9A 42 B
63 B 34ms
34ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D1JwgKtJdBQ6KH4bgExnVaqREWLgTTVWcNAGTAwbqZs18X_fwjfXGWZNmVpd5TZZS1YKwmuv42-Bcnk9au3LLnkCZHWwJvk0Djx0ncOtr-JGBpvGe6u0Dx6jPpYbHusEhagh2j2QnzCGNKqODWyEeGAM6hQA&dbm_d=AKAmf-Bfeq6lridLQWhFRED0nGeDK2sJBuR4DdCeJDdV24Z09pVIiFKs9XCVi64vM9DknCq-ZssgnRMFHPRmticpDNW6NkowALBA-eQ7KiwZpbVinU-2TWfz9GNIC5TnbfE9a53hcSYVS8aajg4ydjAbpQeyt5W7Qq00WElUXYbJkO_tUPZFXDHYP1TeZtUaUEvL1_R6s1LbS8lKyVYY02ZSU7zlx3E2QDWJ-pxuAHSHioAHkcNVOWDyMzolrdxI6ItDqsoen0k9D9MfQaNe9ruld4pEn44vmmGVFqEdBwQ7Ny-3Sr3oLgY9krkHNrwjje7JsZZ14PRP08V3emgK39055pfrFuuRIWkCZjaerKKlOs6cX0LjR3vPPGhS79zkkSV44aNnngt6YA7_AfdcR12wLpAGZ_bEF6C6COUpVnBT-UUUrPZ8HgtVBRWIFvnEDVrPqpnMj1eQuMMa_i_V6lrw4ONxUmWoEXjcZ3c5LTXI89dDuDlmTnNkMH0LZoXEU3IjsQNSEoSU-mEgNHP30mcj-aML5Q_I3C1gpCZlWLh7_kUevaXE_T4HBei_L5jl3Bo_xb9rO6b09yW9dd0zfRiGELLwGGAvkcU_dZaqnbayuKFKo7QQZhXNzaKkz0ePOChaEDO8A6yp9NE_XBUc6Av_3gGCia06PZ9AdpuAr6s4zAZ8yMIawci5vwwHmDNvQxXP5HEXmOkbj2D5l7vnoVPHDxKio0wQEYu-DjgDYEH0eB5eU0LmnePM5yJRkgek-DvIpBFZSge6HRM_LS6hu1FEpgWBb-eA5s7tqVOo9IUu2HSWdrXOLvxnK9atPg1uwUDQwYmw-OfGf8W3uXm6bG5fMC7_34AuoeAl0FjfuuLYr6tjl16nWTCqR872JhzRnI_Lv_A45HoMZm7oLT3uW80Zf2MPn0wOQPC9wThgvWrT_LvVIDZvV0OgvH27AXCTnHbw7PjUiDW_vW_ah5RsTjS--QxityCbvV-vDZ3H7ruU6ZMfh6dMM9BckmAdQGT5smoxXCBKb9Dv5mvHZCPpYwzhCgzK34b4iyriFsWpJdsQK5s4nTd55JSGkBy_Dre3AWkqvdNhjh8S-hAmWT4HMDFcVB723NWOL-9OhqaCEq6ObbJTcSJid6FxuzPJLUXCcKWhqIqYjaPG4mK8iB3ZVNMakdD9ja5CiAGtsiuQeC_gkNG8ZQFY8DZxHeH7aqoNiPLJonLlVaItuh6Z6Qp43gPuNBxDW-wl85fiREWY-Tw0zAoO5v8e70qbfbrVvNdbYn8P_MnFEXRrF1ybjaPgeiJPKVgvqDczYDXeZTlY1DWZhPvHqzcKDZ1tteiOOGqekHriRcs6xFhtvhX7_QFzQ5t1NAGNzwhRJB7CDzqN60oKQmsS5QooDRtXvqgVZ8ogWMMU6cuJN5GxFfb01r3YT70vl2_tzbmjoFkBxKX9_nV2Zyde0xWJsdpyMeqRF9yYcYUlM83lBlj3sWkoXLBxzAXvXgBRmBGXzfjLbwob33ZNLWWQCKHJrWKKQ1IwM8ztEzmiWgX_ClTaX5p3itESvAbZyLuaiFcbHQRjKYQM1lcYnOYCOADrbtMg7GIkHqpSWs-pA9ffUliJmEqMrazL2QkR43HDyU5thGg_RDiCHqksMnOXWW1AV1jb_XY4rqEp7rSPUEA44RrBim2aIoJoSC9Pfxe7cfGaje7Cl_w6h2zJYg5ERasoPmfANaaaAn6hn1L29mcABlPMkg-ynttgbjHsMQt9ohKa72FVhHtW_TkK0LQyrHOd44Obq41mQumNKCyoSgdPGcFVA5rVW4AstM_5g0dfJJN0M2nAd8ubFZy2wbZEZhgp09Z5czhPDN9z_pwawcrJQWQ1CnaCCT8WTDBtLy7_rnTl_mDe2tqwprXY2Qq8kp9UzwxQlS8aK6mw_LBsTkuCfidXSTrhORvsHj2PKtgQ9dVqGwtpYtnVLQepxUU4oGndS3kPCCSG2UotLRi48lqe-hZckQkZTOBz5BDeulgbDGix_JMXrfDKKa8jyvjCbIi9iUzz_HLpLXXRPZpCYarkxLRDQKf8cBMNP7GGrh6q7FRcNDaX-5yKwP2_mx1SPj5Dl4ruQvnbTHTnMsPb9I5NQGMZBEjT_UM9juufz_N5BNu-eXNoSqqNG1JTS1D9dzgXR_dgUvHhk4bbirXzBLRs53MvFa2aJDJMWsreYKpuVp0_FqFWDAJvOhXZWfwhCzC6LGCh1gK9ybhPqSW59dtKGU4IHcWS1gXNr3MinNWoepcGiKPeMW12h3N2N-JOfDtQJ9AEWh2XgmuDZc9n8FM6hbbKCZRqL4rxPAMIBO3GQFPfEgtuSfcFCLxD9ahG4Gz_B-uxGr-uSTcUZ3-jbeZqnslk5OvJfVGdZCNkk_dybjkTk2nBuxWTYN1jVhB-l18094RDwRvnv-xmUbRdwSgSF5WMiA8AlEaJuH6hMbzm0yPR5a_SEeDKmxVIrIZae5ceTUVqBeW6ucXIXYg85jKc_yqrkGWBCaDjHe2O5b0C2I7Rv1e5I6JnsbDItToMwENtlhI9cx00sTpb5jpJ1iPWx6uqPH3kCkzHIQVORNnkpW93Mo_XBZvM96_FfOqc9NeOGFessYxE2MwyxmTszPS69pmpYOrEZUbHbTzfh-nIsYcdarIEOsR1sgM7oE3vQ1bJfbW_VYt3dhLinqlZuQTHHfoe0JSzvXnjsAsuuqIsVUeLfRBKPsDN_lu7-ajIFG6Rmtf-9lRaW5vIYe-57hv4fd20jO69kb8somJsCKQO2ulx2AdS2jTVi7k2srYFVccldd7DzjmfE1E_GkqQTtdlCg0TleU8LX4IM-6AM3vJ-diOxU7OjylB3pycEbKPAj1mBKGMf5iK17CBg2NQcikNriJrsWske-YS9MGHusDY8XZNlbl_gCpQ0hgqs25wvrjFYskSJ1UwM5e-R54Med8WJWHJw8b8DNetC5Ih0oHWgLf-khhUn5CRySJ7bHO8voFbJNLtO_m3r7qk6rKhYiFik-kZbZJwkMs-xr7vHTLB5LAbUgreF1pUE8brTHKk_MOy8mdQE_GH6i7BIzSoEruJjDuqG6oflw3_XomUfom_Lzkf8R8wCHzYzrvcJarjntuqDk59vqqXH6hQJ_u_G7SUqTamzqqLCzbmzBskgrfsQwMsspUQjzeAqNixFC471swi5TbaQNDxtE2_DiSEXePJOAQ6ekuZuNdoT2SQs2kPrQ-QZVJ2di22qtr8X3udfnXY4m1ZPy28-3O2IAMMgUmrMxYq2BMDDB0_uI2iO3LrmsOrvfdnuy9QF124n1n7JYXW__8IYzaD50kVt2sN9bUA3oeCG1XdZ_yQmqdBezfDC1Gawn3ZZXDW2GJuaPRRY8W_vAKvgbACHwSzsaT5Z8SU2oEU-DVH5OZdSqc6JTz-In1KKQ&cid=CAQSOwBpAlJWe_fw1A1V3tQaOZ3Uhk2WFE1MAVDUFp6TiCXm_ndpICygFI8CGcMJ-WirSpo7onE998HoR9qwGAE&dc_exteid=31157267243995420833504422856807922&dc_pubid=4&cbvp=2

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 5D9A 0
0 48ms
47ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CBgEr-a-sZM6TIMOs9u8P0NWv8A3RosLGcZvu54rLEZCr6cDzPRABIMCygmtglYKAgJQHoAHfwurSKcgBBqkCP8W5v-90sj6oAwGqBNkBT9B-2Q3eCkDfzJ7VNO7Cfdb_vIds59ZnOBX-Vs0tsK1OTiWMF4izCT-Epk4A5q6B8Z9yV0LJpiODMVzIMzJH5uXpp80oK6p4TuehiChh0e2X-UuEK2kbR_P9CXszVoMpw9aHUa0-mGOi_2d5GA1LE5AsdWtfqa843H5EEFoaVVZtE1wcOoDN8JomAXG1Xjoee_41DOAFi7uKhtvHEQkgXV5eqKZC6V6yNqdfvRplzjSzM6PLlUY0BgmdILB-g5oNlYCZFCZqCnBcg2BPZvvI-pDqnLBWopXUQ8AEm47kq7UE4AQDiAWbkdzjS5IFBggbEAIYAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGN4AH3_q6sgSoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHChDvxAUYvc-T8AHSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoDyAsBsBPh4oUUyBOZ_ZzjA9ATANgTDdgUAdAVAYAXAbIXHgocCAASFHB1Yi02NTkzNTIzMjEwMDEwMTU0GOrBbQ&sigh=CUF6plUKCxc&uach_m=[UACH]&cid=CAQSOwBpAlJWe_fw1A1V3tQaOZ3Uhk2WFE1MAVDUFp6TiCXm_ndpICygFI8CGcMJ-WirSpo7onE998HoR9qwGAE&template_id=509&vt=10&cbvp=2&vis=1
Requested by: Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 ad
googleads.g.doubleclick.net/dbm/ Frame 350D 42 B
63 B 69ms
68ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CRiVt85Xpo2uoTYOg1nwueBVT_XUSE29035wxiTSEMaE1HgUvzwQtWWO3IegPL1fjhgczyIjt-smWTN4Su_FfVMF9wM9zrlmvApCiIv8c_Pw81a87uLxcDrc3WKAvweQXXfobXHaDpRYcR09k5JE_wtSW0QQ&dbm_d=AKAmf-BacnAsvZS0rFdjivs8WiElqa3jz3kEHLPBvXqdbtl6m4zXgNi6RVVbcNp4zdmulVZo1R6cAUMyrnv-9CLSwNr2RjMB7RFChsle_ReQ9S-_vq3vhAua_kGw56ZCctAR2JD-tm1K6LmrLYMnx6Kn8pQSIcPQXzBLg3LkRWnnbrhWKBbqgpJafu1HaXQDKrmYDmRL1bMWCkuvxfKcwleX169BgqBF7Wj2OJFsZ_Y7Nx-BH-p_JQT64ylFR17p0gSC-7cDeT8axu11TKCxbf1dj4vIkAUGtTvHjKVVoYM1q10og4Zv83w8jr-xW7GyFU0FJpCZ2h-hpdkOXMnmdkJcdUrhFncWZbFL_CpDf89D5MrkFRL1SqzC8dhK2X5blc6OP_ReYfGsWwLPob7I8I51NYwxn9BFDjaB13MsA_epuf2irpTiq6hZhuarBkgMQOSpgTF-AWecryNI9R__0IXcmsr2jxIa8-tiajRjeo0FkUlC3MHE7VU3N25JtGfiLZUi9-_6LcHLW3a5FRLD_h1EVZRHjE8Tn3r5sIH4v3ZcWJ7Hw2W-mKZnezARq-GZ2RIzNymU4x0pJjMR_x1tb3c8RFe8QfcyCKNMC8puLXWNReh1Q5sa56QUtky_zhLItdJTnvvakH7xxgwu4bR8KUX85R8cwmU9qzDwWtiXE7D27TCporqUIiyjiGUHH8cY3UabpqXKBqLr5W4f9l9D34MjJoNPQkrIDjuWQC0xH8rpeqbzUeTBo_y7Y1Z8CPsN4u2x5DcHAsBGmJId5SSvqAVOtEs053NnNsffDWKxmaWAY8S6X_eCN_Pkd0hbjrkZrehheHqHNjR_23-_v8m7NxOUYsRQnexlSS1-yhu7xLyZkPRrT2ackAOt-9I0hHBQZYCaYE8oHQ1FFw07i4o9bvIa9iQHBm1Wz9293PFki24mhb_N3w4x80S2K2GuE0UVHv4KyBUyUj5IZ7clKtaD7Ok761C2Ozy0SrzwRVmoGKX3qErn43y6ohc7qwkSdUNd3-ZOC8KPb4UeGsHdjOfCEe3SyesvOJItMDKqQbkwSgWeoQg7QLOZZ5BAlMY2zlMZ4rF339G9FYcXXZVxpg7jlcgT412HjZdZYTfX1VlXdZA7vhJQcW3fN-yE1Q9VVL-ZE8KZ6ih03piU0HWTGRCvlTyGguNdBADPm9A8LXiACPor_9qIol5tk4Kj_Y3LiS0FvLPx9OpyJVLonSulskYkXSYC4y7ShnyjSAa7bvB8HpUARFfJGEJGD9hIYHYy8wsII45kJRRgMPT149oOj8exaGFDV7jPabvVo5BcysbcOaxJQSpSfK-XzFOS5sLE6so-_jthgMoNHdaS7RoQWIqMEby8E9FPOyn5G20XiPmPuIyZjG4t0m583J437Ue1nfOrMu6BmUIGoED4HqUj9frV8Ys3eVn1yoPbktl2NdqkPdMEKugkc5PWj7ToRToQ-t_4UstOVk2tRHY6BD41TUpOcSijD1KLdcCzRTRryBpqpTLFC7rgLnROaEEVCIcGPmjGMGnSmvX8vRneCv8oHBBBchRMtA0IoWJKpPWX0FT6vRcGPnCNb2wQNwNKI108eXoXgRA8Z_dLyLS4mOP2IhJScpmQH9oN7mJ8h5pHAomhWtXAMDDSX6XzOoHO2XebBfzKe7uojBrgfoeoD_N_U7HTdSYLipmuHz29JzABRAasVIJoFUCBwWRluoiO6vS3IGa8fByFI0-58lQVbryjXhde4AtP5MCAzw6xLvpcO7_zr8J_kXf3C-bOxZi4fqO9QVYIZQziiwGDsQa-gjzEIbGs6Nk5TLQIoFD0YwJm5hDR6wJ1bce8iuNw3xSKZrmJE7K_TSxHCfIQzkwvOiOvrBa3EbJXb0YOoDGP6TAXvc_qX28KVBSZtOZn9sfu4cLnR29dIh7zX1zJPhTXsrduRSzv1s1kq6NquVGQ-W0uRxd9ylYTMQ-d-QrzdULo0tTrRoQk1OxiWKEd0DKoe88BtBlUlOuDN7p3fGTLrv5zx8gvTrutEou9E-fscvugqTF0P1TguFxmWGikbzXZRP0vWF4hLgCWXv4lFEErUlhcAYPLJ1fRFKN4Xuk46xq_Rayih3VY9WwTu9-JRbuUnpwJ6ys8R9XKtgfKONJ5bJ9DPBfQZ3fvI9HcdIAl219h081MIWlcx-0fdQZUGLqsEH6uJTcce-iGei3Xj0EXTFAqhDhovTVsCSa6IdHHoA-I3KtQUUh2AAcAwsUGEODwkY1oI0I6CFWRN8GAEVoiO2kyZeyMz89ilD4x_V9ggjG0RY4xWdzQ88gefyVCn4w5U6qiMxg1RDMRLN_22nWCMg8PNYt_oLc8AUAR33H-79G9LLJiiI3gonFxLwkF1GywjwEou-t15y4IL-qxnHuPdxQ9dxQA6KJnkTUoQOP1KCk3Dludb9GOmwww7YIwdZed1h3b9T8I2hXWhIx7ptOROwWcPOgg-EQaCtP5sD3KZv8h8ttuD_oky2v2zqY2MxdbOKO4_baNB5sxU6uv5sWI4-zchMS4NdhB1MrJIih4CD9RJmqVpzjJrnujt1DiXbWJfoQB8I5-DPU2JTxCBTkmdzeuGT6HInsvV42km8meqargwWmwqGwM1h8Mrkp5rtOurh0xaHRv463PvrXxWxQ3k-_P2LILs5R3DXALD5-7qRcfo2hOGbhDeoaAHKVKONJ9XYTLwiKYe18YIpzahKnD7ghZRBJAYj2XciHrcMHfntDUVeWe0uDMVnLLGnWEiJRcnm8RoAfCQsQks9QxF8Hmp6I4VOH_huQnp7R8VyoHUzW7mYMF6VRH_yhhiFiuWOMyrvNf6GeQzX585gg43btlro4JgGUwWVW0fzqcEaZI1TQOoQYdQHmnCIgga3T1mGPxGWhrub3E6nNkYQ-eoVpc63S6an2j4cSwlp040BvF63gfbxsr31AKUuo9vP42aF0jC_Citx_-AsANe686Ze8fDQosKmXJQrWwqKfUkJVyUBHKxD2f_U_BH71DmUEB4lFtTHYYKhrATrVsgtDSX3eBKm1KZZpYEqEr0HCEJuLb8p9t2V8bJgLJHqF0TOOE1OHMOC6-aTJP_GdBgkZy7LUKjoiSGf-AIEoD1w7-TvUZ8FGTw_sL8q1D8omtG-w5pJG9r6Vqo_Z8RUwVeV7XyIJiEXgwAZAdvW-aeCFnzug85YnHNKiQOiAwmhBm1B1kPWlmHjpbtpaX6VNpYfz69FTp7aAm2fTTQuf1UjR6Hith8VEkoGpaQXK_OH1skhzKp66AQq5LpvkN_stlXMCTsz4OVIOvjGrAV4PQ9E9_lHAEEV4SDG4Q_thXWFmOJAZI48AI2bJHny8a_HfTQsKl1-1j86bPsWo9zX7Y0yIeg__5RCWSGZE_P-0jEU3cbk4BDSccGjTjbCvDFD-qgKHL4mrwxmYfztLR_hYNdMFftSUrpd4&cid=CAQSOwBpAlJW4p10KpHTQwRAKa63hf6o4_pSQ6R90PelO0bisw_yGlRlxnBx0gJ4j6MsVnuCixNHjohlF60wGAE&dc_exteid=31157267244140338454965180895872633&dc_pubid=4&cbvp=2

