pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Submission: On June 28 via api (June 28th 2023, 9:57:43 pm UTC) from TR — Scanned from DE

Summary HTTP 422 Redirects Behaviour Indicators

Summary

This website contacted 67 IPs in 12 countries across 57 domains to perform 422 HTTP transactions. The main IP is 20.60.220.36, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pcloak.blob.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on March 22nd 2023. Valid for: a year.

This is the only time pcloak.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	20.60.220.36 20.60.220.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NIOBEBILI...) (NIOBEBILISIMHIZMETLERI)
3	94.138.206.83 94.138.206.83	49126 (AS49126) (AS49126)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
40	2a02:6ea0:c70... 2a02:6ea0:c700::17	60068 (CDN77 ^_^) (CDN77 ^_^)
2	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
2	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	23.206.208.114 23.206.208.114	16625 (AKAMAI-AS) (AKAMAI-AS)
19	185.7.176.221 185.7.176.221	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2001:4860:480... 2001:4860:4802:36::178	15169 (GOOGLE) (GOOGLE)
27	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
69	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
3	65.9.90.93 65.9.90.93	16509 (AMAZON-02) (AMAZON-02)
19	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
1	65.9.93.173 65.9.93.173	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
2	185.7.176.223 185.7.176.223	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
43	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
6	2404:6800:400... 2404:6800:4005:81d::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:3::12 2a02:2638:3::12	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
45	2a00:1450:400... 2a00:1450:4001:811::2006	15169 (GOOGLE) (GOOGLE)
2 10	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
2	2a02:2638:d::2 2a02:2638:d::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	3.122.44.22 3.122.44.22	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:212... 2600:9000:2127:7a00:3:4706:a6c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:212... 2600:9000:2127:8200:1b:f040:3600:93a1	16509 (AMAZON-02) (AMAZON-02)
2	154.58.197.185 154.58.197.185	174 (COGENT-174) (COGENT-174)
10 35	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
4 8	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
6 8	185.89.210.180 185.89.210.180	29990 (ASN-APPNEX) (ASN-APPNEX)
2	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	104.75.89.75 104.75.89.75	16625 (AKAMAI-AS) (AKAMAI-AS)
1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
4 4	198.47.127.19 198.47.127.19	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
2 2	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
3 3	46.228.174.117 46.228.174.117	56396 (AMOBEE) (AMOBEE)
1	185.86.138.152 185.86.138.152	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	185.89.210.101 185.89.210.101	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	3.124.28.168 3.124.28.168	16509 (AMAZON-02) (AMAZON-02)
1 1	185.29.132.245 185.29.132.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
2 2	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2 2	2a05:d018:d29... 2a05:d018:d29:3602:702:e4aa:922d:1c38	16509 (AMAZON-02) (AMAZON-02)
3	3.71.149.231 3.71.149.231	16509 (AMAZON-02) (AMAZON-02)
4	78.46.23.46 78.46.23.46	24940 (HETZNER-AS) (HETZNER-AS)
2	178.250.1.6 178.250.1.6	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:2638:3::1a 2a02:2638:3::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 5	159.69.70.9 159.69.70.9	24940 (HETZNER-AS) (HETZNER-AS)
2 3	185.94.180.125 185.94.180.125	35220 (SPOTX-AMS) (SPOTX-AMS)
6	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
2	2a02:fa8:8806... 2a02:fa8:8806:16::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 2	2606:4700::68... 2606:4700::6812:18ad	() ()
2 2	34.91.62.186 34.91.62.186	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	178.250.7.11 178.250.7.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	37.157.5.133 37.157.5.133	198622 (ADFORM) (ADFORM)
2 2	20.127.253.7 20.127.253.7	() ()
2	162.19.138.120 162.19.138.120	() ()
1 2	51.89.9.251 51.89.9.251	16276 (OVH) (OVH)
1 1	35.156.85.133 35.156.85.133	() ()
1	35.227.252.103 35.227.252.103	() ()
1	2620:116:800d... 2620:116:800d:21:de2e:c7b3:55c0:d5a0	() ()
3	145.239.193.130 145.239.193.130	() ()
1	2a0b:4d07:101::1 2a0b:4d07:101::1	() ()
1 2	2a01:4f8:d0a:... 2a01:4f8:d0a:2321::2	() ()
1	49.12.16.151 49.12.16.151	() ()
1	35.178.131.157 35.178.131.157	() ()
1 2	142.250.186.134 142.250.186.134	() ()
1	65.9.95.34 65.9.95.34	() ()
1	65.9.95.76 65.9.95.76	() ()
2	18.168.234.149 18.168.234.149	() ()
1 2	54.195.140.228 54.195.140.228	() ()
422	67

4 20.60.220.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pcloak.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NIOBEBILISIMHIZMETLERI, TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 94.138.206.83 (Turkey)

ASN49126 (AS49126, TR)

ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a02:6ea0:c700::17 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

cdn.ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.206.208.114 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-206-208-114.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 185.7.176.221 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

static.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng2.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:36::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

69 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.90.93 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-90-93.prg50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.93.173 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-93-173.prg50.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.7.176.223 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

c1.imgiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

feed.pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2404:6800:4005:81d::2003 (Hong Kong)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::12 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

45 2a00:1450:4001:811::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:d::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.122.44.22 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-44-22.eu-central-1.compute.amazonaws.com

i.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2127:7a00:3:4706:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cti.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2127:8200:1b:f040:3600:93a1 (United States)

ASN16509 (AMAZON-02, US)

ads.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 154.58.197.185 (Indonesia)

ASN174 (COGENT-174, US)
PTR: staticip-hv4m185.hispavista.com

t.hspvst.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 142.250.186.66 (United States) 10 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.80.39.216 (Canada) 4 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.89.210.180 (Frankfurt am Main, Germany) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.75.89.75 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-89-75.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 198.47.127.19 (United States) 4 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.138 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 46.228.174.117 (United Kingdom) 3 redirects

ASN56396 (AMOBEE, GB)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.138.152 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.210.101 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.124.28.168 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-28-168.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.245 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.0.66 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:d29:3602:702:e4aa:922d:1c38 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.71.149.231 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 78.46.23.46 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.46.23.46.78.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.1.6 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 159.69.70.9 (Nuremberg, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.9.70.69.159.clients.your-server.de

hal900017.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.94.180.125 (Amsterdam, Netherlands) 2 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:fa8:8806:16::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (None, ) 1 redirects

ASN- ()

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.91.62.186 (Groningen, Netherlands) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.62.91.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.5.133 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.127.253.7 (None, ) 2 redirects

ASN- ()

sync.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.19.138.120 (None, )

ASN- ()

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.89.9.251 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip251.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.156.85.133 (None, ) 1 redirects

ASN- ()

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (None, )

ASN- ()

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:de2e:c7b3:55c0:d5a0 (None, )

ASN- ()

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 145.239.193.130 (None, )

ASN- ()

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:101::1 (None, )

ASN- ()

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a01:4f8:d0a:2321::2 (None, ) 1 redirects

ASN- ()

cdn.retailads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 49.12.16.151 (None, )

ASN- ()

futalis.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.178.131.157 (None, )

ASN- ()

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.134 (None, ) 1 redirects

ASN- ()

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.95.34 (None, )

ASN- ()

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.95.76 (None, )

ASN- ()

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.168.234.149 (None, )

ASN- ()

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.195.140.228 (None, ) 1 redirects

ASN- ()

unilever.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
121	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 135 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 160	947 KB
81	doubleclick.net 11 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 216 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 cm.g.doubleclick.net — Cisco Umbrella Rank: 254 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 346 5994599.fls.doubleclick.net	436 KB
45	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 325	2 MB
43	ye-mek.net ye-mek.net cdn.ye-mek.net	659 KB
19	virgul.com static.virgul.com — Cisco Umbrella Rank: 81866 ng.virgul.com — Cisco Umbrella Rank: 65490 ng2.virgul.com — Cisco Umbrella Rank: 74231	233 KB
14	google.com 2 redirects adservice.google.com — Cisco Umbrella Rank: 113 www.google.com — Cisco Umbrella Rank: 10	2 KB
10	gstatic.com csi.gstatic.com fonts.gstatic.com	61 KB
9	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 38273 hal900017.redintelligence.net — Cisco Umbrella Rank: 339410	44 KB
9	adnxs.com 7 redirects ib.adnxs.com — Cisco Umbrella Rank: 257 secure.adnxs.com — Cisco Umbrella Rank: 469	10 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 635	6 KB
8	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 205	448 KB
7	w55c.net 1 redirects i.w55c.net — Cisco Umbrella Rank: 2590 cti.w55c.net — Cisco Umbrella Rank: 4192 ads.w55c.net — Cisco Umbrella Rank: 12943 pm.w55c.net	81 KB
6	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 433 imasdk.googleapis.com — Cisco Umbrella Rank: 500 fonts.googleapis.com — Cisco Umbrella Rank: 88	286 KB
5	yahoo.com 2 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 481 ups.analytics.yahoo.com — Cisco Umbrella Rank: 338	2 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 391	110 KB
4	pubmatic.com 4 redirects image6.pubmatic.com — Cisco Umbrella Rank: 812	2 KB
4	criteo.net static.criteo.net — Cisco Umbrella Rank: 568 csm.eu.criteo.net — Cisco Umbrella Rank: 7838	18 MB
4	criteo.com ads.eu.criteo.com — Cisco Umbrella Rank: 7742 cat.nl3.eu.criteo.com — Cisco Umbrella Rank: 9055 dis.criteo.com — Cisco Umbrella Rank: 608	8 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 353 aax.amazon-adsystem.com — Cisco Umbrella Rank: 438	62 KB
4	windows.net pcloak.blob.core.windows.net	3 KB
3	webgains.io analytics.webgains.io api.webgains.io	31 KB
3	medialead.de pv.medialead.de	1 KB
3	spotxchange.com 2 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 794	2 KB
3	openx.net us-u.openx.net — Cisco Umbrella Rank: 496 rtb.openx.net	663 B
2	demdex.net 1 redirects unilever.demdex.net	2 KB
2	retailads.net 1 redirects cdn.retailads.net	6 KB
2	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 857	487 B
2	id5-sync.com id5-sync.com	2 KB
2	inmobi.com 2 redirects sync.inmobi.com	1 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 633	1 KB
2	simpli.fi 2 redirects um.simpli.fi — Cisco Umbrella Rank: 981	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	1 KB
2	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 3235	207 B
2	travelaudience.com 2 redirects ads.travelaudience.com — Cisco Umbrella Rank: 8041	911 B
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 359	1 KB
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 613	2 KB
2	rubiconproject.com 2 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 374	922 B
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1425	326 B
2	hspvst.com t.hspvst.com — Cisco Umbrella Rank: 188023	2 KB
2	imgiz.com c1.imgiz.com — Cisco Umbrella Rank: 136022	131 KB
2	pghub.io pghub.io — Cisco Umbrella Rank: 2090 feed.pghub.io — Cisco Umbrella Rank: 2360	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 173	89 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 13228	6 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	91 KB
2	cloakan.co www.cloakan.co	1 KB
1	webgains.team cdn.track.production.webgains.team	3 KB
1	webgains.com track.webgains.com	2 KB
1	futalis.de futalis.de	401 B
1	office-partner.de adv.office-partner.de	931 B
1	quantserve.com cms.quantserve.com	463 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 44074	610 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 577	731 B
1	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 922	75 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1372	574 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 383	265 B
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 63	21 KB
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2484	361 B
422	57

	Domain	Requested by
69	pagead2.googlesyndication.com	static.virgul.com pagead2.googlesyndication.com 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com googleads.g.doubleclick.net ye-mek.net tpc.googlesyndication.com s0.2mdn.net www.googletagservices.com securepubads.g.doubleclick.net
45	s0.2mdn.net	ye-mek.net cdn.ampproject.org 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com pcloak.blob.core.windows.net s0.2mdn.net
43	tpc.googlesyndication.com	4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com ye-mek.net cdn.ampproject.org googleads.g.doubleclick.net pcloak.blob.core.windows.net tpc.googlesyndication.com s0.2mdn.net pagead2.googlesyndication.com securepubads.g.doubleclick.net
40	cdn.ye-mek.net	ye-mek.net cdn.ye-mek.net
35	cm.g.doubleclick.net	10 redirects googleads.g.doubleclick.net ye-mek.net 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
19	googleads.g.doubleclick.net	pagead2.googlesyndication.com 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com ye-mek.net pcloak.blob.core.windows.net googleads.g.doubleclick.net
19	securepubads.g.doubleclick.net	static.virgul.com securepubads.g.doubleclick.net 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com pcloak.blob.core.windows.net ye-mek.net www.googletagservices.com
10	www.google.com	2 redirects ye-mek.net 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
9	4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
9	ng.virgul.com	static.virgul.com ye-mek.net
8	ib.adnxs.com	6 redirects googleads.g.doubleclick.net
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
8	www.googletagservices.com	4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com googleads.g.doubleclick.net
7	static.virgul.com	ye-mek.net static.virgul.com pcloak.blob.core.windows.net
6	googleads4.g.doubleclick.net	pcloak.blob.core.windows.net
6	csi.gstatic.com	imasdk.googleapis.com
5	hal900017.redintelligence.net	1 redirects 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com hal900017.redintelligence.net
5	cdn.ampproject.org	securepubads.g.doubleclick.net
4	hal9000.redintelligence.net	4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com hal900017.redintelligence.net
4	image6.pubmatic.com	4 redirects
4	fonts.gstatic.com	fonts.googleapis.com
4	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com 5994599.fls.doubleclick.net
4	pcloak.blob.core.windows.net	pcloak.blob.core.windows.net
3	pv.medialead.de	hal900017.redintelligence.net
3	sync.search.spotxchange.com	2 redirects googleads.g.doubleclick.net
3	ng2.virgul.com	ye-mek.net
3	ups.analytics.yahoo.com	4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com googleads.g.doubleclick.net
3	imasdk.googleapis.com	c1.imgiz.com 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
3	c.amazon-adsystem.com	static.virgul.com c.amazon-adsystem.com
3	ye-mek.net	www.cloakan.co ye-mek.net
2	unilever.demdex.net	1 redirects
2	api.webgains.io	analytics.webgains.io
2	5994599.fls.doubleclick.net	1 redirects 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
2	cdn.retailads.net	1 redirects futalis.de
2	onetag-sys.com	1 redirects 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
2	id5-sync.com	ye-mek.net 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
2	sync.inmobi.com	2 redirects
2	c1.adform.net	2 redirects
2	um.simpli.fi	2 redirects
2	dclk-match.dotomi.com	4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
2	csm.eu.criteo.net	ye-mek.net
2	cat.nl3.eu.criteo.com	ye-mek.net
2	pr-bh.ybp.yahoo.com	2 redirects
2	ads.travelaudience.com	2 redirects
2	x.bidswitch.net	2 redirects
2	sync.1rx.io	2 redirects
2	pixel.rubiconproject.com	2 redirects
2	sync.teads.tv	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	t.hspvst.com	4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
2	ads.w55c.net	4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
2	cti.w55c.net	4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
2	i.w55c.net	pcloak.blob.core.windows.net
2	static.criteo.net	4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
2	fonts.googleapis.com	4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com hal900017.redintelligence.net
2	c1.imgiz.com	static.virgul.com c1.imgiz.com
2	connect.facebook.net	ye-mek.net connect.facebook.net
2	images.dmca.com	ye-mek.net
2	www.googletagmanager.com	ye-mek.net adv.office-partner.de
2	www.cloakan.co	pcloak.blob.core.windows.net
1	cdn.track.production.webgains.team	4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
1	analytics.webgains.io	track.webgains.com
1	track.webgains.com	4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
1	futalis.de	hal900017.redintelligence.net
1	adv.office-partner.de	hal900017.redintelligence.net
1	cms.quantserve.com	googleads.g.doubleclick.net
1	rtb.openx.net	4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
1	pm.w55c.net	1 redirects
1	dis.criteo.com	4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
1	s.tribalfusion.com	4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
1	a.tribalfusion.com	1 redirects
1	gcm.ctnsnet.com	1 redirects
1	sync.mathtag.com	1 redirects
1	secure.adnxs.com	1 redirects
1	ssbsync.smartadserver.com	4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
1	sync.targeting.unrulymedia.com	1 redirects
1	match.adsrvr.org	4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
1	ads.eu.criteo.com	imasdk.googleapis.com
1	feed.pghub.io	pghub.io
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	pghub.io	static.virgul.com
1	www.google-analytics.com	www.googletagmanager.com
1	s7.addthis.com	ye-mek.net
1	ajax.googleapis.com	ye-mek.net
422	84

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2023-03-22` - `2024-03-22`	a year	crt.sh
cpanel.cloakan.co R3	`2023-05-03` - `2023-08-01`	3 months	crt.sh
www.ye-mek.net RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-11-29` - `2023-07-07`	7 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
1099124734.rsc.cdn77.org R3	`2023-06-13` - `2023-09-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
images.dmca.com R3	`2023-05-13` - `2023-08-11`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
*.virgul.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-24` - `2023-09-28`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-04-07` - `2023-07-06`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.imgiz.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-27` - `2023-09-09`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-13` - `2023-08-10`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-27` - `2023-08-27`	3 months	crt.sh
*.w55c.net Amazon RSA 2048 M02	`2023-05-30` - `2024-06-27`	a year	crt.sh
*.hspvst.com Gandi Standard SSL CA 2	`2022-12-12` - `2023-12-09`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
teads.tv R3	`2023-06-26` - `2023-09-24`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-02-21` - `2023-08-16`	6 months	crt.sh
redintelligence.net R3	`2023-06-09` - `2023-09-07`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-18` - `2023-08-18`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-07` - `2023-08-30`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-12` - `2023-08-10`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
pv.medialead.de R3	`2023-06-14` - `2023-09-12`	3 months	crt.sh
adv.office-partner.de R3	`2023-05-01` - `2023-07-30`	3 months	crt.sh
*.futalis.de R3	`2023-06-16` - `2023-09-14`	3 months	crt.sh
cdn.retailads.net Encryption Everywhere DV TLS CA - G2	`2023-05-18` - `2024-05-17`	a year	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
*.webgains.io Amazon RSA 2048 M02	`2023-03-02` - `2023-09-21`	7 months	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M01	`2023-02-28` - `2023-10-28`	8 months	crt.sh

This page contains 47 frames:

Primary Page: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Frame ID: 35DB394EF3BE2D4D8A2C8088EF7402C8
Requests: 6 HTTP requests in this frame

Frame: https://ye-mek.net/
Frame ID: 1E5F055EBD7DFB8B975C36FF3219BE12
Requests: 97 HTTP requests in this frame

Frame: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Frame ID: 04C3F6D41574350D310AC1C6FB718630
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230620/r20190131/zrt_lookup.html
Frame ID: 55BAF09BF192C0D14AE73324E52E4B29
Requests: 1 HTTP requests in this frame

Frame: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: A2238095D2A0BC0C9FF37E6AB85F895A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687989458730&bpp=3&bdt=480&idt=199&shv=r20230620&mjsv=m202306200101&ptt=9&saldr=aa&nras=1&correlator=4195667466855&frm=24&ife=1&pv=2&ga_vid=1416381702.1687989459&ga_sid=1687989459&ga_hid=495058756&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759842%2C44759876%2C31071258%2C44788442&oid=2&pvsid=504671446663692&tmod=1669191171&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.dinjdd7st8pw&fsb=1&dtd=214
Frame ID: C7AACD877FECA12B6A5E16065F6F1D8D
Requests: 1 HTTP requests in this frame

Frame: https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D
Frame ID: 14B647060C1A3DB2DCE8DBDE93A03D79
Requests: 1 HTTP requests in this frame

Frame: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 1666954CF5373534D9C9CF139FC0929F
Requests: 12 HTTP requests in this frame

Frame: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 5E36055C05F54F04DA80BB0E869C51D4
Requests: 29 HTTP requests in this frame

Frame: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: ED616C176A1942858D0F872F1513E666
Requests: 12 HTTP requests in this frame

Frame: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: A9C071003CB95054E90F119A6EAB7504
Requests: 22 HTTP requests in this frame

Frame: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 3CDDEA25D89815C7524C75E06FFEF018
Requests: 20 HTTP requests in this frame

Frame: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 7D770D387EF73916245CEF94414906A1
Requests: 12 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012306200257000/amp4ads-v0.mjs
Frame ID: 6D0ADB8C2922D3DAC5051B0C61C65716
Requests: 19 HTTP requests in this frame

Frame: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: BC6ECCA7907E757494C2A8D964D6EAFD
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407250215&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687989459332&bpp=11&bdt=140&idt=221&shv=r20230620&mjsv=m202306200101&ptt=9&saldr=aa&nras=1&correlator=5745559093563&frm=8&ife=1&pv=2&ga_vid=466283811.1687989460&ga_sid=1687989460&ga_hid=1804320350&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=950156678&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C44788442%2C44789819&oid=2&pvsid=2334320663502809&tmod=1083788450&uas=0&nvt=1&fsapi=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.dk9vhvurwbt3&fsb=1&dtd=242
Frame ID: 47E553F77F7888B86E739B142F3D882A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVAtuHHiXRnc6rGuS8yggoHwyEA_fYIobeg4aaDbPunGQHJELVFZkOrw1Bvi0gFiARPv1VNG12FRFU48XEXOiwbECZpdGyKBpB0PUJBPmI-ZkU_oyl2QvM5Qcgq5c1h8Y0zK30CiogQJCb4UWXPUUPK34c5RuLxbXuI-LbYVRtA4aJAYtw
Frame ID: 335ABE6BB1EFD6935CBFF999DE01B737
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARj8x7LlATAB&v=APEucNV8dtyJ0FI2owO6k8M3V6kwJTRrF0o3uaqzcgqhbFC3GlWTqF5MvsjNZEiB5aPQnpMUtuzdm5txippVTHjaPsgm3X0i1PM-TC7gmYn92aRU6CB5aMfnp48PWUFuV6-ugRu43UtJxaATjZ38dvQ5srE-QUeRiGVaR0fgI2UuLvSrtaI1nYE
Frame ID: 7D8E4C4C06C5715037484A699D6D0229
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687989459344&bpp=1&bdt=152&idt=641&shv=r20230620&mjsv=m202306200101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=5745559093563&frm=8&ife=1&pv=1&ga_vid=466283811.1687989460&ga_sid=1687989460&ga_hid=1804320350&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=950156678&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C44788442%2C44789819&oid=2&pvsid=2334320663502809&tmod=1083788450&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.udqxk4vi63ph&fsb=1&dtd=656
Frame ID: B90B970ADEB6FE88D8F611CFA29425CF
Requests: 19 HTTP requests in this frame

Frame: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: B3BC2F6B961395E00E12470B273B61A1
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjstJ_sATAB&v=APEucNWX2gTOcqdGI7kXKcV6BXgUmBCCXUvMdNmkIFXRsxskQxmAHBHlT7HvlptMPNg1cLN0rvIwiCmKjuTyRdhz678GIBv_RwTLO6YnqNX1gz68w701-3wCB3EwkpzEzMl3Sk2NSkgr_iHBbRmjF3nL2i3vEA_38fO56EXYsVaCDoBAKDA7Y8E
Frame ID: 6A80F9C9A286DAF68A60DC8AC4C84B60
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: F271CD5017A92B59A335E12E87F712AD
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 967915E2283E0859D17958E14351B26E
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9C5CF227EA9B2FF65164501F0A16E7DE
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjstJ_sATAB&v=APEucNV9T6EHURO6TzSqWmSDPVmFT5l_sz02bmQXcRsvENjgNP9sClJZ_hYl_U2OiqtkTP-uSOgqr4YvlkGsorO6WpAolL0HQisDyKe2-gcwn_GAFgr6Zvn985F0ast8ubJq06lvNsX_3pQAKqyspl5X4DIqGS6VpoNfgqkiw0UskUteRCYvZ6k
Frame ID: 6A1281FDED08CDC4F45242619B236D79
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: F353C5EBE9852CEBAD8116BFAFA37ABD
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D42E5BC03A263DFD6DE067279F9F60F8
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 1E8FF5DD1CC07AF6E3AC2A4AF5D28E0E
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=WT7wEhgLt2&t=1&renderingType=2&ev=01_250
Frame ID: 780F88824334507B465FFE249B4858D2
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 01C42A5A2CA9CDFC85D696E297936ED0
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=LpYJpmpjOk&t=1&renderingType=2&ev=01_250
Frame ID: ACE25253BD520204130C0FD5C98A3A8C
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: BB2233EBB99DB0E41C629C9C64EF4E33
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 98C5860858A9B00CB4F7AF6C3063753D
Requests: 4 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=wCagNPJ00m&t=1&renderingType=2&ev=01_250
Frame ID: DC666BC62C3C05D399E3C480475FAEB0
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 908327E9CC5C1FECC0FA137CC55B3726
Requests: 3 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=94391000174047304444554012369017&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: C93E794106DFAF6C32F7F98621A1E3C8
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 2BFCFCAB28C2A6EB35502FD2832CB23E
Requests: 2 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2829309064
Frame ID: F9AD2B14836078D54B34D41283E89DEC
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js
Frame ID: 07C945C466147D856F8768600617A136
Requests: 1 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CLip-OH65v8CFVuPsgod8YkH5Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7028113949201.755
Frame ID: 9391CE4273BF71AA5770098538F46114
Requests: 2 HTTP requests in this frame

Frame: https://hal900017.redintelligence.net/request_content.php?s=94391000174047304444554012369017&a=507e02cd
Frame ID: 12BBD4812127664941DAD46F9CB0224B
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js
Frame ID: 992EDFA20403C52BA51598D0080F568F
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 93E8CD340A0D2D7070A305C933D0550C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 30F0BB85B7FE304180BF17EAC0EFF69E
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js
Frame ID: ECAA167907CF6CBD2FD784A1F1FD2D45
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: FA9C3713BCFE50DFC82E3EE3BAB585F5
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 771813076B3033930C0DF993EA32EDC5
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

422
Requests

91 %
HTTPS

37 %
IPv6

57
Domains

84
Subdomains

67
IPs

12
Countries

23824 kB
Transfer

30158 kB
Size

40
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 176

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP0A5Fn86aaTBYAV8ikoMjk&google_cver=1

Request Chain 177

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJys1E7vk9jKptP3G7k5ogAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP0A5Fn86aaTBYAV8ikoMjk&google_cver=1

Request Chain 178

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESENrlAGLdVaRqfHQKDCw1ZDo&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESENrlAGLdVaRqfHQKDCw1ZDo%26google_cver%3D1

Request Chain 179

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQzMDE3MjgyMTgxMTEwNTczMQ%3D%3D

Request Chain 180

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP0A5Fn86aaTBYAV8ikoMjk&google_cver=1

Request Chain 181

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJys1E7vk9jKptP3G7k5ogAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP0A5Fn86aaTBYAV8ikoMjk&google_cver=1

Request Chain 182

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESENrlAGLdVaRqfHQKDCw1ZDo&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESENrlAGLdVaRqfHQKDCw1ZDo%26google_cver%3D1

Request Chain 183

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQzMDE3MjgyMTgxMTEwNTczMQ%3D%3D

Request Chain 206

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJOjfEl8L-x55oADjHHN-Sw&google_cver=1

Request Chain 208

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEAIFOzg-nmhtv6nFK4Iz9sM&google_cver=1

Request Chain 212

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 230

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEMe40rdI1QCV4tL21kj8CGk&google_cver=1&google_push=ATf1kGN9dKX-jBQBX21dwuzLD1_OVewBBlhYFar-QFtSGLOSuJlI5K8M-7TRAzaLJNXl-KTSTFGAPYFNm6Pzr3hIQJcAXrCTyO6n HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEMe40rdI1QCV4tL21kj8CGk&google_cver=1&google_push=ATf1kGN9dKX-jBQBX21dwuzLD1_OVewBBlhYFar-QFtSGLOSuJlI5K8M-7TRAzaLJNXl-KTSTFGAPYFNm6Pzr3hIQJcAXrCTyO6n&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=MBLfwDj-Q5a-JT0EHfVjQA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGN9dKX-jBQBX21dwuzLD1_OVewBBlhYFar-QFtSGLOSuJlI5K8M-7TRAzaLJNXl-KTSTFGAPYFNm6Pzr3hIQJcAXrCTyO6n

Request Chain 231

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESECRwHqj0p3ENT8sI4OCNVJw&google_cver=1&google_push=ATf1kGMZfSxLcEt6AuBeCZOFceEJClOIdv9eRRG0QbevwaxhTZMYL1YJGYC0G3hr9kE43Hpsi87NKa40LRrAax7Opfb2NAGYXBAF HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpHOUNCSTUtMjQtSkU1Tw==&google_push=ATf1kGMZfSxLcEt6AuBeCZOFceEJClOIdv9eRRG0QbevwaxhTZMYL1YJGYC0G3hr9kE43Hpsi87NKa40LRrAax7Opfb2NAGYXBAF

Request Chain 232

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEO9N6TN6P6hB1qn9pqqH2rc&google_cver=1&google_push=ATf1kGMZofv1AhkNhfO5M5Ap3_UOOuDQrnyO9IfwLSJLWvoTzG9F_80akg6crqewVhY1Cey7EIOYuI-0bJl_GNCggLbN8K3H_ffE HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=ATf1kGMZofv1AhkNhfO5M5Ap3_UOOuDQrnyO9IfwLSJLWvoTzG9F_80akg6crqewVhY1Cey7EIOYuI-0bJl_GNCggLbN8K3H_ffE&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1687989460580 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-aa744d4f-d787-4af2-8ac8-e9f60882f536-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DATf1kGMZofv1AhkNhfO5M5Ap3_UOOuDQrnyO9IfwLSJLWvoTzG9F_80akg6crqewVhY1Cey7EIOYuI-0bJl_GNCggLbN8K3H_ffE%26google_hm%3DA6p0TU_Xh0ryisjp9giC9TY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGMZofv1AhkNhfO5M5Ap3_UOOuDQrnyO9IfwLSJLWvoTzG9F_80akg6crqewVhY1Cey7EIOYuI-0bJl_GNCggLbN8K3H_ffE&google_hm=A6p0TU_Xh0ryisjp9giC9TY

Request Chain 234

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESELUxdRIHCWGngoAle0ACAWY&google_cver=1&google_push=ATf1kGNAR2GfGQ6_JnGRuIZVBOV95Pf0YX3ZlAziR83BTXO-rRjbeSrV3AZ0b18VfXQ7QI1JOYNKL9Q-hSIW4Za7JKk2DHS0TbyXMA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTQzMDE3MjgyMTgxMTEwNTczMQ%3D%3D&google_gid=CAESELUxdRIHCWGngoAle0ACAWY&google_cver=1&google_push=ATf1kGNAR2GfGQ6_JnGRuIZVBOV95Pf0YX3ZlAziR83BTXO-rRjbeSrV3AZ0b18VfXQ7QI1JOYNKL9Q-hSIW4Za7JKk2DHS0TbyXMA

Request Chain 235

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEGd4Do3NpsVSF9Cu_xyThuw&google_cver=1&google_push=ATf1kGMp0vHwRz1lCAYyw8nNGw4-R9Ce3Uy8nVKmA4tVMuvUAV72QN0XvpwbkppgFSYeCgEM685CLx7ru7gDHWOm4x10D_4t84y3fw HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEGd4Do3NpsVSF9Cu_xyThuw&google_cver=1&google_push=ATf1kGMp0vHwRz1lCAYyw8nNGw4-R9Ce3Uy8nVKmA4tVMuvUAV72QN0XvpwbkppgFSYeCgEM685CLx7ru7gDHWOm4x10D_4t84y3fw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=2ada9ca5-ee63-43c0-920f-6ce81aa8a6c4&%%GOOGLE_PUSH_PAIR%%

Request Chain 237

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEDAsNQtgi7aPLpsJCeKToTo&google_cver=1&google_push=ATf1kGPFSW-HzuTaUuycXkYsGK79lPA1VHzsGWq5nLgmjMlwVgjxKk9aRn0cWjtIlKt-165o0kGnIUAY4ihhisG9Vj05kHmhxUUOYw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGPFSW-HzuTaUuycXkYsGK79lPA1VHzsGWq5nLgmjMlwVgjxKk9aRn0cWjtIlKt-165o0kGnIUAY4ihhisG9Vj05kHmhxUUOYw

Request Chain 238

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEIUftAHuNGXmHtEfM6r_Rlw&google_cver=1&google_push=ATf1kGMJP3MyBpeQmzzikSRyAqr18yCd-Pz6Z02OWTmnEQJto2CqmzvfRuTmBVSSRSrLcve3U7amD7w1dswcy-VeoBhC2oYot7ldtw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGMJP3MyBpeQmzzikSRyAqr18yCd-Pz6Z02OWTmnEQJto2CqmzvfRuTmBVSSRSrLcve3U7amD7w1dswcy-VeoBhC2oYot7ldtw&google_hm=IYXOZgMbQsOiNFt1sCAZiMo

Request Chain 239

https://ads.travelaudience.com/google_pixel?google_gid=CAESEIyMcm0LNZ6TDw7LnpplawE&google_cver=1&google_push=ATf1kGMSJMtevhPrx4tH1-m6YaQazrXgYv4sXtc59cXyJeB4mvmTFrBxuLJRxzmPHng-zNz0XjD7UpyvbmvGZsys6FzLh0cXd-clng HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=R99iWR-HSSmvLLceF1VgFQ2&google_push=ATf1kGMSJMtevhPrx4tH1-m6YaQazrXgYv4sXtc59cXyJeB4mvmTFrBxuLJRxzmPHng-zNz0XjD7UpyvbmvGZsys6FzLh0cXd-clng

Request Chain 240

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEGQsKQaWclFl-PofKagUuJ0&google_cver=1&google_push=ATf1kGOmgHaixMqaWf4rIQxMMhxg7LHpG_xIR0E2ClgU25YSWmDAMgIm8vAgIK8-376U2JVGJTa11R5a7ThpaFlJzOZMhGFctM5kKw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGOmgHaixMqaWf4rIQxMMhxg7LHpG_xIR0E2ClgU25YSWmDAMgIm8vAgIK8-376U2JVGJTa11R5a7ThpaFlJzOZMhGFctM5kKw&google_hm=eS0weGhrYnNsRTJwRktfR05FVlA3TDI1OUJheW9VMXE0Wn5B

Request Chain 241

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEK-GC_Q0bFVxEefhmlPLjd0&google_cver=1&google_push=ATf1kGM2iPTevpKFbB9xe7jOfh307nw2QDbVWj2zKhdC0buEHVezB0hjJoChKiWTLr75ENPCJ1rNySI-c4kqCl2L9pH0AijkYHxJ HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEK-GC_Q0bFVxEefhmlPLjd0&google_cver=1&google_push=ATf1kGM2iPTevpKFbB9xe7jOfh307nw2QDbVWj2zKhdC0buEHVezB0hjJoChKiWTLr75ENPCJ1rNySI-c4kqCl2L9pH0AijkYHxJ&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=wrqB2ULaR5yfaWeNw1Bptw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGM2iPTevpKFbB9xe7jOfh307nw2QDbVWj2zKhdC0buEHVezB0hjJoChKiWTLr75ENPCJ1rNySI-c4kqCl2L9pH0AijkYHxJ

Request Chain 242

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFzxESmDqy3E0DIDbgrDG68&google_cver=1&google_push=ATf1kGO4xPWKzGuI0hNTaqdTiwA3PsuUbcPTtqw86IU4vjHMo4Q8mou5EUn-guOBNEEafm-w-OWGW3EkMltmvPiqap-nRIIwCcGX HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpHOUNCSTUtMjAtTEFVRQ==&google_push=ATf1kGO4xPWKzGuI0hNTaqdTiwA3PsuUbcPTtqw86IU4vjHMo4Q8mou5EUn-guOBNEEafm-w-OWGW3EkMltmvPiqap-nRIIwCcGX

Request Chain 274

https://hal900017.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=29b2e8e068&subid=&uid=b4ea66f64868f61c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCN-Db06ycZJ3iCLu89u8P79iSuAGm5b2gaa2VnKfJD_AuEAEgwLKCa2CV0rSCwAfIAQmpAtPqU3VdUrI-qAMByAObBKoE4wFP0AWla6HvhyZwY5fwKL5ZcNsTLlaPEsr-BWk0UMPvZrnqSMvgY6j_KGw172RFkH0ix38XlKXXqnAl-VRGkFOEN884DjGJcBVXjU-jOmZuIFpyGZr4FWXK1u0g2-Oe7OKd2nJBJoOqq3I3AIO75Zkc2bhA77Tn-OaSVJyyy05jxYVciDLa77opj6hK42fZk-5EsnHGgl1A3MJdgsvGdt9g2zLNmA-DGJ4OTJf1jM_5VzKLH8Rs2K0SMbCL5PxjMYHwAZLK1TCd0lFddxOf4oviOUPttrI3vOcnKH-eptwQtLe9_MAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoDmAsByAsBgAwBsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiD4uFUJbggLmfY2mUbDHx42r49fbLk1zuOVCvH0Ho26lTG0VVcoI8WBsh8zOV4siutO3n7miJwblcKPUe0fNlbQqAEp9sFOsb8-j0upMCIPvjUX3W2yO6PFPLBB8iNTLeMHzpRvrlL7Z0YAQ%26sig%3DAOD64_0BcFkOsP_h_-hSDjZJyWWO9eeZpg%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-B1NOcddcc4m9UUW8YSTTZ_YZwa7AnYBOdixO71tCXS9SoYx1GQQCfKSNhbcIb2ktpQjwNN_xO5OEN_hAoHkmy-rMGHz00hFOWe0uhPCrr0uL0Nv4XD3nDRvhvWJwghCfMf-tYrrJM48psmILPb1_Yssi3-d-5ggF-5G9f1aLGqbxtCYOA%26cry%3D1%26dbm_d%3DAKAmf-DJyhaunJEJO2tRxl1K2M6TSdQxyOXNxlwwD_PS8Dg2RduBCNNStC8-3Oes6TQtO8q9zOvP8srPUT06wTluZXEnzQsrqn4QObUXJh2AbStl-GaKs0JTF8JNmusDZrBBZrN8plq78CVAkym0ZMb065_CN7d3znDt8UOo3Z6KCtgtVATNERsvnIxh_OGTvIdGlIrrYzxP5x6KlaY61NSebqNh5a9R23rOi8VvTdFzBJNLsNmeTIpl6vjMu2jaQX_SmIYc2kEn6_RJ1AVYUxozztMwmGOKpeEBQkCVWrDmMpIGQSnc_FhBgjfEFS3F13-U8MnxR0gAxok713v2GO2mxVKkSnr07aDKHhEE2gZ2T4vFSdE33lCSzDNtPJzsEISh4r4pYVP0Ryf-KkPNEKu6ohvXiRM0P1RXDLaK7eyeUEaev4wi3DhzkviRfa9t45FKnfSPgB7c3jOk_GxFv281DdHdw9G6GM4Gs0PwzkJ54MyODwYt4ulStDqbgcg0iIDkoEHeTC8kEiwRX0jZusVUqbidDyXEc1Zvsz_fHL9LDU6ezzBVNR0%26adurl%3D&documentReferer=https%3A%2F%2Fye-mek.net%2F&ancestorOrigins=https%3A%2F%2Fye-mek.net%2Chttps%3A%2F%2Fpcloak.blob.core.windows.net&random=2475204389369&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900017.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=29b2e8e068&subid=&uid=b4ea66f64868f61c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCN-Db06ycZJ3iCLu89u8P79iSuAGm5b2gaa2VnKfJD_AuEAEgwLKCa2CV0rSCwAfIAQmpAtPqU3VdUrI-qAMByAObBKoE4wFP0AWla6HvhyZwY5fwKL5ZcNsTLlaPEsr-BWk0UMPvZrnqSMvgY6j_KGw172RFkH0ix38XlKXXqnAl-VRGkFOEN884DjGJcBVXjU-jOmZuIFpyGZr4FWXK1u0g2-Oe7OKd2nJBJoOqq3I3AIO75Zkc2bhA77Tn-OaSVJyyy05jxYVciDLa77opj6hK42fZk-5EsnHGgl1A3MJdgsvGdt9g2zLNmA-DGJ4OTJf1jM_5VzKLH8Rs2K0SMbCL5PxjMYHwAZLK1TCd0lFddxOf4oviOUPttrI3vOcnKH-eptwQtLe9_MAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoDmAsByAsBgAwBsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiD4uFUJbggLmfY2mUbDHx42r49fbLk1zuOVCvH0Ho26lTG0VVcoI8WBsh8zOV4siutO3n7miJwblcKPUe0fNlbQqAEp9sFOsb8-j0upMCIPvjUX3W2yO6PFPLBB8iNTLeMHzpRvrlL7Z0YAQ%26sig%3DAOD64_0BcFkOsP_h_-hSDjZJyWWO9eeZpg%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-B1NOcddcc4m9UUW8YSTTZ_YZwa7AnYBOdixO71tCXS9SoYx1GQQCfKSNhbcIb2ktpQjwNN_xO5OEN_hAoHkmy-rMGHz00hFOWe0uhPCrr0uL0Nv4XD3nDRvhvWJwghCfMf-tYrrJM48psmILPb1_Yssi3-d-5ggF-5G9f1aLGqbxtCYOA%26cry%3D1%26dbm_d%3DAKAmf-DJyhaunJEJO2tRxl1K2M6TSdQxyOXNxlwwD_PS8Dg2RduBCNNStC8-3Oes6TQtO8q9zOvP8srPUT06wTluZXEnzQsrqn4QObUXJh2AbStl-GaKs0JTF8JNmusDZrBBZrN8plq78CVAkym0ZMb065_CN7d3znDt8UOo3Z6KCtgtVATNERsvnIxh_OGTvIdGlIrrYzxP5x6KlaY61NSebqNh5a9R23rOi8VvTdFzBJNLsNmeTIpl6vjMu2jaQX_SmIYc2kEn6_RJ1AVYUxozztMwmGOKpeEBQkCVWrDmMpIGQSnc_FhBgjfEFS3F13-U8MnxR0gAxok713v2GO2mxVKkSnr07aDKHhEE2gZ2T4vFSdE33lCSzDNtPJzsEISh4r4pYVP0Ryf-KkPNEKu6ohvXiRM0P1RXDLaK7eyeUEaev4wi3DhzkviRfa9t45FKnfSPgB7c3jOk_GxFv281DdHdw9G6GM4Gs0PwzkJ54MyODwYt4ulStDqbgcg0iIDkoEHeTC8kEiwRX0jZusVUqbidDyXEc1Zvsz_fHL9LDU6ezzBVNR0%26adurl%3D&documentReferer=https%3A%2F%2Fye-mek.net%2F&ancestorOrigins=https%3A%2F%2Fye-mek.net%2Chttps%3A%2F%2Fpcloak.blob.core.windows.net&random=2475204389369&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 275

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEAMcXb61OJQfdBD3mA5E4MA&google_cver=1

Request Chain 276

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=cd6d5d1d-15fe-11ee-8082-14d534130106 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Y2Q2ZDVjZDMtMTVmZS0xMWVlLTgwODItMTRkNTM0MTMwMTA2

Request Chain 286

https://a.tribalfusion.com/i.match?p=b6&u=CAESECE8Tu-_i5qvh9bxs3krw8w&google_cver=1&google_push=ATf1kGP9uU8O2-dq7BbjDxDV15XeyxhztHtXtpqg7772R27-cqFSzmbZZuzbZqe649A3fW32NgyI5uTWAq27L0X_OVQDInYFWvc&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGP9uU8O2-dq7BbjDxDV15XeyxhztHtXtpqg7772R27-cqFSzmbZZuzbZqe649A3fW32NgyI5uTWAq27L0X_OVQDInYFWvc%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESECE8Tu-_i5qvh9bxs3krw8w&google_cver=1&google_push=ATf1kGP9uU8O2-dq7BbjDxDV15XeyxhztHtXtpqg7772R27-cqFSzmbZZuzbZqe649A3fW32NgyI5uTWAq27L0X_OVQDInYFWvc&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGP9uU8O2-dq7BbjDxDV15XeyxhztHtXtpqg7772R27-cqFSzmbZZuzbZqe649A3fW32NgyI5uTWAq27L0X_OVQDInYFWvc%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 287

https://um.simpli.fi/gp_match?google_gid=CAESEMsFuPR88HkxnaXjuaCwLVg&google_cver=1&google_push=ATf1kGNDuOegS5TLned3uwcmyQwux1y3aKGAwe2l0FOu6Lt8ye-hVIw9GDj3-rKOhAZzu3e59zn0zDS4HUeXk1b7-v5PtZLVY60 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=7202DCF58EA74A52980318834DFA9208&google_push=ATf1kGNDuOegS5TLned3uwcmyQwux1y3aKGAwe2l0FOu6Lt8ye-hVIw9GDj3-rKOhAZzu3e59zn0zDS4HUeXk1b7-v5PtZLVY60

Request Chain 289

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDHxjhbbmFEFl6yJKZwnOHY&google_cver=1&google_push=ATf1kGPjv1KgIaiOXP42bYKyL4uDla-HOPh9e53dhMQO7kraMYdimDRqyXFBPNPG2SmmfiYjyvW82eShDQn8dvrpwEpp6YNrZA HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEDHxjhbbmFEFl6yJKZwnOHY&google_cver=1&google_push=ATf1kGPjv1KgIaiOXP42bYKyL4uDla-HOPh9e53dhMQO7kraMYdimDRqyXFBPNPG2SmmfiYjyvW82eShDQn8dvrpwEpp6YNrZA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjMxNTE2MTAyNDc4NjIxNTUzMw&google_push=ATf1kGPjv1KgIaiOXP42bYKyL4uDla-HOPh9e53dhMQO7kraMYdimDRqyXFBPNPG2SmmfiYjyvW82eShDQn8dvrpwEpp6YNrZA

Request Chain 290

https://sync.inmobi.com/gob?google_gid=CAESELS1odvgMr166rIIkUNE_iQ&google_cver=1&google_push=ATf1kGM2WVZKjKt0GJ7WhB0kob00DpfPkm2HyeyU_Ocmz4o4uxwsfZ-7AP_lQXPLCUUX8KotF7zS8Es-Qja6-RrsD1gRmZ44ysU HTTP 302
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DATf1kGM2WVZKjKt0GJ7WhB0kob00DpfPkm2HyeyU_Ocmz4o4uxwsfZ-7AP_lQXPLCUUX8KotF7zS8Es-Qja6-RrsD1gRmZ44ysU

Request Chain 291

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEFDK8BltSShuHc5Rkf5ZKRc&google_cver=1&google_push=ATf1kGN-w798wwfhe0athEF8WYVFqfmXkMqwr445MG6d-axyEafZU-s3BYffPwFZNdeCZC2qBrZfiF1tGQagso5ZCC2PZ40LxFIa HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGN-w798wwfhe0athEF8WYVFqfmXkMqwr445MG6d-axyEafZU-s3BYffPwFZNdeCZC2qBrZfiF1tGQagso5ZCC2PZ40LxFIa HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 302

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEP5KcOhSO3e4WXQLNpObJ94&google_cver=1&google_push=ATf1kGNF4mMpP1v15xKQKYILjXEIbP1eQiB-b2Z4XKwQs7A-Z9lqTSteKyLGk8DCn7rud6sp_LG8lS8mHB0lthGqLn7wo0bnrkNH HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=UkZtVjFzQ1IxUWVEYXM1&google_gid=CAESEP5KcOhSO3e4WXQLNpObJ94&google_cver=1&google_push=ATf1kGNF4mMpP1v15xKQKYILjXEIbP1eQiB-b2Z4XKwQs7A-Z9lqTSteKyLGk8DCn7rud6sp_LG8lS8mHB0lthGqLn7wo0bnrkNH

Request Chain 303

https://um.simpli.fi/gp_match?google_gid=CAESEPwXeLOIGFazVcokBNm-K1Q&google_cver=1&google_push=ATf1kGNJ4LNVJH77LEm92rtUkqQQ56XTDnwvB6Z1MCOzTEOPfCZvo7vrG9FgWidaH1df1I8x1CjY04eTteI_Rmuo-XXMEUX7TkOUwQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=7202DCF58EA74A52980318834DFA9208&google_push=ATf1kGNJ4LNVJH77LEm92rtUkqQQ56XTDnwvB6Z1MCOzTEOPfCZvo7vrG9FgWidaH1df1I8x1CjY04eTteI_Rmuo-XXMEUX7TkOUwQ

Request Chain 304

https://ads.travelaudience.com/google_pixel?google_gid=CAESENX8AuviXk6jNxAgbZCD9fc&google_cver=1&google_push=ATf1kGP3PXhH3xutakmJmZenB4fWk5Qzthv42NlqWeqeqWdQ5W_eJB6HfU7hE82YO1Ur3llTKkuj5ykpemovQyFKcm0LqA7s0P10ig HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=R99iWR-HSSmvLLceF1VgFQ2&google_push=ATf1kGP3PXhH3xutakmJmZenB4fWk5Qzthv42NlqWeqeqWdQ5W_eJB6HfU7hE82YO1Ur3llTKkuj5ykpemovQyFKcm0LqA7s0P10ig

Request Chain 307

https://sync.inmobi.com/gob?google_gid=CAESEDZuq1a1gIpGp-WuSe5tHXk&google_cver=1&google_push=ATf1kGNZekS-zhN6dTr_ipaxatv_znz6pBh3iFYhBWElCUVmTxOW4zFDagPZndU9_HYs8r7q2SG9bKxQhlxqNbc0r6fFEgOaPBqIVg HTTP 302
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DATf1kGNZekS-zhN6dTr_ipaxatv_znz6pBh3iFYhBWElCUVmTxOW4zFDagPZndU9_HYs8r7q2SG9bKxQhlxqNbc0r6fFEgOaPBqIVg

Request Chain 309

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 337

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEBpEgO10VrmczKono5XSEeY&google_cver=1&google_push=ATf1kGOZvyfMGlmaCyZXUToTyTXx_Ulp5rnnLvepNJfW5EebS6-_qjAhOKCEDjrJPAOjXkzAlQS5aGyRkbSHWh9miswdQ95hwMxEl4ezJ7WvPOzZR3oAVA5-tl7AkeJQwZ0AHmIyZ5IJhlLeQvoF4z1_1PdUPnw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGOZvyfMGlmaCyZXUToTyTXx_Ulp5rnnLvepNJfW5EebS6-_qjAhOKCEDjrJPAOjXkzAlQS5aGyRkbSHWh9miswdQ95hwMxEl4ezJ7WvPOzZR3oAVA5-tl7AkeJQwZ0AHmIyZ5IJhlLeQvoF4z1_1PdUPnw&google_hm=eS0weGhrYnNsRTJwRktfR05FVlA3TDI1OUJheW9VMXE0Wn5B

Request Chain 353

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=94391000174047304444554012369017&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2829309064

Request Chain 376

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7028113949201.755 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CLip-OH65v8CFVuPsgod8YkH5Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7028113949201.755

Request Chain 427

https://unilever.demdex.net/event?d_sid=25453995&cs=1687989462958 HTTP 302
https://unilever.demdex.net/firstevent?d_sid=25453995&cs=1687989462958

422 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 6x6uf5z9e3262.html Show response
pcloak.blob.core.windows.net/web/ 1 KB
2 KB 400ms
102ms Document
text/html 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 22fee539734d38c9e84e3982188b21bafc9457236279a136ce1b3b9d55667437

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 1324
Content-MD5: XPHdOVCmWyxrVVstkB9xGw==
Content-Type: text/html
Date: Wed, 28 Jun 2023 21:57:36 GMT
ETag: 0x8DB5ED08476F0C5
Last-Modified: Sat, 27 May 2023 16:36:27 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 451aaeb1-e01e-0009-720b-aa07de000000
x-ms-version: 2009-09-19

GET
H/1.1 404
The specified blob does not exist. jquery.min.js
pcloak.blob.core.windows.net/web/ 0
0 95ms
94ms Script
application/xml 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/jquery.min.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-request-id: 451aaf2e-e01e-0009-560b-aa07de000000
Date: Wed, 28 Jun 2023 21:57:37 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 200
OK cloakan.js Show response
pcloak.blob.core.windows.net/web/ 308 B
717 B 287ms
95ms Script
text/javascript 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 28 Jun 2023 21:57:37 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: zPiKctHo6j8i1UGOFPpInw==
ETag: 0x8DA4D4A263C11C2
Content-Type: text/javascript
x-ms-request-id: 451aaff6-e01e-0009-0a0b-aa07de000000
x-ms-version: 2009-09-19
Content-Length: 308

GET
H/1.1 200
OK style.css
pcloak.blob.core.windows.net/web/ 166 B
568 B 191ms
96ms Stylesheet
text/css 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/style.css
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 28 Jun 2023 21:57:37 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 9ruAIrm4XHnQO3/sM8J0AQ==
ETag: 0x8DA4D4A26527CA0
Content-Type: text/css
x-ms-request-id: 451aaf84-e01e-0009-240b-aa07de000000
x-ms-version: 2009-09-19
Content-Length: 166

GET
H2 200 px.php Show response
www.cloakan.co/ 743 B
681 B 268ms
131ms XHR
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/px.php?id=6x6uf5z9e3262
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:34 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 404

GET
H2 200 nv.php Show response
www.cloakan.co/ 232 B
385 B 315ms
195ms Script
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/nv.php?id=6x6uf5z9e3262-m
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:35 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 112

GET
H2 200 / Show response
ye-mek.net/ Frame 1E5F 77 KB
77 KB 207ms
55ms Document
text/html 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/
Requested by: Host: www.cloakan.co
URL: https://www.cloakan.co/nv.php?id=6x6uf5z9e3262-m
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 59c949c5c11661d43e80180a727893dac9ea3095d0946fcc8a84a44d7ccfad69

Request headers

Referer: https://pcloak.blob.core.windows.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-length: 79004
content-type: text/html; charset=utf-8
date: Wed, 28 Jun 2023 21:57:38 GMT
expires: -1
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame 1E5F 90 KB
33 KB 41ms
16ms Script
text/javascript 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:06:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17474
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33018
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 27 Jun 2024 17:06:24 GMT

GET
H2 200 yemeknet.js Show response
ye-mek.net/js/ Frame 1E5F 10 KB
2 KB 88ms
88ms Script
application/javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/js/yemeknet.js?v=1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Wed, 28 Jun 2023 21:57:38 GMT
content-encoding: br
last-modified: Tue, 20 Aug 2019 13:15:54 GMT
server: Microsoft-IIS/10.0
etag: "0a144655957d51:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=691200
accept-ranges: bytes
content-length: 2179

GET
H2 200 maincss.css
cdn.ye-mek.net/ Frame 1E5F 40 KB
12 KB 41ms
15ms Stylesheet
text/css 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ye-mek.net/maincss.css?v=434
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 6180016
x-accel-date: 1681809442
x-77-nzt: AZySIYiQ9/z/sExeAA
x-accel-expires: @1713345442
last-modified: Tue, 24 Nov 2020 00:00:32 GMT
server: CDN77-Turbo
etag: W/"5fbc4d20-9e5b"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c64fc357c10
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 1E5F 121 KB
47 KB 67ms
18ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-38733763-1

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c8df879b833b0f6ab35338eb5282763cdcbcdc0b4e288ac7cb8531d90dad8c3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47944
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 21:27:54 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 28 Jun 2023 21:57:38 GMT

GET
H2 200 WebResource.axd Show response
ye-mek.net/ Frame 1E5F 23 KB
23 KB 51ms
51ms Script
application/x-javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/WebResource.axd?d=YeedoL8dFzo5gymDuarFXngFaaXpLN8jYlixY-HzMyr_r8lEwXsCQefYQgi2kFzYfrVacpu_9us1eVTBWQamZuI0ynrH9LDfafZF-A5wZF41&t=637811837229275428
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Wed, 28 Jun 2023 21:57:38 GMT
last-modified: Wed, 23 Feb 2022 00:28:42 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: application/x-javascript
cache-control: public
content-length: 23063
expires: Sat, 04 May 2024 23:14:43 GMT

GET
H2 200 searchButton.png
cdn.ye-mek.net/App_UI/Img/ Frame 1E5F 542 B
895 B 19ms
6ms Image
image/png 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/searchButton.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6180068
x-accel-date: 1681809390
content-length: 542
x-77-nzt: AZySIYijNOP/5ExeAA
x-accel-expires: @1713345390
last-modified: Sat, 22 Oct 2022 20:00:57 GMT
server: CDN77-Turbo
etag: "63544bf9-21e"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c6499395315
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ara.png
cdn.ye-mek.net/App_UI/Img/ Frame 1E5F 2 KB
2 KB 19ms
7ms Image
image/png 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/ara.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6180016
x-accel-date: 1681809442
content-length: 1651
x-77-nzt: AZySIYiuv4n/sExeAA
x-accel-expires: @1713345442
last-modified: Mon, 14 May 2018 22:41:08 GMT
server: CDN77-Turbo
etag: "5afa1084-673"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c64235a5815
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ic-baklali-enginar-salatasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 1E5F 15 KB
16 KB 21ms
9ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ic-baklali-enginar-salatasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: eab1145c02ae44ca45370dbdb689a98d1756fe3726fde675886a95730fee691d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 86884
x-accel-date: 1687902574
content-length: 15738
x-77-nzt: AZySIYjGRlr/ZFMBAA
x-accel-expires: @1719438574
last-modified: Tue, 27 Jun 2023 21:35:10 GMT
server: CDN77-Turbo
etag: "649b560e-3d7a"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c64604c5d15
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sucuklu-bezelye-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 1E5F 13 KB
14 KB 23ms
11ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/sucuklu-bezelye-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 75c5dcb0b1839bbb85275b03f330dd59c04167b59fe68b07cedad9f8292040f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 174837
x-accel-date: 1687814621
content-length: 13665
x-77-nzt: AZySIYitE27/9aoCAA
x-accel-expires: @1719350621
last-modified: Mon, 26 Jun 2023 15:19:38 GMT
server: CDN77-Turbo
etag: "6499ac8a-3561"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c64dca56415
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cilekli-dondurma-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 1E5F 14 KB
15 KB 27ms
15ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/cilekli-dondurma-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: f8fd679d9f44bca3f206280b3e5601ccbd0a22d9d46be815a98859729a6e57f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 252411
x-accel-date: 1687737047
content-length: 14588
x-77-nzt: AZySIYhPQL//+9kDAA
x-accel-expires: @1719273047
last-modified: Sun, 25 Jun 2023 23:22:33 GMT
server: CDN77-Turbo
etag: "6498cc39-38fc"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c6420c86915
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kaburga-misir-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 1E5F 17 KB
17 KB 32ms
21ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/kaburga-misir-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 60553b12e1cecec323684ec8158d0fdcc8cc22ae5ee712fc104390e70637df74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 340748
x-accel-date: 1687648710
content-length: 17278
x-77-nzt: AZySIYh6bun/DDMFAA
x-accel-expires: @1719184710
last-modified: Sat, 24 Jun 2023 23:00:33 GMT
server: CDN77-Turbo
etag: "64977591-437e"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c64a6bc6e15
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 etli-nohut-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/09/ Frame 1E5F 11 KB
12 KB 33ms
21ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/09/etli-nohut-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7619efea4ccd65a5edde7db90013478309541941826ee2aacacaf95614043b87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179661
x-accel-date: 1681809797
content-length: 11666
x-77-nzt: AZySIYimpcb/TUteAA
x-accel-expires: @1713345797
last-modified: Wed, 01 May 2019 22:29:51 GMT
server: CDN77-Turbo
etag: "5cca1ddf-2d92"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c6453027315
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 lokanta-usulu-tavuk-sote-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/05/ Frame 1E5F 15 KB
15 KB 33ms
21ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/05/lokanta-usulu-tavuk-sote-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d6350ccbc96e6f4089866ba29b8e2fcdf961c3c5b428e8611226d39922e1fce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6180025
x-accel-date: 1681809433
content-length: 15502
x-77-nzt: AZySIYiOb+//uUxeAA
x-accel-expires: @1713345433
last-modified: Tue, 17 May 2022 22:25:33 GMT
server: CDN77-Turbo
etag: "628420dd-3c8e"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c64b39c7515
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kc4b1ymalc4b1-kibrit-kebabc4b1-resimli-yemek-tarifi-20.jpg
cdn.ye-mek.net/App_UI/Img/out/270/2012/09/ Frame 1E5F 14 KB
14 KB 33ms
21ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2012/09/kc4b1ymalc4b1-kibrit-kebabc4b1-resimli-yemek-tarifi-20.jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: dacdec6aa88bb9571d309c295248ee5b202de625eba8aaa232f863ad9ba9fed5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6178710
x-accel-date: 1681810748
content-length: 14293
x-77-nzt: AZySIYhwmPz/lkdeAA
x-accel-expires: @1713346748
last-modified: Wed, 01 May 2019 22:05:06 GMT
server: CDN77-Turbo
etag: "5cca1812-37d5"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c64c8ff7815
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 somelek-kofte-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/04/ Frame 1E5F 14 KB
14 KB 33ms
22ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/04/somelek-kofte-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a0a4cc3fe2d3f622420ca59c87382ef49c8810febf4eed0cf5f5b37b0df663fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179775
x-accel-date: 1681809683
content-length: 14352
x-77-nzt: AZySIYiVorf/v0teAA
x-accel-expires: @1713345683
last-modified: Sun, 11 Apr 2021 23:09:03 GMT
server: CDN77-Turbo
etag: "6073818f-3810"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c641e8f7d15
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-zeytinyagli-biber-dolmasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/05/ Frame 1E5F 14 KB
14 KB 33ms
22ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/05/firinda-zeytinyagli-biber-dolmasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d69f2b4ba0b3d3c411bb34844d812afa68128a4ad85f62bb62df1b31fcf05b2b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179354
x-accel-date: 1681810104
content-length: 14323
x-77-nzt: AZySIYhmj9T/GkpeAA
x-accel-expires: @1713346104
last-modified: Wed, 01 May 2019 22:42:33 GMT
server: CDN77-Turbo
etag: "5cca20d9-37f3"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c6401c0b515
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 bostana-salatasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/05/ Frame 1E5F 15 KB
16 KB 33ms
22ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/05/bostana-salatasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b736f3c590f550a31f5c5d2e0ce32c364cda805b06a730adc877dab95d115037