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 350D 0
0 46ms
46ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C4bae-a-sZOepIfCt9u8P7rOiYNGiwsZxm-7nissRkKvpwPM9EAEgwLKCa2CVgoCAlAegAd_C6tIpyAEGqQJBmTouKHSyPqgDAaoE2QFP0NdlrrrnMN-gCw7EWlq5IMSxC9dKIm8z9wQW-W6nVzqsLA1EGlC4QKZ3Ga74BeQZu6f2RIWKtZJKi5240yII6BOlIa3QynDh4qT_ykFscnAJScT_uoD2OLEq2r3rooNbfkwS3GDheoigsQWj1_pNlgTpo93C4TUom1CmouFkB-JkR_H0P3_lZxNOeawkW9Ci1IsgYJjtNCrYnrxWsXWlM8iboFXMFbXFpAiUIkvfgkJ2DNFyLRHh9wtxf_YKBCIa89ljaVS3rMfXE5pl_FsyocxjsbaPyHn9wASbjuSrtQTgBAOIBZuR3ONLkgUGCBsQAhgBkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAY3gAff-rqyBKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcKEPThBxi9z5PwAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgPICwGwE-HihRTIE5n9nOMD0BMA2BMN2BQB0BUBgBcBshceChwIABIUcHViLTY1OTM1MjMyMTAwMTAxNTQY6sFt&sigh=v-Nb2LjCjF0&uach_m=[UACH]&cid=CAQSOwBpAlJW4p10KpHTQwRAKa63hf6o4_pSQ6R90PelO0bisw_yGlRlxnBx0gJ4j6MsVnuCixNHjohlF60wGAE&template_id=509&vt=10&cbvp=2&vis=1
Requested by: Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 70DE
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

18ms
18ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:27:22 GMT
expires: Tue, 11 Jul 2023 01:27:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:27:22 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad
googleads.g.doubleclick.net/dbm/ Frame 10FD 42 B
63 B 33ms
32ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Di5g-5yVs7F7kOlkwu4RIeIiM2IjIVRLF9Rx7O59kn8H_bptXhbgsuj-3DHDm12_5kwqBw3_Y-26-RxzLDaTEDJZfZT9yz6g9jzACAYTipHcM6bibLBEQAVsC3A6TYlYFt-4pv7f1HUSRX40xTYIRFs4pVIg&dbm_d=AKAmf-BDcseLZtiSOLst8rRhNhoPsDctXM9AQyvi0P1Pdw_1AbvrvALxKUNnfAEPQ5oyxs4OIX7sUI1zVdVleB7Iv3hkHv8HtbxRdr3JprWW1u5MKG-phioKN1win7pudKEKko84kVvLnrTTCXv_fE3fbiCOtBWvpp_wXCUKVjl_2NzpO1KE3ucWY5J0S4owkGiCf9xzted3CfNDEup23XIj-GGVkIPyRdiWwxkiVLmhBLqTHaBeemG4sFQ7I9C30Qe8KmpH1WjTZdIzd2K8fYcu-iGvzWIDWrW2G8lZx7zLwxYke1guUrck4cKRPI1GAF6_b0jZb-tFrZRD33rM8s0gW5zqpXQK-3MeNn2txoEy6S4kT7oeIflPmzluaNBzO9cRj8mNmlGpGzKhBlpQrzZMalz4BAW0zmof0TF7FoFJqku_URIbxZOBlrCMUCegFXZCcrI6DOF3Hv5wgLWLjWs3oK8ijU5canoA-_8Ld7FnedKNNJ089jDuYAp6Thq4L21A1Iv-C2tDdFa5zE8kHQOH--O7NOPbeRv8hNC1UB_gbrncyn1LweA3KdkSHpbzB-KB4Rb59pJKMVszQxL2eer-eg9MzeOfUp6gRaCTxgK6OBYEM3QTnEaRJu9AOb8FP9SrIzbaKpM3z1fUiswyQpx-LLgJANj91LT3mJNJJCOBENaKa17d17esqSWlais4-91zbWWXWMjlqHfR75fTyI_tuPBqrY2VDx-OOnbiQLqeDWWstMYx8_v59XkIBI83UKKudxr_pOYX46ZplxFB2-HaAOvd-Q007ETadQopoQMgks8JE3qMKOKXXki9KTLf3rXo-YIduVtMmjm2a6vwqWZdHETLdcDt9LkT03S49Y2wibEsNpwCFazDUA06pvfZU9rcLlpQixX6YoAb5-CdvUIVtU5OcEOjD3BEshMFDMpVk8lN2P0hIFejJS00EKU3KIl844nAYCxi3s_7B031-3rQvontp6yPAwPucvyEfnlos5F3hWs9sgM9xnstkUV5nHTqTm8N-mvCcc-I3SanaIF2aGTpLWEjg443eqaqluSDQOhGDlG34wc60y1UUYV8pzOXZQMWq7obp-mTy7RV9mgww55bLKvSbOeq9Fax_sJJgnbBW8y3xbxOB9Uc-DS3J8yHFkYFbGVYUYRPvSA1TXK1IrcwCRh5FpXHBSpVX_igTMjqTz36YEgUVM_ZLM_CGnBNt9yQ9ljXKyw5tO9I8XycwCBQJlPdvVG-Kt7vEQwYMpZsbbijCcoVcRSSewihd4Q_0zLxpPml4QdUkWF1Y8_pOFHxrDbok25LqhHV3nH8XlLbXZW2lLDvNDwtDGU_zxtehAFouLPtNTEUIwuQxkvWu0QMfh1vDgMJDHj38xYaAjJalNTu2DeJLHxQFc_53GwB-ObyueDvbWyAJygqUyMYal84CujvPrNDhtoydAr18P7TuNgEyOYJNqKZ4qvJqXv9PihFU2lK1fgJ13fCAK-Byk2cEo1yvhU-d9CbqJyAHV0DEdJoB3BPxQy_FRzLAw59nESCKbCi6rRW2LqlYkpod0__7Mp15ei1zB73Sx4KrDGgz6FFeY-mF-fY3LDHbHUH6Iren-O38dY_8GIFm_lH_Zjg0jJP7hP8UBY-l6tbQGMq-8ekr2oOYT09sU4IaUwJbkAJEY1c3FhAOf8UkvPzn8nHLaK2CyFxpxYyt0oF8ccNNogYUFKsqz_gJDOwOKB1L9az6jbI40Oh5gVydWguoEzFxVq5VLDU4i9EjRMXHWkR8E4zvoabzVFfO7ZIAFpZKBbGWUixeGGA32fVZ4ONYJfE3y4lv2aA8exWzAJ6xtt5xUkxSF2mKxL6CgWVUq_cFvacoHEKOpunbUhvNJFTN3nsBYl65XDF7k2Z2oaQmK1yaqzIuBxhMobhHLKXRJR_yQidEe5vcNkjQZUmld1RzMy7AvCBUyfjoNx3tHcyrfuqTBqUWBnA4s4X3Uwyr2Fw3iulTYSVNA5u6jmO6U7vzXw4bbDGP9nw4adO1ojulgsCIR8ms-zxuehfM8GKfa0lhgO6HsnWtwZsNtveqaGRYrfO2P-pN286NZKS3hyKEAjzUeO-DmPJzN1fk1WcQaLD3SlP3irB-Nim2ahCvVTi8Y77Pwa81XcOJvmgVjIRhbWYpICKhi7tD0ROFiQKeOWiHAIBLeQAQMEEwoW58BnxutJoDijJuwnJqSoAagjL-D986pj7gqoQk0mhc5_YScjf00mj94dVHKRd1v2kWBwgKl6gCbWm-ZFhHBD5PvwExnrMgQ67-qQW-SEaCt387vB2CS6hX9Ry7DRZd8X9r1l60KkS2gDrQw2gsRcUCRsg_NxUhBEgSgKAnjeGXE8SthmcWPnAENBZ1mLSq6shiHr3n7SbBJ2m07Mjwh8ClVEtbahkzpLfNoi1FkTYZSi3dEk5fUVbjYDuu2u4TDv7GsGeMov6fsk3pN1VK2ILOeVynFgbVRaf9bfyKg7-vagGSPEuYhW4Bzy84C7uQ6WLdB7u2rP2_RMyzCZq50G9WZ18I7iesK71rxiB4Yi-xBDkLqIRUUhQgUtmDwu6euZrZRs3B8yz-azdxdlbNeKAZwfHCa8aZfxTOl662l0NUkax1Xt0VrgncWps_Z39op5qV9WKnnviq06GHp7ewo9tMJ2Hb46ky_mjeo4NcOvSkHlu1L3mWuXYOm7dR5pq_HkRicX-vEfOunklvwDz7n61j2DF-FkXMg6U069jYySPcs3ZDlhWCZWfM4HetIW9eNOh98LRas9MDz7VJ_LOUpuWe3py8G0H0vot16LlnhNxpL4NZ10v2saP9ujojNAyOB8UCdBNECQqtpESrqlEg-C3oP63YKsu997-xoNCQyeShgYnY8uPOi_2TnLiWDFl3peSoaq_iUdb7Yf01FQgOntItpYQVL8eLbP7Xslkg57-DaaZINwbEH-gSYWv64LbwHP8U-b9BooDH3EapcMVzMKgzyGStDdjCs2VjbJ0Yc8LS27MsAO3Mlb6HIhK1hcXjWYkYWRYX1QLeCzcPVwglMW3UJa0IgsYJxihiwJZCltq4gyF0TWwbZvWThaP7t0wIKylz6x3MIqAkgk1Cl-GLB91L2MTKsklXg9Nx1ZOWiZ-Oj_5ajW6FWvabZ3PHpkShrbT1cH7E8hWBeDy2vHLcDwOx4E_MBTUo4oZfmSidbnjNlxcuiifblsnWeTY-t8FCuF48qC9uOnBxyhEkt-iCw7xJr96YOhno5t2CACZ6iOMbL492E7FreA6HZMMk8WHdGgKWZXdxsYX3kkvWLFp__HR0pP_rdiRiw-yJeHPVH4QyewIilp7PTth37g-5ZPyISmiosL5BSN461o97kk_zkfmm2RxVDWAFm2zNWbfAxfjo0isQ8yK3PVzK6NrHZiT_dn0VK6THoDofEp9mBkP_ndlJiSXgQUP_k_beVYWgWellNGGvM-yMWjl8Cc9xTp4LS7ik8HCA09qTbgo0w&cid=CAQSOwBpAlJWoQca0IDvNi8siH77-z4L4FxrjxNW8VTpdn88lLmBqLnZJ8YLYEJ0ZCg_eY82XCR1VsSvqGGUGAE&dc_exteid=31157267244942993183100430905788025&dc_pubid=4&cbvp=2

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 6532 172 KB
60 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
Origin: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 14:24:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39757
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 14:24:45 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/elements/html/ Frame 6532 11 KB
4 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BDe18vdPgcYus7-jtbH3B1747bWHSEDF7VZBSJN_VJjy2ZQV2BbCpwxIAb42ckpm8qaUvr3UVYmF_057A96faSOz1L_QkQMZqCdE3VipOMLAAxAY0&cry=1&dbm_d=AKAmf-Bo8AAt2DV17XNCkFoQ9_KmmARV0Ewj9bx9iG_UIeqtkjzjfbYwCO6Qur8FEwuarq9ZgYG5d58kq0rcDPkTvDEuP938gvgJAoKDr09vjjG87V0VIMl3Ft6wDFuUKExd6xysT3pEvNt7SW7CS_Mi3iAkdgXl3bkJJhrq21WjkwjtRzHKGxQ-YPRqBb6OGTMtLt98KoWcP25R90EbSmoaqGP4sCBGwlA7sInoBFp7cAisnrtow9Cjs7O-EnfKvneKngYWPcD8qdOQTJig0ah4jHFH-bzIzJ8q5pZTN_BvfCxdl2N47RzgCKwQ5ojSTmiI2kY1gvpq3qLfgkppFCrXbpjcCOdclZ0889LThCxUo_HfP0ST3RNHjqvFgy8DLskwGLrZ3O0OZon5OTDMn1lTHuhPO9Y9ljMPtM7qlZjsiKt23zbyVxxL8WfsTQ8wdA4t7ZkvOW7RNBk_TT4Ss6DG8HM0UzT6FLHbO_VJT0EWbWXlCYvW0jp-cGX6WwCphOnfDKnTMFwHmVhO8mb4DK8-aLadZJVa7AzaDXXXpu-ptwmrSXegCW4MkWU6nfSsODfcxGJWMRnWYKP7BSSGMRk5SUZES6CMgnMyZKSZJfzNHHMdezMfBU39HkBcD5Hf0ic_Z8HvY9TbqvniPK7rStw0ZoUS2wMePsK4xnumu_ZSFHIhVhHfFvEbdasQtWgT0kG7z2sQhPFIgzKpy6B8oSG6A7AcxCHNDp6PV3OTzkji8ITD_L40wvQTbCzCZXMDlaYDwm4Y-S9PY5vMDEOV7fHAXEM1X1tHo8nJGDbXbd0V6RGM9BKWpPZj-wKfheedNe42nmmZM3ANLUP8sQCvOaRGLhNeIfSKm0juSyLow9HAXZEcZtVVNJO95zpQHPoAAFy8NvYg8NGW0R-kQY7AL2UC3LyhuqHLM0DvscHr2ttZvJ8GRepCjxI-5PKIIIEus6lKxSBcs0csFrYT2xj7jnZdHu9jxEbZI9qBNlZWWJgOdTzJktHcTnjytMzWl18729-0Lmnw1UXvzRYS82ho9iBLwbiq9_iC6q2IsNViP6-h115IzkmVlHAyIBc9DOwXagl_oNP8ET9Yeo9kt2v7lhXuAzHHLxjmOhjWoFrcRY3qc9QY84gaCjUQIDe3ZTxzp5kAZIwgMfazTAbPTjHGjT86e_mgScgu58yAaef3K83fjMfDEWnneP8-Kyezm1C9Gi4tHllE6QZA93gfW4ZzrPSy9I_u_3VeolpU0iYw4Xf3aI6rg7kMADDHRLX_H8wKoxMwFZTNeaBOASq6c03atQA84RjJMqXApdo-xFzLER3_BdvsGSOs3DN7yHl5FGs4EFj26BuDO53JkB0qYDnw7TToiAE_E97HPJkYpISUWJiFf1QzSwloW_bfIStFsLAyOkZGkQ8-mcYRzwTk7pBdebDaHHEwQJjf9aSM8sWCoR6JxQo0GI8BS381MqPq9JJEadj5Pomw0HrNmIa1oH-s6sdIvrPXpMTonxEDTF_HE74fXVJ-VM31AOOcSCB8XkTAo6e4si4MBP1qPkH7vlWanP8hLimasrrG9tbe3lKN2les-Ul72Z1G3XiWSvYV9Rku3QTwJxnW_au3_sMOx3BcT6YT31U0hug9PPxmsbAeVTYnXL4J56kKc8bWAj0k3QOkdvHg-b3z4gpEwfQ2g3YAcJ2ZjgUXZMCsd0G7fS0HM9p8iMtJiwRxMvpYnjjOSPMecsGgzBpeGpZU4evF_TpOGWADBzB0-XLlVMVjb35BKjQ17s9a76BgvVCIi7_omH_2f3pw0OeSXLf0e710mnJ9BiFXOQeQqh8v_7P-n5bVwidLw8GScpBiEqUmdfrqHD7C1sUVcU_ftpudetiHHWyq5Zvu8q4b0QPj0EcdD84G4FHCDwrsKqaxWbSkfmW9Hox2cDPnhWQGnq7GApF_X4luvCsgpnbZQUmYleydJxwXF53NMkVbruE-Ig0rWyo440aCeOe9TWCCZ1Jl0YZYXjqFJhzBdaHKcvTLHmJ8uAGKlQPa-KOWvVWpUOtlkKkoV4892V2eUxg_dDRfPHwCkn_SiOr8ZH_QyqwVQW4aQ2B1Cifxsg7QIqrfV4GaF6E5HBrTJvKg6kwi-Qc4px9xrV65Wygl9qkX55036VbaSNN5IGhP4adXBWoZLicKXqdkbih3DL3RXqpxPmYaVuESnsYd6mcqhbbiTSXbjLrgCG_spFgRkTSll_wOqlkbho5h_YGocVhnFlg9LSVV1XHYGvLsk3yKCco-PDhEXPfNl1YEkZZyLXGTRUZaHAiEcWm25II7JGFJuOT4c3CFdM944zvUOA8AuyecZk0bjbDPq6rkysaGLIcEvTNv_C6_GtqAazbo6XHfIqfZBI1uF9i_kZjBXq9LZPvdnHbUXNF0QKxfuqxpvPGN5fGjLYh77YTWQxAVolVPEEtokKT-RNbjCgSjibuAstYrUoKID4vMcxmU8eKHtdt5aFQEZRpLLjnIP0gaz6t9ACRaFE3Vf811I9jiY_anDDBky8uINNaa9brM7crbk46eDI32dkbRrzEJKmKKkjwHwaDKyhVGa1IsjR6X40OCR-Te73Icvob69aMq00W1G9IAegBjLyI9Yz5dgT-EEW1F84fCjkED1wOPrgn1P_WB64LGacnmHt5Oz0IgT3z9LL5Y3Zf-EdyDIx3w56EOnEEc2ArAJKSPzBcWqGFBRSGGYJk0My_2maEkVVtGyP5_v94TD_p-qAwYz6cO_IysOAeAOz2hUwqOf9hOk7NpsLRwAwIScpLlIXzUQo4-vGy8HvRHmVGY2qwdt_WG-yZqsc63QAyzY2LDtI429TN-PRV6MOiUZHr3JeTtaRIfRgv18xJZWAgZuZYrW4C7AViZ9XBEViKA3abo-PXVbPsrGuU2GmLmtPy-q4or20LR4PIQ_ki42LElRFLvHEBwHxaAnh5dzrTKLNPp1p6M0_DqWB0-Ohyrmb04tSETg4fBKy1XUkkgXUJPiFMFKkMvvxl80WemCHUsoLqbLBPwWSJnFDHyPrASfLNfQFDdBpcHTyrXXqMZ9i9matFynQYBzwvtZMkWcBWmaXEXrby74KK_PrxreIQwSt9piw7t8StrN_CGviNZb-MJwmn40yCKfO3MgdRKYvMW_2rIYKIfUON3miE9NtYOFmW3SOxC8sL_3sq-wELixbkHTrzNwDLEJdy2pZ7lRbm0n4kld2PpolQSrRagt1yBbMjbrUI4zbq532L6bmvggy0q-4eJPh3p8EufQjoN6fstm_5jOJz4gdFRgbOQ4NyKX9EQLyK4Kpc5lkglM7CbNu6dQluF3AQB0xny0jIMCYfmDgtfAvqJdKWWshp0ohL6BrOJeqIpRnv2P1k_ILPnwsmZFa92Qy87j_7Mre48rsmmDnf-7FubOnnJU47wztHEhSyHdU0b3UA27P-uE1t_UPtKmst2mR2UEiQmsFiPe-1jE0rVpjSIvlTNFftK626P1yLoboNJCtMZfzncEKSEQ_4cSxbFhcBMlBwkhkWadi7zh3gaV-KmhumrXB6qIF60r8ni9-Tm51vSKaC0M0jxFWEvrStafIBjIhYjd5r_UzjLVSl52dntrid_cpI9PasLnpCkm6Qll70cXaOYOlQPCc29G4d5tHyf9SdLqJeQ-lIUyWqKaxberUyfCHXJINgVGUd7eHEy7nZ9vds3LTgBCraDpmGpWwsLIPFbN6ZPk1CFMjYbfgt3gfDjIR0RzgZ3nHFioGQaVoM1K2YSWuVI7h_5pfhCOHhaCWx8NDOR81pTVJY44Zngiu8APWziFmAp42gaBQ&cid=CAQSOwBpAlJWonhmtlIG1kO-E3o4XRv-QgGVMQ3daby9e6mwy3XV0q3whlPjQhoA8fcFr1qlkz_SZCL2p92dGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=9114679046717076000&adk=578009112&idt=43&cac=0&dtd=10