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6178774
x-accel-date: 1681810684
content-length: 15719
x-77-nzt: AZySIYgvtSr/1kdeAA
x-accel-expires: @1713346684
last-modified: Wed, 25 May 2022 22:44:41 GMT
server: CDN77-Turbo
etag: "628eb159-3d67"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c64d5ceb815
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 saksi-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2013/08/ Frame 1E5F 14 KB
14 KB 33ms
22ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2013/08/saksi-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 27b521443caa2567c561c9a2bd377929f40cf7fb68113ccbc4b42669c6841e79

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179258
x-accel-date: 1681810200
content-length: 13931
x-77-nzt: AZySIYgGGdD/ukleAA
x-accel-expires: @1713346200
last-modified: Wed, 01 May 2019 22:17:07 GMT
server: CDN77-Turbo
etag: "5cca1ae3-366b"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c649335bb15
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mengen-pilavi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/03/ Frame 1E5F 16 KB
17 KB 33ms
22ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/03/mengen-pilavi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: bb7675b559b6b715e1583e5b7267a368f56cb8961a364f5204695d500614bb67

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179954
x-accel-date: 1681809504
content-length: 16805
x-77-nzt: AZySIYhEoBn/ckxeAA
x-accel-expires: @1713345504
last-modified: Mon, 20 Mar 2023 22:40:04 GMT
server: CDN77-Turbo
etag: "6418e0c4-41a5"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c64106fbd15
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 seftali-kebabi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/04/ Frame 1E5F 13 KB
14 KB 33ms
22ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/04/seftali-kebabi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: caba686e8a0a57536805240ee1ac6b56d9f5b5add5a8bf88fd6ff83d8a860b63

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179462
x-accel-date: 1681809996
content-length: 13794
x-77-nzt: AZySIYjn8sHvhkpeAA
x-accel-expires: @1713345996
last-modified: Wed, 01 May 2019 22:40:09 GMT
server: CDN77-Turbo
etag: "5cca2049-35e2"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c645b68bf15
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 besni-tava-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/03/ Frame 1E5F 18 KB
18 KB 33ms
23ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/03/besni-tava-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 599bb6748f60ecce39049c7c6feed7bfd65e9ba09ef478ff0661381840117a9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179376
x-accel-date: 1681810082
content-length: 18119
x-77-nzt: AZySIYiNbEL/MEpeAA
x-accel-expires: @1713346082
last-modified: Wed, 29 Mar 2023 22:35:22 GMT
server: CDN77-Turbo
etag: "6424bd2a-46c7"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c6411c0d615
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kofteli-orman-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/05/ Frame 1E5F 12 KB
13 KB 33ms
23ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/05/kofteli-orman-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2ee4854a38ad37b61a8727c71e98305037bc4711d65f4bac43420986b4c9455f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 296802
x-accel-date: 1687692656
content-length: 12566
x-77-nzt: AZySIYgQPkr/YocEAA
x-accel-expires: @1719228656
last-modified: Sat, 25 May 2019 22:23:34 GMT
server: CDN77-Turbo
etag: "5ce9c066-3116"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c644ceed815
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 belen-tava-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/05/ Frame 1E5F 17 KB
17 KB 33ms
23ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/05/belen-tava-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5a890b96bb00fd6a96f4b5e43fa646fb4b331d9c55b88bf6ca5dafd2bf1bf184

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179092
x-accel-date: 1681810366
content-length: 17356
x-77-nzt: AZySIYjJ9zz/FEleAA
x-accel-expires: @1713346366
last-modified: Wed, 13 May 2020 21:44:39 GMT
server: CDN77-Turbo
etag: "5ebc6a47-43cc"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c648f77db15
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuk-sote-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/12/ Frame 1E5F 12 KB
12 KB 33ms
23ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/12/tavuk-sote-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 6bfe09f0e69c4c09277d895b1146f4217b705d6bee219c661b36031742c24dd0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6178534
x-accel-date: 1681810924
content-length: 12346
x-77-nzt: AZySIYiXPvT/5kZeAA
x-accel-expires: @1713346924
last-modified: Wed, 01 May 2019 23:27:27 GMT
server: CDN77-Turbo
etag: "5cca2b5f-303a"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c641e2edd15
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cerkez-pilavi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/04/ Frame 1E5F 16 KB
16 KB 33ms
23ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/04/cerkez-pilavi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 298e30cd4e01948d540e8aff796e294da1ae095578b2403f2b97280e3b969a6f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6180034
x-accel-date: 1681809424
content-length: 16373
x-77-nzt: AZySIYjxgi//wkxeAA
x-accel-expires: @1713345424
last-modified: Tue, 11 Apr 2023 16:32:39 GMT
server: CDN77-Turbo
etag: "64358ba7-3ff5"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c64022ddf15
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 pilic-tava-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/12/ Frame 1E5F 15 KB
15 KB 33ms
24ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/12/pilic-tava-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2c481ccdb6e10e0136132ac25c732c873df15b1cf23a063a714f63606159551e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6176112
x-accel-date: 1681813346
content-length: 15498
x-77-nzt: AZySIYg+XLnvcD1eAA
x-accel-expires: @1713349346
last-modified: Fri, 30 Dec 2022 22:50:02 GMT
server: CDN77-Turbo
etag: "63af6b1a-3c8a"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c649437e115
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavada-tavuk-pirzola-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/03/ Frame 1E5F 14 KB
14 KB 33ms
24ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/03/tavada-tavuk-pirzola-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3a55a81ee41fb052562bfb3751492caf7ce85c5c029a7a7b03fa55797707b85a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179476
x-accel-date: 1681809982
content-length: 14203
x-77-nzt: AZySIYhgD1D/lEpeAA
x-accel-expires: @1713345982
last-modified: Sun, 28 Feb 2021 23:53:10 GMT
server: CDN77-Turbo
etag: "603c2ce6-377b"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c64de91e315
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-kasarli-karnabahar-ezmesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/11/ Frame 1E5F 12 KB
12 KB 34ms
24ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/11/firinda-kasarli-karnabahar-ezmesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 822511e83f8f0a91a794447e76b86cbe86ec23663f925f814dfbe9d3d859e85a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 193705
x-accel-date: 1687795753
content-length: 12088
x-77-nzt: AZySIYiHpB/vqfQCAA
x-accel-expires: @1719331753
last-modified: Wed, 01 May 2019 22:50:37 GMT
server: CDN77-Turbo
etag: "5cca22bd-2f38"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c64aadfe515
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 lahana-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/10/ Frame 1E5F 14 KB
15 KB 34ms
24ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/10/lahana-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b927930fac90644d24523c173be181b6ecf87293484531a003184e2cfa4a38d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179476
x-accel-date: 1681809982
content-length: 14792
x-77-nzt: AZySIYjCyiL/lEpeAA
x-accel-expires: @1713345982
last-modified: Wed, 28 Oct 2020 23:06:52 GMT
server: CDN77-Turbo
etag: "5f99f98c-39c8"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c64ae00e915
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-patlican-graten-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/08/ Frame 1E5F 16 KB
16 KB 34ms
25ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/08/firinda-patlican-graten-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3d8139674dae70e3d6825845bd963841ab4ce23d55252685fe8061f6276bdc1e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179133
x-accel-date: 1681810325
content-length: 16224
x-77-nzt: AZySIYgsnlj/PUleAA
x-accel-expires: @1713346325
last-modified: Thu, 11 Aug 2022 22:25:22 GMT
server: CDN77-Turbo
etag: "62f581d2-3f60"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c64970deb15
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-sebze-kizartmasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/02/ Frame 1E5F 12 KB
12 KB 34ms
25ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/02/firinda-sebze-kizartmasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: aff61aadcc94c243e1dd0ff0cb91051de3139cf9ebfc910764e41f0a409f3cbf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 112255
x-accel-date: 1687877203
content-length: 12308
x-77-nzt: AZySIYjt4BX/f7YBAA
x-accel-expires: @1719413203
last-modified: Fri, 31 Jan 2020 22:27:19 GMT
server: CDN77-Turbo
etag: "5e34a9c7-3014"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c646330ed15
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 terbiyeli-pirasa-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/04/ Frame 1E5F 12 KB
12 KB 34ms
25ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/04/terbiyeli-pirasa-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: cb999f85fd1d501283263c9716367eb7fca38ef43777df0fa253ee71bdf19565

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179299
x-accel-date: 1681810159
content-length: 12043
x-77-nzt: AZySIYiVt/X/40leAA
x-accel-expires: @1713346159
last-modified: Wed, 20 Apr 2022 23:39:13 GMT
server: CDN77-Turbo
etag: "626099a1-2f0b"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c640ed4ef15
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 karnabahar-yapragi-corbasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/05/ Frame 1E5F 14 KB
14 KB 34ms
25ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/05/karnabahar-yapragi-corbasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3f064267c64c1eeca604b20f9d60538c32c14e90528441d0524c2f30161f8b47

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 4403849
x-accel-date: 1683585609
content-length: 14031
x-77-nzt: AZySIYjWnSH/iTJDAA
x-accel-expires: @1715121609
last-modified: Mon, 08 May 2023 22:19:39 GMT
server: CDN77-Turbo
etag: "6459757b-36cf"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c6401b2f115
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sebzeli-arpa-sehriye-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/01/ Frame 1E5F 12 KB
12 KB 34ms
25ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/01/sebzeli-arpa-sehriye-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d74e04ab3e34cfe4622ad194e062b4e9f3e10cace748d78c291344fa086d57f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179807
x-accel-date: 1681809651
content-length: 11978
x-77-nzt: AZySIYjqOqD/30teAA
x-accel-expires: @1713345651
last-modified: Wed, 01 May 2019 23:28:59 GMT
server: CDN77-Turbo
etag: "5cca2bbb-2eca"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c643893f315
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 pirincli-yogurt-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/06/ Frame 1E5F 12 KB
13 KB 34ms
26ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/06/pirincli-yogurt-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7e10c75356ec658e2f2fb4a409b04977fca9251f009aa4518d20c96ee4cf3440

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179990
x-accel-date: 1681809468
content-length: 12704
x-77-nzt: AZySIYic6Dj/lkxeAA
x-accel-expires: @1713345468
last-modified: Tue, 21 Jun 2022 22:02:57 GMT
server: CDN77-Turbo
etag: "62b24011-31a0"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c64db88fc15
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cevizli-irmik-helvasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/02/ Frame 1E5F 12 KB
13 KB 34ms
26ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/02/cevizli-irmik-helvasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 81fa8db261275be7531fb128593cece26d5e679e6e7a633f28f77add13a0d217

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6178842
x-accel-date: 1681810616
content-length: 12673
x-77-nzt: AZySIYg626P/GkheAA
x-accel-expires: @1713346616
last-modified: Fri, 10 Feb 2023 21:46:02 GMT
server: CDN77-Turbo
etag: "63e6bb1a-3181"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c641e7dfe15
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 pastane-sekerparesi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/04/ Frame 1E5F 16 KB
17 KB 34ms
26ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/04/pastane-sekerparesi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d6a0e678bddd69cf8c52d5056ebadbb5b1ce59e172bc5eb1b0a8f5aa4acac930

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179816
x-accel-date: 1681809642
content-length: 16552
x-77-nzt: AZySIYgalwf/6EteAA
x-accel-expires: @1713345642
last-modified: Mon, 10 Apr 2023 23:34:22 GMT
server: CDN77-Turbo
etag: "64349cfe-40a8"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c64eb320416
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 baklavalik-yufkadan-fistikli-katmer-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/04/ Frame 1E5F 15 KB
15 KB 34ms
26ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/04/baklavalik-yufkadan-fistikli-katmer-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 845eb9ea29b7a5637e5caa0a807e46db1ad49dd0bfd4dd1145a6ea3e6895555f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179849
x-accel-date: 1681809609
content-length: 15175
x-77-nzt: AZySIYgPG3T/CUxeAA
x-accel-expires: @1713345609
last-modified: Wed, 01 May 2019 22:41:25 GMT
server: CDN77-Turbo
etag: "5cca2095-3b47"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c646d580b16
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 alman-pastasi-resimli-yemek-tarifi(24).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/09/ Frame 1E5F 10 KB
11 KB 34ms
26ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/09/alman-pastasi-resimli-yemek-tarifi(24).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 690fca14cfec3446c6987b26b03ce4308c280b6c62435486b73be10fe4e1b511

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179889
x-accel-date: 1681809569
content-length: 10614
x-77-nzt: AZySIYhiFrD/MUxeAA
x-accel-expires: @1713345569
last-modified: Wed, 01 May 2019 23:05:32 GMT
server: CDN77-Turbo
etag: "5cca263c-2976"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c644d830d16
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ispanakli-cilbir-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/11/ Frame 1E5F 15 KB
15 KB 34ms
27ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/11/ispanakli-cilbir-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 65ab75ed0100d9adf612b46d1e20ada64ac9530637f328dca42fd984da437919

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6178366
x-accel-date: 1681811092
content-length: 14881
x-77-nzt: AZySIYikV4f/PkZeAA
x-accel-expires: @1713347092
last-modified: Thu, 26 Nov 2020 23:32:58 GMT
server: CDN77-Turbo
etag: "5fc03b2a-3a21"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c64bb0e1016
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ev-yapimi-cilek-receli-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/04/ Frame 1E5F 16 KB
16 KB 34ms
27ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/04/ev-yapimi-cilek-receli-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8283fa9c09b96e5929d28f325fe46a231469f9966f4b66b323faada5bc39002a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6178419
x-accel-date: 1681811039
content-length: 16167
x-77-nzt: AZySIYiHd5T/c0ZeAA
x-accel-expires: @1713347039
last-modified: Wed, 01 May 2019 22:41:00 GMT
server: CDN77-Turbo
etag: "5cca207c-3f27"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c64ca881216
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kirma-zeytin-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/09/ Frame 1E5F 13 KB
14 KB 34ms
27ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/09/kirma-zeytin-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9c1d5eead33fb63bd3a19b2444461953449797f909ef408e9aef9bf572546736

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6177937
x-accel-date: 1681811521
content-length: 13694
x-77-nzt: AZySIYguNIT/kUReAA
x-accel-expires: @1713347521
last-modified: Sun, 18 Sep 2022 23:21:14 GMT
server: CDN77-Turbo
etag: "6327a7ea-357e"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c64a7ab1416
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sutlu-mantar-kavurmasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/02/ Frame 1E5F 15 KB
16 KB 34ms
27ms Image
image/jpeg 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/02/sutlu-mantar-kavurmasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 38a45d2622d89b3d2da8101fa1ecdc03ed87f51af4d93f1358530610ffd7cfcf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6178862
x-accel-date: 1681810596
content-length: 15570
x-77-nzt: AZySIYiGGJzvLkheAA
x-accel-expires: @1713346596
last-modified: Fri, 17 Feb 2023 22:43:31 GMT
server: CDN77-Turbo
etag: "63f00313-3cd2"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c64859e1616
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 _dmca_premi_badge_5.png
images.dmca.com/Badges/ Frame 1E5F 5 KB
6 KB 52ms
10ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_5.png?ID=da1d399b-5fd3-4da3-b5cd-8af692c19999
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:38 GMT
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: Microsoft-IIS/10.0
etag: "8ae3cdbd420cc1:0"
x-powered-by: ASP.NET
x-hw: 1687989458.cds212.fr8.hn,1687989458.cds153.fr8.c
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/_dmca_premi_badge_5.png>; rel="canonical"
content-length: 5605

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ Frame 1E5F 56 B
361 B 75ms
11ms Script
text/javascript 23.206.208.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.206.208.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-206-208-114.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 28 Jun 2023 21:57:38 GMT
server: Oracle API Gateway
opc-request-id: /7CE1CCD3175CB86A4CC6A188234E02F0/3DE66AA844043C1F510DEDFE1B2A5874
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H2 200 DMCABadgeHelper.min.js Show response
images.dmca.com/Badges/ Frame 1E5F 465 B
585 B 53ms
10ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://images.dmca.com/Badges/DMCABadgeHelper.min.js
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:38 GMT
content-encoding: gzip
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
server: Microsoft-IIS/10.0
etag: "26b181f16d28d51:0"
x-powered-by: ASP.NET
x-hw: 1687989458.cds212.fr8.hn,1687989458.cds057.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/DMCABadgeHelper.min.js>; rel="canonical"
content-length: 395

GET
H2 200 outside.js Show response
static.virgul.com/theme/mockups/adcode/ Frame 1E5F 75 KB
26 KB 217ms
52ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:38 GMT
content-encoding: gzip
last-modified: Fri, 23 Jun 2023 06:55:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=43200

GET
H2 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 1E5F 3 KB
2 KB 36ms
12ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e59d1b0d96b90e0ca74ce82f5968496fbff52952f5d2db076d6e80f8241131dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 28 Jun 2023 21:57:38 GMT
content-md5: 9gfABWGF45YjqhgZhlEGnw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1687
x-fb-debug: n70Su94Qtn1nZsq1IpTl/Yz3OlYj/IjP7MPA1A53s95g6pO8X8A5Yu9eMERfth+htCsG3gE/wz3LZ6gWiW/z7w==
x-fb-content-md5: 931490beb870abec5a4ee31ba38c2140
cross-origin-opener-policy: same-origin-allow-popups
etag: "9c74403c6688b2fb714627e74e1dfe97"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Wed, 28 Jun 2023 22:12:29 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 1E5F 307 KB
87 KB 17ms
8ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js?hash=a65c870af40a85952581421497e09e1b

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/tr_TR/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

69b373db15cb1b814ed69e007d40fa9add8642a9e2445c449503ac023c674d8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 28 Jun 2023 21:57:38 GMT
content-md5: C9b9QBaH3JTU+VF5oS+iZA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88852
x-fb-debug: kZIkWTIdAmHdUF7ny9MljWqDu4gH1A1YeQHSP3c99fomEIm7VsSoOTX1Pay7Mh31EP6Td0xjrnr+jPbXTdBbkw==
x-fb-content-md5: 11c4a72dbfc62c7d5330f26b2edebc22
cross-origin-opener-policy: same-origin-allow-popups
etag: "3265691f36ad741ec603f4fe84af26ae"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Thu, 27 Jun 2024 20:13:49 GMT

GET
H2 200 sprite_3.png
cdn.ye-mek.net/grafik/ Frame 1E5F 21 KB
21 KB 7ms
7ms Image
image/png 2a02:6ea0:c700::17
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/grafik/sprite_3.png
Requested by: Host: cdn.ye-mek.net
URL: https://cdn.ye-mek.net/maincss.css?v=434
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.ye-mek.net/maincss.css?v=434
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:57:38 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6180016
x-accel-date: 1681809442
content-length: 21525
x-77-nzt: AZySIYgtWsX/sExeAA
x-accel-expires: @1713345442
last-modified: Mon, 14 May 2018 20:55:05 GMT
server: CDN77-Turbo
etag: "5af9f7a9-5415"
x-77-nzt-ray: f6587a1db2dbd2b0d2ac9c64fd542518
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 1E5F 52 KB
21 KB 30ms
7ms Script
text/javascript 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-38733763-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 28 Jun 2023 21:04:41 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 3177
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 28 Jun 2023 23:04:41 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 1E5F 76 KB
26 KB 89ms
35ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

35f6087c073236f5b3791ae543446b31681841dd2d9dc2f4274dc204ea642a47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26077
x-xss-protection: 0
server: cafe
etag: 884 / 19536 / m202306260101 / config-hash: 782518577177411778
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:57:38 GMT

GET
H2 200 ads.js Show response
static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ Frame 1E5F 120 B
306 B 49ms
48ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ads.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:38 GMT
last-modified: Wed, 21 Dec 2022 18:47:42 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 120

GET
H2 200 str.html Show response
static.virgul.com/theme/mockups/outside/ Frame 04C3 891 B
1 KB 49ms
49ms Document
text/html 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
content-length: 891
content-type: text/html
date: Wed, 28 Jun 2023 21:57:38 GMT
last-modified: Wed, 28 Sep 2022 10:07:57 GMT
server: openresty/1.15.8.3

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 1E5F 139 KB
48 KB 69ms
28ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d3e3847d32018957683396a28234d93d0ecb002e4674244fffa3b6dea822b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48980
x-xss-protection: 0
server: cafe
etag: 7893172524717826193
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:57:38 GMT

GET
H2 200 prebid7.38.0.js Show response
static.virgul.com/theme/mockups/outside/ Frame 1E5F 489 KB
182 KB 63ms
63ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:38 GMT
content-encoding: gzip
last-modified: Mon, 27 Mar 2023 14:56:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 1E5F 236 KB
58 KB 58ms
8ms Script
application/javascript 65.9.90.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.90.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-90-93.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:35:01 GMT
content-encoding: gzip
via: 1.1 857b0dca772798c338c78a1be69c955c.cloudfront.net (CloudFront), 1.1 97101640da3dcba7a2d4a3d67a31b114.cloudfront.net (CloudFront)
last-modified: Thu, 15 Jun 2023 18:14:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, PRG50-C1
age: 1358
x-amz-server-side-encryption: AES256
etag: W/"9352f20e556bff9fea6fd0461aac850d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: TV9QLhEKyRcpZdwr_YUifARJ2h65cmTvmKp_1TqbdPeLMXG7dTRKTQ==

GET
H2 200 pageview Show response
ng.virgul.com/ Frame 1E5F 38 KB
7 KB 110ms
95ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/pageview?c=site_geneli&mt=1687989458630&v=https%3A%2F%2Fye-mek.net%2F&r=yemek_net:site_geneli&userId=&tp=&os=&call=noktaad.ads.vvad&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc0,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.9680935173549172
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 7b853fa579b3c596923a6ccd2f1c5707d8a48d0f257671d75de993bf2eb4a0bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:38 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/fallback/ Frame 1E5F 12 KB
2 KB 49ms
49ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/fallback/yemek_net.js?dts=19536
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:38 GMT
content-encoding: gzip
last-modified: Tue, 20 Jun 2023 21:45:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 hb Show response
ng.virgul.com/ Frame 1E5F 50 KB
5 KB 108ms
95ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/hb?call=noktaad.setHbParameters&site=yemek_net&dts=468885
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 5064673ae91cda915c14e431a3d0f6eb6431aaee503afb2b7eca6c90075b130b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:38 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
cache-control: max-age=3600
access-control-allow-credentials: true

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 1E5F 0
307 B 15ms
13ms XHR
text/plain 65.9.90.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fye-mek.net&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.90.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-90-93.prg50.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 15:59:50 GMT
via: 1.1 97101640da3dcba7a2d4a3d67a31b114.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: PRG50-C1
age: 21468
x-cache: Hit from cloudfront
access-control-allow-origin: https://ye-mek.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: 25wCTPPmKPkE7ETA3NvFSOE0rwQ2AieLOqz2Dc62yasx06xaO7yxuw==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 1E5F 6 KB
3 KB 27ms
9ms XHR
application/javascript 65.9.90.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.90.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-90-93.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: rBtfgJUMGYsy5fZuQwMAU7hSD.fVdF76
content-encoding: gzip
via: 1.1 c76f57c516237f120f723cde4dab446e.cloudfront.net (CloudFront)
date: Wed, 28 Jun 2023 05:29:04 GMT
x-amz-cf-pop: PRG50-C1
age: 59315
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sat, 24 Jun 2023 09:19:11 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: UU87EZlhTO00zhUUeucBs5hHyKxPCGlkKshG6Ppy-wU87jdEkrs31A==

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306200101/ Frame 1E5F 345 KB
119 KB 64ms
49ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306200101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c91573b72efe80fe702fc50dc1671342387bda7cbe83b6027d00c8fe4056e445

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121311
x-xss-protection: 0
server: cafe
etag: 17788366134533258256
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:57:38 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230620/r20190131/ Frame 55BA 10 KB
5 KB 37ms
9ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230620/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 46040
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 09:10:18 GMT
etag: 15057649708203361565
expires: Wed, 12 Jul 2023 09:10:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/ Frame 1E5F 392 KB
125 KB 18ms
16ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9262e4f0004178b2eb384213e53dd3e0c71eb13584d3f6b6dba57437014c1b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 03:54:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64984
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127813
x-xss-protection: 0
server: cafe
etag: 18191761431352456992
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Thu, 27 Jun 2024 03:54:34 GMT

GET
H2 200 empowerwebplayer3.js Show response
static.virgul.com/theme/mockups/outside/ Frame 1E5F 10 KB
3 KB 56ms
55ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:38 GMT
content-encoding: gzip
last-modified: Tue, 13 Jun 2023 13:36:40 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/sites/ Frame 1E5F 11 KB
5 KB 50ms
49ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/sites/yemek_net.js?dts=468885
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:38 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 09:08:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ Frame 1E5F 17 KB
5 KB 44ms
7ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:12:02 GMT
content-encoding: gzip
age: 2736
x-guploader-uploadid: ADPycduazmaSX5BuRgvPRF2W_RmINiKUUvoxwNdZUljL2uQxkBI2G23Yi9t9bQGtYa5p0_s1T53BEIBoTaOtaDvM6gnnfA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5009
last-modified: Mon, 05 Jun 2023 16:36:50 GMT
server: UploadServer
etag: "47a886353056caf33a998c6041e20896"
vary: Accept-Encoding
x-goog-generation: 1685983010517890
x-goog-hash: crc32c=aHj4lg==, md5=R6iGNTBWyvM6mYxgQeIIlg==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 5009
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 zoneview
ng.virgul.com/ Frame 1E5F 0
209 B 51ms
50ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1687989458779&v=https%3A%2F%2Fye-mek.net%2F&r=153366@153377@153378@153379@153379@153382@153383:yemek_net&userId=vnet87604c0e-85b9-4694-a152-c65714f2ee85&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.41025264809812034
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:57:38 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ Frame 1E5F 23 B
461 B 208ms
126ms XHR
text/javascript 65.9.93.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pr=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pid=tMJutMrW7D9jU&cb=0&ws=1600x1200&v=23.612.1758&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338221728129623web_yemeknet_right_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_right_tower%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338321728129623web_yemeknet_left_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_left_tower%22%7D%5D&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.93.173 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-93-173.prg50.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 41b7bdf4fb536a6c72b9f49d9b6affe8.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: PRG50-C1
x-amz-rid: CYZJ9H5RKMHYNVCEG3EW
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: 8_uYgVi2lwpQRgehs6ZsRfPeWB1L7ECIJ6hhHR87mG5gKNBGixxvew==

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1E5F 107 B
456 B 49ms
17ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1E5F 27 KB
11 KB 247ms
247ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=504671446663692&correlator=2400592542831058&eid=31072020%2C31075410%2C31075148&output=ldjh&gdfp_req=1&vrg=202306260101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=2&adks=3733009076&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687989458630%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet87604c0e-85b9-4694-a152-c65714f2ee85%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet87604c0e85b94694a152c65714f2ee85&sc=1&cdm=ye-mek.net&abxe=1&dt=1687989458876&lmt=1687989458&dlt=1687989458250&idt=580&adxs=436&adys=2665&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=yr4uunhaovi7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1416381702.1687989459&ga_sid=1687989459&ga_hid=495058756&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

25abd3e2e7bdc06f4c3a53656f9cc00f6b6f349416a3e9310d40fa274e69d275

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11648
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425219174
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A223 6 KB
3 KB 84ms
16ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:38 GMT
expires: Thu, 27 Jun 2024 21:57:38 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1E5F 64 KB
15 KB 245ms
245ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=504671446663692&correlator=204340388650&eid=31072020%2C31075410%2C31075148&output=ldjh&gdfp_req=1&vrg=202306260101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=3&adks=2498062597&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687989458630%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet87604c0e-85b9-4694-a152-c65714f2ee85%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D%26amznbid%3D1%26amznp%3D1&ppid=vnet87604c0e85b94694a152c65714f2ee85&sc=1&cdm=ye-mek.net&abxe=1&dt=1687989458906&lmt=1687989458&dlt=1687989458250&idt=580&adxs=315&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=pcsiw7abln7j&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=1416381702.1687989459&ga_sid=1687989459&ga_hid=495058756&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