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 18:00:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26794
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 18:00:48 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/ Frame 6532 30 KB
11 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 18:10:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26192
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 18:10:50 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6532 41 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 560087
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Jul 2024 13:52:35 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 123A 70 B
265 B 97ms
29ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEL1t3cNwAvMXiYCCbbDatQI&google_cver=1&google_push=AaAOQGH7Ub2Tcc1NLlaZvz0LELu1zAx80MXFpcXc7TYEcksr8rSzdC1QBxNpgxO0tiYBZcyn2A5EskCrM2TcwGiFyn-nvaoBsPSg
Requested by: Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 123A 0
174 B 62ms
18ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEG14tAFum0k3NKKnddov8ac&google_cver=1&google_push=AaAOQGHKDJ5N8P-MydoCGLx8ykgn6XrmZnokH9pZiHUjawuePGQLJjHzDbsZS-ARodFrprs8oQckiMBmG7LxBKtLxkP2JEuUoQOf
Requested by: Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 123A
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEGZPTxotDupKuBjjqaefQ6A&google_cver=1&google_push=AaAOQGG8MlYPXYCX2QLdt3vKfJvTbBjzBedD-7T1JUAXtNVotXoIQ1bDryw4wtthptvf6ijv8qVR33tQwaOAF-MZkJq0...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEGZPTxotDupKuBjjqaefQ6A&google_cver=1&google_push=AaAOQGG8MlYPXYCX2QLdt3vKfJvTbBjzBedD-7T1JUAXtNVotXoIQ1bDryw4wtthptvf6ijv8qVR33tQwaOAF-...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGG8MlYPXYCX2QLdt3vKfJvTbBjzBedD-7T1JUAXtNVotXoIQ1bDryw4wtthptvf6ijv8qVR33tQwaOAF-MZkJq0IV1a6YQj&google_hm=0Gaq4q1yQOenhc-ruDhLSA==

170 B
188 B

19ms
17ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGG8MlYPXYCX2QLdt3vKfJvTbBjzBedD-7T1JUAXtNVotXoIQ1bDryw4wtthptvf6ijv8qVR33tQwaOAF-MZkJq0IV1a6YQj&google_hm=0Gaq4q1yQOenhc-ruDhLSA==

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGG8MlYPXYCX2QLdt3vKfJvTbBjzBedD-7T1JUAXtNVotXoIQ1bDryw4wtthptvf6ijv8qVR33tQwaOAF-MZkJq0IV1a6YQj&google_hm=0Gaq4q1yQOenhc-ruDhLSA==
date: Tue, 11 Jul 2023 01:27:22 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 123A
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=t39Ki4bORQKndVz4An3gbQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

18ms
18ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=t39Ki4bORQKndVz4An3gbQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGGeU4lDty3rSxV_-UyUX-iMVBgqC10KCQESiBo1sWxwFndx0Y3ZxuAi9bM8ePC-c3kr6_lhtgm1DZs6qKDXTfDZIKqjceNp

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=t39Ki4bORQKndVz4An3gbQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGGeU4lDty3rSxV_-UyUX-iMVBgqC10KCQESiBo1sWxwFndx0Y3ZxuAi9bM8ePC-c3kr6_lhtgm1DZs6qKDXTfDZIKqjceNp
date: Tue, 11 Jul 2023 01:27:21 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 123A
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEPWVV-blgDKYpezAp3yVn3s&google_cver=1&google_push=AaAOQGGvz_OnhvIxlN9aiSFDfG0SZs8FzPzlDTgKWmuKr_g7Y11EsH56kNdLmGEFqXushrGAysh9I1eRn0oFoT4I...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AaAOQGGvz_OnhvIxlN9aiSFDfG0SZs8FzPzlDTgKWmuKr_g7Y11EsH56kNdLmGEFqXushrGAysh9I1eRn0oFoT4Iv1jn0549j4Xz

170 B
188 B

17ms
17ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AaAOQGGvz_OnhvIxlN9aiSFDfG0SZs8FzPzlDTgKWmuKr_g7Y11EsH56kNdLmGEFqXushrGAysh9I1eRn0oFoT4Iv1jn0549j4Xz

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 11 Jul 2023 01:27:22 GMT
via: 1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA6-C1
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AaAOQGGvz_OnhvIxlN9aiSFDfG0SZs8FzPzlDTgKWmuKr_g7Y11EsH56kNdLmGEFqXushrGAysh9I1eRn0oFoT4Iv1jn0549j4Xz
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: QENQXaxhoZTC_Lrk6VlxPzkJVJTLm1TMDLbasvSFOEBPIiNSfZkaJw==

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58281/ Frame 123A 0
125 B 178ms
13ms Image
text/plain 3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEO-KtKxEXMH1Kxi2GuIjUKI&google_cver=1&google_push=AaAOQGFIM5M6oFCpuciV2fbg4QuDn93Jf_ojXK1_4pw46ABJ4mT0HyhRbK7YF3RXIWn2Sh2RchZ_uzVnFVZAIcxdlBxJIa4h-x5wDQ

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

report
sync.teads.tv/um/ Frame 123A
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEKd0-PAx3w0B...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AaAOQGGCzs8fFUR5bRvDxvSdsbvf5Y4DOlnM4x1ScfKjkFnE390Ce1Y6id3A5RL2wAdMSqoDLfPpIGXMbz4tyB08k14-oriJRLbpaA
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

38ms
38ms

Image
image/gif

104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Tue, 11 Jul 2023 01:27:22 GMT
pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 123A 0
12 B 15ms
15ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IiO5GFyAqU6NVwYr__HLcJEg4GR6wv8vdyRqhhhkSlqfDEoU2lek8FRArsSHgDgluHrMH3mVc

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 160x600.html Show response
s0.2mdn.net/sadbundle/5793540040533475328/ Frame 6C34 47 KB
12 KB 16ms
16ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=u60bNXXIrJ&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38cd707764af5e7610feaee1542d30cfd86a74d0eee75df12aaf6b1d0ded65e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:27:22 GMT
expires: Wed, 10 Jul 2024 01:27:22 GMT
last-modified: Wed, 15 Feb 2023 15:29:42 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 86A9 0
0 96ms
56ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv9dzLgqg6zQm-DJHihPijj4noRiN6QRfneddUpCz6lk8fXtwRhQVACxLjM4Fh9KaTzmRZGzGa5ncN-glzBaxDry0jh3DCAjU--qEix5WHUAYBFZ2ukFgd5GZJUvVO55TWyicnr3q2ziZ_ELVLmVvHGi6OydnKw8142Ar0P6ezJffF1nyqwPRmH5XcakyKuxF0SDRwRiknfgjvMalsGXaY3lpnyE2MCsOT_B9rXr63aoOWEXHgePGv3QIU-w-GtTIFZrV_LeEx2Hp3Ly97xbgUSLKGj7ajiNXVUXSLwgBBVNZfKbRTb9v4Wq_oZer9jFgcdRpUD0REW-3UM4BhPc13_jLOxCXWGI_hlInBnW5-V2tFf-mUPEJG-cmpteoOOM7EkOFzQVcEDsUUhc_VlQxM742GlSaCQEAyYIqLRF9L_hZhz-EJPAi0h4-9zA2Bah8b0oG6jLHcW6d0oDtAsRH3t8_uvg-U1XDtN5Je33qUeQLMud0PsacDCfGCH8ASb8ikQIQpUeD3yvNnH6gq4aFBvYnLHpqJFM3iZEwspVdMBGWf2loHFi1R9AfuNRTqS9UQFO_E4wwzeomLRESKdoRlC8s5OO66xJhXROJXlSTELJ7Dt3teW9IKv_zCdwXNiSjdl_TIv3mwqOpl7k19_vOgObzvsDXeDH3BwZ3BAI3qCQ6yUyQA8irz5ENBYW3tZ8-2CA1-768CR-HrAz3bVYea2w2W2CoU5S33zCfYykyb8WDX1a9jbLDdqnMxEKQskefdLd34Peerd4pDok3llnQsx0DbAFS8Y40g1z2ixMF50u6gT1pnRTlTHx7Y0KtC3UuUzYLuPrKoqnq8ccDIgg0VtCL7Sq4T27Ubx6PPSN7wZYybkz-SujndR6otbiScDxJzNdhkSnFImCWUB1Egwhg9JudJZhamb800tfIAmB2IGLHtjofBzucX74CIqWb85-4TaYQX9OD2Kythge0M1Hau5gcIvfDwwAY6q0podQfJ8qfU4pL6Lm6zA10T6kAF1Zi1UjJSmL6hVUfmigG5t91jgs6RseQxCQAnF-PCo2nLNhi-J5zLSHkg7dNW_QekQXlsd3jx3WYzIdCh1_iVrvCHeRV1sD9OcTqTs6yJBno8FwxbJTtXkBc3_aaOHq3iUw0VY64ZM9CclDAhtG9x3-WtW5aXXb4S9Pw_m6dhpQHuepZ2Y7-mIelJAEwcHIN9D9LRBGUCLXxXzyFor1wEOwKBtxVGY5PlGz4SVdTrbQ1RmrrgYS3-gWhN54WI85urqKt2EkjAAC4W6qwvhElTjSUPvobyzftWwWnyr8zaVmnPpdVoUnGy4DqSDmaBtSzWFaW_CJ7w&sai=AMfl-YS6eErfmLQRF8URW2kvi14QMNArOnxGL8u_bsfMJWaFJ-i771hylLZ2mjPEPwz5emmVLSCsO6_Do1uVerfZZ1bUDWNKu065bbl4NUqez7idlfyXrAAIe_UfMt7JW5kORJcx1PkCnDSaY6Ss62kBnFblbKBt-9XX4Uez5mYpu6Err3OCZgNUdoGgcKidbkKfswrfLTKHWN9jWwVWI3rdIm_0RIRdUoGNmRtVueFMijhFovTYHguJWjFo7C_H99283T1jcpYot3uq1veAArCvXHTfxj3otQ&sig=Cg0ArKJSzGU6xpotsl_mEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=155&cbvp=1&cstd=146&cisv=r20230706.26309&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 11 Jul 2023 01:27:22 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 11 Jul 2023 01:27:22 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame AC1C 35 B
463 B 39ms
9ms Image
image/gif 2620:116:800d:21:de2e:c7b3:55c0:d5a0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEByn9JEElHxHyHTVHcbzW0k&google_cver=1&google_push=AaAOQGH68rLWWar25nceDx0EJEzq5Nqk3hPVDi3Blvfy_1b61nlJXgwUf-DFWi5XUkQrXyeCOagblUV-taaRX9WWMw-NuJDiaA

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:de2e:c7b3:55c0:d5a0 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame AC1C 0
103 B 15ms
14ms Image
text/plain 2a02:fa8:8806:12::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEL7B9JwKzR_qbT0HgQkBPug&google_cver=1&google_push=AaAOQGFK_uOnefLZ-l6pKsZwWv7w0j7gGIlmOZVI0sOfE9wArY2LMRXh8q-St5Wm2tAg3M0bhHSFT4DtxQzFNVFRFLeBFBvxpg
Requested by: Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AC1C
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEP6JAOeEkLTb7R3dclF2smo&google_cver=1&google_push=AaAOQGGZAGz2Cw7fhfuUj039xS3UWhIQv7a_NTeTXdiL9hO-w_GZK2zISbU6EYVbNV5eHdCxtCoWdoe5V2r2FYwl...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGGZAGz2Cw7fhfuUj039xS3UWhIQv7a_NTeTXdiL9hO-w_GZK2zISbU6EYVbNV5eHdCxtCoWdoe5V2r2FYwlXSY1sLrYyA

170 B
188 B

17ms
17ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGGZAGz2Cw7fhfuUj039xS3UWhIQv7a_NTeTXdiL9hO-w_GZK2zISbU6EYVbNV5eHdCxtCoWdoe5V2r2FYwlXSY1sLrYyA

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 11 Jul 2023 01:27:22 GMT
Server: MT3 1031 59fd23a master cdg cdg-pixel-x33 config_version:"1438"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGGZAGz2Cw7fhfuUj039xS3UWhIQv7a_NTeTXdiL9hO-w_GZK2zISbU6EYVbNV5eHdCxtCoWdoe5V2r2FYwlXSY1sLrYyA
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 11 Jul 2023 01:27:21 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AC1C
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEBrwwlU0cUfoMiWCESWk-2o&google_cver=1&google_push=AaAOQGFAsAiDXdmLAXQmP8bCs_NPSeFsO3hwNDHb2EOHKXGnM5hyA9FP3G7QWwwX-gWUS29smo3StYhC...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzcwNjIwNTc5Mzg4NjQ1MTA0Ng&google_push=AaAOQGFAsAiDXdmLAXQmP8bCs_NPSeFsO3hwNDHb2EOHKXGnM5hyA9FP3G7QWwwX-gWUS29smo3StY...

170 B
188 B

20ms
20ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzcwNjIwNTc5Mzg4NjQ1MTA0Ng&google_push=AaAOQGFAsAiDXdmLAXQmP8bCs_NPSeFsO3hwNDHb2EOHKXGnM5hyA9FP3G7QWwwX-gWUS29smo3StYhCV-8wnbzVs1VROqwo8w

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzcwNjIwNTc5Mzg4NjQ1MTA0Ng&google_push=AaAOQGFAsAiDXdmLAXQmP8bCs_NPSeFsO3hwNDHb2EOHKXGnM5hyA9FP3G7QWwwX-gWUS29smo3StYhCV-8wnbzVs1VROqwo8w
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AC1C
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEI14BqVX-uE_vSzSM9n_9IA&google_cver=1&google_push=AaAOQGFoq8_F10WSSgEmVUGvFXoD6iRisaulPkAQENWHPSVAEFG8o0JRWDmjF-NWmFcGQe_WK0me97P0_3R8Nb5GwqEGKu...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=t-_wInyLRDKcI7nTmdcmQw&google_push=AaAOQGFoq8_F10WSSgEmVUGvFXoD6iRisaulPkAQENWHPSVAEFG8o0JRWDmjF-NWmFcGQe_WK0me97P0_3R8Nb5...