94f3f38a20da26643d99a9d74ca536d48882bc60399eeb02992bc1ca8fd19396

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15302
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1E5F 110 KB
39 KB 686ms
686ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=504671446663692&correlator=204340388650&eid=31072020%2C31075410%2C31075148&output=ldjh&gdfp_req=1&vrg=202306260101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=4&adks=3962850263&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687989458630%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet87604c0e-85b9-4694-a152-c65714f2ee85%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D%26amznbid%3D1%26amznp%3D1&ppid=vnet87604c0e85b94694a152c65714f2ee85&sc=1&cdm=ye-mek.net&abxe=1&dt=1687989458912&lmt=1687989458&dlt=1687989458250&idt=580&adxs=349&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=ab2kzilmaf1g&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=1416381702.1687989459&ga_sid=1687989459&ga_hid=495058756&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7cac0c41994ce183aae7609ec1474b64149594430859614d7bc093b573e5d42f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40324
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1E5F 24 KB
11 KB 466ms
466ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=504671446663692&correlator=204340388650&eid=31072020%2C31075410%2C31075148&output=ldjh&gdfp_req=1&vrg=202306260101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_3&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=5&adks=132540618&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687989458630%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet87604c0e-85b9-4694-a152-c65714f2ee85%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D%26amznbid%3D1%26amznp%3D1&ppid=vnet87604c0e85b94694a152c65714f2ee85&sc=1&cdm=ye-mek.net&abxe=1&dt=1687989458918&lmt=1687989458&dlt=1687989458250&idt=580&adxs=985&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=bixdfnfzm2cc&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=1416381702.1687989459&ga_sid=1687989459&ga_hid=495058756&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8163fc9bc2f5b7dbce2b9abe00c80dcf9c57d68dac9a7142355ac83388b1c5ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10843
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C7AA 603 B
218 B 61ms
60ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687989458730&bpp=3&bdt=480&idt=199&shv=r20230620&mjsv=m202306200101&ptt=9&saldr=aa&nras=1&correlator=4195667466855&frm=24&ife=1&pv=2&ga_vid=1416381702.1687989459&ga_sid=1687989459&ga_hid=495058756&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759842%2C44759876%2C31071258%2C44788442&oid=2&pvsid=504671446663692&tmod=1669191171&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.dinjdd7st8pw&fsb=1&dtd=214

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306200101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ Frame 1E5F 7 KB
3 KB 164ms
51ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19536
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Wed, 05 Jul 2023 21:57:39 GMT

GET
H2 200 zoneview
ng.virgul.com/ Frame 1E5F 0
209 B 50ms
50ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1687989458957&v=https%3A%2F%2Fye-mek.net%2F&r=153394@153493:yemek_net&userId=vnet87604c0e-85b9-4694-a152-c65714f2ee85&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.5713509171971798
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:57:38 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 tag Show response
feed.pghub.io/ Frame 14B6 13 B
257 B 43ms
19ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Wed, 28 Jun 2023 21:57:38 GMT
strict-transport-security: max-age=31536000
via: 1.1 google

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1E5F 107 B
165 B 17ms
16ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1E5F 61 KB
14 KB 323ms
323ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=504671446663692&correlator=201209581852511&eid=31072020%2C31075410%2C31075148&output=ldjh&gdfp_req=1&vrg=202306260101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_left_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=6&adks=3299242717&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687989458630%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet87604c0e-85b9-4694-a152-c65714f2ee85%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet87604c0e85b94694a152c65714f2ee85&sc=1&cdm=ye-mek.net&abxe=1&dt=1687989459089&lmt=1687989459&dlt=1687989458250&idt=580&adxs=122&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=t8w2fx2pn3fh&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=1416381702.1687989459&ga_sid=1687989459&ga_hid=495058756&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b688092247ab4473189c8ddcfd287b550d914fc1e8857fd56f8bfadc0d25ecd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14700
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1E5F 36 KB
15 KB 274ms
274ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=504671446663692&correlator=183261179146015&eid=31072020%2C31075410%2C31075148&output=ldjh&gdfp_req=1&vrg=202306260101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=7&adks=345722362&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687989458630%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet87604c0e-85b9-4694-a152-c65714f2ee85%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet87604c0e85b94694a152c65714f2ee85&sc=1&cdm=ye-mek.net&abxe=1&dt=1687989459096&lmt=1687989459&dlt=1687989458250&idt=580&adxs=436&adys=1389&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=wgyvqbd71pf&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1416381702.1687989459&ga_sid=1687989459&ga_hid=495058756&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c7f7c5ee74eee4dc7a4fe83095dcff01b3bff30e7f068ad3535a559d76b34438

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14959
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1E5F 23 KB
11 KB 286ms
285ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=504671446663692&correlator=3082105404192538&eid=31072020%2C31075410%2C31075148&output=ldjh&gdfp_req=1&vrg=202306260101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_right_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=8&adks=3203893797&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687989458630%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet87604c0e-85b9-4694-a152-c65714f2ee85%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet87604c0e85b94694a152c65714f2ee85&sc=1&cdm=ye-mek.net&abxe=1&dt=1687989459101&lmt=1687989459&dlt=1687989458250&idt=580&adxs=1318&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=57cgqt7p9219&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=1416381702.1687989459&ga_sid=1687989459&ga_hid=495058756&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

61a4427dbacae30aa41df3fb5c678e691cfec6699855046e29e6d2987aecdfac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11010
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1E5F 23 KB
11 KB 307ms
306ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=504671446663692&correlator=3421007165899840&eid=31072020%2C31075410%2C31075148&output=ldjh&gdfp_req=1&vrg=202306260101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_ust_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=9&adks=456810305&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687989458630%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet87604c0e-85b9-4694-a152-c65714f2ee85%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet87604c0e85b94694a152c65714f2ee85&sc=1&cdm=ye-mek.net&abxe=1&dt=1687989459105&lmt=1687989459&dlt=1687989458250&idt=580&adxs=436&adys=751&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=l4dyte1f1ptz&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1416381702.1687989459&ga_sid=1687989459&ga_hid=495058756&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51d7824a2a15d6f54c1b60fa1b7e013f8219782d7618dade0ed1e6a81d5225e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11228
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1E5F 35 KB
14 KB 274ms
274ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=504671446663692&correlator=3752192800564110&eid=31072020%2C31075410%2C31075148&output=ldjh&gdfp_req=1&vrg=202306260101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=10&adks=2157304621&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687989458630%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet87604c0e-85b9-4694-a152-c65714f2ee85%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet87604c0e85b94694a152c65714f2ee85&sc=1&cdm=ye-mek.net&abxe=1&dt=1687989459111&lmt=1687989459&dlt=1687989458250&idt=580&adxs=436&adys=2027&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=d92m6djz2naq&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1416381702.1687989459&ga_sid=1687989459&ga_hid=495058756&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

23bb7f2ebf20e66394beb69e3caa2a5354335a4f76f72ed19fb8a0a9ab82ad3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14809
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 1E5F 361 KB
121 KB 59ms
18ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19536

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123120
x-xss-protection: 0
expires: Wed, 28 Jun 2023 21:57:39 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ Frame 1E5F 398 KB
128 KB 53ms
53ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=6/28/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19536
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: gzip
last-modified: Mon, 29 May 2023 18:51:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Wed, 05 Jul 2023 21:57:39 GMT

GET
H2 200 container.html Show response
4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1666 6 KB
3 KB 9ms
8ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:38 GMT
expires: Thu, 27 Jun 2024 21:57:38 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5E36 6 KB
3 KB 15ms
14ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:38 GMT
expires: Thu, 27 Jun 2024 21:57:38 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 1666 24 KB
7 KB 76ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35688
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 27 Jun 2024 12:02:51 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 1666 139 KB
48 KB 41ms
38ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0c27137a2a35027f8c2c54a979b8e27e8dab7f518bf439bf6068e0528591b4be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Origin: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48838
x-xss-protection: 0
server: cafe
etag: 3950964963696103398
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:57:39 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1666 179 KB
56 KB 42ms
23ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:57:39 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 5E36 8 KB
1 KB 65ms
16ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 20:25:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 28 Jun 2023 21:57:39 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/ Frame 5E36 15 KB
3 KB 13ms
12ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.css

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d4095ea226f3f80d6d4fc62e3737dd5107fd9d4aa4a443cac11378b102f64b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 05:06:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 147093
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2883
x-xss-protection: 0
last-modified: Wed, 17 May 2023 00:43:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 05:06:06 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/ Frame 5E36 371 KB
127 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

464be521d749b2ba1c7e8c1f87223b56a03ee0bd05484baa0e9067ce9eb9d2be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 16:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 104857
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 130330
x-xss-protection: 0
last-modified: Wed, 17 May 2023 00:43:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 16:50:02 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 5E36 19 KB
8 KB 55ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9481
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:19:38 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 5E36 24 KB
6 KB 57ms
10ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35688
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 27 Jun 2024 12:02:51 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1666 0
0 46ms
46ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstp-un5v5Js3mWIRi_XP6enVv3cqNV0JTomFeLeqFESGlWD9UVJsTMTKV5gX9YdQPoPkFIfDdHBFSckzzH_eK2OQ6cdBYQm6--nHu2S0gYHmjGtmEITFDtKAP8NYl1Kcmt6oSRwtMJtl6p4Xsm1XE6bn9XupBNnmYGcmnuW11mBeYm30_Fa7mketKsUcuw3og-vzDNqH8rQO5sjAUaQbQOKN-v9mDSxsiNAWEMyl7d41kyeMo-VO3aTb-tFrt8VjK5CBeLvQ7ofskDytpTHmIFB9U8GC6t8PsOCETT2uH08UiwrdxAhtwguJAyv1ZOvRem5HrCMbczZkA826G4v5H4kDWHIg4yZz8G3-0ZRlqJIoe3OGYsUivLtHg&sai=AMfl-YS8_h1Kw7UbvQQv_6GBv9ZNhaBAeU26FCJw53tXXc-w9v1Z7sMVQf15BI-aCN2ymNzPEPuA4dlqcDgQReKTb-eU1gd1ZzSewxk1secrQsw&sig=Cg0ArKJSzDfEV_2pFJAYEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 28 Jun 2023 21:57:39 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306200101/ Frame 1666 345 KB
119 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306200101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b292d06c387f4a735162fe0db8f346c825617b9e0d50248d7bf8e4049b25fe56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121310
x-xss-protection: 0
server: cafe
etag: 17466983363086774946
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:57:39 GMT

GET
DATA 200
OK truncated
/ Frame 1666 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ade5e8523b8fd419b5eac06a3c3d881dea4c3b86852fc141c787476c46af8a8c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 204 csi
csi.gstatic.com/ Frame 5E36 0
54 B 1121ms
496ms Ping
image/gif 2404:6800:4005:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~ljg9calc&c=4901424600820&slotId=2450712300410&qqid=CJLW1-D65v8CFT-d_QcdwLoD-Q&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C44752538%2C75259414%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4005:81d::2003 , Hong Kong, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 5E36 15 KB
16 KB 30ms
7ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:04:15 GMT
x-content-type-options: nosniff
age: 363204
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Jun 2024 17:04:15 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 5E36 15 KB
15 KB 28ms
8ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 03:30:27 GMT
x-content-type-options: nosniff
age: 412032
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Jun 2024 03:30:27 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5E36 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CMN9W0qycZJKlOr-69u8PwPWOyA_JntKxXNWdkfdwwI23ARABIABgldK0gsAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQWpAtPqU3VdUrI-4AIAqAMByAMCqgT3AU_QyOdhIJcKBDdbD-_32FSChfYaqKYOwYeX5r2XD2g2oGwLSSdMUIxanNVTYE7_Rtwk-TukSbdrV4cvBJzI5eaPDPlXZLez45qU854BqOsyMzDlz_EGoWYaebpf-cn-cfoEL12lwq-ivpszrMIqQXUhmTzl1lkQnij5UvlnNsqLLhOmteQJRmIv3H0zWySANu2Px5QoeQ0F-5I9hXULFv2aMb6mqfaqdqPdR067kS6hPe9uXfDLdf4OAwFB-FKQ953We4bE_RRuQ8G2NThZvJu1mXILkTQJSTPLqBh1plT-Dt30f4t8hWQcDJhzJwLMGfJz_B3dqS7gBAGABuXQrvCavLuIUKAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOfoLAggBgAwB0BUBgBcB&eventType=clickstring&clientTime=1687989459365&ai=CMN9W0qycZJKlOr-69u8PwPWOyA_JntKxXNWdkfdwwI23ARABIABgldK0gsAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQWpAtPqU3VdUrI-4AIAqAMByAMCqgT3AU_QyOdhIJcKBDdbD-_32FSChfYaqKYOwYeX5r2XD2g2oGwLSSdMUIxanNVTYE7_Rtwk-TukSbdrV4cvBJzI5eaPDPlXZLez45qU854BqOsyMzDlz_EGoWYaebpf-cn-cfoEL12lwq-ivpszrMIqQXUhmTzl1lkQnij5UvlnNsqLLhOmteQJRmIv3H0zWySANu2Px5QoeQ0F-5I9hXULFv2aMb6mqfaqdqPdR067kS6hPe9uXfDLdf4OAwFB-FKQ953We4bE_RRuQ8G2NThZvJu1mXILkTQJSTPLqBh1plT-Dt30f4t8hWQcDJhzJwLMGfJz_B3dqS7gBAGABuXQrvCavLuIUKAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOfoLAggBgAwB0BUBgBcB

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 5E36 0
234 B 1095ms
489ms Ping
image/gif 2404:6800:4005:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~ljg9cali&c=4901424600820&slotId=2450712300410&qqid=CJLW1-D65v8CFT-d_QcdwLoD-Q&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.d7&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4005:81d::2003 , Hong Kong, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast.php Show response
ads.eu.criteo.com/delivery/r/0.1/ Frame 5E36 12 KB
7 KB 55ms
18ms XHR
text/xml 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/0.1/vast.php?z=ZJys0gAOkpIH_Z0_AAO6wAw-Qch4hJEFarssFQ&u=%7CGY6estnMRVUknCTpvqh8w2TYGv3tjDV%2FRc0ZOe9EITk%3D%7C&c1=s9Ouqadr9PNjmdWEvnIhCeON5eq0Yfy817nyR0B5GwZXgYWXwbmDe9kpYSMilCDwZHTqTSHU28qPS699-x6-pdPmHC8ESfc6jWDFBEINRxVFWXLtQft7xikDu2-fx8kH-AmnLfsoUrNpfKgteZ-mgYAIH8Q_hBwXg7Lwoe38U-1IDzJYEpFZyLyneQ4-qPgzMDb8Z2XUWYIuiNq-xOTLdifa8t7eDtH5LWKHPF_grnaoygqAU8RJVkM833PjOTA1G7CuiJqCOMAym6ye9H8y5PSyiPVJPqT9M-xCZ9WQk2drmuDLiudHhl9mBR7m_FZrAww7jT_dF7qB5UEbSoU9MXa7GL_omgz2-8sejD4FSKmdVrqTOEz6W8aBU5i_jCtjNKZGC9iZoEK7HDelp2PIjDLkALhPTAEYngNDHQwrz-6RGiCKDcOoeKBjfADc2up7Lgu2ng1Axgf1BLodtoUmRX8sZcEqLOqVNBjpwV9xWzIBTQYTGfnqm1uxS6xG9-ePZnIoofaJlTy6J64Gl8QawKC8oMZCoaTQFnS6IhdwLOGqP7_LF8tXkyMOrGmNBKPWreMgsj-zBIRDJIyIIGn4Iiysy_7vZCrC6wVxYZCWSIIx1Je0C-vaJM35YM1SxMoE&ct0=https://googleads.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCMN9W0qycZJKlOr-69u8PwPWOyA_JntKxXNWdkfdwwI23ARABIABgldK0gsAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQWpAtPqU3VdUrI-4AIAqAMByAMCqgT3AU_QyOdhIJcKBDdbD-_32FSChfYaqKYOwYeX5r2XD2g2oGwLSSdMUIxanNVTYE7_Rtwk-TukSbdrV4cvBJzI5eaPDPlXZLez45qU854BqOsyMzDlz_EGoWYaebpf-cn-cfoEL12lwq-ivpszrMIqQXUhmTzl1lkQnij5UvlnNsqLLhOmteQJRmIv3H0zWySANu2Px5QoeQ0F-5I9hXULFv2aMb6mqfaqdqPdR067kS6hPe9uXfDLdf4OAwFB-FKQ953We4bE_RRuQ8G2NThZvJu1mXILkTQJSTPLqBh1plT-Dt30f4t8hWQcDJhzJwLMGfJz_B3dqS7gBAGABuXQrvCavLuIUKAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0ONWM3CXt8zaA3Tlz33JhQ0yOaKQ%26client%3Dca-pub-7983651257838282%26adurl%3D

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

f84b072576c74ae653ae11e278fc81652b9adf54c299e3a131f355faa259537e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
p3p: CP='CUR ADM OUR NOR STA NID'
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3603473
pragma: no-cache
server: Kestrel
access-control-max-age: 1000
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/xml
access-control-allow-origin: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 container.html Show response
4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame ED61 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:38 GMT
expires: Thu, 27 Jun 2024 21:57:38 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 5E36 0
0 47ms
47ms Fetch
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CfZDJ0qycZJKlOr-69u8PwPWOyA_JntKxXNWdkfdwwI23ARABIABgldK0gsAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQWpAtPqU3VdUrI-4AIAqAMBqgT0AU_QyOdhIJcKBDdbD-_32FSChfYaqKYOwYeX5r2XD2g2oGwLSSdMUIxanNVTYE7_Rtwk-TukSbdrV4cvBJzI5eaPDPlXZLez45qU854BqOsyMzDlz_EGoWYaebpf-cn-cfoEL12lwq-ivpszrMIqQXUhmTzl1lkQnij5UvlnNsqLLhOmteQJRmIv3H0zWySANu2Px5QoeQ0F-5I9hXULFv2aMb6mqfaqdqPdR067kS6hPe9uXfDLdf4OAwFB-FKQ953We4bE_RRuQ8G2NThZ_pmUC_WEDSe21SdoeCXTXl3qBGv-UZP-MawhqmrMOS7UnFj376LgBAGABuXQrvCavLuIUKAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOYAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi03OTgzNjUxMjU3ODM4MjgyGOrBbQ&sigh=BjdHjF9ubQQ&uach_m=[UACH]&cid=CAQSLQBygQiDemOA5aLzHbLTxLoEvAplokbEUxmCY3B_yIjxLQ7mdLMFrjGteBWd9xgB&vt=10
Requested by: Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 container.html Show response
4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A9C0 6 KB
3 KB 9ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:38 GMT
expires: Thu, 27 Jun 2024 21:57:38 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3CDD 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:38 GMT
expires: Thu, 27 Jun 2024 21:57:38 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7D77 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:38 GMT
expires: Thu, 27 Jun 2024 21:57:38 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 5E36 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5203506f162f2e9541b742b9dd0b87544a8aed697f228e6eb71c7b8ecb95fff7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012306200257000/ Frame 6D0A 222 KB
61 KB 538ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306200257000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20f091e39a994eac247abb2db8c48d424cb5f3ea8280cea2194168c2bf5f437e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Jun 2023 17:13:26 GMT
age: 189853
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61862
x-xss-protection: 0
server: sffe
etag: "bf95dc6813023782"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 25 Jun 2024 17:13:26 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012306200257000/v0/ Frame 6D0A 15 KB
5 KB 562ms
32ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306200257000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db6c8330efd6e6bfd20dbed90de2e76fe0bac473c76abe90aaa91fac7bb067c6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Jun 2023 17:13:26 GMT
age: 189853
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5232
x-xss-protection: 0
server: sffe
etag: "b6c1e0819a00bf67"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 25 Jun 2024 17:13:26 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012306200257000/v0/ Frame 6D0A 94 KB
28 KB 556ms
26ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306200257000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8169070527736f2296d9d72e169101428b2f9821205614dc54cd16d3130c70f8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Jun 2023 17:13:26 GMT
age: 189853
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28873
x-xss-protection: 0
server: sffe
etag: "75041cf86819093a"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 25 Jun 2024 17:13:26 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012306200257000/v0/ Frame 6D0A 5 KB
2 KB 562ms
33ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306200257000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e5a28a902c7f1edfc9c082269da365300b36ceb1eed186bf26523d6867ed986

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Jun 2023 17:13:26 GMT
age: 189853
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1911
x-xss-protection: 0
server: sffe
etag: "5f86339daf79d63d"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 25 Jun 2024 17:13:26 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012306200257000/v0/ Frame 6D0A 40 KB
13 KB 560ms
31ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306200257000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d660119d70fde473f7720a43fb960d95c8ff46768e67d762f9557179709b8942

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Jun 2023 17:13:26 GMT
age: 189853
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12958
x-xss-protection: 0
server: sffe
etag: "bf1167c9eaa58b59"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 25 Jun 2024 17:13:26 GMT

GET
DATA 200
OK truncated
/ Frame 6D0A 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f9f1a664c3a25b3ed6926de216f0ea297044716c138915939d333c0792b5d595

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 5648818383791576392
s0.2mdn.net/simgad/ Frame 6D0A 532 KB
532 KB 537ms
11ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/5648818383791576392

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

187574c8a3cf0026b633b356842e03d60450be911027b697e9542a650d1049c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 23:35:48 GMT
x-content-type-options: nosniff
age: 339711
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 544482
x-xss-protection: 0
last-modified: Fri, 31 Mar 2023 09:51:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 23:35:48 GMT

GET
H2 200 14952963386359035714
s0.2mdn.net/simgad/ Frame 6D0A 10 KB
10 KB 570ms
44ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14952963386359035714

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 14:13:04 GMT
x-content-type-options: nosniff
age: 373475
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Fri, 31 Mar 2023 09:51:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 14:13:04 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 6D0A 0
0 542ms
17ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQn-E-R43oOdtE37Ak9jhPSEvQ4OGv5bnznXLmwwyZ3kFLRV4ibhX3va5GybbQFV33FX_Lc_0zT911pMVa5DgevLdOF7Q
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 tr.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 6D0A 3 KB
3 KB 8ms
7ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:49:55 GMT
x-content-type-options: nosniff
server: cafe
age: 7664
etag: 9957912877679239782
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3057
x-xss-protection: 0
expires: Thu, 29 Jun 2023 19:49:55 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 6D0A 344 B
450 B 9ms
8ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:03:49 GMT
x-content-type-options: nosniff
server: cafe
age: 10430
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Thu, 29 Jun 2023 19:03:49 GMT

GET
H3 200 container.html Show response
4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame BC6E 6 KB
3 KB 20ms
9ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:38 GMT
expires: Thu, 27 Jun 2024 21:57:38 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 csi
csi.gstatic.com/ Frame 5E36 0
54 B 979ms
497ms Ping
image/gif 2404:6800:4005:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~ljg9cam2&c=4901424600820&slotId=2450712300410&qqid=CJLW1-D65v8CFT-d_QcdwLoD-Q&fb=outstream-lima&vast_v=3.0&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=AdChoices&icdi=15x19&vmfc=1&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4005:81d::2003 , Hong Kong, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 5E36 2 KB
1 KB 488ms
21ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 22 Jun 2024 21:57:39 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame ED61 0
0 56ms
56ms Fetch
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cc1Ep06ycZPjtCPuU9u8PtZK36A66iLSPXJzX7u6pCMCNtwEQASAAYJXStILAB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMByAMCqgT1AU_Q8cce-0Z9WcnDN2x4qM5OSSUoLY0VlUyP3djYRXkxkP6RSN6eNQXJgriZXyrtRJNj2IZahbbxYyHc7rf_xZgh-csmn_WgMrU2dKB3JvYq0undox3pRGnVhUOFoZTJL5eV2ZSeugWEdLUIZuAC1bTVyk1qFHsf9jhxnk_J-kEf_VgHnCg8wS4xsQvfocqveQlTRnJ9Ij7Du4NkwyqT1rja5y4Hv7X435MVD-7kFHnMj4O5oVqz8dhoIgU4qQxxESz07n56lTb7xo8t6ItowfenFGWs32gWdlprGuq9r6HZ058FGG72qD-td3R5HgOlZsSBv5054AQBgAbRyaWX66WWlesBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTc5ODM2NTEyNTc4MzgyODIY6sFt&sigh=ny5ZYoVl1wU&uach_m=[UACH]&cid=CAQSOwBygQiDmCfzZlo5_z2aXOgMKRqUWcLhHOkCB1Dm8kGM_aOclZFdw95KZgjLwy8DcW7AGA5auu_0jHi4GAE
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H/1.1 200 a.gif Show response
i.w55c.net/ Frame ED61 42 B
582 B 471ms
13ms Fetch
image/gif 3.122.44.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://i.w55c.net/a.gif?t=0&rtbhost=conf01-europe-west1.rtb.roku.com&rts=1&btid=QTRBOTVCRjgyNzREQkIwN0I1QTM5OTZFMjRCMEE2MTN8R0ZYcDZDTEdzZHwxNjg3OTg5NDU5MjE5fDF8WG1FS1o4a2t0eHxYUnpvYlBzTGhWfC0xNjgxNjUwMjAwX0VYfDk0OTkzfHx8fC4wUHxVU0Q&ei=GOOGLE&wp_exchange=ZJys0wACNvgH_Yp7AA3JNWPZBr0HCsWNA2yNkQ&ac=WFMwUE56aXZTMTpYU2YwU29uZW43fDB8MHxFVVI7&psid=NTkzOTA4MTEyNTc&js=0&ob=0&ccw=SUFCOCMwLjY4MjYwOTE0fElBQjgtOCMwLjQzMTcyNTl8SUFCOC03IzAuMDg5OTg5ODV8SUFCOC05IzAuMDY1NTUzM3xJQUIxMCMwLjA1NDE0MjEzMnxJQUIxMC00IzAuMDU0MTQyMTMyfElBQjEwLTgjMC4wNTQxNDIxMzI&ci=Xmwo1n97Q8&fiu=WG1FS1o4a2t0eA&fid=XmEKZ8kktx&sd=ye-mek.net&s=https%3A%2F%2Fye-mek.net&ts=1687989459222&dvdp=i.w55c.net/dv.jpg&ai=0DaDXCcU00&c=DE&r=SN&m=0&pc=01468&rnd=8599508736411735&epid=R0wxNTIyMg&ct=b126c92c760c4964ba6058483a07fa14&os=Mm8wMDAy&dc=NzI4NWEyMmNjZmE2NGM1Y2JmMzBmYzExNmQzNGFhNGU&dv=MUxWSXJn&dm=MU1udVZVV21Ndg&l=dHJ8fA&ri=2rxtlU&cip=1&alg=TGcwMDA4&v=0&euid=Q0FFU0VKZ19WUEZpMVNkTENrZXlpQzhMaTNN&mt=2cmt0001&mi=d2Vi&dt=2dt0005&tz=RXVyb3BlL0Jlcmxpbg&sg=KZQHRLKQQcExjauS7TaAxQ&buid=Xdb4DXiaK1Q&hmt=1&hmdp=s.h.w55c.net/2/948461/analytics.gif&hmtiu=9484611643830741015000&uidu=CAESEJg_VPFi1SdLCkeyiC8Li3M&spidu=GOOGLE&pidu=15222&hmpvu=3e85669b-4aaf-4c4f-b838-c15a99228eb9&hmtsu=3&odtu=2&mtfu=1&crdmu=728x90&cridu=XRzobPsLhV&naoh=i.w55c.net/na.gif&ndgh=i.w55c.net/ng.gif

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.122.44.22 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-122-44-22.eu-central-1.compute.amazonaws.com

Software

PixelTracking/v2.0.30-782-g97d928b#rel-ec2-master i-036c9e308bb7e39b5@eu-central-1b@dxedge-app-eu-central-1-prod-asg /

Resource Hash

47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:57:39 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PixelTracking/v2.0.30-782-g97d928b#rel-ec2-master i-036c9e308bb7e39b5@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Content-Type: image/gif
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 42
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 creative_add_on.js Show response
cti.w55c.net/ct/ Frame ED61 5 KB
3 KB 470ms
12ms Script
application/javascript 2600:9000:2127:7a00:3:4706:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cti.w55c.net/ct/creative_add_on.js?w=728&h=90&zindex=0&ci=Xmwo1n97Q8&ei=GOOGLE&ob=0&ai=0DaDXCcU00&epid=R0wxNTIyMg&fiu=WG1FS1o4a2t0eA&s=https%3A%2F%2Fye-mek.net&ciu=XRzobPsLhV&btid=QTRBOTVCRjgyNzREQkIwN0I1QTM5OTZFMjRCMEE2MTN8R0ZYcDZDTEdzZHwxNjg3OTg5NDU5MjE5fDF8WG1FS1o4a2t0eHxYUnpvYlBzTGhWfC0xNjgxNjUwMjAwX0VYfDk0OTkzfHx8fC4wUHxVU0Q&c=DE&dt=2dt0005&sd=ye-mek.net&cip=1&hmt=1&uidu=CAESEJg_VPFi1SdLCkeyiC8Li3M&spidu=GOOGLE&pidu=15222&hmpvu=3e85669b-4aaf-4c4f-b838-c15a99228eb9&hmtsu=3&odtu=2&mtfu=1&crdmu=728x90&cridu=XRzobPsLhV&

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:7a00:3:4706:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e8090651b52c256938df2fb0582f24521fe0476939aab81d01b7f31a7ac75beb

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: 0IYa12QvFdrNK.CC2JhaeEJAYjkhUjCe
content-encoding: gzip
via: 1.1 a1c66294cb416b399374a845b97656d2.cloudfront.net (CloudFront)
date: Sat, 24 Jun 2023 07:59:08 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-amz-cf-pop: PRG50-C1
age: 395912
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 17 Sep 2021 21:17:39 GMT
server: AmazonS3
etag: W/"a6c8a5bdec77729759b220b95bf503f9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: must-revalidate
x-amz-cf-id: d12rzNuODTH3q6jpQdXMjR7w20s9xCrJn_TCUk6DEd93mZDMgtLmTA==

GET
H2 200 XassetrGVaWW53.png
ads.w55c.net/t/d/ Frame ED61 43 KB
44 KB 471ms
13ms Image
image/png 2600:9000:2127:8200:1b:f040:3600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.w55c.net/t/d/XassetrGVaWW53.png?at=0&rtbhost=conf01-europe-west1.rtb.roku.com&btid=QTRBOTVCRjgyNzREQkIwN0I1QTM5OTZFMjRCMEE2MTN8R0ZYcDZDTEdzZHwxNjg3OTg5NDU5MjE5fDF8WG1FS1o4a2t0eHxYUnpvYlBzTGhWfC0xNjgxNjUwMjAwX0VYfDk0OTkzfHx8fC4wUHxVU0Q&ei=GOOGLE&ac=WFMwUE56aXZTMTpYU2YwU29uZW43fDB8MHxFVVI7&js=0&ob=0&ccw=SUFCOCMwLjY4MjYwOTE0fElBQjgtOCMwLjQzMTcyNTl8SUFCOC03IzAuMDg5OTg5ODV8SUFCOC05IzAuMDY1NTUzM3xJQUIxMCMwLjA1NDE0MjEzMnxJQUIxMC00IzAuMDU0MTQyMTMyfElBQjEwLTgjMC4wNTQxNDIxMzI&ci=Xmwo1n97Q8&psid=NTkzOTA4MTEyNTc&s=https%3A%2F%2Fye-mek.net&ts=1687989459222&c=DE&r=SN&m=0&pc=01468&epid=R0wxNTIyMg&mi=d2Vi&wp_exchange=NWP
Requested by: Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:8200:1b:f040:3600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 96e22a33f827f042ac4b239c21f468a17c87545df3f6b90e100d3a91b253a1e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: 77muH8mujF9NEC9ipS.55iMMWqUaEtvK
date: Wed, 28 Jun 2023 07:02:28 GMT
via: 1.1 017ac0aeeb057314a9b1c06f8b97ba34.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 53712
x-amz-server-side-encryption: AES256
x-amz-meta-width: 728
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-meta-filesize: 44534
x-amz-meta-height: 90
content-length: 44534
last-modified: Wed, 03 May 2023 17:26:36 GMT
server: AmazonS3
etag: "ccf751b21647e448aa5dadd8c05f5ac6"
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: MuvJbqgS5C1NVKTK8JhvEBc3yVAorNMERu52kJ2tl3cR8zTIyg7EZg==

GET
H/1.1 200
OK pixel.php
t.hspvst.com/ Frame ED61 95 B
918 B 530ms
39ms Image
image/png 154.58.197.185
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.hspvst.com/pixel.php?id=2677&t=P&cb=8599508736411735
Requested by: Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 154.58.197.185 , Indonesia, ASN174 (COGENT-174, US),
Reverse DNS: staticip-hv4m185.hispavista.com
Software: Apache / PHP/5.4.45-1~dotdeb+7.1
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:57:38 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-1~dotdeb+7.1
Transfer-Encoding: chunked
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Content-Type: image/png
Cache-Control: max-age=315360000
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Keep-Alive: timeout=3, max=1000
Expires: Sat, 25 Jun 2033 21:57:38 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame ED61 3 KB
1 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:41:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 972
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 21:41:27 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame ED61 19 KB
8 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9481
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:19:38 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame ED61 0
0 474ms
18ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRLfJah8xzVeKPhDUr2VWwsyoRPvSqY6Mi9zM8I6_TLGONsEDiHca-Eqbc3_LyZ5Io5uQhqgb2bYwERdmZIb4tucaFgRg
Requested by: Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame ED61 24 KB
6 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35688
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 27 Jun 2024 12:02:51 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame ED61 179 KB
56 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:57:39 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 5E36 0
54 B 945ms
497ms Ping
image/gif 2404:6800:4005:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~ljg9caph&c=4901424600820&slotId=2450712300410&qqid=CJLW1-D65v8CFT-d_QcdwLoD-Q&fb=outstream-lima&gpm_i=1&gpm_c=1&gpm_a=1&smb=1000&mt=video%2Fmp4&vs=1080x1080&msm=1&aits=0&webm=0&vp9=0&vamt=video%2Fmp4&hvmf=false&vms=1&bit=0&hcn=0&met.4=arp_a_e.gt~videopreviewvisible.ho&umsem=0&ape=1&ple=1
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4005:81d::2003 , Hong Kong, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1666 107 B
122 B 17ms
16ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 47E5 0
16 B 210ms
203ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407250215&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687989459332&bpp=11&bdt=140&idt=221&shv=r20230620&mjsv=m202306200101&ptt=9&saldr=aa&nras=1&correlator=5745559093563&frm=8&ife=1&pv=2&ga_vid=466283811.1687989460&ga_sid=1687989460&ga_hid=1804320350&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=950156678&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C44788442%2C44789819&oid=2&pvsid=2334320663502809&tmod=1083788450&uas=0&nvt=1&fsapi=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.dk9vhvurwbt3&fsb=1&dtd=242

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 335A 624 B
245 B 26ms
19ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVAtuHHiXRnc6rGuS8yggoHwyEA_fYIobeg4aaDbPunGQHJELVFZkOrw1Bvi0gFiARPv1VNG12FRFU48XEXOiwbECZpdGyKBpB0PUJBPmI-ZkU_oyl2QvM5Qcgq5c1h8Y0zK30CiogQJCb4UWXPUUPK34c5RuLxbXuI-LbYVRtA4aJAYtw

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:39 GMT
expires: Wed, 28 Jun 2023 21:57:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame A9C0 78 KB
27 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:57:39 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A9C0 42 B
63 B 43ms
42ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CnxhsnRWDpv3H7gC-RjnaHVTubviZVKzchnyAMhxdmGN4AQXHjwOd-mSRVYmUpkJKvwgvI5RbpBdOmgWxg58afD9-IQDQ64wtuRKujbt_iE3TdmAE

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A9C0 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=17560376016773621068&x=1&ct=77

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame A9C0 3 KB
1 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:41:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 972
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 21:41:27 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame A9C0 19 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9481
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:19:38 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A9C0 179 KB
56 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:57:39 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7D8E 624 B
245 B 33ms
26ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARj8x7LlATAB&v=APEucNV8dtyJ0FI2owO6k8M3V6kwJTRrF0o3uaqzcgqhbFC3GlWTqF5MvsjNZEiB5aPQnpMUtuzdm5txippVTHjaPsgm3X0i1PM-TC7gmYn92aRU6CB5aMfnp48PWUFuV6-ugRu43UtJxaATjZ38dvQ5srE-QUeRiGVaR0fgI2UuLvSrtaI1nYE

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:39 GMT
expires: Wed, 28 Jun 2023 21:57:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 3CDD 78 KB
27 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:57:39 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3CDD 42 B
63 B 43ms
43ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BmVOcxe7QwaZ15YS-X4NrxNdouFCradM8X3Xq-p1AjIB-U-dbQi4wg1DiPStZnf32vj6CNuOwu5Xa3H3Qdgv6DopoR-cJyxEd-UdKXbtDu89eNyPA

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3CDD 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=101520509186363761&x=1&ct=76

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 3CDD 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:41:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 972
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 21:41:27 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 3CDD 19 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9481
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:19:38 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 3CDD 0
0 414ms
18ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTMaxhqEIBPdh8kd1kqrKxrvZ1La8FU5hjfg86qvMHpYS1omIWs-4f2-VkkFSw6RGdyz-Qtcn1bZnemlidXF3O83e1lKw
Requested by: Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3CDD 179 KB
56 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:57:39 GMT

GET
H2 206 71ac63ad570642e987aadc31e4b52f7c_k6_1080x1080_15sec_cta_social_paid_de.mp4
static.criteo.net/design/dt/10758/4758890/ Frame 5E36 18 MB
18 MB 56ms
40ms Media
video/mp4 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/10758/4758890/71ac63ad570642e987aadc31e4b52f7c_k6_1080x1080_15sec_cta_social_paid_de.mp4

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 01 Jun 2023 13:44:43 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6478a0cb-11c7062"
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-18640993/18640994
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
Content-Length: 18640994
expires: Sat, 22 Jun 2024 21:57:39 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7D77 0
0 64ms
57ms Fetch
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CPTLM06ycZOfkCvrY7_UPlu6-kA66iLSPXJzX7u6pCMCNtwEQASAAYJXStILAB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMByAMCqgT9AU_Q0jLFJmV2UaVVB2I6x427nvi4jCiOYae-yk8H_ywySVfWzzKv7jZTmlB0er9EsoBxJOUb5bZSj3LkDLBPNFE3xX-gqyMW_z0yg3q5VF6KFMMRI4q-6tPNm_zwuvZ35fWYcFIMa6fs6JrZyz5PjR-X17zFos0szqdWG9G1339M11azJhMX4yaDUBQ1jlcjaXwd9ct7wLaCt2TbRTZATRzABwu3xlu0KKEKi01U69w9oxY968rpsE_Rk9n8hTu70ahMocReLWxLuxwAs3jeZLLeenPh_OSyOun3-86MYaBeEWhghgH67gZmzNMz-UNCXkKticsYPDA3jUoJPUzgBAGABra58vDe9OPEiwGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNzk4MzY1MTI1NzgzODI4MhjqwW0&sigh=T6egdV-D-C0&uach_m=[UACH]&cid=CAQSOwBygQiDxCXGZ050Wt9C7rbPv1ygUUpuvfiPkiqcMU4qCvekGzxJq-j793LYnkngDlNqmcKfwVIf8_zHGAE
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H/1.1 200 a.gif Show response
i.w55c.net/ Frame 7D77 42 B
582 B 38ms
11ms Fetch
image/gif 3.122.44.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://i.w55c.net/a.gif?t=0&rtbhost=conf01-europe-west1.rtb.roku.com&rts=1&btid=NzNFMDQ4QkNENEMxMEY4OTQ0MDI1RUEzRUU3MEIwNDV8R0Z4MFp1ZnNWZnwxNjg3OTg5NDU5MjY2fDF8WG1FS1o4a2t0eHxYUks4TjRSd2FpfC0yMTAwNjQxMTUyX0VYfDk5MjU0fHx8fC4wUHxVU0Q&ei=GOOGLE&wp_exchange=ZJys0wACsmcIu-x6AA-3FhVk5S6_wo9MMZosCA&ac=WFMwUE56aXZTMTpYU1pHTkNKTWpzfDB8MHxFVVI7&psid=NTkzOTA4MTEyNTc&js=0&ob=0&ccw=SUFCOCMwLjY4MjYwOTE0fElBQjgtOCMwLjQzMTcyNTl8SUFCOC03IzAuMDg5OTg5ODV8SUFCOC05IzAuMDY1NTUzM3xJQUIxMCMwLjA1NDE0MjEzMnxJQUIxMC00IzAuMDU0MTQyMTMyfElBQjEwLTgjMC4wNTQxNDIxMzI&ci=Xmwo1n97Q8&fiu=WG1FS1o4a2t0eA&fid=XmEKZ8kktx&sd=ye-mek.net&s=https%3A%2F%2Fye-mek.net&ts=1687989459269&dvdp=i.w55c.net/dv.jpg&ai=0DaDXCcU00&c=DE&r=SN&m=0&pc=01468&rnd=9142528973528626&epid=R0wxNTIyMg&ct=b126c92c760c4964ba6058483a07fa14&os=Mm8wMDAy&dc=NzI4NWEyMmNjZmE2NGM1Y2JmMzBmYzExNmQzNGFhNGU&dv=MUxWSXJn&dm=MU1udVZVV21Ndg&l=dHJ8fA&ri=2rxtlU&cip=1&alg=TGcwMDA4&v=0&euid=Q0FFU0VJVUtrQ1ZPd3dsR3NrTDc0VEpnT2tN&mt=2cmt0001&mi=d2Vi&dt=2dt0005&tz=RXVyb3BlL0Jlcmxpbg&sg=vf2CUUFSAY5T5Dz_d9TPBg&buid=Xdb4DXiaK1Q&hmt=1&hmdp=s.h.w55c.net/2/948461/analytics.gif&hmtiu=9484611643830741015000&uidu=CAESEIUKkCVOwwlGskL74TJgOkM&spidu=GOOGLE&pidu=15222&hmpvu=9a0a2350-c9e1-472f-add0-db4203ceb848&hmtsu=3&odtu=2&mtfu=1&crdmu=728x90&cridu=XRK8N4Rwai&naoh=i.w55c.net/na.gif&ndgh=i.w55c.net/ng.gif

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.122.44.22 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-122-44-22.eu-central-1.compute.amazonaws.com

Software

PixelTracking/v2.0.30-782-g97d928b#rel-ec2-master i-008a7b4f528d14c6d@eu-central-1a@dxedge-app-eu-central-1-prod-asg /

Resource Hash

47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:57:39 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PixelTracking/v2.0.30-782-g97d928b#rel-ec2-master i-008a7b4f528d14c6d@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Content-Type: image/gif
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 42
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 creative_add_on.js Show response
cti.w55c.net/ct/ Frame 7D77 5 KB
3 KB 23ms
12ms Script
application/javascript 2600:9000:2127:7a00:3:4706:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cti.w55c.net/ct/creative_add_on.js?w=728&h=90&zindex=0&ci=Xmwo1n97Q8&ei=GOOGLE&ob=0&ai=0DaDXCcU00&epid=R0wxNTIyMg&fiu=WG1FS1o4a2t0eA&s=https%3A%2F%2Fye-mek.net&ciu=XRK8N4Rwai&btid=NzNFMDQ4QkNENEMxMEY4OTQ0MDI1RUEzRUU3MEIwNDV8R0Z4MFp1ZnNWZnwxNjg3OTg5NDU5MjY2fDF8WG1FS1o4a2t0eHxYUks4TjRSd2FpfC0yMTAwNjQxMTUyX0VYfDk5MjU0fHx8fC4wUHxVU0Q&c=DE&dt=2dt0005&sd=ye-mek.net&cip=1&hmt=1&uidu=CAESEIUKkCVOwwlGskL74TJgOkM&spidu=GOOGLE&pidu=15222&hmpvu=9a0a2350-c9e1-472f-add0-db4203ceb848&hmtsu=3&odtu=2&mtfu=1&crdmu=728x90&cridu=XRK8N4Rwai&

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:7a00:3:4706:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e8090651b52c256938df2fb0582f24521fe0476939aab81d01b7f31a7ac75beb

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: 0IYa12QvFdrNK.CC2JhaeEJAYjkhUjCe
content-encoding: gzip
via: 1.1 a1c66294cb416b399374a845b97656d2.cloudfront.net (CloudFront)
date: Sat, 24 Jun 2023 07:59:08 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-amz-cf-pop: PRG50-C1
age: 395912
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 17 Sep 2021 21:17:39 GMT
server: AmazonS3
etag: W/"a6c8a5bdec77729759b220b95bf503f9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: must-revalidate
x-amz-cf-id: oMzf88Ln-qOaRbkghJmkOkAJMLmwGAvK6TAY6NzEZz0HIc5l8_v48w==

GET
H2 200 XassetJtVGFj2g.png
ads.w55c.net/t/d/ Frame 7D77 29 KB
30 KB 24ms
13ms Image
image/png 2600:9000:2127:8200:1b:f040:3600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.w55c.net/t/d/XassetJtVGFj2g.png?at=0&rtbhost=conf01-europe-west1.rtb.roku.com&btid=NzNFMDQ4QkNENEMxMEY4OTQ0MDI1RUEzRUU3MEIwNDV8R0Z4MFp1ZnNWZnwxNjg3OTg5NDU5MjY2fDF8WG1FS1o4a2t0eHxYUks4TjRSd2FpfC0yMTAwNjQxMTUyX0VYfDk5MjU0fHx8fC4wUHxVU0Q&ei=GOOGLE&ac=WFMwUE56aXZTMTpYU1pHTkNKTWpzfDB8MHxFVVI7&js=0&ob=0&ccw=SUFCOCMwLjY4MjYwOTE0fElBQjgtOCMwLjQzMTcyNTl8SUFCOC03IzAuMDg5OTg5ODV8SUFCOC05IzAuMDY1NTUzM3xJQUIxMCMwLjA1NDE0MjEzMnxJQUIxMC00IzAuMDU0MTQyMTMyfElBQjEwLTgjMC4wNTQxNDIxMzI&ci=Xmwo1n97Q8&psid=NTkzOTA4MTEyNTc&s=https%3A%2F%2Fye-mek.net&ts=1687989459269&c=DE&r=SN&m=0&pc=01468&epid=R0wxNTIyMg&mi=d2Vi&wp_exchange=NWP
Requested by: Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:8200:1b:f040:3600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8c5275956fa1bf68a0418dddb092a5881af6b6be10f6dca54dfacda6ba41992a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: 8SPBXJhT_RiSNmerbyVsLrwEkkTx88nO
date: Wed, 28 Jun 2023 05:47:16 GMT
via: 1.1 017ac0aeeb057314a9b1c06f8b97ba34.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 58224
x-amz-server-side-encryption: AES256
x-amz-meta-width: 728
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-meta-filesize: 29942
x-amz-meta-height: 90
content-length: 29942
last-modified: Thu, 15 Jun 2023 15:29:43 GMT
server: AmazonS3
etag: "1ff110a85bc3d8deeb9bac4954656b3b"
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: VHe6FJCCuAe-gftGDI3v71pEvMgqFC83W3AHfFdrgHbfmFlfqxW-9g==

GET
H/1.1 200
OK pixel.php
t.hspvst.com/ Frame 7D77 95 B
917 B 123ms
39ms Image
image/png 154.58.197.185
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.hspvst.com/pixel.php?id=2677&t=P&cb=9142528973528626
Requested by: Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 154.58.197.185 , Indonesia, ASN174 (COGENT-174, US),
Reverse DNS: staticip-hv4m185.hispavista.com
Software: Apache / PHP/5.4.45-1~dotdeb+7.1
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:57:38 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-1~dotdeb+7.1
Transfer-Encoding: chunked
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Content-Type: image/png
Cache-Control: max-age=315360000
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Keep-Alive: timeout=3, max=999
Expires: Sat, 25 Jun 2033 21:57:38 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 7D77 3 KB
1 KB 14ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:41:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 972
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 21:41:27 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 7D77 19 KB
8 KB 15ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9481
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:19:38 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 7D77 0
0 27ms
18ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTS0ptFAv3FijQU4IVyhomotqiKmIR5bq9fX27_IfYrdRRg20H1fpS-8sD1HlULKpngBlNdtOUdaUpwSQzyNaGRwQ3lRQ
Requested by: Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 7D77 24 KB
6 KB 15ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35688
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 27 Jun 2024 12:02:51 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7D77 179 KB
56 KB 28ms
21ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:57:39 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 5E36 0
54 B 504ms
497ms Ping
image/gif 2404:6800:4005:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=5~ljg9caqf&c=4901424600820&slotId=2450712300410&qqid=CJLW1-D65v8CFT-d_QcdwLoD-Q&fb=outstream-lima&gpm_i=1&gpm_c=1&gpm_a=1&smb=1000&mt=video%2Fmp4&vs=1080x1080&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fads.eu.criteo.com%252Fdelivery%252Fr%252F0.1%252Fvast.php%253Fz%253DZJys0gAOkpIH_Z0_AAO6wAw-Qch4hJEFarssFQ%2526u%253D%25257CGY6estnMRVUknCTpvqh8w2TYGv3tjDV%25252FRc0ZOe9EITk%25253D%25257C%2526c1%253Ds9Ouqadr9PNjmdWEvnIhCeON5eq0Yfy817nyR0B5GwZXgYWXwbmDe9kpYSMilCDwZHTqTSHU28qPS699-x6-pdPmHC8ESfc6jWDFBEINRxVFWXLtQft7xikDu2-fx8kH-AmnLfsoUrNpfKgteZ-mgYAIH8Q_hBwXg7Lwoe38U-1IDzJYEpFZyLyneQ4-qPgzMDb8Z2XUWYIuiNq-xOTLdifa8t7eDtH5LWKHPF_grnaoygqAU8RJVkM833PjOTA1G7CuiJqCOMAym6ye9H8y5PSyiPVJPqT9M-xCZ9WQk2drmuDLiudHhl9mBR7m_FZrAww7jT_dF7qB5UEbSoU9MXa7GL_omgz2-8sejD4FSKmdVrqTOEz6W8aBU5i_jCtjNKZGC9iZoEK7HDelp2PIjDLkALhPTAEYngNDHQwrz-6RGiCKDcOoeKBjfADc2up7Lgu2ng1Axgf1BLodtoUmRX8sZcEqLOqVNBjpwV9xWzIBTQYTGfnqm1uxS6xG9-ePZnIoofaJlTy6J64Gl8QawKC8oMZCoaTQFnS6IhdwLOGqP7_LF8tXkyMOrGmNBKPWreMgsj-zBIRDJIyIIGn4Iiysy_7vZCrC6wVxYZCWSIIx1Je0C-vaJM35YM1SxMoE%2526ct0%253Dhttps%253A%252F%252Fgoogleads.g.doubleclick.net%252Faclk%25253Fsa%25253DL%252526ai%25253DCMN9W0qycZJKlOr-69u8PwPWOyA_JntKxXNWdkfdwwI23ARABIABgldK0gsAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQWpAtPqU3VdUrI-4AIAqAMByAMCqgT3AU_QyOdhIJcKBDdbD-_32FSChfYaqKYOwYeX5r2XD2g2oGwLSSdMUIxanNVTYE7_Rtwk-TukSbdrV4cvBJzI5eaPDPlXZLez45qU854BqOsyMzDlz_EGoWYaebpf-cn-cfoEL12lwq-ivpszrMIqQXUhmTzl1lkQnij5UvlnNsqLLhOmteQJRmIv3H0zWySANu2Px5QoeQ0F-5I9hXULFv2aMb6mqfaqdqPdR067kS6hPe9uXfDLdf4OAwFB-FKQ953We4bE_RRuQ8G2NThZvJu1mXILkTQJSTPLqBh1plT-Dt30f4t8hWQcDJhzJwLMGfJz_B3dqS7gBAGABuXQrvCavLuIUKAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_0ONWM3CXt8zaA3Tlz33JhQ0yOaKQ%252526client%25253Dca-pub-7983651257838282%252526adurl%25253D&encoded_body_size=0&transfer_size=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4005:81d::2003 , Hong Kong, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B90B 22 KB
10 KB 408ms
407ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687989459344&bpp=1&bdt=152&idt=641&shv=r20230620&mjsv=m202306200101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=5745559093563&frm=8&ife=1&pv=1&ga_vid=466283811.1687989460&ga_sid=1687989460&ga_hid=1804320350&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=950156678&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C44788442%2C44789819&oid=2&pvsid=2334320663502809&tmod=1083788450&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.udqxk4vi63ph&fsb=1&dtd=656

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

072debf6d24e6a338b38c71afa1ae91639f38e35e89f4b8c27c9c1b176e16cab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 10102
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B3BC 6 KB
3 KB 11ms
10ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:38 GMT
expires: Thu, 27 Jun 2024 21:57:38 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 6363a944e4b0125bde9e6739
ng.virgul.com/tck/imp/ Frame 1E5F 0
209 B 51ms
51ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/imp/6363a944e4b0125bde9e6739?g=1&t=cpc_annotation&r=153366@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687989458630&userId=vnet87604c0e-85b9-4694-a152-c65714f2ee85
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:57:40 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 335A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP0A5Fn86aaTBYAV8ikoMjk&google_cver=1

43 B
766 B

13ms
13ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP0A5Fn86aaTBYAV8ikoMjk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVAtuHHiXRnc6rGuS8yggoHwyEA_fYIobeg4aaDbPunGQHJELVFZkOrw1Bvi0gFiARPv1VNG12FRFU48XEXOiwbECZpdGyKBpB0PUJBPmI-ZkU_oyl2QvM5Qcgq5c1h8Y0zK30CiogQJCb4UWXPUUPK34c5RuLxbXuI-LbYVRtA4aJAYtw
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:57:40 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP0A5Fn86aaTBYAV8ikoMjk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 335A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJys1E7vk9jKptP3G7k5ogAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP0A5Fn86aaTBYAV8ikoMjk&google_cver=1

43 B
632 B

16ms
13ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP0A5Fn86aaTBYAV8ikoMjk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVAtuHHiXRnc6rGuS8yggoHwyEA_fYIobeg4aaDbPunGQHJELVFZkOrw1Bvi0gFiARPv1VNG12FRFU48XEXOiwbECZpdGyKBpB0PUJBPmI-ZkU_oyl2QvM5Qcgq5c1h8Y0zK30CiogQJCb4UWXPUUPK34c5RuLxbXuI-LbYVRtA4aJAYtw
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:57:40 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP0A5Fn86aaTBYAV8ikoMjk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 335A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESENrlAGLdVaRqfHQKDCw1ZDo&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESENrlAGLdVaRqfHQKDCw1ZDo%26google_cver%3D1

43 B
1 KB

26ms
24ms

Image
image/gif

185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESENrlAGLdVaRqfHQKDCw1ZDo%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVAtuHHiXRnc6rGuS8yggoHwyEA_fYIobeg4aaDbPunGQHJELVFZkOrw1Bvi0gFiARPv1VNG12FRFU48XEXOiwbECZpdGyKBpB0PUJBPmI-ZkU_oyl2QvM5Qcgq5c1h8Y0zK30CiogQJCb4UWXPUUPK34c5RuLxbXuI-LbYVRtA4aJAYtw

Protocol

HTTP/1.1

Server

185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:57:40 GMT
AN-X-Request-Uuid: ea4cd6c1-71e5-4384-b05a-ebaa0df7c1c0
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 80.255.10.202; 80.255.10.202; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:57:40 GMT
AN-X-Request-Uuid: 34559557-275b-421d-b294-d77504eba806
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESENrlAGLdVaRqfHQKDCw1ZDo%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.10.202; 80.255.10.202; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 335A
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQzMDE3MjgyMTgxMTEwNTczMQ%3D%3D

170 B
188 B

23ms
22ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQzMDE3MjgyMTgxMTEwNTczMQ%3D%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 28 Jun 2023 21:57:40 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.10.202; 80.255.10.202; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 7b9bb708-c154-46dc-990e-47628fded5ac
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQzMDE3MjgyMTgxMTEwNTczMQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7D8E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP0A5Fn86aaTBYAV8ikoMjk&google_cver=1

43 B
632 B

13ms
13ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP0A5Fn86aaTBYAV8ikoMjk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARj8x7LlATAB&v=APEucNV8dtyJ0FI2owO6k8M3V6kwJTRrF0o3uaqzcgqhbFC3GlWTqF5MvsjNZEiB5aPQnpMUtuzdm5txippVTHjaPsgm3X0i1PM-TC7gmYn92aRU6CB5aMfnp48PWUFuV6-ugRu43UtJxaATjZ38dvQ5srE-QUeRiGVaR0fgI2UuLvSrtaI1nYE
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:57:40 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP0A5Fn86aaTBYAV8ikoMjk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7D8E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJys1E7vk9jKptP3G7k5ogAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP0A5Fn86aaTBYAV8ikoMjk&google_cver=1

43 B
766 B

14ms
13ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP0A5Fn86aaTBYAV8ikoMjk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARj8x7LlATAB&v=APEucNV8dtyJ0FI2owO6k8M3V6kwJTRrF0o3uaqzcgqhbFC3GlWTqF5MvsjNZEiB5aPQnpMUtuzdm5txippVTHjaPsgm3X0i1PM-TC7gmYn92aRU6CB5aMfnp48PWUFuV6-ugRu43UtJxaATjZ38dvQ5srE-QUeRiGVaR0fgI2UuLvSrtaI1nYE
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:57:40 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP0A5Fn86aaTBYAV8ikoMjk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 7D8E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESENrlAGLdVaRqfHQKDCw1ZDo&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESENrlAGLdVaRqfHQKDCw1ZDo%26google_cver%3D1

43 B
1 KB

18ms
18ms

Image
image/gif

185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESENrlAGLdVaRqfHQKDCw1ZDo%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARj8x7LlATAB&v=APEucNV8dtyJ0FI2owO6k8M3V6kwJTRrF0o3uaqzcgqhbFC3GlWTqF5MvsjNZEiB5aPQnpMUtuzdm5txippVTHjaPsgm3X0i1PM-TC7gmYn92aRU6CB5aMfnp48PWUFuV6-ugRu43UtJxaATjZ38dvQ5srE-QUeRiGVaR0fgI2UuLvSrtaI1nYE

Protocol

HTTP/1.1

Server

185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:57:40 GMT
AN-X-Request-Uuid: f50e032c-164a-463a-b7fc-e61abc3ec066
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 80.255.10.202; 80.255.10.202; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:57:40 GMT
AN-X-Request-Uuid: e97067b9-a3ce-4a48-8395-88211e87b27f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESENrlAGLdVaRqfHQKDCw1ZDo%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.10.202; 80.255.10.202; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7D8E
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQzMDE3MjgyMTgxMTEwNTczMQ%3D%3D

170 B
188 B

21ms
18ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQzMDE3MjgyMTgxMTEwNTczMQ%3D%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 28 Jun 2023 21:57:40 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.10.202; 80.255.10.202; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 3b006102-737c-4e43-899a-a19a5cc15ef1
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQzMDE3MjgyMTgxMTEwNTczMQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6A80 640 B
262 B 34ms
34ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjstJ_sATAB&v=APEucNWX2gTOcqdGI7kXKcV6BXgUmBCCXUvMdNmkIFXRsxskQxmAHBHlT7HvlptMPNg1cLN0rvIwiCmKjuTyRdhz678GIBv_RwTLO6YnqNX1gz68w701-3wCB3EwkpzEzMl3Sk2NSkgr_iHBbRmjF3nL2i3vEA_38fO56EXYsVaCDoBAKDA7Y8E

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame BC6E 78 KB
27 KB 48ms
47ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:40 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:57:40 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame BC6E 42 B
63 B 83ms
82ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BkrE9E2ly_ZDtAoXKW4ziIUGXlhf1zAGUm75e2kt9MjWx50N4DD8DbqxVVWhMzXpJNsq8anwhgS4Qln8F0dOTo6a9ugqyWYkwWl9kyztb2IN2qgdA

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BC6E 0
20 B 87ms
86ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=17581292203637305399&x=1&ct=76

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame BC6E 3 KB
1 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:41:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 973
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 21:41:27 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame BC6E 19 KB
8 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9482
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:19:38 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame BC6E 0
0 30ms
25ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR57JvdTSbHAdvVNqnRpAUaAYfsrDaQA8zrSFk0Bm_kO7ks-i5pIjSWfqy9g8ZHGQqVHdpA4EHzYxm4fIAVN9EFhCY-KA
Requested by: Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BC6E 179 KB
56 KB 34ms
30ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:57:40 GMT

GET
H3 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame B3BC 34 KB
13 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

63715e8ffb3d4efab913b95b9369dc96445bde93529cdc97909bdf57a8134300

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 20:30:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13554
x-xss-protection: 0
server: cafe
etag: 10619647361806024282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 20:30:29 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame B3BC 24 KB
6 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35689
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 27 Jun 2024 12:02:51 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B3BC 179 KB
56 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:57:40 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame B3BC 22 KB
9 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite_fy2021.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