170 B
188 B

18ms
18ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=t-_wInyLRDKcI7nTmdcmQw&google_push=AaAOQGFoq8_F10WSSgEmVUGvFXoD6iRisaulPkAQENWHPSVAEFG8o0JRWDmjF-NWmFcGQe_WK0me97P0_3R8Nb5GwqEGKuOSvwI

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=t-_wInyLRDKcI7nTmdcmQw&google_push=AaAOQGFoq8_F10WSSgEmVUGvFXoD6iRisaulPkAQENWHPSVAEFG8o0JRWDmjF-NWmFcGQe_WK0me97P0_3R8Nb5GwqEGKuOSvwI
access-control-allow-origin: *
date: Tue, 11 Jul 2023 01:27:22 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

/
onetag-sys.com/match/ Frame AC1C
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEP3sTaqsXe7Rmz2-btfjbN0&google_cver=1&google_push=AaAOQGGydWMfGOy26H0JzHUwR1m_khlkBYf2mOLN91hYyCW8-sHd-P4XXxeSclHc3mJ_OwOndJ726KFYnUt...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGGydWMfGOy26H0JzHUwR1m_khlkBYf2mOLN91hYyCW8-sHd-P4XXxeSclHc3mJ_OwOndJ726KFYnUtlzdHJK6rU1UMBt58
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

16ms
15ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AC1C
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEKDlOfESPhnNiCa3eZePOPw&google_cver=1&google_push=AaAOQGGhIzV-yoePT...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MTYyMTgxNzUyOTY0MDQ0NTU2&google_gid=CAESEKDlOfESPhnNiCa3eZePOPw&google_cver=1&google_push=AaAOQGGhIzV-yoePTACcyoxcA8YtdhnFdOMCalVv5g...

170 B
188 B

17ms
17ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MTYyMTgxNzUyOTY0MDQ0NTU2&google_gid=CAESEKDlOfESPhnNiCa3eZePOPw&google_cver=1&google_push=AaAOQGGhIzV-yoePTACcyoxcA8YtdhnFdOMCalVv5gWFntyi-A0wRMwUKFIoL7Xk4BT6X5meX8PjY0JV7pni20zlhidHY7dMfxQ

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
an-x-request-uuid: 4dc10023-a483-4355-9d6e-d0ef9399cbe8
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MTYyMTgxNzUyOTY0MDQ0NTU2&google_gid=CAESEKDlOfESPhnNiCa3eZePOPw&google_cver=1&google_push=AaAOQGGhIzV-yoePTACcyoxcA8YtdhnFdOMCalVv5gWFntyi-A0wRMwUKFIoL7Xk4BT6X5meX8PjY0JV7pni20zlhidHY7dMfxQ
x-proxy-origin: 37.58.58.244; 37.58.58.244; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame AC1C 0
12 B 15ms
14ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jk1kHwXKsYxCDFv_PLkp_8GWUDLW1cE9FRnEp07cJWQDYbmQ8cBlJvUspOIFPRNTJSlEc4Ns4

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 10FD 0
0 46ms
46ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CWuGY-a-sZPSdIb3K7_UPq7yNyA2hyIa2cYbJsIXNEYnwxqe0PRABIMCygmtglYKAgJQHoAGC4O7SKcgBBqkCQZk6Lih0sj6oAwGqBNoBT9C5c8GXZNsUKi1OkggtWQczs0JvqCN4MbESs1QP6rwq0o96ppDkV65771sXhw21zCCmdzOQOCwNWoUxtmHindyqP-CaXi3WA89Iz2MqjzNH8T6GKXJMZ0iMvU6hxODob0mcchwXulQQGL3lsRnAmAhtl4TTqImYiDYoYdMJnWepkg6PqCsGMgX_eH34xZk_XVJjYRb08Tlt-m1Z3YOAt-QsH9kU60jMLH4J7pn2DzZ5km-WAyeshaAg9qitqnRRRV5Y1SNjzaM5m8wkinRVCYwo1kR59wlErqjABNvxsYHHBOAEA4gFr56H30uSBQYIGxACGAGSBQYIHRAEGAGSBQYIHRABGAGSBQYIHhABGAGQBgGgBjeAB4KYv7IEqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwoQ0NoFGPrc8e8B0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOYAKA8gLAbATsdz6E8gT39aU4wPQEwDYEw3YFAHQFQGAFwGyFx4KHAgAEhRwdWItNjU5MzUyMzIxMDAxMDE1NBjqwW0&sigh=MJxu1K6Z7V4&uach_m=[]&cid=CAQSOwBpAlJWoQca0IDvNi8siH77-z4L4FxrjxNW8VTpdn88lLmBqLnZJ8YLYEJ0ZCg_eY82XCR1VsSvqGGUGAE&template_id=509&vt=10&cbvp=2
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2CBB 1 KB
643 B 8ms
7ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 30886
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 16:52:36 GMT
etag: 48472445140208031
expires: Tue, 11 Jul 2023 16:52:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 6532 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cf7d080023378703e01baa5922dce76f43bfd1ffa37f137a957599254bd02d1b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4044
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHu7yJsgBRLiEwlJjsdORqw&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEHu7yJsgBRLiEwlJjsdORqw&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cUJ6blpveFIxUWoyOVk1&google_gid=CAESEHu7yJsgBRLiEwlJjsdORqw&google_cver=1&google_push=AaAOQGG8pe8tUu8mYKr8cIcfBPuulcCrsQQjgwFd0Yv-3Mp...

170 B
188 B

18ms
18ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cUJ6blpveFIxUWoyOVk1&google_gid=CAESEHu7yJsgBRLiEwlJjsdORqw&google_cver=1&google_push=AaAOQGG8pe8tUu8mYKr8cIcfBPuulcCrsQQjgwFd0Yv-3Mp2Q_2Gw24ARTVWjX0xn64p4TGiY9Tq6MRsNyJAVSUO9lhLi_QKBPY

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 11 Jul 2023 01:27:21 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-782-g97d928b#rel-ec2-master i-008a7b4f528d14c6d@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=cUJ6blpveFIxUWoyOVk1&google_gid=CAESEHu7yJsgBRLiEwlJjsdORqw&google_cver=1&google_push=AaAOQGG8pe8tUu8mYKr8cIcfBPuulcCrsQQjgwFd0Yv-3Mp2Q_2Gw24ARTVWjX0xn64p4TGiY9Tq6MRsNyJAVSUO9lhLi_QKBPY
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 4044 70 B
264 B 37ms
30ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEJDLu05R_0c6ugj60CJMElI&google_cver=1&google_push=AaAOQGFXqU8Y1MMMZc1IQO-BRMZlLw0imY24bJpQZiSqwqB90acYPdVFwp5vBOAm998CcnJcAjOUQSX-247fC4csy-1e0yUjiJ1T
Requested by: Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4044
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESELPSKJZ5sBk-MLgrVRmYB14&google_cver=1&google_push=AaAOQGFA4cZ4OGnKfY_f4Km2EroptG9tnK8qGNRYlgCJ_LNRB2tOhlMUV37ZZ1gF_VT5mCRTfINC6LQqN6jeIUCJ0FqKhT3...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESELPSKJZ5sBk-MLgrVRmYB14&google_cver=1&google_push=AaAOQGFA4cZ4OGnKfY_f4Km2EroptG9tnK8qGNRYlgCJ_LNRB2tOhlMUV37ZZ1gF_VT5mCRTfINC6LQqN6jeIUCJ0FqKh...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGFA4cZ4OGnKfY_f4Km2EroptG9tnK8qGNRYlgCJ_LNRB2tOhlMUV37ZZ1gF_VT5mCRTfINC6LQqN6jeIUCJ0FqKhT3JaaMa

170 B
188 B

17ms
17ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGFA4cZ4OGnKfY_f4Km2EroptG9tnK8qGNRYlgCJ_LNRB2tOhlMUV37ZZ1gF_VT5mCRTfINC6LQqN6jeIUCJ0FqKhT3JaaMa

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGFA4cZ4OGnKfY_f4Km2EroptG9tnK8qGNRYlgCJ_LNRB2tOhlMUV37ZZ1gF_VT5mCRTfINC6LQqN6jeIUCJ0FqKhT3JaaMa
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4044
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEB1zfF63aYqAgHpoZYLLs3o&google_cver=1&google_push=AaAOQGGlYUFkvn7kPL2Rf-cyYEh-laQLUTEv8iFoIdXlMLikQakohekIRwWQAnqHP_W2dhUpCMr...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpYTTQ3U0gtMUUtNkpKUQ==&google_push=AaAOQGGlYUFkvn7kPL2Rf-cyYEh-laQLUTEv8iFoIdXlMLikQakohekIRwWQAnqHP_W2dhUpCMrs8nepXMj-QX2-GKayl1ZG09RW

170 B
188 B

17ms
17ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpYTTQ3U0gtMUUtNkpKUQ==&google_push=AaAOQGGlYUFkvn7kPL2Rf-cyYEh-laQLUTEv8iFoIdXlMLikQakohekIRwWQAnqHP_W2dhUpCMrs8nepXMj-QX2-GKayl1ZG09RW

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpYTTQ3U0gtMUUtNkpKUQ==&google_push=AaAOQGGlYUFkvn7kPL2Rf-cyYEh-laQLUTEv8iFoIdXlMLikQakohekIRwWQAnqHP_W2dhUpCMrs8nepXMj-QX2-GKayl1ZG09RW
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4044
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEIteqhSF41j90B_ZajRn4-A&google_cver=1&google_push=AaAOQGGtDvN9cawsgeM8fGpDUDtnrizP7M9FoclBr1T3TFDQEjEn6ZPCwLHWXw6B7BRvAqv-XvhJ3HKQOnBuiCw641YW7E...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=t-_wInyLRDKcI7nTmdcmQw&google_push=AaAOQGGtDvN9cawsgeM8fGpDUDtnrizP7M9FoclBr1T3TFDQEjEn6ZPCwLHWXw6B7BRvAqv-XvhJ3HKQOnBuiCw...

170 B
188 B

16ms
16ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=t-_wInyLRDKcI7nTmdcmQw&google_push=AaAOQGGtDvN9cawsgeM8fGpDUDtnrizP7M9FoclBr1T3TFDQEjEn6ZPCwLHWXw6B7BRvAqv-XvhJ3HKQOnBuiCw641YW7EwUUB0

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=t-_wInyLRDKcI7nTmdcmQw&google_push=AaAOQGGtDvN9cawsgeM8fGpDUDtnrizP7M9FoclBr1T3TFDQEjEn6ZPCwLHWXw6B7BRvAqv-XvhJ3HKQOnBuiCw641YW7EwUUB0
access-control-allow-origin: *
date: Tue, 11 Jul 2023 01:27:22 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame 4044 0
45 B 191ms
21ms Image
text/plain 185.86.139.101
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEPR_UWQJ8P-Rp0SS6TReD6Q&google_cver=1&google_push=AaAOQGHmXdMcLRMiRdmmA3buMy2P_OmZD0ak9T3RP51_stDjZ9jWHBTbssg75moKPtla4ryAtqjxC6ZTKqWHCGNxunhtYy7SMhMZ
Requested by: Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.101 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:21 GMT
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4044
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEAGu986Gr...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEAG...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=d066aae2-ad72-40e7-a785-cfabb8384b48&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

19ms
18ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=d066aae2-ad72-40e7-a785-cfabb8384b48&%%GOOGLE_PUSH_PAIR%%

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=d066aae2-ad72-40e7-a785-cfabb8384b48&%%GOOGLE_PUSH_PAIR%%
date: Tue, 11 Jul 2023 01:27:22 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 4044 0
12 B 16ms
14ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LF3XDz_LRFyrd0SOOtP76QIXhyyril6XbqmRkbxQKErcIfh65pC-kv20aR0_0n9SSpEYiPGA

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 6A69
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

19ms
19ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:27:22 GMT
expires: Tue, 11 Jul 2023 01:27:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:27:22 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EA60
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

35ms
35ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:27:22 GMT
expires: Tue, 11 Jul 2023 01:27:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:27:22 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 6F92 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 381272
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:32:50 GMT
expires: Fri, 05 Jul 2024 15:32:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 6C34 118 KB
40 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=u60bNXXIrJ&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=u60bNXXIrJ&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 13:52:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41686
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 13:52:36 GMT

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 6C34 63 KB
25 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=u60bNXXIrJ&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=u60bNXXIrJ&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 01:27:22 GMT

GET
H3 200 728x090.html Show response
s0.2mdn.net/sadbundle/17952959967271059456/ Frame EE92 47 KB
12 KB 17ms
17ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=zd4DGDglWW&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

011e3c5d05b1f8220f59241e57ac65c49b382e8ed8eff99149e2eda18e36a660

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:27:22 GMT
expires: Wed, 10 Jul 2024 01:27:22 GMT
last-modified: Wed, 15 Feb 2023 15:44:22 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6532 0
0 53ms
52ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuJMpD6UJlisnOvJtwZi3VMPkdWnzgfh6pIGjCk1_uY81QcCfV3doSUBdngkehk28hC-8vQlDYtrOTNX_N0IkwISrlmDs9u-j15JTuFGlHZ-cJl4EWd06Ty_EWCICBFZWXqw6eTgWUOYuDQn_bqH5O0xE15SMQq8wBrhL2BSPXWvvVJqPDnAdL5oQ6kQx_MPtJ1UFoHSTJYmZv3-rYJwwc8kM7TSB_gTk7yHUe8Qv3EilptG9FiHCaJPOe1oFzaex1kJDXBj6MHGx4RgiuGEv37HrNWzqdcOuH2myc8JKqabbK1nGaskwl4OgfsLseKhw88ZNpbwIug9UW7_0fEer5cSmUHfIrc-patiR7PN4XDhm8Rt596zOArxIiH9lZ_Z7Xb2x3ncW8_u1VpFB2li1XB5zGZYVwfOBkaPOcI510cSFdqI1xQjFgo96cTp7iLEGtNjxm7hdlsqD9ZUTVQf9B4wXlo-6lVeSUN0wPlmeR2sZzLqFZwe0uL3GgZ8AtNmx-Dd532l-KpSJEaWF-cdqLDEbk9SiNe_3_uiVy4sQw6WCFlj-cKI13shfpt8z7JYIGJa8wexmG1u4H6HXnvP3ckE4L9WqZUjLPSqrmQ_hLdk8Yg1jiPRF4DGXy0NUA5b1uJs82n4cnTLphk84G2eVtw58nSwimOvarao9w_SLR-NUIL1-ekDYowN9DFx7EgeA-loH9dtk1amnChW9McC1OLEt3fhfymvgh-7WMw1tqu2hNgRyDesszvAYpwD6UMX82QknSrgdxJtFnq5T0lRSh1zO7YKdTOa4lC1DHOUKs9EC3Q4LDB72ASeKJDK5OvIrZN77tQ2CJ9fh4HZG3DHJ10ZM9qKnM_tiqxLWXN0eVHGCLEoLk5g3oG2VEnqLE2Gw6CGZskDO6rXgLvYg53t_5LiAwpbHYZ4P58IXx2Pa-5TycP5Pm4kr5Z5fvXef4xhbrlAWQp58HR9J38w9c23UT0TF8Nr78N5WS5T-wCwMQfIkkneCIpYy2z8YZDABpTLqspt-DTj9-dOvIO_oXcxi4zGBddkIWaLnoTqkLmTg8NBT5eflUk8v7j7WQtCN7dUC1iAcYSOfJD-AhhCm4hbPqQ9tI4JL5BdjoTU33HE5A7ByL6bcutgkccSujoi2KhAJCV_D4qXpHGpaK6EX9itwoN5Y0NrxldYde6i-S_RXm4tvWaya9zpM8ryYdBKvIBCYn2g13iRHdQiJKZskPZVIlvNBDqEjdtYVQfb60rrNLJY7Ayv_-tLf8vGUGJKtCDGCm6c79mZMWPQvEf-lgUDQ3iAucSY2QISzf3r0zUa1jKzRKFbe2uwQiw0NIKIUorbd6VKwtI-7mOmRbzC_lmRajLSQvYEogooYUxP0U&sai=AMfl-YS8umsXsl9-hWGeFb1MUV3O38b7BO0rwW2p_ARVQcrkx0tdOJPXADeNFvMTcL-FNtoHtaYNSvqC3kYN43Q6-LjN-9rbaafHGtLrPQeGmBHEMeSQRBGfFxPdBz0tThJkAk3inc0eHM18HIURwq3K2KlKTlwicjNbFtlG8L3z-7mQGHNoP57sd9LYLh3vhFk5jrcw9V11cof3HJWoD3DggzeGNviKc2LCAsLAtcMmWojA9wK8xmjbOT04sb4poRnvQfr8_8NTcW0yDKm5zfGfWtXtmNEN0w&sig=Cg0ArKJSzKVM7eY2vIqEEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=151&cbvp=1&cstd=145&cisv=r20230706.99355&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 11 Jul 2023 01:27:22 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 11 Jul 2023 01:27:22 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2CBB
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEJkHy5yxaO8pix6Vb51KjeM&google_cver=1&google_push=AaAOQGG_2UJBVKsBixzbppEkyf77P296kVHw2dWWlXW15Lw5XCkWsZsp71MKyVkMwxFi6tSr6MgoTBHMyREuLHV5KqC-_T5Xi8UL
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=1F345E96CAB34FA3A03A7E3154AAFF56&google_push=AaAOQGG_2UJBVKsBixzbppEkyf77P296kVHw2dWWlXW15Lw5XCkWsZsp71MKyVkMwxFi6tSr6MgoTBHMyREuLHV...