81f66fb840c902b62f902bc4e27a6e3dee001d2f8babf5e767f78f16136ff0b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 18:49:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11307
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9007
x-xss-protection: 0
server: cafe
etag: 10216374826415589524
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 18:49:13 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame B3BC 3 KB
1 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:41:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 973
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 21:41:27 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame B3BC 19 KB
8 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9482
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:19:38 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A9C0 0
20 B 53ms
52ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7574056547020&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A9C0 0
20 B 50ms
50ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7574056547020&version=m202301230201&ct=77&x=1&cor=17560376016773622000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A9C0 15 KB
11 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AEO0Gy6wZquol1ci2TK9BE2bIO0KnoXlUvY78hA9yFDlGlEHGMuZVDe1gtnpv-PsdkS5WS-hGdDI-MQtXRbhTylUdrtRaQfh6LKJqezlWBZkdoFjC0RNkU8YwsM4fIE2u9dBNuLVD3EB663ZwO0WM9Hk7-uw40HD8LY9x_ot738UqIIpQ&cry=1&dbm_d=AKAmf-Cin2qHx25Oi-LHURxtI6h3yM2NkHVR6UKpMf1NbnunOMurcNcAdkz_lLvwizg9zE01hbW-8y5frK71Wij-loH7ToVaGzfPnlKNYb6T3he1wLyyl2vmFCVnicB3qG4lxAmfbLsDcQpfNDVgKULhC8D74lJm3wt3wJOOQ34rLJxOQK5x2Bax9JFFiw7HWWqOnK2QHNoaH3wyVFrqhEb8rWNGt1kizAyZvEibGg1TysAzu0dH0xH9d008Lvugt8YxSbM9lVXMLhm49nC9KI7u5VWDmxmHjw-tHam62qmCEyEbkYvFo1sWpd6b1_pZZUYpgEPGWhb-cSvSqpR2mCJIMQ5nhzL2XLTY9ljeNigDQrh89DAq4aEQuRomeOPuyT9eymdiz1GZpdz5SgTtpT6wuzwAugal0ekKXBd3rNQ1rFEi9di20J_4WSYw29-l8rSwyPjQTo11DEWh0yOI0zbkqiAzDHs2Q3kNqyUVZNFpJUyVJYMU07ze6I-qD2kAmhSON9_lcN_ozPGI_MND8eDjgaaj7tTyVu6TuNuzp4QHLkcPhta9g7El6vL9qAY1cmUpfogdhLjCmDWiicGHC36yuRp_zUyDLioLxPgRY975e6XhYdDxEBsgTKtxKIXPrRIu8hHhxSJTmyybdCxc2tsDeRNawHHFQZOtvYL4ppgB3eNciUSFpwSIIxbACnLml_DQ6GWXLrHiIB-Pfszb4I86vwllwB63BkhXRB5Exloml-4ySEUcrwuo2xTL1A3kYobTMxc4Ws8RTbj6IpGZMA1zTKz2KLi9u3bZ2SGF6F02syndj3DwDoQzbk3N0hEVVEy2QOV8VufPJbzPmN5bG7eb_9SVCTi8vkUUKGul7vdeO94Gva4gugbmYUF_1Ikbgc2RXFvc4HgTyR5dHNZumPJ7J5dvlU4o9vpB7gYgirSUcKoS_agA4mY7m7Dwqe2xHEjYBWhIjoec0IxuHdLVMtzOXPZJf-XBWbrEyNJqV12amSm9nNB8Jkm_Rk5N0LnDkrdvRCIqroFYHn1FGmdurZ_4jfWp_NOkYiLfPaBv71AIsZad-xI0bOHqgv1atI6fIHCbEaBoryFg3fZFkGmBb4Wtl2ZIShI_hZQBWprKeKKGLxBsnRBTcKgRJSBSUr2dmtasGNDENh1arh7ydxAsDt66C0WSZEe9_EVOQ4_54vSsouBOwMkejsU8qpFH6svogw8R59UmeoCPBRyBhY22k-5Od9CPnomcS_8VCISiRA2FsTT7N3MZiypAvYK5CYRR4WNQYl50_zaj6nMSpqPtpou4V76KAK6UrlYhKqMABbz6GB-5JngfzyaJzw_BXgNheA2mFRDdarweZdfulA6-pLTEqhQX0ZV5sbLzHZenvvW5t7PgSApVNYTQGM-I4pqruqCtilVmvRYZRjR9bWMXYw8_jdS84kK7ZML9-3vl54kFVSrzCYC3fh5nEX4qOzow_uPVKk-rwarqDzm6xAgWtSq09yhISgv3HI2GW4XPQSgONlDb6yKMfui33JqZYh4KDMMVlplsh7E5Vprs9NhdoahhVnwc0U7aea5jpOAQ3JmfOhSf3QjZ6769miaZZNppPv5lA5-6qH2TyHLTMTCMdP2Cplj2k50TSwpn378ZW2z1ru3qgK3htYPZXyaCIEx55rqtLZi-zwpMVs_1gOZifrGu8U2i6ehvP_VfMj_1bN2BEUwCRM9m3IyPrBetv4Ivkzn1rBtVIqgiQR3Ye4eUGytZ9Kg4Ojou3Jd7BDW6dO5tkLhbz0rLS718ZZ5LXMEixc0jQzHt53JGVVAEV6L7534r18b5OuZaTnDnjxU7xwN4u99lnH6N5iBsweSlBSyF-FgyRoua7e5Dz3UBOSgdrY8kR659gsDF9cmxYW5x5rg4FFF2eIbD0-NOZsi8V8Nxh2Pfoc_GwEiWJUZifN5SB7FK3uttE4kkxRq9H0FrOmdzm6Vi8ox_my6frx-0_s1jGBph1wBhrvVQFAFeWq1uEQBlPmaaOkSqSxkc8Ttdo3LSnfii87h9TQ_lCSeBVJ2p6hx3d8uFcCg6NcRaTyyp8p_rXvfGCk9ITDAvYP-cNQmQy__y157UvuQRXzPnaLVp1UcAhJCxdp64jdKhj_SYy4P7184n-6MRG2EZiZikuVAODPGzuYM6hkfVHdkgrRAcRJU-tHwtk9asvgdJrkHMwYLGGTwrG9VNdz1x7aDhTCYTf-3ZouTRe5HcmZ03Wd3NRBBUb3GTjGsUwqtGEuxcNMz9IuEv5sMa0fS50zY3O_SU6IzkErwhdz8LDRltbssy5T7FLGlQsq57d3T-8RkMcyf2fYugv3E1MVyl3c-4svxskPYnSbeP994t3Jzqq-m5tXKBmqSN9xotaYJ88keI8vf9BM9vVvoPah0ksOtjbCGxEQmd-AK2pV9kJ-aJLBXPuS1HoW56-HdKv7Mdm6eWGCbia3MNSmgo77gk21IbXLPiWuVlG-LPSwfQq2Ov5COSSde16yhyyHkKEeYFSSE7vHTu_EIKAiglzx_2fDz3YNzGIJDdGhikQRnz1FxtZBPWkxedVzv-I4HszIpEozd0xIJCuYwFzQ5EJkNGeKcPqqUomBFMcl2_KGPymQc2hfkCr9KG78nlobtbxtw9ZGZEFWlHpBRhBH7hk5UbssouT6I92ne-ZXUAs0tffxxuN13MZOlrHdE3rjyv1RjMPBX81YmpChKX_LK8KjEBKbiIgqhUcdkcCG57mGAuZTbpErMbcKu5hp0zzwK0vC-KVtT4ncB2cDBXGfZHkM_i3o1Rdm5FpWC9HstJrYlS-3IMpN_oL2EPu9FcH2RPaTNcvNU7UjZXdKPxYenToqBTYHpoWTHRwjjViSafAZ00LqbDrBhFm9eyHBTRrBuDfwQQ8d3FFXGBBxZMifVP-9pPrBfMg7pikwdGYYTpasxFhuRQRxtiHxYG7Go6ViCJqoVoypuz-bDVMMXsmfG1-hkg8bHrb6T5eowT1fbLrp2kBSQW-7dpssy3NufCJbcLWE8KI-3mXwmCSCzpHVmrtCkDlXB5_XAGzU3tbaGnI2SgMHsU6t6UDe6I_-q78pJIVjo71r4qZdghNwiWJ1U6HjF-onVCBYfB4hzYw1bTGv34iMEVVjrhIldxvWNkoLikxMeW58P-Mlw1bvYTAV6cFUZdCU9ZFvFsCEcy1T5JwuGKhcnbWtcNv3QCp6jpilDSmGlc14HmbIsCW5umvssv2EEPahdO1K1Wdo_QLfQcCBE434COfa5RO1w37oWLCTnEYxgzLFq33vBo8Pj2Rr6MCLYKid5JdTc9sMIRdzxoB6eBRzYFE6Fzx53YhLumVnHK75p7qzmwoW0zxAmloaFt8b3LmyF1WpcTlKsq97nyW8IGG2SD5DKXPMmSgRaXvfMTqIadkp_aJjO79KlHCeJR1TNlvl3OFMmttWPIPUJGiqv1vwHA_3nuBnk0e3V0st-1ED6ekw3lxqaoKIqlEBzZSf1XCJJLfou8v-wGq8uODIKA6aCJiUDFAoEKX4uJGTHQ4GoHPKLVINO2WWmAR3380OyGql6J-RW1L4NQXIye0Y7g90lQUo9ag-G-rrkMYNsN-ZXXju6bGzNJ9C6XsMz69F82aQIDZ15M_wyRks1z5Zpf21LqaL2Xhp9ncbfFyxk9mufAs3ofDgDhMF3adCWjV3oUQSJRMTW5A8CA8U_1ZesQsaAW9Ufkh4apcTFa0LqfQynVYV8HkxioUYJkd2qZ-33dsddPbKseCyIdEYoJPO25QqRe_nssOj0MwzMkbGIWzqZtTqhC12qjVBY0Y1g_CW6XCNn_zIk8vAGo5x0HZbosTCKRK6sepRdw4QpWQViG&cid=CAQSbQBygQiD4uFUJbggLmfY2mUbDHx42r49fbLk1zuOVCvH0Ho26lTG0VVcoI8WBsh8zOV4siutO3n7miJwblcKPUe0fNlbQqAEp9sFOsb8-j0upMCIPvjUX3W2yO6PFPLBB8iNTLeMHzpRvrlL7Z0YAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=17560376016773622000&adk=2465470143&idt=29&cac=0&dtd=24

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

71ba6158411aefbe602f8df67bf0bb2fb155dbf09c39eca150269c3449f4aca1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11417
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3CDD 0
20 B 79ms
79ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5455837231627&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3CDD 0
20 B 51ms
51ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5455837231627&version=m202301230201&ct=76&x=1&cor=101520509186363760

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3CDD 87 KB
36 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DY3tpxXWoE8S_KT2cCfG6CzOjvRZJQzgfPpPBhgGzFdLF9GhhRxBlZDaEg3zJV4Dg3YbzBJ1snHon005dYMXKZi5eco_AoZF2tXAgKvOsXyk0HTTx38sFMzOG7ftPfO5fMisyWs3w3oEBWUm-FTg76IypYXCx8trLzgfzwD2DuwdaSdJY&dbm_d=AKAmf-DWKSnq8Qc5JX070aCskps8vOz7TEiV7TBvTdK0uzA7cWoMpi11A62fa-oz4r6DQGf1clXdrGjzXl7VRlvnvmDQkC0XIiLsTPsoeMjY_6X05-Y7wWZK9VLsDlE8007hht5J6i8Pk1445-2oidWCGnzw47bO62HDXgmdCOoNvdplFXtt1ThygIX6s08t6ska9h1d64J9omQo2DSfkPfiwTs_817c5miGb4W6K4LO1psHyzqWdlAWiWENvpd9uAFN8Tl8GQxOvXI949DwQ5AYfsMZ1kL26CONV1ZqUL0C9XHmtdRwisnjuXm2vAnR8pcEdAylU9oBf68T3-1-bPOzEO81RC0pXeVJVBjBEPx_sGJCf2mTbSd5Htf4ckoO4pxtO48zHi-TGvKCHX_W3L64JhS0-7qTWpgmqxax-FgJC3MmO4wYgCa2mHEfuy0jgo3UeOLwueeX8IvZOq9AHkUNx4wtaxvAhglhwLoPH8Gbyh6JOqBbWF301_VcFypSxoGa-Dz3XG3zJ44X7AqMkrr4iwwhDGxQcLsNnz8Was6Wv7XoCGZNOrqmDIZL4rAucTdd8exSQ96S1QmLAaOWSocWbEKNHI7FfSS25tEKRTMthN3WgFyd4E1gYgxDKM5uhzT6NzWEQeoxmfqRSpHGporVMq_dnUKdgkzlSRybR1_jwxciek831o3xZgM6X1WuVDDSCjYiSkHFaIRFmHHeIJ1cmOu9iYBLCt330NJZFseuFZb1ixiONjjxnYU-I8xlW815mhWPJvTAgULbwZ5135s3IfgAsSGVrx8K4lsg4UFTpf-EKnHAUTUe0OYVOI20rawPTbfpkYjmTjgNs5lqhK10X_S3jajkLBBY9p6gCcjxB54OslIjFx0gOko3t3lV7MPl6zKOB5p4jnLAiZz3CsHwjOptZWKTQn6Ey_yKnchCZLzr9TN-0Sq3dwiZ7baS2BxEkldzB2lozSMUS14HgWaQHmXQsagq59ZTWXRjQrQOQlO0ZZTt6fAeHWmqyORa6x87r5DtEXIlrLl9QbL4dUhjaekCfWB1hF52F2RAcvI9ITyGIWfFrYfQfDHGjEF6fxfbCi785v6ph-siBDWug7vmpljxJ36mZwpE2a2PoUqL1TetZMsZcC4jeZ4W4_IsXMfGag1201AkuxYe-TCZbX4HlFVrA-CWL6-5Z6eSyGUC1I4Ds7oLSuAu7_iwyYvzVzIrg9uYEJx6oHEcSYAlWRA8ROmGtuC9VUv2ZkV4wGTo-Wk9DF8UbmA-dSCb-tMVEoYvah8uVCfDfaxBgR6hgWJefuQgXiGL2wEVKabDGJSWZUkHrSESY_UtO69KA0u5ycFf2UlgfMVGcN738enSSQSAFKOn1xefCbc3ga4X8z86y90Z44ii330lR223KsZjcpEitWbxtcyuHz5MkGHkJEg-n3BZSwvj96R5NQI5taw3JcNba7JO9xXatoCiV3nT-MQdClkrIB90D9MSpX2gJ0QNPEIXDMkjFc8SOUQEqeyfAi2dsVtD1pqwr-prRzOD45fIoHATxVcUk7me2Yx24cnowSdVKH4HpL6ibgn3njd5VqrQKwSPON-zrMWSW1sw0vrfMwdvRRvw9jFLxZXjGSbi1zN1eev7DWdfPRwOa8U8CBsS6BjVTntSqs0F2FONwvtBDOZpXAbD-VNP9sEB8FmBvOxbA_ILXIUIs6_-iRCCkva9ZiaofI6ooZojUb1_8sdwETKqLxXaOQfLjdxrZsHNSZ0HgWKSIroJ02clodyPbGMku1wp1GqshScqKRUPBpP6l-ZCXGUh6BDQ_9RG5ptt4MrZHrGJTVmGOCVTEIjlE44nCPAiRfAr76tFmdtNsik5DfWPzP3GQPjQX7FskWgfS85PteTzSQ71OolUE3b2eUfWsXgDJbLfOgn3U869QusYPOP0DUF36OhgJ5JMhCgxrOyUwYWDnb77gyiR7-7u_iEZH0OBh4fUFJrDtVHkpn56EI1U9-fHq5iSRmX6hSxDiCRSCm-_m3h2VhVoWiwTy_zyipYi-KoKcoNwNKTRrLqk4NgygoYh9otNYu-ON7VOPUnp6NghCROeuXB0zeOpIhdfrNQOXchi0Yz0iG8cX_i4wzW25xGUsSgU-dqw1KIJpYVUTj35dXOAR0vlym3YNpSOLpgeUrdwbevQCUjzxOfQukwGEPSC470w856yi-YIahtZvRgbOajs94Wp5rM4-je_-L3xH4cO7IkOy00ePv7QyhJfAIyzD-9BiQw0tnuytSf3Yhe_7YiHBcVm49IFBHhVZtoYvWKzfHRvFoq2sQaCmLnPCGxfuauhC5vAVikLpC2jbrI4Xap8ZC6rvHrcIgJ9aWEFKlZ7mjvFKAAt2bRj_MIFE35tQN7uGHIPDDJHibW9II_cywp1E_IWaeCY7DtChAXnL5l6usoPNNl5THn17IAJ78kSz51egdiX_yQ6Q541kjS7xa-Hlf5EUtFpyTT6Bc7dppUle-6ir8yfEodGmn0BqwEk-ZbbNyOhh7JgVEcBBy6QJNMReYsl-X-wuXjsb_lnz42W74dVthk_lAh1t13u09kD7jgWm41ZBIyP_0BRd2MZNdn22qmH_ZNU0bGJrZBIRrNfAkNPUDfYfxfIcL4tHUqlb5uA_F8_CBc-qz60cpcJnte0SiwfngFMuZMDasESZ831FiafZvVNB4Kz9gn_Hy-mMNv-B8fTc4lTAlZJT0-XtQVCojKdQfKUav5B4BvDLi0NjHuyiRSPmmFHB2bo4p2snvh1XDTNrW4u4LwVjA2CHipsOwq_Dod3U-Hd2w5JgMjL6g-koBKbPUaBwAdFfz2jP29-KT_-NcymHuqxFwpERytaiXRa1I433RbIyjyD00XZbtUSph18lwOI9VViZN0igP8lv2EVoEU33ad5_ggQ0QODoipVXAUOqJL_z09UHUGifnV0ju-SMlDj7vTTQS7zHnbv9XW0fka0Y1dciiThKOS3oRDIewksPXl26TqLqTTp73lnzIoY3uq5Oyi3dPUSr-d6jw-EYeSYx22SzRnbSf2jvwTngj1iQgsTVI7HxXRp1U5Ycd_HcLrKG1sgZQ08JSYr_QLJu3raH3GhShD1CmQHKd56l4lqYpJK_0cUdiOGlWv9rXzeTf7uxXTOvDZnvvBQLND0Otjaf7mjEyxe52B8hhot3wQGiHDskayLEXwkBHBnudGDK0LKjj7fWQ9Lfl0Vz2_byxRL2nIKbkdx5XioGhhMFUNu8wukPKF4wFUDxeaZc6T_i6fMjEikT07pQJfSa-wOA2rsUgGWCkbRFDHKJSFIuPr5Bh_yhcdYccxCzgvh_XzPN6hXAQPuizVXuzjHQRSYWaPN5uqqftqQ1g&cid=CAQSOwBygQiD5J8V2FbCYge5ebufKkgn8PxphBpPQ_tHNulg5Ep6MTua4vDqrlzPvAL1YjMVRIOB7ZPiJuZfGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=101520509186363760&adk=212707235&idt=38&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4c34341a8dd98234574a3accd5bb6f6c8eefbff21c59a6e5018189ccf75eccce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36728
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame F271 1 KB
643 B 14ms
13ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 24798
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 15:04:22 GMT
etag: 48472445140208031
expires: Thu, 29 Jun 2023 15:04:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9679 1 KB
643 B 14ms
14ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 24798
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 15:04:22 GMT
etag: 48472445140208031
expires: Thu, 29 Jun 2023 15:04:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 6A80
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJOjfEl8L-x55oADjHHN-Sw&google_cver=1

43 B
114 B

31ms
31ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJOjfEl8L-x55oADjHHN-Sw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjstJ_sATAB&v=APEucNWX2gTOcqdGI7kXKcV6BXgUmBCCXUvMdNmkIFXRsxskQxmAHBHlT7HvlptMPNg1cLN0rvIwiCmKjuTyRdhz678GIBv_RwTLO6YnqNX1gz68w701-3wCB3EwkpzEzMl3Sk2NSkgr_iHBbRmjF3nL2i3vEA_38fO56EXYsVaCDoBAKDA7Y8E
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJOjfEl8L-x55oADjHHN-Sw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 6A80 43 B
304 B 172ms
127ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjstJ_sATAB&v=APEucNWX2gTOcqdGI7kXKcV6BXgUmBCCXUvMdNmkIFXRsxskQxmAHBHlT7HvlptMPNg1cLN0rvIwiCmKjuTyRdhz678GIBv_RwTLO6YnqNX1gz68w701-3wCB3EwkpzEzMl3Sk2NSkgr_iHBbRmjF3nL2i3vEA_38fO56EXYsVaCDoBAKDA7Y8E
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 6A80
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEAIFOzg-nmhtv6nFK4Iz9sM&google_cver=1

23 B
163 B

36ms
36ms

Image
image/gif

104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEAIFOzg-nmhtv6nFK4Iz9sM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjstJ_sATAB&v=APEucNWX2gTOcqdGI7kXKcV6BXgUmBCCXUvMdNmkIFXRsxskQxmAHBHlT7HvlptMPNg1cLN0rvIwiCmKjuTyRdhz678GIBv_RwTLO6YnqNX1gz68w701-3wCB3EwkpzEzMl3Sk2NSkgr_iHBbRmjF3nL2i3vEA_38fO56EXYsVaCDoBAKDA7Y8E
Protocol: H2
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Wed, 28 Jun 2023 21:57:40 GMT
pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEAIFOzg-nmhtv6nFK4Iz9sM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 6A80 23 B
163 B 88ms
34ms Image
image/gif 104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjstJ_sATAB&v=APEucNWX2gTOcqdGI7kXKcV6BXgUmBCCXUvMdNmkIFXRsxskQxmAHBHlT7HvlptMPNg1cLN0rvIwiCmKjuTyRdhz678GIBv_RwTLO6YnqNX1gz68w701-3wCB3EwkpzEzMl3Sk2NSkgr_iHBbRmjF3nL2i3vEA_38fO56EXYsVaCDoBAKDA7Y8E
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Wed, 28 Jun 2023 21:57:40 GMT
pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
DATA 200
OK truncated
/ Frame ED61 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ffc93f54f56adb02e7ce36af0a92e7a7d91f3e9f4424f3f34b2eb70cdf87ba82

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 7D77 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1fc8ce76e9c7372551b22ff3299ffb5b21371501fbbbe3bfa21f22909bd5ac5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 6D0A
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

21ms
19ms

Image
text/html

2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Redirect headers

date: Wed, 28 Jun 2023 21:57:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 5648818383791576392
s0.2mdn.net/simgad/ Frame 6D0A 532 KB
532 KB 45ms
43ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/5648818383791576392

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012306200257000/amp4ads-v0.mjs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

187574c8a3cf0026b633b356842e03d60450be911027b697e9542a650d1049c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 23:35:48 GMT
x-content-type-options: nosniff
age: 339712
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 544482
x-xss-protection: 0
last-modified: Fri, 31 Mar 2023 09:51:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 23:35:48 GMT

GET
H2 200 14952963386359035714
s0.2mdn.net/simgad/ Frame 6D0A 10 KB
10 KB 46ms
44ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14952963386359035714

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012306200257000/amp4ads-v0.mjs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 14:13:04 GMT
x-content-type-options: nosniff
age: 373476
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Fri, 31 Mar 2023 09:51:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 14:13:04 GMT

GET
H3 200 tr.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 6D0A 3 KB
3 KB 52ms
51ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012306200257000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:49:55 GMT
x-content-type-options: nosniff
server: cafe
age: 7665
etag: 9957912877679239782
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3057
x-xss-protection: 0
expires: Thu, 29 Jun 2023 19:49:55 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 6D0A 344 B
368 B 60ms
59ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012306200257000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:03:49 GMT
x-content-type-options: nosniff
server: cafe
age: 10431
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Thu, 29 Jun 2023 19:03:49 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BC6E 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5717995758518&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BC6E 0
20 B 44ms
43ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5717995758518&version=m202301230201&ct=76&x=1&cor=17581292203637305000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame BC6E 95 KB
37 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DO8vYDqm_PQ0tDUkfp1SBT_XPmoAnO1Uz8XuWv7ZRQMyWE0ln70nnMB3DPbH-DzHVmXp4vaOqb6TfaHtuWvuZgW5bLfR1hPyonN2iOSmZROSDrano&cry=1&dbm_d=AKAmf-CAX6GD7qKJruMtwCppLXkZHj-JTN7R6dsA-tfFvoWupndEXPoPftcH9uZhuYK4GwJIQ7Th89aQepo9e8uc2uqw_JBN-nYDBzfoksty2PE0f3sZHIsVjvblXImNPWvDvu6CheQTHkfi2wRZyOVVN2zjWk_fYN50dw8mGorGKwfH6KiNra-0JJm7fOXZC0alt8sTSZcXx3ejIw6kD51WDs07U7QSChDAUk3R3B3_k4ZuUjIoM_dZwme5TR_PRfudYO6ZkBpoQIzMybKIYbpgbRO0-8ffh4BrKroYK7RAw3GBPF9-KUMkL_MipHS6rmWt76OHFuEFZ02mFsdyHdrbD-6Vm6tOeDpKIqVXFtvqq0CQwg0i7M5gYFht9h8S3JWLn3mypGdZeQrh9dIWIpyV0crlE1wbADOI2zQOiRxrktbNhpZ8E81kQqMXQoPPLo1umQ0a8bSc8JvcaR9_h7js6423q7vsHiF8DPVN2NeQ4mzhbPlLl5beVHxbRNR0wv0iHPH-gXI-xMTjUIyvYAonyO-UfUNzXXoSxHfGEnEZ4Og56UWukbZFl285jBrLgjXhKnd6xl2APBVb8uRDMltj2U7htY1oo7jTSFexwZjTlJM4zRixTMlLUpO3LHnTiUiaIhlzfbB1nxLh7wAPmVrq6BADma6IDh8YDmdZhVBGVVh7_bFwuZdruLIlCdUNlRbCshxtxRifpL7wz2sJmoAKE1qF5jN9Sg5JZeaDCSgZ-4oizPoxGX7LGAbKrRCBAeKV3tm3JJV3nMIsP1hhAsK-yRSM13mrU-ISKH182qGgstmFuLV_ZIpet6FmmkvjOPPp2VZvm4o3bAggUbPGLQhR9xCu2CGqi0KXRsUHsMpg-B7EYQlhR1ASylBVoDQvicOwEyarq2ofazFZeBBDd0felsdRRRTlL8oMYNDeFDL3_2Jy_tPSl6sMhDi75HLVPbyXxmUuWwX9FbW9pf5qeqYCcjm2QJAIrp18w6t1csHxckhivivkN6fTfprr75BjHrE4XF3JP23bAmmg4EbFAdxC9kDf7dhsiADMLPve-vYdOyI94IJd2w3jgypFktBJtBSsV0dvnF17WltibuAvBFxHzHU1J6VGQ1u7LvK_Dr0yf8Uvb58zACCzQrygbrCIOY5Zl29oXDlGknybPSDlbE2Htbv6-eMHyBzBFoQI6tkK7ixsVuqn2RaEj49pTRmBIIc0CBPh65XAsE6ygFJvuF8qab3_fxh3r6Bm_FzdyNqiU9lNTtEpHXGF3LAGv48huBa-hoGPeIBjLw4cBf-ZyDu9mYHvDdvvIwHh2Cf2wRkoGcI79R9t1sfkLPLl0OSJ8GXeAzx0WwwnLMf_lzdO1FMX8YpS3RtEF2c_B4AY4nw8W3Alm_lhrfuYRwYwJiWVOaTiJwVSTnf3xPTo_PP4-DYVDfPOBop5Gg20WJfmvuCS_k3rtqgveua2MIvEH2nlyGXmu_XDwQPrplae90xfF_UtAzXJsZUnSm6xSacB_8mKOG-GcQYhDtv5siVcCNh8AnM2ikBWGG7Pbb62dD2LZyOS4H2Ftx8s_G60nrVNd0SX04vy9O5x8PXt9pAreAvemThi-xxh8yH1JSAHoB61-2GBkqgGkx-1QTisiHhL4hYccvOGsWVmO1mqZR9lC4jm5kHeTZDGzmNfrFd_6cy17RPLFYiUoxzxnC5R1zRNSfSvlSEDeYmyMl-tps1PCxYosHbEO0ruBw7JiSZHQezml8VtSsr059kMPW0GcRDGQIBXzXjI5Fbvcvn9lMzefJv1fa7fTE9Tx6oANky5h3jBjNmnP3iW3lzfdChJqUsKY2fybw6TiPVbCUNQo1O1JkDHrOvgIT4mCZNr9sS7ZvP_BkZur25rVP66NLExjjxC_WJhyL35fdnMxjQOn6vEHk4_jOI_d7oNS4OEvSB1EmCUlIeqHVS_eFeGtcbu6uJLWUYmKHnbAPzL3PsZbr8MOywqXwyf8sOqjwIkJw6-CWWmyixJy2uaLAxrXcDosEitkF4J6gLx9iRX9o6uvnHKf4djSqK1_hQDNU8_g4a4jEA5hhlzXkw0fQnMhC9eewFZSlLAESu1SZ2rJpmYvGy18hloM0PNp42L1yGnJlln68JOBg9GmitzgZHixF9E1sNXCdV-1ypg1Ok2nejge8v1i7Vyf7POn5cDmcWJ6HurERozsL81wUAgQuSqN1hk8SAYHwycIfdx7qZ8sKqVc2dXvS4m4Pslw-LYuGN1TEwyRwD2D80-xTNgqAg1wgVunDjZvD7TYRT84bziSo8KU5NyOrpkDWX5nPjmvIVcn3CYXSeK8JWaDWhEkC-h3oFup3MI2fWttMa6EBCKOBK0RMzvYrj-O67Nq7vacEj42AFEIrVpLAdEBpzJ1sdExOBU-xWhHqxDMKe17pht8IBz5h3W2pY8hpGWm9J_-0fiLIYvvE_QfrHCZte0_FVh_f6ZC6nKXE8mndRG3vDbbDsoNVIGOudxFJ9r9dLMbtepSdlXPk22nQNJ62m9DtiRNpBAnujMmeDM95Iag3lgpoKsgzaeKuthbHs6zjBA2iBugjWz-Nl7eUCpB3_5ZNupZfB8DXhu89mwxQShCAvLfPn469jVEYg_B1e9Vfn63tZBGJeU0yqe_4ypg4tYapdxovnrSdZDAqVltqyyXh72zWNtcRojfV6vygeyfwnf6GCXW6bRF-U9nwPTfpzvcuWqLmFCxM2neH-1V9ZfCWGLD6QIm8_BalpsipucJTXUpkunuRjXmkdvaOL0n2_gSPKP1iQs8mAY1Ay9uEIk6TFCvZHGqhBpNLeI3NYgc8MSmd6mhix9CxoTd1kzG6gQCzlDmiYQaXPBB5P3s_Fiz4c3o6gk7ZbqU02N_H9mXQ3C-gIk9mEIG4CsXaf5NQI9Ms5R4erZvo5szbJkYh_yTP_CZZt3-vuaVOIU3uX046YXk9rO8O3ZY1FKeP8V_XHHRBiZs4SbhMBjI4Ok9UT6i7KrtnB0gMEpQ9P1JOXE2RvyMjFh2GDCvOmiklbcTDEz04XbQDcLlNzvjucouemhQmfmF9A8cotFcdcyMB7rc9UTO9PCldwi1xp7X_MGtyyh40ToXNN0p7Lt9tTMdzn4kVUB9Zwg8ZZmBqzXJZ8TDFzvRSR4ykz3S1e8f9Z7Zx0q5z0A3AkAIEtnbT0CYGw6SSMlqm3nJkcZI38PPkm7RQHHCG_d4coi1hQ66W_uOlH93XsnDckGCNidbb6u2GB-fQ085yNdENE_H5J38zF3mph1fPFbKYXfMDJwD8w2EUbn12aeEy9AvwHngsfuvWeiwcRojhCJ4ZySm7DYhf9PQryyOldokYS5vgXdwc-C8Qi29xrqM6BZOgJyROp_83b4YxfspkS6jOooeNMvsfCnlwbKjUx_IlMptA0s5OnbLNcQhfvYGxBU7jvcw3kVhDNzepOjGLA9lR68-PlTf0HlubxY9XFlCbm0dmtwplNpTn-0IDfyJ_TEHvqjITi9TsQ9HS4w4GCmQE3RPgshSLNnml10380J_bycc5cBoi_qERaTKXvh-25UK1ukoCDfnAIIKDCISezsoCvfgESbmCIFqiXPAUJUNLY00q-GW9Ox8etA1hZTXO9mLybqAMrn9CWl1GkLI9li-WKYqGYczGADNsppJS2o-5wbssFMwB2-1GlB8qsdzDewlh5yXzFjNUDkqYbpXvg&cid=CAQSOwBygQiDjojB-cn9DritT8m8wJG7kNyIPaAPqckYqevKvfQNFiZRKqtPLrmuCGO4CeYCtxAc0srPAFt3GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=17581292203637305000&adk=3860319555&idt=53&cac=0&dtd=39

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fccddd1e6a8692d3d2e5d6b46551e32b87884f7d62de29057d5ff8558b786333

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38055
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A9C0 41 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AEO0Gy6wZquol1ci2TK9BE2bIO0KnoXlUvY78hA9yFDlGlEHGMuZVDe1gtnpv-PsdkS5WS-hGdDI-MQtXRbhTylUdrtRaQfh6LKJqezlWBZkdoFjC0RNkU8YwsM4fIE2u9dBNuLVD3EB663ZwO0WM9Hk7-uw40HD8LY9x_ot738UqIIpQ&cry=1&dbm_d=AKAmf-Cin2qHx25Oi-LHURxtI6h3yM2NkHVR6UKpMf1NbnunOMurcNcAdkz_lLvwizg9zE01hbW-8y5frK71Wij-loH7ToVaGzfPnlKNYb6T3he1wLyyl2vmFCVnicB3qG4lxAmfbLsDcQpfNDVgKULhC8D74lJm3wt3wJOOQ34rLJxOQK5x2Bax9JFFiw7HWWqOnK2QHNoaH3wyVFrqhEb8rWNGt1kizAyZvEibGg1TysAzu0dH0xH9d008Lvugt8YxSbM9lVXMLhm49nC9KI7u5VWDmxmHjw-tHam62qmCEyEbkYvFo1sWpd6b1_pZZUYpgEPGWhb-cSvSqpR2mCJIMQ5nhzL2XLTY9ljeNigDQrh89DAq4aEQuRomeOPuyT9eymdiz1GZpdz5SgTtpT6wuzwAugal0ekKXBd3rNQ1rFEi9di20J_4WSYw29-l8rSwyPjQTo11DEWh0yOI0zbkqiAzDHs2Q3kNqyUVZNFpJUyVJYMU07ze6I-qD2kAmhSON9_lcN_ozPGI_MND8eDjgaaj7tTyVu6TuNuzp4QHLkcPhta9g7El6vL9qAY1cmUpfogdhLjCmDWiicGHC36yuRp_zUyDLioLxPgRY975e6XhYdDxEBsgTKtxKIXPrRIu8hHhxSJTmyybdCxc2tsDeRNawHHFQZOtvYL4ppgB3eNciUSFpwSIIxbACnLml_DQ6GWXLrHiIB-Pfszb4I86vwllwB63BkhXRB5Exloml-4ySEUcrwuo2xTL1A3kYobTMxc4Ws8RTbj6IpGZMA1zTKz2KLi9u3bZ2SGF6F02syndj3DwDoQzbk3N0hEVVEy2QOV8VufPJbzPmN5bG7eb_9SVCTi8vkUUKGul7vdeO94Gva4gugbmYUF_1Ikbgc2RXFvc4HgTyR5dHNZumPJ7J5dvlU4o9vpB7gYgirSUcKoS_agA4mY7m7Dwqe2xHEjYBWhIjoec0IxuHdLVMtzOXPZJf-XBWbrEyNJqV12amSm9nNB8Jkm_Rk5N0LnDkrdvRCIqroFYHn1FGmdurZ_4jfWp_NOkYiLfPaBv71AIsZad-xI0bOHqgv1atI6fIHCbEaBoryFg3fZFkGmBb4Wtl2ZIShI_hZQBWprKeKKGLxBsnRBTcKgRJSBSUr2dmtasGNDENh1arh7ydxAsDt66C0WSZEe9_EVOQ4_54vSsouBOwMkejsU8qpFH6svogw8R59UmeoCPBRyBhY22k-5Od9CPnomcS_8VCISiRA2FsTT7N3MZiypAvYK5CYRR4WNQYl50_zaj6nMSpqPtpou4V76KAK6UrlYhKqMABbz6GB-5JngfzyaJzw_BXgNheA2mFRDdarweZdfulA6-pLTEqhQX0ZV5sbLzHZenvvW5t7PgSApVNYTQGM-I4pqruqCtilVmvRYZRjR9bWMXYw8_jdS84kK7ZML9-3vl54kFVSrzCYC3fh5nEX4qOzow_uPVKk-rwarqDzm6xAgWtSq09yhISgv3HI2GW4XPQSgONlDb6yKMfui33JqZYh4KDMMVlplsh7E5Vprs9NhdoahhVnwc0U7aea5jpOAQ3JmfOhSf3QjZ6769miaZZNppPv5lA5-6qH2TyHLTMTCMdP2Cplj2k50TSwpn378ZW2z1ru3qgK3htYPZXyaCIEx55rqtLZi-zwpMVs_1gOZifrGu8U2i6ehvP_VfMj_1bN2BEUwCRM9m3IyPrBetv4Ivkzn1rBtVIqgiQR3Ye4eUGytZ9Kg4Ojou3Jd7BDW6dO5tkLhbz0rLS718ZZ5LXMEixc0jQzHt53JGVVAEV6L7534r18b5OuZaTnDnjxU7xwN4u99lnH6N5iBsweSlBSyF-FgyRoua7e5Dz3UBOSgdrY8kR659gsDF9cmxYW5x5rg4FFF2eIbD0-NOZsi8V8Nxh2Pfoc_GwEiWJUZifN5SB7FK3uttE4kkxRq9H0FrOmdzm6Vi8ox_my6frx-0_s1jGBph1wBhrvVQFAFeWq1uEQBlPmaaOkSqSxkc8Ttdo3LSnfii87h9TQ_lCSeBVJ2p6hx3d8uFcCg6NcRaTyyp8p_rXvfGCk9ITDAvYP-cNQmQy__y157UvuQRXzPnaLVp1UcAhJCxdp64jdKhj_SYy4P7184n-6MRG2EZiZikuVAODPGzuYM6hkfVHdkgrRAcRJU-tHwtk9asvgdJrkHMwYLGGTwrG9VNdz1x7aDhTCYTf-3ZouTRe5HcmZ03Wd3NRBBUb3GTjGsUwqtGEuxcNMz9IuEv5sMa0fS50zY3O_SU6IzkErwhdz8LDRltbssy5T7FLGlQsq57d3T-8RkMcyf2fYugv3E1MVyl3c-4svxskPYnSbeP994t3Jzqq-m5tXKBmqSN9xotaYJ88keI8vf9BM9vVvoPah0ksOtjbCGxEQmd-AK2pV9kJ-aJLBXPuS1HoW56-HdKv7Mdm6eWGCbia3MNSmgo77gk21IbXLPiWuVlG-LPSwfQq2Ov5COSSde16yhyyHkKEeYFSSE7vHTu_EIKAiglzx_2fDz3YNzGIJDdGhikQRnz1FxtZBPWkxedVzv-I4HszIpEozd0xIJCuYwFzQ5EJkNGeKcPqqUomBFMcl2_KGPymQc2hfkCr9KG78nlobtbxtw9ZGZEFWlHpBRhBH7hk5UbssouT6I92ne-ZXUAs0tffxxuN13MZOlrHdE3rjyv1RjMPBX81YmpChKX_LK8KjEBKbiIgqhUcdkcCG57mGAuZTbpErMbcKu5hp0zzwK0vC-KVtT4ncB2cDBXGfZHkM_i3o1Rdm5FpWC9HstJrYlS-3IMpN_oL2EPu9FcH2RPaTNcvNU7UjZXdKPxYenToqBTYHpoWTHRwjjViSafAZ00LqbDrBhFm9eyHBTRrBuDfwQQ8d3FFXGBBxZMifVP-9pPrBfMg7pikwdGYYTpasxFhuRQRxtiHxYG7Go6ViCJqoVoypuz-bDVMMXsmfG1-hkg8bHrb6T5eowT1fbLrp2kBSQW-7dpssy3NufCJbcLWE8KI-3mXwmCSCzpHVmrtCkDlXB5_XAGzU3tbaGnI2SgMHsU6t6UDe6I_-q78pJIVjo71r4qZdghNwiWJ1U6HjF-onVCBYfB4hzYw1bTGv34iMEVVjrhIldxvWNkoLikxMeW58P-Mlw1bvYTAV6cFUZdCU9ZFvFsCEcy1T5JwuGKhcnbWtcNv3QCp6jpilDSmGlc14HmbIsCW5umvssv2EEPahdO1K1Wdo_QLfQcCBE434COfa5RO1w37oWLCTnEYxgzLFq33vBo8Pj2Rr6MCLYKid5JdTc9sMIRdzxoB6eBRzYFE6Fzx53YhLumVnHK75p7qzmwoW0zxAmloaFt8b3LmyF1WpcTlKsq97nyW8IGG2SD5DKXPMmSgRaXvfMTqIadkp_aJjO79KlHCeJR1TNlvl3OFMmttWPIPUJGiqv1vwHA_3nuBnk0e3V0st-1ED6ekw3lxqaoKIqlEBzZSf1XCJJLfou8v-wGq8uODIKA6aCJiUDFAoEKX4uJGTHQ4GoHPKLVINO2WWmAR3380OyGql6J-RW1L4NQXIye0Y7g90lQUo9ag-G-rrkMYNsN-ZXXju6bGzNJ9C6XsMz69F82aQIDZ15M_wyRks1z5Zpf21LqaL2Xhp9ncbfFyxk9mufAs3ofDgDhMF3adCWjV3oUQSJRMTW5A8CA8U_1ZesQsaAW9Ufkh4apcTFa0LqfQynVYV8HkxioUYJkd2qZ-33dsddPbKseCyIdEYoJPO25QqRe_nssOj0MwzMkbGIWzqZtTqhC12qjVBY0Y1g_CW6XCNn_zIk8vAGo5x0HZbosTCKRK6sepRdw4QpWQViG&cid=CAQSbQBygQiD4uFUJbggLmfY2mUbDHx42r49fbLk1zuOVCvH0Ho26lTG0VVcoI8WBsh8zOV4siutO3n7miJwblcKPUe0fNlbQqAEp9sFOsb8-j0upMCIPvjUX3W2yO6PFPLBB8iNTLeMHzpRvrlL7Z0YAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=17560376016773622000&adk=2465470143&idt=29&cac=0&dtd=24

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 115505
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H2 200 10261972549777223277
s0.2mdn.net/simgad/ Frame B3BC 44 KB
44 KB 10ms
7ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/10261972549777223277

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25b451f3cad26104f57800c79546bf5a40295d0cecf5623e623f4479b94d0ddd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:53:57 GMT
x-content-type-options: nosniff
age: 14623
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44765
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 13:36:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 17:53:57 GMT

GET
H2 200 7352296608196688721
s0.2mdn.net/simgad/ Frame B3BC 10 KB
10 KB 10ms
7ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7352296608196688721

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:54:10 GMT
x-content-type-options: nosniff
age: 14610
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 13:36:48 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 17:54:10 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B3BC 42 B
63 B 36ms
33ms Fetch
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BOJ6Xu-Wt0a2pKM2LFIIiwsJ7cS0urVdMSecruPwZeukZc9jymmwaR3GxJwt9WOcAvZizUzEFu0VjMaXxxPNc3T35NUT_nnvbT3_PPrgTEpwToaSNQ5StvO5go-iBuzfOMXD7DjR8uc3xLx1XW8h2Uo1UIdQ&dbm_d=AKAmf-CQe8jewPeaVY1POStbWNiR9V2urqZGGTWyODTlR5ZMMs_rGjvC_s8xJqj2MQ6ejaT0Ek4i2oktxJQIyFz7GswjDZcjPNIt2yVO_3p1pQTCVBwEXxpbUePNFEtb4wfGaxiu14gUfRelG-5pIkjsmrFuU7gZztLmFwY7CMEzHtLMQ2Srqs9ytRbXx69nAdY4YouafGkmMsl3IyR3xCww7LMkySgnur81FOvc0J1O2tRf2ytoeqSujXYlQHrq9ynDjWvq6WrF59eMugPKSC7URzYQbAeTzeebijvFifNFGIUggw3ib5xM3uXeX575Jhlll37TWt4ZAWXY5e9fcta3UgspfeykpeGs094eF1JfIOqC4UNBQYqxNNsTapRWI80qyfYjXo-h7JReD1rARAAipdgMVi24fJF1gN-JULr5kmIUEwUVUTP76XBwSQCFr6VM9qqtLrrbpJb0PJZlEVHnBHPd4XBx5O8LucekSuTIj3oVrjxy4C_Q_ZR0StLXm_jx2O37uD_cMV6g7gSZ6YUkCZ_wLc2ccDH3Sy-Sn5t2T1Jrht0mqAF25b1iPlTtuJngbHK5uazDHnAQjtGgAVm_95izKfOGFZZrp_52RIjV3Jyfkj94x3jDpntPHFa4tT9r_e5iS3_rTMDqo10iicZnPQuBcz5kunzgUivlhE8HyyzBKYL8suiUCBeubrFIPSgl755X7gLNk4ojAOmcqGebel0a8kRv1owTzHB-rmD5RIlAN1GDVMlIEE4HyqqC_TtHiAhBNQvJ5zqV9aYBkVXbTvIE7HCC-YXdamNNSQj99oPvCpl6qhpyIExTiZlBC590R2zOURZ0tNvCqqrpNasBE0ovpVzv42q4chCVKdWjcSkLtivgqAORWNAJgTicmxtj8qR26dCTv5wNJO2ff_Npop3Vv0mgcRt1QRmRs6TT8mBzwS_YFyqsm3iAOUXpKibb2p3YbgW49kAWedNIjbcQ4X0yLqJnWT_cuaOzyAWMp_U9avaxRuuJMMgE_OWbElUP8wO7FpO9bfBNbT30niNvHxlPG0SR2N_lu_EOIFgVgwVp6H8mQcnxycN6Af3k6usqsxiSb8EQTII2n6WLhLemANpzy_SAdvv7fvBh6cK8zBV-OXsC7CUdySY0S98IMr8tVdvi9y-UF7_Yo6lUip3OWsAsFxX-UmSEICkVS0NOQqBBgASROUlIcVjexj73EYreG2F4zHabwIyZt5h5IODAuKr2t5ENml5SDx6SRETkEdFZoRtBUAciAKHZ7ZkML39qFB2LLpepzoJxd-i8yVAsGKkVGu9boQLdjRCTywDyKyMEwooSVxWGNGKdo7aCsng0-U1z2fw4qPRfiOD3ao1w_itGWzE5pyfhypVAiN7XiyJwWOaSH06XwmLHJ16tN0LrF46UWMq4PgP0X0xAFK8D5U1TW9WxHCoEjldxbtx2R-RNb4yDRTvCMpprFOE9_IjsPbwywK9WhZzCmthV61he-A4fD1X7TA3BpwybnOxRWIEEJiNJuU_LfGLHjAV_qOXRB9WxcOt65bvkcr9hmd--GdWHDsE6--ahlFb1eBW5EuCvmul7HtzbmWMQw_y_G_TXvtZ-KCdnTj8_PKIcC7TZ4fbfVquhrzQJWG2tGW-yqS1Ro8-XWA3bJw1jpVPACiflh-XqJi-V_HZLBPW2PnDlvtP05n8aJ01zIF2KFlj5lt3ava-nv6AdVG4KbBk4JnZgiu_Mxdd4mWXMc66mYU3qX0eD6PofcGQk0bmSrp_rgrhfqRLTJp_9ZTZNpli02siYs3-a4M_Kx7oRST-dN5kFcSjSHm4QXxPMVs0neoKcAA1JWLVyEdl3RIV-m32pqUhsdSq6aCjScwUvko1am9-EzvjMv-U1eRQDdxekGqwxKVUdNLAOGGXw3Kv03KvEcwVcVIm9P_4cWXMEz7R-ctP36xAzaRMTNG7njxDt4RFtPlOMcr-VrJ9Ve2wcRS23K2TyfSEbLRqtzaeA-RVHyLQ8lOPU_8cqeG5Bw8NXsk_XvweX7impsxhybv9TCNUkMrS_cF1-CzxzMBRsAS3tvGhiVeqy7Y3xYgYbtW_2Fd3B5tL3i0uWIOFAer2OveSdgSKJLOjrF8hKn0nTBjVTM0lduiFOn0aYQH7NEriUaHbKCdWhnFArS_k1JbxxtwI9NJkjcs9nESmIGucQMVtuZrzof7OS3CD7AJQiL7OsebnzvuGCBArxYY6EMzBcdaOr2qQJ8il9NH9df9CzuRCk1CNsHlVqH7xi9vLSo8saIXSOHKkwZQG8-05QzURIMN8xqUYYbzfBJEU-rNwZ05PQlCKU1hGKgm8M9MbWAsOX8J47aKUqWYozN_32yXd_9HFhfFqQkWvY4HMaU4aWdjdb_2O8kJ-GXhCTobBErJvPHH07fI11q1jwy-9Fh2Rm9JI2lm3eQq2ZrK1BeaXWjdKS9EBpChMk1wSTgnFM04-Sl2M2ODWAr6inb9ntfjbIljpP67m4_fu_UHvazHdP0AB5HuJQ1p6hDdVJMHv8UqM1fl_kEEK1sMhaQ4dSGxqGvqxm7UZlHDKlTS-wc9QqME8cNC7aYd5AhsuAhxYgnTFm23RdEl4YDY1YnU8qtxqbrw1aty1JTsvBQuETxT4Mmsqw3leVTk7mdEKeRV4JlYxgz2bFAgiq3jygKU_w3Wc5fxsd4TsWtW06es-M1hs4tv8bame_yoMOVuyuZFFbzma516wY87zrybrD2NaMGigPRzxml1UZSX_-9PVII7LK90cwGsLrnByvdqkkbhC4Oa86iQ9JigX2OsbgoCRAOLvaCJMs0bGQPQdIavA8poV7GfahljNHu6fKjrpbIhlCAhsjkJPELk1d-arVec3bq7GzFUfcvqYofN_Rmj-dd1mMewCWXQJALwAh3nwFv5LhvMD8lFTsYPMlyh2sj-4cx4gNFjJuLCENtZrTdgn-9rB8s11HowFLsgvyGocRYLSTXfw1_MeqS1YveiY0cAcK-eIOg7bj35qsjp_gKMWLJ_Gc0icPCWf426aFfydZ9XpSTIkU2zP8nbjMR64hhuMZ5cZB4Nxj5qkTkgkHzUCN7jIpDt_WXuD-cn9CY-SZCZTMybBIorHUuyZcLrS_Kh4z2b1jSF0mRo8VY7iA0M5FG1FYq2d1Z6XD2p5zEuGhqdn0DrqRb6ElKe14M7Dmrqz6SBfO4ektVxHnHpuZv2RYjahTb6pszsQzsCHCRvE5D6Kh9GNW5uyXpstdbJYRf8SMBJlrfcv0nHExyFFuMAdg1Dt1aYXqG8KyJQSvX0K6wriETiFJsn6fVFR3RIW2nPfMTu6UVTicll2xSpbTcm_SZewXRH6yANfko_01-elSLjWRNUuuKgA_Q1nAEswhkiT2wtcxp46eICXFwjWXro2AU96WJ1rmpl6Yr0xbbLi938K7RSnsM2g-2Y-jUXLQh969pbBfmazJNcqr9BE9tyo6XawV_C8NyhZWtH2OQ-gtKsHDW8OAO9_XkRKMpcFyvp0pje3bp_U6od0FGNwW4MPXGWpJJlmBntqGMSe3GsOirWtnSZCmcn_94lBlBfsZ5t7uCok6C4TOEBnt5nd-j-xV_NyQWIwW5OeMwV125JGxTAhmj5EKhX0fLKBErJwado8&cid=CAQSbQBygQiDIE2MqTma_R9zgqy7I7w8EU92v6kgmO690n-Fhv2_tyTDAJ6rM3NplU6qPCZy9NnjXNn_LpNMXjEQ7oWzI07wZw5n-1a8xXy_iVGNB8Bv3k2ujIUZVYwZ9cybd47BrEK8_gFQFemqcj0YAQ&dc_exteid=31137909559947300554932277268482203&dc_pubid=4

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame B3BC 0
0 56ms
54ms Fetch
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CWwyp06ycZJ-PF4u-9u8PvO-uwAzasbn-cJTvwrn5EY6qvZ_ZPBABIMCygmtgldK0gsAHoAHTqd35AsgBBqkCX9DCyylJsj6oAwGqBOMBT9DdSpYGheKF7JKGXV04hP_22VkDxwOG41u3io8IJutEPLquU8k8ruIgTAvnfEDuGZmuAw865tJ5_W7ReHSds06Kr2UsYtuYaTSYk2sNV1NK-5UdlAjrwEXF0a2PJf2e9WhsG6xBv0TIva1TgyZrpncItcqkcWZf-dwqD11OSqJBIbSJ9PVXVCumTKbOYsOtF_qkwJYUbWTvoo73jAKuy0CrtacsdqSR5zSNcenth0cdUVD7J0OsDab31TFTmeDHNEf70zugLdAOf3reeVmOK7y3dKcHPULmN9P2lTxEqnCRSJbABJSbg_7BBOAEA4gF-NnXuUuSBQYIAxACGAGSBQYIGxACGAGSBQYIHRAEGAGSBQYIHRABGAGSBQYIHhABGAGQBgGgBjeAB5XWooYBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwoQnLADGKX17-wB0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOYAKA8gLAbAT0svjE8gTl7qF4wPQEwDYEw2IFATYFAHQFQGAFwGyFx4KHAgAEhRwdWItNjU5MzUyMzIxMDAxMDE1NBjqwW0&sigh=z2k1Be4mF6M&uach_m=[UACH]&cid=CAQSbQBygQiDIE2MqTma_R9zgqy7I7w8EU92v6kgmO690n-Fhv2_tyTDAJ6rM3NplU6qPCZy9NnjXNn_LpNMXjEQ7oWzI07wZw5n-1a8xXy_iVGNB8Bv3k2ujIUZVYwZ9cybd47BrEK8_gFQFemqcj0YAQ&template_id=509&vt=10
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 3CDD 172 KB
60 KB 29ms
8ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Origin: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42016
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/ Frame 3CDD 11 KB
4 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DY3tpxXWoE8S_KT2cCfG6CzOjvRZJQzgfPpPBhgGzFdLF9GhhRxBlZDaEg3zJV4Dg3YbzBJ1snHon005dYMXKZi5eco_AoZF2tXAgKvOsXyk0HTTx38sFMzOG7ftPfO5fMisyWs3w3oEBWUm-FTg76IypYXCx8trLzgfzwD2DuwdaSdJY&dbm_d=AKAmf-DWKSnq8Qc5JX070aCskps8vOz7TEiV7TBvTdK0uzA7cWoMpi11A62fa-oz4r6DQGf1clXdrGjzXl7VRlvnvmDQkC0XIiLsTPsoeMjY_6X05-Y7wWZK9VLsDlE8007hht5J6i8Pk1445-2oidWCGnzw47bO62HDXgmdCOoNvdplFXtt1ThygIX6s08t6ska9h1d64J9omQo2DSfkPfiwTs_817c5miGb4W6K4LO1psHyzqWdlAWiWENvpd9uAFN8Tl8GQxOvXI949DwQ5AYfsMZ1kL26CONV1ZqUL0C9XHmtdRwisnjuXm2vAnR8pcEdAylU9oBf68T3-1-bPOzEO81RC0pXeVJVBjBEPx_sGJCf2mTbSd5Htf4ckoO4pxtO48zHi-TGvKCHX_W3L64JhS0-7qTWpgmqxax-FgJC3MmO4wYgCa2mHEfuy0jgo3UeOLwueeX8IvZOq9AHkUNx4wtaxvAhglhwLoPH8Gbyh6JOqBbWF301_VcFypSxoGa-Dz3XG3zJ44X7AqMkrr4iwwhDGxQcLsNnz8Was6Wv7XoCGZNOrqmDIZL4rAucTdd8exSQ96S1QmLAaOWSocWbEKNHI7FfSS25tEKRTMthN3WgFyd4E1gYgxDKM5uhzT6NzWEQeoxmfqRSpHGporVMq_dnUKdgkzlSRybR1_jwxciek831o3xZgM6X1WuVDDSCjYiSkHFaIRFmHHeIJ1cmOu9iYBLCt330NJZFseuFZb1ixiONjjxnYU-I8xlW815mhWPJvTAgULbwZ5135s3IfgAsSGVrx8K4lsg4UFTpf-EKnHAUTUe0OYVOI20rawPTbfpkYjmTjgNs5lqhK10X_S3jajkLBBY9p6gCcjxB54OslIjFx0gOko3t3lV7MPl6zKOB5p4jnLAiZz3CsHwjOptZWKTQn6Ey_yKnchCZLzr9TN-0Sq3dwiZ7baS2BxEkldzB2lozSMUS14HgWaQHmXQsagq59ZTWXRjQrQOQlO0ZZTt6fAeHWmqyORa6x87r5DtEXIlrLl9QbL4dUhjaekCfWB1hF52F2RAcvI9ITyGIWfFrYfQfDHGjEF6fxfbCi785v6ph-siBDWug7vmpljxJ36mZwpE2a2PoUqL1TetZMsZcC4jeZ4W4_IsXMfGag1201AkuxYe-TCZbX4HlFVrA-CWL6-5Z6eSyGUC1I4Ds7oLSuAu7_iwyYvzVzIrg9uYEJx6oHEcSYAlWRA8ROmGtuC9VUv2ZkV4wGTo-Wk9DF8UbmA-dSCb-tMVEoYvah8uVCfDfaxBgR6hgWJefuQgXiGL2wEVKabDGJSWZUkHrSESY_UtO69KA0u5ycFf2UlgfMVGcN738enSSQSAFKOn1xefCbc3ga4X8z86y90Z44ii330lR223KsZjcpEitWbxtcyuHz5MkGHkJEg-n3BZSwvj96R5NQI5taw3JcNba7JO9xXatoCiV3nT-MQdClkrIB90D9MSpX2gJ0QNPEIXDMkjFc8SOUQEqeyfAi2dsVtD1pqwr-prRzOD45fIoHATxVcUk7me2Yx24cnowSdVKH4HpL6ibgn3njd5VqrQKwSPON-zrMWSW1sw0vrfMwdvRRvw9jFLxZXjGSbi1zN1eev7DWdfPRwOa8U8CBsS6BjVTntSqs0F2FONwvtBDOZpXAbD-VNP9sEB8FmBvOxbA_ILXIUIs6_-iRCCkva9ZiaofI6ooZojUb1_8sdwETKqLxXaOQfLjdxrZsHNSZ0HgWKSIroJ02clodyPbGMku1wp1GqshScqKRUPBpP6l-ZCXGUh6BDQ_9RG5ptt4MrZHrGJTVmGOCVTEIjlE44nCPAiRfAr76tFmdtNsik5DfWPzP3GQPjQX7FskWgfS85PteTzSQ71OolUE3b2eUfWsXgDJbLfOgn3U869QusYPOP0DUF36OhgJ5JMhCgxrOyUwYWDnb77gyiR7-7u_iEZH0OBh4fUFJrDtVHkpn56EI1U9-fHq5iSRmX6hSxDiCRSCm-_m3h2VhVoWiwTy_zyipYi-KoKcoNwNKTRrLqk4NgygoYh9otNYu-ON7VOPUnp6NghCROeuXB0zeOpIhdfrNQOXchi0Yz0iG8cX_i4wzW25xGUsSgU-dqw1KIJpYVUTj35dXOAR0vlym3YNpSOLpgeUrdwbevQCUjzxOfQukwGEPSC470w856yi-YIahtZvRgbOajs94Wp5rM4-je_-L3xH4cO7IkOy00ePv7QyhJfAIyzD-9BiQw0tnuytSf3Yhe_7YiHBcVm49IFBHhVZtoYvWKzfHRvFoq2sQaCmLnPCGxfuauhC5vAVikLpC2jbrI4Xap8ZC6rvHrcIgJ9aWEFKlZ7mjvFKAAt2bRj_MIFE35tQN7uGHIPDDJHibW9II_cywp1E_IWaeCY7DtChAXnL5l6usoPNNl5THn17IAJ78kSz51egdiX_yQ6Q541kjS7xa-Hlf5EUtFpyTT6Bc7dppUle-6ir8yfEodGmn0BqwEk-ZbbNyOhh7JgVEcBBy6QJNMReYsl-X-wuXjsb_lnz42W74dVthk_lAh1t13u09kD7jgWm41ZBIyP_0BRd2MZNdn22qmH_ZNU0bGJrZBIRrNfAkNPUDfYfxfIcL4tHUqlb5uA_F8_CBc-qz60cpcJnte0SiwfngFMuZMDasESZ831FiafZvVNB4Kz9gn_Hy-mMNv-B8fTc4lTAlZJT0-XtQVCojKdQfKUav5B4BvDLi0NjHuyiRSPmmFHB2bo4p2snvh1XDTNrW4u4LwVjA2CHipsOwq_Dod3U-Hd2w5JgMjL6g-koBKbPUaBwAdFfz2jP29-KT_-NcymHuqxFwpERytaiXRa1I433RbIyjyD00XZbtUSph18lwOI9VViZN0igP8lv2EVoEU33ad5_ggQ0QODoipVXAUOqJL_z09UHUGifnV0ju-SMlDj7vTTQS7zHnbv9XW0fka0Y1dciiThKOS3oRDIewksPXl26TqLqTTp73lnzIoY3uq5Oyi3dPUSr-d6jw-EYeSYx22SzRnbSf2jvwTngj1iQgsTVI7HxXRp1U5Ycd_HcLrKG1sgZQ08JSYr_QLJu3raH3GhShD1CmQHKd56l4lqYpJK_0cUdiOGlWv9rXzeTf7uxXTOvDZnvvBQLND0Otjaf7mjEyxe52B8hhot3wQGiHDskayLEXwkBHBnudGDK0LKjj7fWQ9Lfl0Vz2_byxRL2nIKbkdx5XioGhhMFUNu8wukPKF4wFUDxeaZc6T_i6fMjEikT07pQJfSa-wOA2rsUgGWCkbRFDHKJSFIuPr5Bh_yhcdYccxCzgvh_XzPN6hXAQPuizVXuzjHQRSYWaPN5uqqftqQ1g&cid=CAQSOwBygQiD5J8V2FbCYge5ebufKkgn8PxphBpPQ_tHNulg5Ep6MTua4vDqrlzPvAL1YjMVRIOB7ZPiJuZfGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=101520509186363760&adk=212707235&idt=38&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:12:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9906
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:12:34 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame 3CDD 30 KB
11 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:10:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17223
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11398
x-xss-protection: 0
server: cafe
etag: 3934322099733601226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 17:10:37 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3CDD 41 KB
13 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 115505
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame F271 70 B
265 B 115ms
35ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEPor8pEoJbvi8I24KchlfYs&google_cver=1&google_push=ATf1kGN_p-8Wn0vi04t8AxMGACAvBWMlc9l4QqMYojR4IJ8f5gTtqJUaKSnCiTHC5n5fFyfDrVjZ3z8aOvRZcnOOHnF3d4ubxf5H
Requested by: Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F271
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=MBLfwDj-Q5a-JT0EHfVjQA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