170 B
188 B

18ms
17ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=1F345E96CAB34FA3A03A7E3154AAFF56&google_push=AaAOQGG_2UJBVKsBixzbppEkyf77P296kVHw2dWWlXW15Lw5XCkWsZsp71MKyVkMwxFi6tSr6MgoTBHMyREuLHV5KqC-_T5Xi8UL

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 11 Jul 2023 01:27:22 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=1F345E96CAB34FA3A03A7E3154AAFF56&google_push=AaAOQGG_2UJBVKsBixzbppEkyf77P296kVHw2dWWlXW15Lw5XCkWsZsp71MKyVkMwxFi6tSr6MgoTBHMyREuLHV5KqC-_T5Xi8UL
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 10 Jul 2023 01:27:22 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2CBB
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEE8b4hfFZfmU-R2HInvLBbI&google_cver=1&google_push=AaAOQGFePnamCOnqmB6L0ABnmKlwQEz1CoW7DxW1q5bn69TOT5W0Ze_JLJlztGvxKcooXqoA2xBCwOMr...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODI2NzI2NzUwMjQwMDU5MzUyMQ&google_push=AaAOQGFePnamCOnqmB6L0ABnmKlwQEz1CoW7DxW1q5bn69TOT5W0Ze_JLJlztGvxKcooXqoA2xBCwO...

170 B
188 B

17ms
17ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODI2NzI2NzUwMjQwMDU5MzUyMQ&google_push=AaAOQGFePnamCOnqmB6L0ABnmKlwQEz1CoW7DxW1q5bn69TOT5W0Ze_JLJlztGvxKcooXqoA2xBCwOMrlQ57OfRHPSW12qeBC2F9

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODI2NzI2NzUwMjQwMDU5MzUyMQ&google_push=AaAOQGFePnamCOnqmB6L0ABnmKlwQEz1CoW7DxW1q5bn69TOT5W0Ze_JLJlztGvxKcooXqoA2xBCwOMrlQ57OfRHPSW12qeBC2F9
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 dds
rtb.openx.net/sync/ Frame 2CBB 43 B
245 B 52ms
15ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEJytNEMG_CRlxVFBCSBoEI8&google_cver=1&google_push=AaAOQGFoD2BBNw_pElecv82iRoPyLeH37Cyym2_8rS8uQR2KXaqC0aQ3W8k_tpeX3fPYRIROM4eiwzFB71iWPcwO6cYjB22iH-oG
Requested by: Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2CBB
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEDgN333M2ujNYeriYUeIblg&google_cver=1&google_push=AaAOQGEw677tleJhi58bbvEHXiVuCx5exVPHDkSYwC9L9xohTSu0BY4YGCjOClaw4K2cro2h75KSouIA5-nL...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGEw677tleJhi58bbvEHXiVuCx5exVPHDkSYwC9L9xohTSu0BY4YGCjOClaw4K2cro2h75KSouIA5-nLawYITZZBVJTeUrB8

170 B
188 B

19ms
17ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGEw677tleJhi58bbvEHXiVuCx5exVPHDkSYwC9L9xohTSu0BY4YGCjOClaw4K2cro2h75KSouIA5-nLawYITZZBVJTeUrB8

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGEw677tleJhi58bbvEHXiVuCx5exVPHDkSYwC9L9xohTSu0BY4YGCjOClaw4K2cro2h75KSouIA5-nLawYITZZBVJTeUrB8
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2CBB
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEFC7Z5SxJ651WrwcV9XFuPQ&google_cver=1&google_push=AaAOQGGl9PQ-xNPv9mm6rR64iEaWgIUf6BQEKl8-ZMInk8k1vxHyFBbFXHxSc4kHkB8Rsl-jQvo6wggn1Ivb-99QF03vSw...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=t-_wInyLRDKcI7nTmdcmQw&google_push=AaAOQGGl9PQ-xNPv9mm6rR64iEaWgIUf6BQEKl8-ZMInk8k1vxHyFBbFXHxSc4kHkB8Rsl-jQvo6wggn1Ivb-99...

170 B
188 B

24ms
22ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=t-_wInyLRDKcI7nTmdcmQw&google_push=AaAOQGGl9PQ-xNPv9mm6rR64iEaWgIUf6BQEKl8-ZMInk8k1vxHyFBbFXHxSc4kHkB8Rsl-jQvo6wggn1Ivb-99QF03vSw_5R0RW

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=t-_wInyLRDKcI7nTmdcmQw&google_push=AaAOQGGl9PQ-xNPv9mm6rR64iEaWgIUf6BQEKl8-ZMInk8k1vxHyFBbFXHxSc4kHkB8Rsl-jQvo6wggn1Ivb-99QF03vSw_5R0RW
access-control-allow-origin: *
date: Tue, 11 Jul 2023 01:27:22 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2CBB
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESED3dTugVtf7uFRcBLcN4tfM&google_cver=1&google_push=AaAOQGFBxzuV43XXaGvYZ4F74mSXFf6sdUa4QMy-iYIgtQlGRSYXJeKadBqQWlS6OlmFJ-ZwUIWltdAv5aSsnl5DxOQLFeDzaDM
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AaAOQGFBxzuV43XXaGvYZ4F74mSXFf6sdUa4QMy-iYIgtQlGRSYXJeKadBqQWlS6OlmFJ-ZwUIWltdAv5aSsnl5DxOQLFeDzaDM...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTU5ODU1MjQ5NDM5NzgxNDAxOTQ1MA%3D%3D&google_push=AaAOQGFBxzuV43XXaGvYZ4F74mSXFf6sdUa4QMy-iYIgtQlGRSYXJeKa...

170 B
188 B

18ms
17ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTU5ODU1MjQ5NDM5NzgxNDAxOTQ1MA%3D%3D&google_push=AaAOQGFBxzuV43XXaGvYZ4F74mSXFf6sdUa4QMy-iYIgtQlGRSYXJeKadBqQWlS6OlmFJ-ZwUIWltdAv5aSsnl5DxOQLFeDzaDM

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTU5ODU1MjQ5NDM5NzgxNDAxOTQ1MA%3D%3D&google_push=AaAOQGFBxzuV43XXaGvYZ4F74mSXFf6sdUa4QMy-iYIgtQlGRSYXJeKadBqQWlS6OlmFJ-ZwUIWltdAv5aSsnl5DxOQLFeDzaDM
date: Tue, 11 Jul 2023 01:27:22 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2CBB
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEDFZstUm3...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=d066aae2-ad72-40e7-a785-cfabb8384b48&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

20ms
18ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=d066aae2-ad72-40e7-a785-cfabb8384b48&%%GOOGLE_PUSH_PAIR%%

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=d066aae2-ad72-40e7-a785-cfabb8384b48&%%GOOGLE_PUSH_PAIR%%
date: Tue, 11 Jul 2023 01:27:22 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 2CBB 0
12 B 15ms
15ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IRBPGTmWGOmcFd4ATzglIz8729pKd5T_Eorz87rg3dqH7qP073V8Ff1v416bX9i1Tmv7SNYw

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame F072 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 381272
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jul 2023 15:32:50 GMT
expires: Fri, 05 Jul 2024 15:32:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame EE92 118 KB
40 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=zd4DGDglWW&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=zd4DGDglWW&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 13:52:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41686
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 13:52:36 GMT

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame EE92 63 KB
25 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=zd4DGDglWW&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=zd4DGDglWW&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 01:27:22 GMT

GET
H3 200 oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js Show response
pagead2.googlesyndication.com/bg/ Frame 6F92 37 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 16:34:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31991
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14631
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 09 Jul 2024 16:34:11 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 86A9 0
0 47ms
46ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv9dzLgqg6zQm-DJHihPijj4noRiN6QRfneddUpCz6lk8fXtwRhQVACxLjM4Fh9KaTzmRZGzGa5ncN-glzBaxDry0jh3DCAjU--qEix5WHUAYBFZ2ukFgd5GZJUvVO55TWyicnr3q2ziZ_ELVLmVvHGi6OydnKw8142Ar0P6ezJffF1nyqwPRmH5XcakyKuxF0SDRwRiknfgjvMalsGXaY3lpnyE2MCsOT_B9rXr63aoOWEXHgePGv3QIU-w-GtTIFZrV_LeEx2Hp3Ly97xbgUSLKGj7ajiNXVUXSLwgBBVNZfKbRTb9v4Wq_oZer9jFgcdRpUD0REW-3UM4BhPc13_jLOxCXWGI_hlInBnW5-V2tFf-mUPEJG-cmpteoOOM7EkOFzQVcEDsUUhc_VlQxM742GlSaCQEAyYIqLRF9L_hZhz-EJPAi0h4-9zA2Bah8b0oG6jLHcW6d0oDtAsRH3t8_uvg-U1XDtN5Je33qUeQLMud0PsacDCfGCH8ASb8ikQIQpUeD3yvNnH6gq4aFBvYnLHpqJFM3iZEwspVdMBGWf2loHFi1R9AfuNRTqS9UQFO_E4wwzeomLRESKdoRlC8s5OO66xJhXROJXlSTELJ7Dt3teW9IKv_zCdwXNiSjdl_TIv3mwqOpl7k19_vOgObzvsDXeDH3BwZ3BAI3qCQ6yUyQA8irz5ENBYW3tZ8-2CA1-768CR-HrAz3bVYea2w2W2CoU5S33zCfYykyb8WDX1a9jbLDdqnMxEKQskefdLd34Peerd4pDok3llnQsx0DbAFS8Y40g1z2ixMF50u6gT1pnRTlTHx7Y0KtC3UuUzYLuPrKoqnq8ccDIgg0VtCL7Sq4T27Ubx6PPSN7wZYybkz-SujndR6otbiScDxJzNdhkSnFImCWUB1Egwhg9JudJZhamb800tfIAmB2IGLHtjofBzucX74CIqWb85-4TaYQX9OD2Kythge0M1Hau5gcIvfDwwAY6q0podQfJ8qfU4pL6Lm6zA10T6kAF1Zi1UjJSmL6hVUfmigG5t91jgs6RseQxCQAnF-PCo2nLNhi-J5zLSHkg7dNW_QekQXlsd3jx3WYzIdCh1_iVrvCHeRV1sD9OcTqTs6yJBno8FwxbJTtXkBc3_aaOHq3iUw0VY64ZM9CclDAhtG9x3-WtW5aXXb4S9Pw_m6dhpQHuepZ2Y7-mIelJAEwcHIN9D9LRBGUCLXxXzyFor1wEOwKBtxVGY5PlGz4SVdTrbQ1RmrrgYS3-gWhN54WI85urqKt2EkjAAC4W6qwvhElTjSUPvobyzftWwWnyr8zaVmnPpdVoUnGy4DqSDmaBtSzWFaW_CJ7w&sai=AMfl-YS6eErfmLQRF8URW2kvi14QMNArOnxGL8u_bsfMJWaFJ-i771hylLZ2mjPEPwz5emmVLSCsO6_Do1uVerfZZ1bUDWNKu065bbl4NUqez7idlfyXrAAIe_UfMt7JW5kORJcx1PkCnDSaY6Ss62kBnFblbKBt-9XX4Uez5mYpu6Err3OCZgNUdoGgcKidbkKfswrfLTKHWN9jWwVWI3rdIm_0RIRdUoGNmRtVueFMijhFovTYHguJWjFo7C_H99283T1jcpYot3uq1veAArCvXHTfxj3otQ&sig=Cg0ArKJSzGU6xpotsl_mEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=329&vt=11&dtpt=174&dett=3&cstd=146&cisv=r20230706.26309&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 11 Jul 2023 01:27:22 GMT

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 6C34 47 KB
47 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=u60bNXXIrJ&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:26:59 GMT
x-content-type-options: nosniff
age: 23
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 01:41:59 GMT

GET
H3 200 OnAir-Light.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 6C34 46 KB
46 KB 10ms
9ms Font
font/woff2 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Light.woff2

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=u60bNXXIrJ&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:16:34 GMT
x-content-type-options: nosniff
age: 648
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46936
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 01:31:34 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6C34 7 KB
6 KB 20ms
19ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c39f6d35bf81312341e0a8c8a21d2e15bbaa64a730db262ec88fb3ed42e9f433

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5703
x-xss-protection: 0

GET
H3 200 60005582_20230704081939926_APP_iPhon14Pro_Asset.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 6C34 29 KB
29 KB 11ms
10ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230704081939926_APP_iPhon14Pro_Asset.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dafa5a247facfc545e94a09ea12da423909aefca05557ec1a73e6d296fc540aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=u60bNXXIrJ&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 09:06:52 GMT
x-content-type-options: nosniff
age: 58830
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29704
x-xss-protection: 0
last-modified: Tue, 04 Jul 2023 15:19:40 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 09:06:52 GMT

GET
H3 200 60005582_20230704052242884_160x600_GRAD.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 6C34 17 KB
17 KB 12ms
11ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230704052242884_160x600_GRAD.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ec83381655c8a79a739b55b151d24bf78451562b314fca054876a82d6cee4ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=u60bNXXIrJ&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 09:06:53 GMT
x-content-type-options: nosniff
age: 58829
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17365
x-xss-protection: 0
last-modified: Tue, 04 Jul 2023 12:22:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 09:06:53 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame 6C34 43 B
609 B 91ms
37ms Image
image/gif 141.101.90.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=29118705_4307561_355026448_145341318_PO1102A20230705&ref=29118705_4307561_355026448_145341318_PO1102A20230705
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 141.101.90.97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 11 Jul 2023 01:27:22 GMT
via: 1.1 varnish-live-2-2
CF-Cache-Status: HIT
age: 11509320
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 43
last-modified: Wed, 15 Feb 2023 15:39:24 GMT
Server: cloudflare
etag: "2b-5f4bee2778300"
Vary: Accept-Encoding
Content-Type: image/gif
x-varnish: 71553011
cache-control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 7e4d437eabb7b978-AMS
Expires: Wed, 10 Jul 2024 01:27:22 GMT

GET
H2 200 xgde.html Show response
gdetr.hit.gemius.pl/gdejs/ Frame 9DAE 303 B
315 B 20ms
19ms Document
text/html 188.165.145.88
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gdetr.hit.gemius.pl/gdejs/xgde.html
Requested by: Host: gdetr.hit.gemius.pl
URL: https://gdetr.hit.gemius.pl/gdejs/xgde.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 188.165.145.88 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: GHC /
Resource Hash: 7bbd910982260037f1c9d83f2c7fe743e789ca06dd54c9eb56c2598b7b928fd0

Request headers

Referer: https://ng2.virgul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
accept-ranges: none
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 215
content-type: text/html;charset=utf-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:27:22 GMT
etag: "5996D7A50000012F9178E011"
expires: Wed, 12 Jul 2023 01:27:22 GMT
last-modified: Fri, 18 Aug 2017 12:03:49 GMT
p3p: CP="NOI DSP COR NID PSAo OUR IND"
server: GHC
vary: Accept-Encoding,Origin

GET
H3 200 bubblespritesheettiny.png
s0.2mdn.net/creatives/assets/4085730/ Frame 6C34 26 KB
26 KB 10ms
9ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4085730/bubblespritesheettiny.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=u60bNXXIrJ&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:23:18 GMT
x-content-type-options: nosniff
age: 244
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27068
x-xss-protection: 0
last-modified: Fri, 12 Mar 2021 15:44:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 01:38:18 GMT

GET
H3 200 oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js Show response
pagead2.googlesyndication.com/bg/ Frame F072 37 KB
14 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 16:34:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31991
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14631
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 09 Jul 2024 16:34:11 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6C34 17 KB
6 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Jul 2023 01:27:22 GMT

GET
H2 200 xgde.js Show response
gdetr.hit.gemius.pl/gdejs/ Frame 9DAE 56 KB
20 KB 21ms
19ms Script
application/x-javascript 188.165.145.88
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gdetr.hit.gemius.pl/gdejs/xgde.js
Requested by: Host: gdetr.hit.gemius.pl
URL: https://gdetr.hit.gemius.pl/gdejs/xgde.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 188.165.145.88 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: GHC /
Resource Hash: 243ff4b38ca5fe323056ea75585fb66ec3ed73293eac13e7d215376f1418eb4a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gdetr.hit.gemius.pl/gdejs/xgde.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
content-encoding: gzip
last-modified: Mon, 30 Jan 2023 07:57:30 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
etag: "63D7786A0000E1021FE82885"
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 20061
expires: Wed, 12 Jul 2023 01:27:22 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6532 0
0 49ms
48ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuJMpD6UJlisnOvJtwZi3VMPkdWnzgfh6pIGjCk1_uY81QcCfV3doSUBdngkehk28hC-8vQlDYtrOTNX_N0IkwISrlmDs9u-j15JTuFGlHZ-cJl4EWd06Ty_EWCICBFZWXqw6eTgWUOYuDQn_bqH5O0xE15SMQq8wBrhL2BSPXWvvVJqPDnAdL5oQ6kQx_MPtJ1UFoHSTJYmZv3-rYJwwc8kM7TSB_gTk7yHUe8Qv3EilptG9FiHCaJPOe1oFzaex1kJDXBj6MHGx4RgiuGEv37HrNWzqdcOuH2myc8JKqabbK1nGaskwl4OgfsLseKhw88ZNpbwIug9UW7_0fEer5cSmUHfIrc-patiR7PN4XDhm8Rt596zOArxIiH9lZ_Z7Xb2x3ncW8_u1VpFB2li1XB5zGZYVwfOBkaPOcI510cSFdqI1xQjFgo96cTp7iLEGtNjxm7hdlsqD9ZUTVQf9B4wXlo-6lVeSUN0wPlmeR2sZzLqFZwe0uL3GgZ8AtNmx-Dd532l-KpSJEaWF-cdqLDEbk9SiNe_3_uiVy4sQw6WCFlj-cKI13shfpt8z7JYIGJa8wexmG1u4H6HXnvP3ckE4L9WqZUjLPSqrmQ_hLdk8Yg1jiPRF4DGXy0NUA5b1uJs82n4cnTLphk84G2eVtw58nSwimOvarao9w_SLR-NUIL1-ekDYowN9DFx7EgeA-loH9dtk1amnChW9McC1OLEt3fhfymvgh-7WMw1tqu2hNgRyDesszvAYpwD6UMX82QknSrgdxJtFnq5T0lRSh1zO7YKdTOa4lC1DHOUKs9EC3Q4LDB72ASeKJDK5OvIrZN77tQ2CJ9fh4HZG3DHJ10ZM9qKnM_tiqxLWXN0eVHGCLEoLk5g3oG2VEnqLE2Gw6CGZskDO6rXgLvYg53t_5LiAwpbHYZ4P58IXx2Pa-5TycP5Pm4kr5Z5fvXef4xhbrlAWQp58HR9J38w9c23UT0TF8Nr78N5WS5T-wCwMQfIkkneCIpYy2z8YZDABpTLqspt-DTj9-dOvIO_oXcxi4zGBddkIWaLnoTqkLmTg8NBT5eflUk8v7j7WQtCN7dUC1iAcYSOfJD-AhhCm4hbPqQ9tI4JL5BdjoTU33HE5A7ByL6bcutgkccSujoi2KhAJCV_D4qXpHGpaK6EX9itwoN5Y0NrxldYde6i-S_RXm4tvWaya9zpM8ryYdBKvIBCYn2g13iRHdQiJKZskPZVIlvNBDqEjdtYVQfb60rrNLJY7Ayv_-tLf8vGUGJKtCDGCm6c79mZMWPQvEf-lgUDQ3iAucSY2QISzf3r0zUa1jKzRKFbe2uwQiw0NIKIUorbd6VKwtI-7mOmRbzC_lmRajLSQvYEogooYUxP0U&sai=AMfl-YS8umsXsl9-hWGeFb1MUV3O38b7BO0rwW2p_ARVQcrkx0tdOJPXADeNFvMTcL-FNtoHtaYNSvqC3kYN43Q6-LjN-9rbaafHGtLrPQeGmBHEMeSQRBGfFxPdBz0tThJkAk3inc0eHM18HIURwq3K2KlKTlwicjNbFtlG8L3z-7mQGHNoP57sd9LYLh3vhFk5jrcw9V11cof3HJWoD3DggzeGNviKc2LCAsLAtcMmWojA9wK8xmjbOT04sb4poRnvQfr8_8NTcW0yDKm5zfGfWtXtmNEN0w&sig=Cg0ArKJSzKVM7eY2vIqEEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=299&vt=11&dtpt=148&dett=3&cstd=145&cisv=r20230706.99355&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 11 Jul 2023 01:27:22 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 6532 62 KB
23 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: 5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
URL: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b8cebe2c8762199df0e2ae5d1d08a16443de2e329b24c405c0e46ccee37606c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:52:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2099
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23838
x-xss-protection: 0
server: cafe
etag: 15928618024271732548
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Tue, 11 Jul 2023 01:52:23 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame EE92 62 KB
23 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b8cebe2c8762199df0e2ae5d1d08a16443de2e329b24c405c0e46ccee37606c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:52:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2099
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23838
x-xss-protection: 0
server: cafe
etag: 15928618024271732548
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Tue, 11 Jul 2023 01:52:23 GMT

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame EE92 47 KB
47 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=zd4DGDglWW&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:26:59 GMT
x-content-type-options: nosniff
age: 23
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 01:41:59 GMT

GET
H3 200 OnAir-Light.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame EE92 46 KB
46 KB 10ms
10ms Font
font/woff2 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Light.woff2

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=zd4DGDglWW&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:16:34 GMT
x-content-type-options: nosniff
age: 648
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46936
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 01:31:34 GMT

GET
H3 200 60005582_20230704081939926_APP_iPhon14Pro_Asset.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame EE92 29 KB
29 KB 11ms
10ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230704081939926_APP_iPhon14Pro_Asset.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=zd4DGDglWW&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dafa5a247facfc545e94a09ea12da423909aefca05557ec1a73e6d296fc540aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=zd4DGDglWW&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 09:06:52 GMT
x-content-type-options: nosniff
age: 58830
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29704
x-xss-protection: 0
last-modified: Tue, 04 Jul 2023 15:19:40 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 09:06:52 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame EE92 7 KB
6 KB 22ms
22ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1a214f7ec56468af251e6e685703fca451ccc00ba0ba00d15072a84f327bf4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5680
x-xss-protection: 0

GET
H3 200 60005582_20230704052222921_728x090_GRAD.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame EE92 12 KB
12 KB 11ms
11ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230704052222921_728x090_GRAD.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2731af422b78e17ead685f1d3c0b26dffca1bcd6bc926535a95361439364ab76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=zd4DGDglWW&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 09:06:52 GMT
x-content-type-options: nosniff
age: 58830
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12011
x-xss-protection: 0
last-modified: Tue, 04 Jul 2023 12:22:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 09:06:52 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame EE92 43 B
609 B 22ms
22ms Image
image/gif 141.101.90.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=29118705_4307561_355027444_145341330_PO1103A20230705&ref=29118705_4307561_355027444_145341330_PO1103A20230705
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 141.101.90.97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 11 Jul 2023 01:27:22 GMT
via: 1.1 varnish-live-2-2
CF-Cache-Status: HIT
age: 11509320
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 43
last-modified: Wed, 15 Feb 2023 15:39:24 GMT
Server: cloudflare
etag: "2b-5f4bee2778300"
Vary: Accept-Encoding
Content-Type: image/gif
x-varnish: 71553011
cache-control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 7e4d437efbf3b978-AMS
Expires: Wed, 10 Jul 2024 01:27:22 GMT

GET
H3 200 oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js Show response
pagead2.googlesyndication.com/bg/ Frame 9DC6 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 16:34:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31991
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14631
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 09 Jul 2024 16:34:11 GMT

GET
H3 200 bubblespritesheettiny.png
s0.2mdn.net/creatives/assets/4085730/ Frame EE92 26 KB
26 KB 7ms
7ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4085730/bubblespritesheettiny.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17952959967271059456/728x090.html?e=69&leftOffset=0&topOffset=0&c=zd4DGDglWW&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:23:18 GMT
x-content-type-options: nosniff
age: 244
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27068
x-xss-protection: 0
last-modified: Fri, 12 Mar 2021 15:44:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 01:38:18 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame A502 15 KB
12 KB 22ms
22ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230706&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d30213f5e4fa1655e9213e6311bf2cfcf8a3d2469498db705b8bf1fbab96aff4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11786
x-xss-protection: 0

GET
H2 200 gemius.js Show response
gdetr.hit.gemius.pl/ Frame 9DAE 63 KB
18 KB 20ms
20ms Script
application/x-javascript 188.165.145.88
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gdetr.hit.gemius.pl/gemius.js
Requested by: Host: gdetr.hit.gemius.pl
URL: https://gdetr.hit.gemius.pl/gdejs/xgde.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 188.165.145.88 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: GHC /
Resource Hash: ab49b06f01ba01695f3b425793784b260bc2dea123e763d6201f234f2315c9ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gdetr.hit.gemius.pl/gdejs/xgde.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
content-encoding: gzip
last-modified: Fri, 12 May 2023 12:38:55 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: max-age=43200
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 17898
expires: Tue, 11 Jul 2023 13:27:22 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame A502 17 KB
6 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Jul 2023 01:27:22 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame EE92 17 KB
6 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Jul 2023 01:27:22 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6532 0
20 B 44ms
44ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=urind

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EE92 0
20 B 75ms
74ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=urind

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 6532 0
234 B 270ms
32ms Ping
image/gif 2a00:1450:4002:414::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~ljxm4836&e=21068133&ctx=2&qqid=CPGwpoHAhYADFc2L_QcdPxMO3A&met.4=fb.3l~lb.e7~cmrload.ho~ol.l7~idt.8i~dt.-cc&met.3=733.e9~748.ek~749.el~742.e9_h~736.g0~735.gn_1~739.gp~374.ic~738.l7~113.qe_8~112.qd_a&met.1=1.ljxm47ct~6.0~7.0~8.0~9.0~10.0~12.1~13.8~14.9~15.v~16.go~17.go~18.go~19.l6~20.l6~21.l6~22.g2~23.g2&met.7=CBsQCBgBMAo4-wVoAnAJeIkXgAHdFIgBkjCwAQG4AQM~CCgQBRgBIIIBKIIBMJkBOBhohAFwmQF4ngSAAfIBiAGABbABAbgBAw~CBwQChgBIIIBKIIBMK0BOCtoggFwpgF4tt0BgAGK2wGIAanuBLABAbgBAw~CBwQBhgBIIIBKIIBMK4BOCxohAFwrQF41gKAASqIASqwAQG4AQM~CBwQBhgBIIIBKIIBMK4BOCtohAFwrQF4rAKwAQG4AQM~CB4QChgBIIMBKIMBMI0BOApohAFwjAF4gAyAAdQJiAGBFbABAbgBAw~CBwQChgBIIMBKIMBMI0BOAtohAFwjQF4pkOAAfpAiAGRnQGwAQG4AQM~CBsQBhgBIIMBKIMBMJMBOBA~CE0QChgBIIMBKIMBMJgBOBVohAFwlAF4n8IDgAHzvwOIAbOXC7ABAbgBAw~CBwQARgBIMACKMACMOsCOCtowAJw6QJ4rAKwAQG4AQM~CBwQARgBIMECKMECMOsCOCpowQJw6gJ4rAKwAQG4AQM~CCgQChgBIMoCKMoCMIkDOD9oywJwhgN4hq8CgAHarAKIAbHrBbABAbgBAw~CCkQChgBIMsDKMsDMNYDOAtozANw0wN42eIDgAGt4AOIAbXjCrABAbgBAw~CBwQChgBIMwDKMwDMNUDOAlozANw1AN4-CKAAcwgiAGzV7ABAbgBAw~CAkQChgBINADKNADMNgDOAlo0ANw1wN4xVyAAZlaiAGp7wGwAQG4AQM~CCcQChgBINADKNADMNgDOAho0ANw2AN4qG2AAfxqiAGKxQKwAQG4AQM~CBwQBRgBIP4DKP4DMIcEOAlogARwhgR4lgeAAeoEiAGWCbABAbgBAw~CB8QBRgBIOEEKOEEMPQEOBNo4gRw8wR48WOAAcVhiAHe-AKwAQG4AQM~CCIQBBgBIOYEKOYEMJwFODZo5wRwmwV4rAKwAQG4AQM~CCcQBRgBIIcFKIcFMJEFOApoiAVwjwV490OAActBiAHqsgGwAQG4AQM~CCIQBBgBIPoFKPoFMKwGODJo-gVwqwZ4rAKwAQG4AQM~CCgQChgBIJIGKJIGMJsGOAlokwZwmgZ4yrwBgAGeugGIAeLxA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4002:414::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:23 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame EE92 0
54 B 270ms
37ms Ping
image/gif 2a00:1450:4002:414::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~ljxm483g&e=21068133&ctx=3&qqid=CPGwpoHAhYADFc2L_QcdPxMO3A&met.3=113.9r_1~112.9r_1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4002:414::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:23 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 lsget.html Show response
ls.hit.gemius.pl/ Frame 1700 5 KB
3 KB 110ms
33ms Document
text/html 146.59.30.96
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.hit.gemius.pl/lsget.html
Requested by: Host: gdetr.hit.gemius.pl
URL: https://gdetr.hit.gemius.pl/gemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.30.96 , France, ASN16276 (OVH, FR),
Reverse DNS: ip96.ip-146-59-30.eu
Software: GHC /
Resource Hash: b186ef2c26d18c1bc13897daa9407006d5aa5b11f34ac999d645e15ec890508a

Request headers

Referer: https://gdetr.hit.gemius.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
accept-ranges: none
cache-control: private, max-age=2592000
content-encoding: gzip
content-length: 2721
content-type: text/html;charset=utf-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:27:23 GMT
etag: PRIVATE7520710249
expires: Thu, 10 Aug 2023 01:27:23 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
p3p: CP="NOI DSP COR NID PSAo OUR IND"
server: GHC
vary: Accept-Encoding,Origin,User-Agent

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6617 13 KB
5 KB 15ms
7ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 31810
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 16:37:13 GMT
expires: Tue, 09 Jul 2024 16:37:13 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4026 783 B
534 B 25ms
18ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a859255bca4512a88dea98f5704c41b766f33e3a43a27204048ff9e757c152b1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-sA8r4wxJcMnllqk-q6ddyQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-sA8r4wxJcMnllqk-q6ddyQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 01:27:23 GMT
expires: Tue, 11 Jul 2023 01:27:23 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js Show response
pagead2.googlesyndication.com/bg/ Frame 158E 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 16:34:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31991
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14631
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 09 Jul 2024 16:34:11 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6F92 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B37_a-q-sZM_AA6e7x_APreukoA4AAAAAOAHgBAI&bg=!a2ilaDzNAAb90kgr3dI7ADkAdvg8Wp4lZJ5nqOkIG_JrWZAu005OuSxaMF7JHQEKgIat18uTB6FYD_FHqVa3OxLXYxVizygoWmACAAAA_1IAAAAIaAEHmQMU-MGkSWWF_uQmg32QAYxFG0-j9bLF4ZkWlKMjfWpvhMnya05rjz5CKtm0KTbSmSL3qvrz_fKbGYeW0RTM25NYZSIdHBw6OZZ_sTKjqz37Fx-wn-LO3syHu6134qyoijyBIInl2qZoxenNZB69DxZXKmbTjVWMlp0x4scwbSCDapC3_jc6oM3lYdIoenaE5lQNCVeviKMjKVZY-OaVFmp680B3bIgKNL7HnF19ERxXRPxrrXH1_Wvhp1rodrbGPRjwIc19_-vHOuYZLNuy-JZq8grgzwhvQhN-0OCSF8_CvwYfGsz0tTjsk-ID6nCn-7yrabs3_DOWAxr27EkaQiACwO7kld_qt0qINFaS9pJIhAagUHuF2zUyTGaDZPOyS6917uSgQA4gb0BzrhEBbdOFti_r5JW70mzlB43Hv8E22ftr65qBNQcAaxQg3CENV3r5aiBjQY4EZrbll_DYefLq7o8rg89vqWIXlKAtBbwEGz6Y57nW3v5XDhcS4jXAGIQykPa5VbpsIwsYr9N2FHd07CPyS3cubnZwvwPC9R8f_YVAuBCjPdKsU110LK3u4faTrObWpdoooVX4tp67OIl6srbvk52StqAYXGAtxpnIAZyjI3ctlwgdnH1E3mVwNJ0_NjGuUCcetTW-oHd52eDCrzzmP288Gr4SOWvD6oNXrYGfYVB71BHaHAzlMWGU1KWnMHnBpD1XFZsBMgD0thxjvwWFGWje2_OUuxp6inB7vwYVDN1f2VLc5iinPjOikNzpejHCsupcUcaepBGor2Sl4-1RRCKNZgRJADnGy19IxX4Em-dnVOrJbw8tkKXAWSvfrkObd-0aMDCCS0xX9ZzaYUeBpJn8ncQWgw7QmHECQSjZQiZ8t9iVJEHQ73kFDlGZwn9i6zvZc_9AQanZ5Hf9mXEG4eFV4Db5AUDJpbgTkl7K1xn-xp5_ytAWlDp3ueZuUa_0wESKwMp7owgUXG5MVbgHM_eeO-DChyG_aZP_Zx0zs0TcS7bqpFU7y3eKr_sw4zQ_e2TRGROIPy-3eCUbIUapYLk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F072 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BZ6zn-q-sZPGFENq5x_APso2EoAUAAAAAOAHgBAI&bg=!wsGlwZXNAAb90kgr3dI7ADkAdvg8WrWjS35Ylgb0aSmxRIo9tSKQ35TmpWo9g9Ka9OlbcRlKdfCHpPQFm6LLIZneVWgDLqTjRWkCAAABFVIAAAAJaAEHmQMVbIJ6QzZFTWc21lcUKxjCc5tb1O8AB7xmNeYtjZ3QzQ9ucNxNLWPzHua1UtMszundRA3-rZoNdCSM-TTPXvWYRbhHFHWGSKJkIFswNo6AvSFpIniZw79ijSPWbxKbEG5PfyVrdmVHdvKoSJGE0vYxKIDB34ZtzEkc9_JYKi8MU8SgtZ0nqFuFVq-KT1WGPOoXHXKmLDkSetOCqVopNuwFvsYqw4KXz1xJN6peLiKH_HiKoE5ktJSLbR86qdFjgwWmNpAIHnEhEsz601uDNwIcGYwr4jDq2Avii6LVZEO_FExln5AyFLo8xMwWY6cXUx1z6vyiZdO9Qee-bZtuJhtRbh-Z07-FsBN65hs0MsfEVgq76mxXWuixvi_nEJ9bJHT56-T0M2uo8gJgGLuB1a2fMlYu5HhwHkSryNMriHBQUy5Ot4vpTRmUPYuLqZYJFT_6kS2m0rVPG_QyAeqV6JLvg1SdS81zz6z-vnmyVNxkAneDUsGJ7CLcyn3x0lGn5g_49O7VhGtYA2yV464mSZyMEu3kSvQ6CuYstcfC46vJ4xbgV5f2qTt2tVpvyLGVTNc07VV46t_BI15SRA7HOPjrXDvEt_uz301ldv7ByBXgdjPDFKl5_Oz3J7dnUuqbih_hXUAYV_XCfJnpuBQOkx4CS1Xr1swOV7qfDxkDhEuY7uJNwo47S1erQmmoUiwjJckuniZZRWPprVaIOBtzqpQZ5fFZA6Kh0GuToa2-x8ENGEtjO2AcwVRtdwmpYBclwE7_t_edA6O3RAp404PImSapP6EdHayG2z7AvggMzAeOkIiXxYcZ70qbOQOWXOTahQgGfnxh9uaGbpK5AG2v3shXaE2qAeiGudqqJ2L0dr0y10S1aRnaN7yuzdPghte6VhR1TNUHcgWTssr5aChKEAEptbfFK_S1NO8lzuUTqkpIxCJ6daWtaEANIqr9BY1Z6xgQg8txWzs5zjen-Vu5SRFbvKMEkYYCcvOTDO9XDvAG8DytzEDWXL5-pQ58Kp3-3kbJx7g6Zf9hxTOf80-W4M6gJIHxpoDp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5ed7702fe4b07a92411bc03e
ng2.virgul.com/tck/imp/ Frame A502 0
209 B 47ms
47ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7702fe4b07a92411bc03e?g=1&t=gb&r=153378@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1689038841041&userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 11 Jul 2023 01:27:23 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4026 0
0 41ms
40ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230706&jk=2674859333090803&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js Show response
pagead2.googlesyndication.com/bg/ Frame 6617 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oBMhIGozJCmZhanrY2s6Nzm7GdNkvCqEaGjKud4M6yI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 16:34:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31992
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14631
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 09 Jul 2024 16:34:11 GMT

GET
H2

200

redot.js Show response
gdetr.hit.gemius.pl/__/_1689038843249/ Frame 2833
Redirect Chain

https://gdetr.hit.gemius.pl/_1689038843249/redot.js?id=nX.qv39nv4PgrHW1zPcagGaETBj1l_xLE8FDFCYPc8D.S7/fastid=ktibmvfkqpfwcvmtnweizagzzhmv/stparam=npeqlrgurd&inner=_ch_mobile%3D0%7C_ch_wow64%3D0%7C_...
https://gdetr.hit.gemius.pl/__/_1689038843249/redot.js?id=nX.qv39nv4PgrHW1zPcagGaETBj1l_xLE8FDFCYPc8D.S7/fastid=ktibmvfkqpfwcvmtnweizagzzhmv/stparam=npeqlrgurd&inner=_ch_mobile%3D0%7C_ch_wow64%3D0%...

2 B
179 B

59ms
59ms

XHR
application/x-javascript

188.165.145.88
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gdetr.hit.gemius.pl/__/_1689038843249/redot.js?id=nX.qv39nv4PgrHW1zPcagGaETBj1l_xLE8FDFCYPc8D.S7/fastid=ktibmvfkqpfwcvmtnweizagzzhmv/stparam=npeqlrgurd&inner=_ch_mobile%3D0%7C_ch_wow64%3D0%7C_ch_brands%3D%7C&extra=ls%3D1%7Ctpb%3D1%7Cifr%3D1%7Cifrv%3D98%7Cifrw%3D970%7Cifrh%3D250%7Cxref%3Dhttps%3A%2F%2Fpcloak.blob.core.windows.net%7Ctq%3D1%7Chct%3D739&lsdata=xPjV3O2sv7XV7Ylw3hBttf.Tv4X2gf6lN6oFos_j.mz.M7Obyh29uzGgbv4.L1ydPFuTHBbRP0ojSpmUHNaCcDS5KTf8/eqFIBhKW7a7n8/&href=https%3A%2F%2Fng2.virgul.com%2Fadview%3Fa%3D64954933e4b03f04e549367e%26r%3D153366%40site_geneli%40yemek_net%3Asite_geneli%26l%3D%26ext%3D%252Cas%252Crc0%252Chf1%252Cvv1%252Cgprec%253Dyemek%2526rec_ing%253D%26info%3D%26cs%3D1689038841226%26mt%3D1689038841041%26userId%3Dvnet2a1b8dc7-6780-4268-998b-67200964ffb6%26vmn%3D64954933e4b03f04e549367e___1533661919502793&ref=https%3A%2F%2Fye-mek.net%2F
Protocol: H2
Server: 188.165.145.88 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: GHC /
Resource Hash: 75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:23 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: CP="NOI DSP COR NID PSAo OUR IND"
access-control-allow-origin: https://ng2.virgul.com
content-type: application/x-javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 2
expires: Mon, 10 Jul 2023 01:27:23 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:23 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: CP="NOI DSP COR NID PSAo OUR IND"
access-control-allow-origin: https://ng2.virgul.com
location: /__/_1689038843249/redot.js?id=nX.qv39nv4PgrHW1zPcagGaETBj1l_xLE8FDFCYPc8D.S7/fastid=ktibmvfkqpfwcvmtnweizagzzhmv/stparam=npeqlrgurd&inner=_ch_mobile%3D0%7C_ch_wow64%3D0%7C_ch_brands%3D%7C&extra=ls%3D1%7Ctpb%3D1%7Cifr%3D1%7Cifrv%3D98%7Cifrw%3D970%7Cifrh%3D250%7Cxref%3Dhttps%3A%2F%2Fpcloak.blob.core.windows.net%7Ctq%3D1%7Chct%3D739&lsdata=xPjV3O2sv7XV7Ylw3hBttf.Tv4X2gf6lN6oFos_j.mz.M7Obyh29uzGgbv4.L1ydPFuTHBbRP0ojSpmUHNaCcDS5KTf8/eqFIBhKW7a7n8/&href=https%3A%2F%2Fng2.virgul.com%2Fadview%3Fa%3D64954933e4b03f04e549367e%26r%3D153366%40site_geneli%40yemek_net%3Asite_geneli%26l%3D%26ext%3D%252Cas%252Crc0%252Chf1%252Cvv1%252Cgprec%253Dyemek%2526rec_ing%253D%26info%3D%26cs%3D1689038841226%26mt%3D1689038841041%26userId%3Dvnet2a1b8dc7-6780-4268-998b-67200964ffb6%26vmn%3D64954933e4b03f04e549367e___1533661919502793&ref=https%3A%2F%2Fye-mek.net%2F
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Mon, 10 Jul 2023 01:27:23 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 6617 0
11 B 7ms
6ms Image
text/plain 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?v2-Fkw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 01:27:23 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 10FD 42 B
64 B 50ms
50ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss64edyC7uevz2jKUknIuf7VGdqyh9uJdNQp0c7Qr8lZHB243YWSfeMCfu6EW6XhranZQ4J2GBne3xj0CMNBqVV23sFtSDDtr5mm_EburqfCSg2PtXLndPRBkyY88ZDGqKAA44LbDB0acIY&sai=AMfl-YQY43-8Fc4l36ImC5y5UBBVDjh7GUgbeuMrXmI5-4I0a4G-6aNrf6kWFG2W8BtgDZameghoU8m8Alg5CRp-vA5e2bs1aVPU5CxRVf7K6w3cSKsVhE8Z5GfMeuY&sig=Cg0ArKJSzHL_KN35ZBtGEAE&cid=CAQSOwBpAlJWoQca0IDvNi8siH77-z4L4FxrjxNW8VTpdn88lLmBqLnZJ8YLYEJ0ZCg_eY82XCR1VsSvqGGUGAE&id=ampim&o=0,229&d=160,228&ss=1600,1200&bs=160,228&mcvt=1000&mtos=0,0,0,1000,1000&tos=0,0,0,1000,0&tfs=534&tls=1534&g=100&h=100&tt=1534&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 86A9 42 B
64 B 50ms
50ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuDqLDhBFUN_Kfz4waP6Dhz0XM3WFGib77AEIrl3erirPb9nc22k0RySu9J-7rgUKVVS2bGpBgjAftPcmL7ajWM7-0axxgnSRTJyGTuthvjPm4mBHR-VxoDbgHA5jquLirASL5f5-_bAd9z&sai=AMfl-YSiFsI-bLuXyf3VXJ_5H2YbaVuG5Ehd9uXRcfK5QGxPHGPKCIomzOyFDY_JjeZsAmswLrms8VpU1gwhnODDRtOHtSBISpmeEg1XByOubI7qqifHaIAPaUaeUOM&sig=Cg0ArKJSzBP4jGh3kKIoEAE&cid=CAQSOwBpAlJWZrxr5oQ4UVFvFb01WBHgjroV3gSMjOunttjlxfhksIgxz0eLuzsZOMgycWu-0GlecZmTfCavGAE&id=lidar2&mcvt=1000&p=0,119,40,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230710&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3299242717&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1689038841750&rpt=565&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6532 42 B
64 B 48ms
48ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstgs2nkDe8x97Yyfn_T4QWpdd3HYW4lO8gOFR4RqKN2C8gg8Ax2HrHsfm0cXHKt8CWFEsixM9US2PwBTKd9DAla_0_mMnMT_IjKYjhSLWdqKONYXxMhEIQotLSr0n4gQ3TV1HSxpQSPDczv&sai=AMfl-YRgf-O9eHOlsfT76m1hHD5L0W2rVfzZO2CShyPlWACbZ1iZPnTZk10zVUTJb44n_d3g87hwvtHZ5l9GlX97RbDjbUTrx-a2cLIxFJWLHQITRRg5w8cfhO1UomU&sig=Cg0ArKJSzGMYizbYjwuaEAE&cid=CAQSOwBpAlJWonhmtlIG1kO-E3o4XRv-QgGVMQ3daby9e6mwy3XV0q3whlPjQhoA8fcFr1qlkz_SZCL2p92dGAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230710&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=456810305&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1689038841917&rpt=525&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 86A9 0
20 B 41ms
40ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4922972434662&version=m202301230201&ct=76&x=1&cor=4910307427543806000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6532 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2087728927945&version=m202301230201&ct=76&x=1&cor=9114679046717076000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame A502 0
0 44ms
43ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230706&jk=2674859333090803&bg=!fX6lfirNAAb90kgr3dI7ADkAdvg8Wgsj8YeSyHHYcJ0zxLBB3X6IS9KdH0eIkHYBUlR8GZK4ebttlb7jDQrUyeuPQV5jYDAS-BYCAAAAX1IAAAAHaAEHCgCMKIa0Ztn4C9zUP7nsb7Hvn8uSlg6o1CRaZok1KVE-CA331mNIev4IlKZE6zJYFL9U70pXW4GX8RzJDXws98GqIMJqO5srjVNHYaDG2Rth5K7nPmI_P8Oidp-DzwMqKWrrxxnHDukbxCl-3OA46RsD_BFrr8K7FMnAp86bklmljPqAVSk1nG26nfmz4KWZAsd9jK-5IZSz52G6cLkxVQQNWoBQ6oRY_efBGlEu_-BHkOsEC06xORg-esuNF80DjgByVezcu53O-BaCElytSSt77-zTEe31pXHgc3XMCH5w0c4x7cER3BUxpCvDXC_ew2pLhD7zlTsU_XeuP4IzulviqRNAc6QIlAE56TPplpCdU5FDiCKov_-ZLCTAbGzg04X6UcycnmGPDgHMx1GpepIPqlURDlcWV_zyGXtF-7Td9Z7Am_tpKikC-0ImE0PjwjJUGbw-ICtumBvgA-FSeXSOlLhnl_Ikf9UWW4EIhKfyjHNbKyHBF4dyNHYMxp1b6X2qeztrPB6-vT7cTyJSoDzMd5NOozBaVqe5lJTwWRCtHk8wntxhzKtuaTUgD-I17i_JTz00NMdN7o9zl7ke7ESfWONHyRAgw9PbPEplEsqU73WquvxUszHbT40zHeN0ASKvicjlzG4nUDpLt2yLOUVCZDQYsSkpGZbjoLtdmWmDFlUYEX2ZFgJuWlVsdBrIXYQrUXuIsnyUZWuJj5gHOSteQDeRPNe6dNHySPMgc4_UCNfKlPzkt9-m96K2bj6HYMpqe8zEeM8r4_3v8rsLorgo-fm-njjt-Ulx66yDJxuGB_WQqZ1H3rI5-Lu4PEU7AyKr1DpJ3Q2YhpqPiEhFtCQCybn5yj5712AeVAazMuT1eIz_0-3pgWFSVBH9Kp1baGaug6tfsXoPTzKjkkcZnffB-tm2-atL7sNXId_H-GvzoPQiZw2YtsKiCjEp1hsgtcq4UqlDJCuBCKzXmunpr9-NitZfOwa2pXOdEljDtePgNl_vMd-77NIrrY2cVjgvB9BndAsD0PjLyFIJh-jkLJ8UJww9yxqF-DYDUJ7hNPHcJVz2dKKF9X3WlombTOewHxay7pzxsL9wnldpuoUw5DbuRWyEzTXGPmQt7tHZprIwO9R4uJoKeyQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 redot.js Show response
gdetr.hit.gemius.pl/_1689038843814/ Frame 2833 2 B
253 B 20ms
19ms XHR
application/x-javascript 188.165.145.88
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gdetr.hit.gemius.pl/_1689038843814/redot.js?id=nX.qv39nv4PgrHW1zPcagGaETBj1l_xLE8FDFCYPc8D.S7/stparam=kamgpoqiwc&inner=_ch_mobile%3D0%7C_ch_wow64%3D0%7C_ch_brands%3D%7C&extra=isn%3D0%7Cisn_d%3D2551%7Cisn_s_v%3D3v4d_4%7Cls%3D1%7Ctpb%3D1%7Cifr%3D1%7Cifrv%3D98%7Cifrw%3D970%7Cifrh%3D250%7Cxref%3Dhttps%3A%2F%2Fpcloak.blob.core.windows.net%7Ctq%3D2%7Chct%3D739&lsdata=xPjV3O2sv7XV7Ylw3hBttf.Tv4X2gf6lN6oFos_j.mz.M7Obyh29uzGgbv4.L1ydPFuTHBbRP0ojSpmUHNaCcDS5KTf8/eqFIBhKW7a7n8/&href=https%3A%2F%2Fng2.virgul.com%2Fadview%3Fa%3D64954933e4b03f04e549367e%26r%3D153366%40site_geneli%40yemek_net%3Asite_geneli%26l%3D%26ext%3D%252Cas%252Crc0%252Chf1%252Cvv1%252Cgprec%253Dyemek%2526rec_ing%253D%26info%3D%26cs%3D1689038841226%26mt%3D1689038841041%26userId%3Dvnet2a1b8dc7-6780-4268-998b-67200964ffb6%26vmn%3D64954933e4b03f04e549367e___1533661919502793&ref=https%3A%2F%2Fye-mek.net%2F
Requested by: Host: gdetr.hit.gemius.pl
URL: https://gdetr.hit.gemius.pl/gdejs/xgde.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 188.165.145.88 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: GHC /
Resource Hash: 75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 01:27:23 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: CP="NOI DSP COR NID PSAo OUR IND"
access-control-allow-origin: https://ng2.virgul.com
content-type: application/x-javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 2
expires: Mon, 10 Jul 2023 01:27:23 GMT

GET
H2 200 5ed7706de4b07a92411bc042
ng2.virgul.com/tck/imp/ Frame A502 0
209 B 46ms
46ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7706de4b07a92411bc042?g=1&t=gb&r=153379@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1689038841041&userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 11 Jul 2023 01:27:24 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed76f76e4b07a92411bc03a
ng.virgul.com/tck/i_vb2/ Frame A502 0
209 B 47ms
46ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed76f76e4b07a92411bc03a?l=&r=153377@site_geneli@yemek_net:site_geneli&cs=1689038844286&userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 11 Jul 2023 01:27:24 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771bae4b07a92411bc04c
ng.virgul.com/tck/i_vb2/ Frame A502 0
209 B 47ms
46ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771bae4b07a92411bc04c?l=&r=153382@site_geneli@yemek_net:site_geneli&cs=1689038844286&userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 11 Jul 2023 01:27:24 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771e3e4b07a92411bc04e
ng.virgul.com/tck/i_vb2/ Frame A502 0
209 B 47ms
47ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771e3e4b07a92411bc04e?l=&r=153383@site_geneli@yemek_net:site_geneli&cs=1689038844286&userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 11 Jul 2023 01:27:24 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed7706de4b07a92411bc042
ng2.virgul.com/tck/imp/ Frame A502 0
209 B 47ms
46ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7706de4b07a92411bc042?g=1&t=gb&r=153379@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1689038841041&userId=vnet2a1b8dc7-6780-4268-998b-67200964ffb6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Tue, 11 Jul 2023 01:27:24 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

32 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 22:32:14	Name: IDE Value: AHWqTUmIwJ6ZWONE25mACSXL8MJElJlVo7aZJcqn8wCAGsAErMlI3G3wOHU_AxeC3fM
.casalemedia.com/	1970-01-20 21:56:14	Name: CMID Value: ZKyv.cEbUkl96I2myTSYWAAA
.casalemedia.com/	1970-01-20 15:20:14	Name: CMPS Value: 2189
.casalemedia.com/	1970-01-20 15:20:14	Name: CMPRO Value: 2189
.adnxs.com/	1970-01-20 15:20:14	Name: uuid2 Value: 162181752964044556
.doubleclick.net/	1970-01-20 17:29:50	Name: APC Value: Aa3gxNqutJRdu26mbfxgkTX8ZeyRK97k_fNdsKLxGmzEn7OfEvMNBA
.trgde.adocean.pl/	1970-01-20 22:39:26	Name: GAD Value: KlShJRMGQMQGi9riqKr_mLRUssGMXP8cFRySssX6QssGvaGpI7EPojVQL18GYsCFS8mUuAeGsG..
.adnxs.com/	1970-01-20 15:20:14	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Ilbx6os2!]tbPl1M>e)ZlrFUfJ+tGXxoaDc>6/K_ti*IRq=wXn^6/Q/2Vq_/!VCW!PCS3If)y3KL9D3I?+v_TV=X
.doubleclick.net/	1970-01-20 13:10:42	Name: DSID Value: NO_DATA
.travelaudience.com/	1970-01-20 22:42:19	Name: _tracker Value: %7B%22UUID%22%3A%224DA99529-3FF1-42E3-8FAD-B1BCFB707BB9%22%7D
.adfarm1.adition.com/	1970-01-20 15:20:14	Name: UserID1 Value: 7254366588071049357
.adform.net/	1970-01-20 13:55:17	Name: C Value: 1
.360yield.com/	1970-01-20 15:20:14	Name: tuuid Value: b7eff022-7c8b-4432-9c23-b9d399d72643
.360yield.com/	1970-01-20 15:20:14	Name: tuuid_lu Value: 1689038842
.adform.net/	1970-01-20 14:37:02	Name: uid Value: 8267267502400593521
.quantserve.com/	1970-01-20 15:20:14	Name: d Value: EAkBCQG4KYEA
.quantserve.com/	1970-01-20 22:40:53	Name: mc Value: 64acaffa-6cb3b-b2f8b-3900d
.blismedia.com/	1970-01-20 21:56:18	Name: b Value: 64ACAFFA1E5E5B724CC9E8DBBLIS
.pubmatic.com/	1970-01-20 13:12:05	Name: KTPCACOOKIE Value: YES
.mathtag.com/	1970-01-20 13:53:50	Name: mt_mop Value: 4:1689038842
.w55c.net/	1970-01-20 22:42:19	Name: wfivefivec Value: qBznZoxR1Qj29Y5
.pubmatic.com/	1970-01-20 21:56:14	Name: KADUSERCOOKIE Value: B77F4A8B-86CE-4502-A775-5CF8027DE06D
.w55c.net/	1970-01-20 13:53:50	Name: matchgoogle Value: 5
.bidswitch.net/	1970-01-20 21:56:14	Name: c Value: 1689038842
.bidswitch.net/	1970-01-20 21:56:14	Name: tuuid_lu Value: 1689038842
.bidswitch.net/	1970-01-20 21:56:14	Name: tuuid Value: d066aae2-ad72-40e7-a785-cfabb8384b48
.de17a.com/	1970-01-20 21:49:02	Name: guid Value: 1.136439293720366105
.bidswitch.net/	1970-01-20 13:10:39	Name: google_push Value: AaAOQGG8MlYPXYCX2QLdt3vKfJvTbBjzBedD-7T1JUAXtNVotXoIQ1bDryw4wtthptvf6ijv8qVR33tQwaOAF-MZkJq0IV1a6YQj
.3lift.com/	1970-01-20 15:20:14	Name: tluid Value: 1598552494397814019450
.simpli.fi/	1970-01-20 21:57:41	Name: suid Value: 1F345E96CAB34FA3A03A7E3154AAFF56
.hit.gemius.pl/	1970-01-20 13:20:43	Name: Gtest Value: KlSzVMaGQMGGSpmEZqh_mLRUssGMXP8c25nSGAZpV7L8XBG.
.hit.gemius.pl/	1970-01-20 22:39:26	Name: Gdyn Value: KlQxFRXGQMGGSpmEZqh_mLRUssGMXP8c25nSGAZpV7L8FRSSYs_HnGGfGnfWHmExSQGgr2xaG0F6Sssa

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pcloak.blob.core.windows.net/web/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
javascript	error	URL: https://ye-mek.net/(Line 39) Message: Unsafe attempt to initiate navigation for frame with URL 'https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html' from frame with URL 'https://ye-mek.net/'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/feature/5851021045661696.
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689038841143&bpp=3&bdt=680&idt=87&shv=r20230706&mjsv=m202307050101&ptt=9&saldr=aa&nras=1&correlator=2326758356116&frm=24&ife=1&pv=2&ga_vid=1101404077.1689038841&ga_sid=1689038841&ga_hid=1121006933&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=31075630%2C44759875%2C44759842%2C44759926%2C31075757%2C31075814%2C31075873%2C31075881%2C44788441%2C44796632&oid=2&pvsid=2674859333090803&tmod=1922573078&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.48z839jzo52z&fsb=1&dtd=104 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5dee0b98a3b016d0bb2d08cb16d2f67d.safeframe.googlesyndication.com
aax.amazon-adsystem.com
ads.travelaudience.com
adservice.google.com
ajax.googleapis.com
c.amazon-adsystem.com
c1.adform.net
c1.imgiz.com
cdn.ampproject.org
cdn.ye-mek.net
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
csi.gstatic.com
d5p.de17a.com
dclk-match.dotomi.com
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eb2.3lift.com
feed.pghub.io
gdetr.hit.gemius.pl
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
image6.pubmatic.com
images.dmca.com
imasdk.googleapis.com
ls.hit.gemius.pl
match.360yield.com
match.adsrvr.org
ng.virgul.com
ng2.virgul.com
onetag-sys.com
pagead2.googlesyndication.com
pcloak.blob.core.windows.net
pghub.io
pixel.rubiconproject.com
pm.w55c.net
portal.o2online.de
rtb.openx.net
s.ad.smaato.net
s0.2mdn.net
s7.addthis.com
secure.adnxs.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
static.virgul.com
sync.mathtag.com
sync.teads.tv
tpc.googlesyndication.com
tr.blismedia.com
trgde.adocean.pl
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
www.cloakan.co
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
ye-mek.net
104.75.88.126
104.75.89.75
108.138.9.235
13.224.192.181
13.248.245.213
141.101.90.97
142.250.184.226
146.59.30.96
151.139.128.10
172.217.18.2
178.250.7.11
185.29.134.244
185.64.190.78
185.7.176.222
185.7.176.223
185.80.39.216
185.86.139.101
185.89.210.153
188.165.145.88
20.60.220.36
213.155.156.166
2600:9000:2057:ac00:1b:5138:8a40:93a1
2620:116:800d:21:de2e:c7b3:55c0:d5a0
2a00:1450:4001:803::2002
2a00:1450:4001:808::2002
2a00:1450:4001:80b::2001
2a00:1450:4001:810::2002
2a00:1450:4001:827::2004
2a00:1450:4001:828::200a
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2006
2a00:1450:4001:82b::2001
2a00:1450:4001:82f::2008
2a00:1450:4001:831::2001
2a00:1450:4001:831::200a
2a00:1450:4002:414::2003
2a02:6ea0:c700::19
2a02:fa8:8806:12::1370
2a03:2880:f083:100:face:b00c:0:3
3.33.220.150
3.75.62.37
34.102.243.38
34.96.105.8
35.158.39.51
35.186.253.211
35.190.0.66
35.204.158.49
35.241.45.217
35.244.159.8
37.157.3.20
51.89.9.251
52.57.153.48
54.171.31.19
69.173.144.138
77.245.159.14
85.114.159.118
92.222.252.174
94.138.206.83
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
011e3c5d05b1f8220f59241e57ac65c49b382e8ed8eff99149e2eda18e36a660
01204747c552676cceff27ecab875807de15fc28860715608db3d368ba736b3e
02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2
0407c967f9b56d97e40232370eda7a905d27c980d1ddcfdf55c719bae9c3b444
05ad270153c2331d92114277b25d13e46449f8133b38786a8c52c2ce6328d791
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0fb87da221f6bd6ca2145dbfdc42e0d7d4a73fe418fb409cc2b019ce0a3506d6
117c21886ab79c6c187ae55ffd97aec5c3776357e77f9fd4a67b3fb429c794d2
120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708
121274f84490f52bb8323475b5f346338e3ed799b15aec6d6c2ac5f7b762008e
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
153e16434e35bbd9bbcff26425cd7d24a240b15f44b9e04cd8f9c3efb3d052f8
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c
18e7f3232e16c5af1b4d3192ed6be46c39b4902ecef8717b7a1dc69da6b8fe34
1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc
22fee539734d38c9e84e3982188b21bafc9457236279a136ce1b3b9d55667437
243ff4b38ca5fe323056ea75585fb66ec3ed73293eac13e7d215376f1418eb4a
25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6
25b451f3cad26104f57800c79546bf5a40295d0cecf5623e623f4479b94d0ddd
25f2cf0d92927ea6a032fa0eca112d4e69207864db577150d8bd82fd05a3ff7c
2731af422b78e17ead685f1d3c0b26dffca1bcd6bc926535a95361439364ab76
273e7d56a956cc63c4bbf086755eaed2502fc8b47c35270fd084ea28ec24c3a0
274d7c618c1972083333f7020a9768ca0d10519473f54110f184e09d269bdb47
27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea
2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f
2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27
2ec83381655c8a79a739b55b151d24bf78451562b314fca054876a82d6cee4ab
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
38cd707764af5e7610feaee1542d30cfd86a74d0eee75df12aaf6b1d0ded65e5
3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96
3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
42d7836906cd2028c5a93a533f6bf85e125db2140198068d61c119e8a1293f47
4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b
4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e7d16b44de4787422f67972c2e5347dd152e896847b27b42fcf965397e4e491
503974bd88bc7eb0e1ea7da872beb05f6d94673ae21c4d4f5b193d6d6d3af8cd
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184
5157278c00662adeaef676d943c2150691103322d36a3ec6e587b01cb3a7fb3a
52337cf2499996a25da3c2f17c8e0492c2d728c4b22bdd9b4da2089fcedac9ba
537d42962737bc550bbf34d1404e336cebc1b46ced111cc3c5b1ab744d38bb85
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55d8e361dbd9836fd30cb84086a892dbea320718876beb3cd7843acc68c57c9b
5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92
597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf
5af185c4ee2f05f5e2f6407594cd75cb32129871c2ec0f0957be6d3129a8cf54
5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971
6003a2f2c3891e74c7e2f6b11f46977551c5543bc59b3f4d11fbdacc7321797e
613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63d0138a5c7998c3d0690e64e8d065ab684b7da702f79944b3d331a337451d9d
66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492
677994db31330e102362f8d43e2b48d5d1b1dbd948158a741b7a82018f3d5374
680026f318b1fd16bc8e7b24ba4e32073bc98978f5bd67f19c1b30019a6decf0
6912f4b175280972c27f9ecb7faef8b018147adad03e0f8b4dfccfcdfa934008
69d6aa203babe6b2291333fcb524cb8eb2fe1374b61d879e014c9df71011aef8
6a5c3836f01af05b52f926264495b7bac8dcef94acc6cfdbb3fbfa5054e941d8
6aea6fde833572bd59a87046f50ba96c3e3f34d910a2a74bbdebc5ee6c5f7aab
6cc9a183b5e2429546fa85901c8a0e7c77add2b42698d50d7a5013b5fc26edc5
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
732ca7374ef774a17a4e674e5a158f7991385c5e54afdd2eb91880d3d1d2ccc3
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070
78c22d82748b1c24bea00726147dc80fa1a93895cc9f6e82e52c2b57d4fb051a
797255b9062dc8576102bba5f6e0c0e0a9691e4ca8560066e943b1d10f4f0846
79cbf9d3dc9d8df1616dd585c95022e1104e8b2700974ba07a9c1a26187bf3e3
7b17d2d0a88d045b86c025e6a7978189716ddd6776e975bb9de1ad43be17348f
7bbd910982260037f1c9d83f2c7fe743e789ca06dd54c9eb56c2598b7b928fd0
80fb91f02d602edb4c0b521986ec93600dfd1d65953d3ad41caac2da083caf5f
81edaeb1fa8ee92d6ff74b25c17ee3c4281188958a1e5506ccb8fca25469a639
837d63620657b055c980948022e01ba5c63c986d3d08ca7db80558411eab45d6
839faa9eb1804c943ab253022ef5b9f91c5d2c8f5b30f96a967542ac1db45c16
86a3bf695558f201298520ee57f86cccdc36caee8822201c83142997663a5ceb
87a279c5253e6ecf14ccebb981758aaddefeb4612391f556a132da8df114aeb5
885feef3723fd2632a8134742ddaa9452b7b477ee75b08e521a99ed3423f45c5
8cf97490bbe44aa43c01097db31f7bea02acaf111fbc3b6dde31745faf9d8d18
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
928dcf3448d1da863637f27c782d7f25fec98000d12f9298005504e44c53a1e0
93e5322cdb119a013712c129c176cd347dc0bfcdacb0f8f610259918b8faabf4
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ae24c597cdaad090110b675ecd31a3f4a0c2bfc255b34d1fad45faa293ba272
9b0cb6e6dea44f630d8b2ff60353714c253e2756a4a792d58326ea10df0f9780
9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a01321206a3324299985a9eb636b3a3739bb19d364bc2a846868cab9de0ceb22
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a859255bca4512a88dea98f5704c41b766f33e3a43a27204048ff9e757c152b1
a922254e89c4606e02b4490153175d02cb137c4799e0dc602a28216816980817
aab46de6d65b0109879b01732a6660ccbebee7f07022642bf38ccecd4d501da4
ab49b06f01ba01695f3b425793784b260bc2dea123e763d6201f234f2315c9ad
abcfc66c4fb4bb9a1493824f5acd764bd8e06bc80a03f7cc2817159b22486ba6
ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a
adf27d0b8603ad3a168c513fd1cdca4b84a56b13cc17e54586c90939e6de6e8e
b051db9511dc29e804cacb729965ce83a3bc4d377539b7371bbe9577a0f57b67
b0c2617cc32996420f89cdde2c7212f9c0a7510373007786ed582ac2d7a06c53
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b186ef2c26d18c1bc13897daa9407006d5aa5b11f34ac999d645e15ec890508a
b1a214f7ec56468af251e6e685703fca451ccc00ba0ba00d15072a84f327bf4c
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b7f5845e5923297b8c95bc7eda18709c9c4a31dc532f19526357f3be6c55910c
b8cebe2c8762199df0e2ae5d1d08a16443de2e329b24c405c0e46ccee37606c2
bcd5fa5d7dbca071d56d8dbd96ea4b73018dabd55ba191b2cd111719765f384c
bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
c39f6d35bf81312341e0a8c8a21d2e15bbaa64a730db262ec88fb3ed42e9f433
c3b1ca5d98d4076ec5875d96d79179647df3148e16005ec6c2b7e131eabecbb5
c52e2a15cba5be54e6986bd808f5a6aa6705b0efffd9379feb005dabdb748e32
cbcb528af7c43cf9a3bad6ba2c2539e89722848b62ea05d11be29ea1949eafd5
cc768907a13ed8d1731eea6ea6d8feeab05c62f17dbd7bcd97b8bc6b03994fb7
cc9b3925630f6d074bcab26519f1ec19a2e400175ab07ba7b2a79ac78e89dc87
cd253de2db573d215e4e8879f8d87afb505613800ee261716a2a69c6789da872
cf7d080023378703e01baa5922dce76f43bfd1ffa37f137a957599254bd02d1b
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5
cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d30213f5e4fa1655e9213e6311bf2cfcf8a3d2469498db705b8bf1fbab96aff4
d36dfe6d6d9da7b8fca74c7e5587a057a719eed2d2d1eae4fcd7af0e2d12f21f
d48402a3dbce81a21d0cd9300f37d4cc3633a8e7ad45e88d50b9996e6c318104
d78ac7736c81e9619f1cfc2840167113a9f050e5ed5221a6523cbc6f917f98c2
d82c4906e4b728e92a7fcec80c1f8bcb5b16502d30a9de09a361dc503a70145a
d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60
dafa5a247facfc545e94a09ea12da423909aefca05557ec1a73e6d296fc540aa
dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc
e16b6becd83b0ee3de5d41e31dd0931ce182abb90e7abaea50edcff471dd0147
e275863e71c35954e13772523d1350408cdae8157d816efa000330991b7bfb13
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e477a0e0f51eb6fae3b1a7e13fc4b2a12e809f1e51dc995b2b8e1d6c351d3971
e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0
ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0e2f6c277ff5d8359dec23dff73f2e1ea64f512f3cf966ba7432e76e90846fb
f21460b090958cc601f62f041603072b4b3c4546863f64b2cafa4a352adf3446
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f5bc40f0b27ed579e44b85aa0f4f6213464143adc31ae92ad6894f8b5f37698c
f87a7cb961b0230a13d3eb0726a3f00b162fccd98b9b67f13ba570568377e11e
f973d75ead19729433907ba993cee75784ac0ba25a5f229c3091e7f45966b1a3
fb9ee137734c9d4933d908d02325dc37c4dd86dd58614a2c7d9d5a01890aefd2
ff2c4473a2b378c031f0789160eaa65929196be9a5d402930b5f5dd13da4dccb

pcloak.blob.core.windows.net Open in urlscan Pro 20.60.220.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

308 Requests

89 %HTTPS

31 %IPv6

47 Domains

62 Subdomains

46 IPs

11 Countries

4655 kBTransfer

9596 kBSize

32 Cookies

0 Outgoing links

Redirected requests

308 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Screenshot
Live screenshot

Full Image

308
Requests

89 %
HTTPS

31 %
IPv6

47
Domains

62
Subdomains

46
IPs

11
Countries

4655 kB
Transfer

9596 kB
Size

32
Cookies

308 HTTP transactions
6 data transactions