27ms
27ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=MBLfwDj-Q5a-JT0EHfVjQA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGN9dKX-jBQBX21dwuzLD1_OVewBBlhYFar-QFtSGLOSuJlI5K8M-7TRAzaLJNXl-KTSTFGAPYFNm6Pzr3hIQJcAXrCTyO6n

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=MBLfwDj-Q5a-JT0EHfVjQA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGN9dKX-jBQBX21dwuzLD1_OVewBBlhYFar-QFtSGLOSuJlI5K8M-7TRAzaLJNXl-KTSTFGAPYFNm6Pzr3hIQJcAXrCTyO6n
date: Wed, 28 Jun 2023 21:57:39 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F271
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESECRwHqj0p3ENT8sI4OCNVJw&google_cver=1&google_push=ATf1kGMZfSxLcEt6AuBeCZOFceEJClOIdv9eRRG0QbevwaxhTZMYL1YJGYC0G3hr9kE43Hpsi87...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpHOUNCSTUtMjQtSkU1Tw==&google_push=ATf1kGMZfSxLcEt6AuBeCZOFceEJClOIdv9eRRG0QbevwaxhTZMYL1YJGYC0G3hr9kE43Hpsi87NKa40LRrAax7Opfb2NAGYXBAF

170 B
188 B

20ms
20ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpHOUNCSTUtMjQtSkU1Tw==&google_push=ATf1kGMZfSxLcEt6AuBeCZOFceEJClOIdv9eRRG0QbevwaxhTZMYL1YJGYC0G3hr9kE43Hpsi87NKa40LRrAax7Opfb2NAGYXBAF

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpHOUNCSTUtMjQtSkU1Tw==&google_push=ATf1kGMZfSxLcEt6AuBeCZOFceEJClOIdv9eRRG0QbevwaxhTZMYL1YJGYC0G3hr9kE43Hpsi87NKa40LRrAax7Opfb2NAGYXBAF
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 5b959e9b7aef6dd90a6fa539ca64ac62
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F271
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEO...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=ATf1kGMZofv1AhkNhfO5M5Ap3_UOOuDQrnyO9IfwLSJLWvoTzG9F_80akg6crqewVhY1Cey7EIOYuI-0bJl_GNCggLbN8K3H_ffE&redir=https%3A%2F%2Fcm.g.doubl...
https://sync.targeting.unrulymedia.com/csync/RX-aa744d4f-d787-4af2-8ac8-e9f60882f536-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DATf1kGMZofv1AhkNhfO5M5Ap3...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGMZofv1AhkNhfO5M5Ap3_UOOuDQrnyO9IfwLSJLWvoTzG9F_80akg6crqewVhY1Cey7EIOYuI-0bJl_GNCggLbN8K3H_ffE&google_hm=A6p0TU_Xh0ryisjp9giC9TY

170 B
188 B

30ms
26ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGMZofv1AhkNhfO5M5Ap3_UOOuDQrnyO9IfwLSJLWvoTzG9F_80akg6crqewVhY1Cey7EIOYuI-0bJl_GNCggLbN8K3H_ffE&google_hm=A6p0TU_Xh0ryisjp9giC9TY

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGMZofv1AhkNhfO5M5Ap3_UOOuDQrnyO9IfwLSJLWvoTzG9F_80akg6crqewVhY1Cey7EIOYuI-0bJl_GNCggLbN8K3H_ffE&google_hm=A6p0TU_Xh0ryisjp9giC9TY
date: Wed, 28 Jun 2023 21:57:40 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXaa744d4fd7874af28ac8e9f60882f536003
content-type: text/html

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame F271 0
75 B 143ms
21ms Image
text/plain 185.86.138.152
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEOVA6KXcRUgM2XdvJllBDSA&google_cver=1&google_push=ATf1kGPbQ1t-6VoRpcKeIb54WJqljFP_Uor-TLMEa0eCTDAnec6R_7uVn38vvnVH4UYRuDZ4Pv1BgsXrsm9pAoPbCKWiXnrt1tqR
Requested by: Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.152 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:39 GMT
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F271
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESELUxdRIHCWGngoAle0ACAWY&google_cver=1&google_push=ATf1kGNAR2GfGQ6_J...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTQzMDE3MjgyMTgxMTEwNTczMQ%3D%3D&google_gid=CAESELUxdRIHCWGngoAle0ACAWY&google_cver=1&google_push=ATf1kGNAR2GfGQ6_JnGRuIZVBOV95Pf0YX...

170 B
188 B

24ms
24ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTQzMDE3MjgyMTgxMTEwNTczMQ%3D%3D&google_gid=CAESELUxdRIHCWGngoAle0ACAWY&google_cver=1&google_push=ATf1kGNAR2GfGQ6_JnGRuIZVBOV95Pf0YX3ZlAziR83BTXO-rRjbeSrV3AZ0b18VfXQ7QI1JOYNKL9Q-hSIW4Za7JKk2DHS0TbyXMA

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 28 Jun 2023 21:57:40 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.10.202; 80.255.10.202; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 8d354884-c5c7-49b3-a513-192143774c24
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTQzMDE3MjgyMTgxMTEwNTczMQ%3D%3D&google_gid=CAESELUxdRIHCWGngoAle0ACAWY&google_cver=1&google_push=ATf1kGNAR2GfGQ6_JnGRuIZVBOV95Pf0YX3ZlAziR83BTXO-rRjbeSrV3AZ0b18VfXQ7QI1JOYNKL9Q-hSIW4Za7JKk2DHS0TbyXMA
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F271
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEGd4Do3Np...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEGd...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=2ada9ca5-ee63-43c0-920f-6ce81aa8a6c4&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=2ada9ca5-ee63-43c0-920f-6ce81aa8a6c4&%%GOOGLE_PUSH_PAIR%%

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=2ada9ca5-ee63-43c0-920f-6ce81aa8a6c4&%%GOOGLE_PUSH_PAIR%%
date: Wed, 28 Jun 2023 21:57:40 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame F271 0
12 B 18ms
17ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KCC1bOGepR9Fjv_Cy91fehWlJI8qfxBJuDPb2T0uC-fxue_dKi5mNpprPcwswoXXxirHfKADk

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9679
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEDAsNQtgi7aPLpsJCeKToTo&google_cver=1&google_push=ATf1kGPFSW-HzuTaUuycXkYsGK79lPA1VHzsGWq5nLgmjMlwVgjxKk9aRn0cWjtIlKt-165o0kGnIUAY4ihhisG9...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGPFSW-HzuTaUuycXkYsGK79lPA1VHzsGWq5nLgmjMlwVgjxKk9aRn0cWjtIlKt-165o0kGnIUAY4ihhisG9Vj05kHmhxUUOYw

170 B
188 B

21ms
21ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGPFSW-HzuTaUuycXkYsGK79lPA1VHzsGWq5nLgmjMlwVgjxKk9aRn0cWjtIlKt-165o0kGnIUAY4ihhisG9Vj05kHmhxUUOYw

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 28 Jun 2023 21:57:40 GMT
Server: MT3 1031 59fd23a master zrh zrh-pixel-x27 config_version:"1524"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGPFSW-HzuTaUuycXkYsGK79lPA1VHzsGWq5nLgmjMlwVgjxKk9aRn0cWjtIlKt-165o0kGnIUAY4ihhisG9Vj05kHmhxUUOYw
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 28 Jun 2023 21:57:39 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9679
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEIUftAHuNGXmHtEfM6r_Rlw&google_cver=1&google_push=ATf1kGMJP3MyBpeQmzzikSRyAqr18yCd-Pz6Z02OWTmnEQJto2CqmzvfRuTmBVSSRSrLcve3U7amD7w1dsw...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGMJP3MyBpeQmzzikSRyAqr18yCd-Pz6Z02OWTmnEQJto2CqmzvfRuTmBVSSRSrLcve3U7amD7w1dswcy-VeoBhC2oYot7ldtw&google_hm=IYXOZgMbQsOiNFt1sC...

170 B
188 B

24ms
24ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGMJP3MyBpeQmzzikSRyAqr18yCd-Pz6Z02OWTmnEQJto2CqmzvfRuTmBVSSRSrLcve3U7amD7w1dswcy-VeoBhC2oYot7ldtw&google_hm=IYXOZgMbQsOiNFt1sCAZiMo

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:39 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGMJP3MyBpeQmzzikSRyAqr18yCd-Pz6Z02OWTmnEQJto2CqmzvfRuTmBVSSRSrLcve3U7amD7w1dswcy-VeoBhC2oYot7ldtw&google_hm=IYXOZgMbQsOiNFt1sCAZiMo
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9679
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEIyMcm0LNZ6TDw7LnpplawE&google_cver=1&google_push=ATf1kGMSJMtevhPrx4tH1-m6YaQazrXgYv4sXtc59cXyJeB4mvmTFrBxuLJRxzmPHng-zNz0XjD7UpyvbmvGZsys...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=R99iWR-HSSmvLLceF1VgFQ2&google_push=ATf1kGMSJMtevhPrx4tH1-m6YaQazrXgYv4sXtc59cXyJeB4mvmTFrBxuLJRxzmPHng-zNz0XjD7UpyvbmvGZsys6FzLh0cXd-clng

170 B
188 B

23ms
23ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=R99iWR-HSSmvLLceF1VgFQ2&google_push=ATf1kGMSJMtevhPrx4tH1-m6YaQazrXgYv4sXtc59cXyJeB4mvmTFrBxuLJRxzmPHng-zNz0XjD7UpyvbmvGZsys6FzLh0cXd-clng

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 28 Jun 2023 21:57:40 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=R99iWR-HSSmvLLceF1VgFQ2&google_push=ATf1kGMSJMtevhPrx4tH1-m6YaQazrXgYv4sXtc59cXyJeB4mvmTFrBxuLJRxzmPHng-zNz0XjD7UpyvbmvGZsys6FzLh0cXd-clng
x-host: tde-deliveryengine-production-7c97bc8457-28md4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9679
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEGQsKQaWclFl-PofKagUuJ0&google_cver=1&google_push=ATf1kGOmgHaixMqaWf4rIQxMMhxg7LHpG_xIR0E2ClgU25YSWmDAMgIm8vAgIK8-376U2JVGJTa11R5a7ThpaFlJzOZMhGF...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGOmgHaixMqaWf4rIQxMMhxg7LHpG_xIR0E2ClgU25YSWmDAMgIm8vAgIK8-376U2JVGJTa11R5a7ThpaFlJzOZMhGFctM5kKw&google_hm=eS0weGhrYnNsRTJwRktf...

170 B
188 B

22ms
19ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGOmgHaixMqaWf4rIQxMMhxg7LHpG_xIR0E2ClgU25YSWmDAMgIm8vAgIK8-376U2JVGJTa11R5a7ThpaFlJzOZMhGFctM5kKw&google_hm=eS0weGhrYnNsRTJwRktfR05FVlA3TDI1OUJheW9VMXE0Wn5B

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 28 Jun 2023 21:57:40 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGOmgHaixMqaWf4rIQxMMhxg7LHpG_xIR0E2ClgU25YSWmDAMgIm8vAgIK8-376U2JVGJTa11R5a7ThpaFlJzOZMhGFctM5kKw&google_hm=eS0weGhrYnNsRTJwRktfR05FVlA3TDI1OUJheW9VMXE0Wn5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9679
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=wrqB2ULaR5yfaWeNw1Bptw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

25ms
25ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=wrqB2ULaR5yfaWeNw1Bptw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGM2iPTevpKFbB9xe7jOfh307nw2QDbVWj2zKhdC0buEHVezB0hjJoChKiWTLr75ENPCJ1rNySI-c4kqCl2L9pH0AijkYHxJ

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=wrqB2ULaR5yfaWeNw1Bptw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGM2iPTevpKFbB9xe7jOfh307nw2QDbVWj2zKhdC0buEHVezB0hjJoChKiWTLr75ENPCJ1rNySI-c4kqCl2L9pH0AijkYHxJ
date: Wed, 28 Jun 2023 21:57:39 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9679
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFzxESmDqy3E0DIDbgrDG68&google_cver=1&google_push=ATf1kGO4xPWKzGuI0hNTaqdTiwA3PsuUbcPTtqw86IU4vjHMo4Q8mou5EUn-guOBNEEafm-w-OW...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpHOUNCSTUtMjAtTEFVRQ==&google_push=ATf1kGO4xPWKzGuI0hNTaqdTiwA3PsuUbcPTtqw86IU4vjHMo4Q8mou5EUn-guOBNEEafm-w-OWGW3EkMltmvPiqap-nRIIwCcGX

170 B
188 B

20ms
20ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpHOUNCSTUtMjAtTEFVRQ==&google_push=ATf1kGO4xPWKzGuI0hNTaqdTiwA3PsuUbcPTtqw86IU4vjHMo4Q8mou5EUn-guOBNEEafm-w-OWGW3EkMltmvPiqap-nRIIwCcGX

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpHOUNCSTUtMjAtTEFVRQ==&google_push=ATf1kGO4xPWKzGuI0hNTaqdTiwA3PsuUbcPTtqw86IU4vjHMo4Q8mou5EUn-guOBNEEafm-w-OWGW3EkMltmvPiqap-nRIIwCcGX
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Expires: 0

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58281/ Frame 9679 0
125 B 87ms
12ms Image
text/plain 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEOnhzBqQj_YQoiwQCpfilS4&google_cver=1&google_push=ATf1kGNJnH0Pg1vtSB4x8TublbsmhbxIPhzCcpVi5c7qDgNDYefbDVvA6iJfepVHQ869RchMrrgFIbXL9P0Btb2FjL8RvJtem9z-vh0

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:40 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 9679 0
12 B 18ms
15ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JcumTZBU1GltnOZCgIOONAD7vUiNaYNa8P0okULq_QngrKLBnYcAoNY4dWO_ITOouvB6L8Nw

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK iju9wczm8trb Show response
hal9000.redintelligence.net/zone/ Frame A9C0 11 KB
4 KB 45ms
11ms Script
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/iju9wczm8trb?subid=&gdpr=&gdpr_consent=&rnd=1687989459143645&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCN-Db06ycZJ3iCLu89u8P79iSuAGm5b2gaa2VnKfJD_AuEAEgwLKCa2CV0rSCwAfIAQmpAtPqU3VdUrI-qAMByAObBKoE4wFP0AWla6HvhyZwY5fwKL5ZcNsTLlaPEsr-BWk0UMPvZrnqSMvgY6j_KGw172RFkH0ix38XlKXXqnAl-VRGkFOEN884DjGJcBVXjU-jOmZuIFpyGZr4FWXK1u0g2-Oe7OKd2nJBJoOqq3I3AIO75Zkc2bhA77Tn-OaSVJyyy05jxYVciDLa77opj6hK42fZk-5EsnHGgl1A3MJdgsvGdt9g2zLNmA-DGJ4OTJf1jM_5VzKLH8Rs2K0SMbCL5PxjMYHwAZLK1TCd0lFddxOf4oviOUPttrI3vOcnKH-eptwQtLe9_MAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoDmAsByAsBgAwBsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiD4uFUJbggLmfY2mUbDHx42r49fbLk1zuOVCvH0Ho26lTG0VVcoI8WBsh8zOV4siutO3n7miJwblcKPUe0fNlbQqAEp9sFOsb8-j0upMCIPvjUX3W2yO6PFPLBB8iNTLeMHzpRvrlL7Z0YAQ%26sig%3DAOD64_0BcFkOsP_h_-hSDjZJyWWO9eeZpg%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-B1NOcddcc4m9UUW8YSTTZ_YZwa7AnYBOdixO71tCXS9SoYx1GQQCfKSNhbcIb2ktpQjwNN_xO5OEN_hAoHkmy-rMGHz00hFOWe0uhPCrr0uL0Nv4XD3nDRvhvWJwghCfMf-tYrrJM48psmILPb1_Yssi3-d-5ggF-5G9f1aLGqbxtCYOA%26cry%3D1%26dbm_d%3DAKAmf-DJyhaunJEJO2tRxl1K2M6TSdQxyOXNxlwwD_PS8Dg2RduBCNNStC8-3Oes6TQtO8q9zOvP8srPUT06wTluZXEnzQsrqn4QObUXJh2AbStl-GaKs0JTF8JNmusDZrBBZrN8plq78CVAkym0ZMb065_CN7d3znDt8UOo3Z6KCtgtVATNERsvnIxh_OGTvIdGlIrrYzxP5x6KlaY61NSebqNh5a9R23rOi8VvTdFzBJNLsNmeTIpl6vjMu2jaQX_SmIYc2kEn6_RJ1AVYUxozztMwmGOKpeEBQkCVWrDmMpIGQSnc_FhBgjfEFS3F13-U8MnxR0gAxok713v2GO2mxVKkSnr07aDKHhEE2gZ2T4vFSdE33lCSzDNtPJzsEISh4r4pYVP0Ryf-KkPNEKu6ohvXiRM0P1RXDLaK7eyeUEaev4wi3DhzkviRfa9t45FKnfSPgB7c3jOk_GxFv281DdHdw9G6GM4Gs0PwzkJ54MyODwYt4ulStDqbgcg0iIDkoEHeTC8kEiwRX0jZusVUqbidDyXEc1Zvsz_fHL9LDU6ezzBVNR0%26adurl%3D
Requested by: Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: aea58111c9ed2213f90c3e7f7de388b16831fbdaffe5f0a5527aaa33c715f3da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:57:40 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4186
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H2 200 vt.php
cat.nl3.eu.criteo.com/delivery/ Frame 5E36 43 B
347 B 73ms
13ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/vt.php?cppv=3&cpp=K6ncougJOhJ5tJ87KxiGHakyN9P3hWvj3wtkoSZH25FoIF-ZlPEiQbt7GxIvLRc1ijegCCn52qmpb5AIUxZ5cJZt3xE_aeovSdlB1L__s2w59L5_DqZGWaIR7129m7oGAFLGjlkbKOC1u_2ynyIADTwt9azaDJe3-ER5OPNFsCCI06THgB1_zY4VBqh3ZPfRVJVp5Vu2JQYRrYYUki6pYtha4FdJjci4VDwqVkQg87Fh85ANpgCu6W5J5ug&err=[ERRORCODE]

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 108252
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 5E36 42 B
64 B 63ms
50ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CMN9W0qycZJKlOr-69u8PwPWOyA_JntKxXNWdkfdwwI23ARABIABgldK0gsAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQWpAtPqU3VdUrI-4AIAqAMByAMCqgT3AU_QyOdhIJcKBDdbD-_32FSChfYaqKYOwYeX5r2XD2g2oGwLSSdMUIxanNVTYE7_Rtwk-TukSbdrV4cvBJzI5eaPDPlXZLez45qU854BqOsyMzDlz_EGoWYaebpf-cn-cfoEL12lwq-ivpszrMIqQXUhmTzl1lkQnij5UvlnNsqLLhOmteQJRmIv3H0zWySANu2Px5QoeQ0F-5I9hXULFv2aMb6mqfaqdqPdR067kS6hPe9uXfDLdf4OAwFB-FKQ953We4bE_RRuQ8G2NThZvJu1mXILkTQJSTPLqBh1plT-Dt30f4t8hWQcDJhzJwLMGfJz_B3dqS7gBAGABuXQrvCavLuIUKAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOfoLAggBgAwB0BUBgBcB&sigh=ppb7CQGaHdQ&label=part2viewed&ad_mt=27&acvw=sv%3D953%26v%3D20230516%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D15082%26vmtime%3D26%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26i0%3D33554450%26ic%3D0%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D951304267%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A1,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1687989460470

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 5E36 43 B
347 B 76ms
17ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=AlSPVqNkAR5fibcLpTBtIthljDXXu_FqBgWO20u5fbtMdUt2SdYG4ayR4DNAgIop7W6B78xZ0i5XL15SiCBb5JjfU3grLXLru0f_rB1pqNW1pHbrl9SLqvcjORs-O-v5xsPD3bhDjx0oJxnUD9ncsfgiqYagOU4jN244iCCtKfmwtIrdxTnhDLFHN_OpDXzVGgrrdaEtgWFkvb9qAS_2N9M7PVcYZ35X5ir-XvGmPnpdAmnOBPr6TdlD7cVih6XLq8KRX2vJQzfG0qaJQ9iDFYk5KaW29e5GmLoKufQtazZW3OSqLnyI6KGDZixHReSWsHF9Y4QpsEbipCtKVBnYhDAConi2sfMwIqmOuUS1vgjexhEBHTJIG-e6PzWrIMsn7tlAGXy0gduROfmLDoX_XYVKhJwaqnEbR1tEyorqLYOlKL4FmBRTX4LKcH94bHwAT0P3fw

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:39 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2019522
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 5E36 0
0 69ms
55ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C_Niz0qycZJKlOr-69u8PwPWOyA_JntKxXNWdkfdwwI23ARABIABgldK0gsAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQWpAtPqU3VdUrI-4AIAqAMByAMCqgT0AU_QyOdhIJcKBDdbD-_32FSChfYaqKYOwYeX5r2XD2g2oGwLSSdMUIxanNVTYE7_Rtwk-TukSbdrV4cvBJzI5eaPDPlXZLez45qU854BqOsyMzDlz_EGoWYaebpf-cn-cfoEL12lwq-ivpszrMIqQXUhmTzl1lkQnij5UvlnNsqLLhOmteQJRmIv3H0zWySANu2Px5QoeQ0F-5I9hXULFv2aMb6mqfaqdqPdR067kS6hPe9uXfDLdf4OAwFB-FKQ953We4bE_RRuQ8G2NThZ_pmUC_WEDSe21SdoeCXTXl3qBGv-UZP-MawhqmrMOS7UnFj376LgBAGABuXQrvCavLuIUKAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOYAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi03OTgzNjUxMjU3ODM4MjgyGOrBbQ&sigh=nWPAEJHa3Xw&uach_m=[UACH]&cid=CAQSLQBygQiDemOA5aLzHbLTxLoEvAplokbEUxmCY3B_yIjxLQ7mdLMFrjGteBWd9xgB
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 google-vast-measurability
csm.eu.criteo.net/ Frame 5E36 43 B
246 B 74ms
13ms Image
image/gif 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://csm.eu.criteo.net/google-vast-measurability?cppv=3&cpp=rWTMDkAMfkDY2j2vnCwub3h2mkhJvb5Cvpj0qgT5FVb8rr3PDJiAbYR9Ypl7aRugzr2bUUQyBNAlKu0Jn4CnoDUln4zWz779kxBzgKmqDFyclnEKPLaOzSPdmayiYaZ6KY1yrS6f2usaBuhmMGmeVaMoX4gHJZC0YeAl001U5Yg8R5Qw6IXTojQ6g2Y0lS1BzeM_kwSswQw2ITlHDHhRV1VMyrANfKiyWEV6sRN-EYIi3b-0mAeCQH0Io3m94iyA4GQbRQ

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-length: 43
expires: 0

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 5E36 42 B
64 B 64ms
50ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst4CI9bpaRrt3BL3emq8zpRdjOEuvwCtkxtnbgDIxoeqXQFZY9lzz84wASuVXnGprncdddDZHRSKw3_I5XT88ndghw&sig=Cg0ArKJSzMFPz0OJ0j8IEAE&id=lidarv&acvw=sv%3D953%26v%3D20230516%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D15082%26vmtime%3D26%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26ic%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D951304267%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15%26veid%3Dumt%3A1,xdi%3A1,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1687989460470&avm=1

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 5E36 42 B
64 B 64ms
50ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CMN9W0qycZJKlOr-69u8PwPWOyA_JntKxXNWdkfdwwI23ARABIABgldK0gsAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQWpAtPqU3VdUrI-4AIAqAMByAMCqgT3AU_QyOdhIJcKBDdbD-_32FSChfYaqKYOwYeX5r2XD2g2oGwLSSdMUIxanNVTYE7_Rtwk-TukSbdrV4cvBJzI5eaPDPlXZLez45qU854BqOsyMzDlz_EGoWYaebpf-cn-cfoEL12lwq-ivpszrMIqQXUhmTzl1lkQnij5UvlnNsqLLhOmteQJRmIv3H0zWySANu2Px5QoeQ0F-5I9hXULFv2aMb6mqfaqdqPdR067kS6hPe9uXfDLdf4OAwFB-FKQ953We4bE_RRuQ8G2NThZvJu1mXILkTQJSTPLqBh1plT-Dt30f4t8hWQcDJhzJwLMGfJz_B3dqS7gBAGABuXQrvCavLuIUKAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOfoLAggBgAwB0BUBgBcB&sigh=ppb7CQGaHdQ&label=vast_creativeview&ad_mt=27&acvw=sv%3D953%26v%3D20230516%26cb%3Dout%26e%3D19%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D15082%26vmtime%3D26%26is%3D33554450%26i0%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D951304267%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A1,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1687989460470

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 5E36 0
54 B 260ms
253ms Ping
image/gif 2404:6800:4005:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=6~ljg9cb2o&c=4901424600820&slotId=2450712300410&qqid=CJLW1-D65v8CFT-d_QcdwLoD-Q&fb=outstream-lima&gpm_i=1&gpm_c=1&gpm_a=1&smb=1000&mt=video%2Fmp4&vs=1080x1080&dm=15000&event_name=first_play&asset_bytes=149968&video_bytes=0&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=6&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=1&video_played_seconds=0.00&video_muted=true&video_seconds_loaded=0.00&met.4=ff.17o~videopreviewstarted.17p
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4005:81d::2003 , Hong Kong, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B90B 42 B
63 B 50ms
46ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BiqGDPYW6r4UHU5JbF8aOy9_9kW3HyTovsPg8UBUXu1nWXfvfE3kduQA0lS6qe_znd13m6Zh___NKZrb7xEj5gK2NuuuZJ6HrHHCs7gNV6lwVJXp4

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687989459344&bpp=1&bdt=152&idt=641&shv=r20230620&mjsv=m202306200101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=5745559093563&frm=8&ife=1&pv=1&ga_vid=466283811.1687989460&ga_sid=1687989460&ga_hid=1804320350&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=950156678&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C44788442%2C44789819&oid=2&pvsid=2334320663502809&tmod=1083788450&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.udqxk4vi63ph&fsb=1&dtd=656

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B90B 0
20 B 50ms
47ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=9779544960699989946&x=1&ct=76

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame B90B 78 KB
27 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:40 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:57:40 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame B90B 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:41:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 973
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 21:41:27 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame B90B 19 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9482
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:19:38 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame B90B 0
0 15ms
15ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSt2F-ttaj9BIkcsjkn8YTQ3BNsigPcaHS8gXhMFzrQ-79aXRrMNXub_LY32o28uECWkJ6UfxF7kfP1IZ7mV8KAi7LxlQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687989459344&bpp=1&bdt=152&idt=641&shv=r20230620&mjsv=m202306200101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=5745559093563&frm=8&ife=1&pv=1&ga_vid=466283811.1687989460&ga_sid=1687989460&ga_hid=1804320350&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=950156678&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C44788442%2C44789819&oid=2&pvsid=2334320663502809&tmod=1083788450&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.udqxk4vi63ph&fsb=1&dtd=656
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B90B 179 KB
56 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:57:40 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9C5C 1 KB
643 B 11ms
7ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 24798
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 15:04:22 GMT
etag: 48472445140208031
expires: Thu, 29 Jun 2023 15:04:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3CDD 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 716006b2a57d4f6b7d8c6c8e002c0aaa39ae7628de7924a4ad7d12415154d0b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6A12 466 B
235 B 21ms
20ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjstJ_sATAB&v=APEucNV9T6EHURO6TzSqWmSDPVmFT5l_sz02bmQXcRsvENjgNP9sClJZ_hYl_U2OiqtkTP-uSOgqr4YvlkGsorO6WpAolL0HQisDyKe2-gcwn_GAFgr6Zvn985F0ast8ubJq06lvNsX_3pQAKqyspl5X4DIqGS6VpoNfgqkiw0UskUteRCYvZ6k

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687989459344&bpp=1&bdt=152&idt=641&shv=r20230620&mjsv=m202306200101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=5745559093563&frm=8&ife=1&pv=1&ga_vid=466283811.1687989460&ga_sid=1687989460&ga_hid=1804320350&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=950156678&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C44788442%2C44789819&oid=2&pvsid=2334320663502809&tmod=1083788450&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.udqxk4vi63ph&fsb=1&dtd=656
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad
googleads.g.doubleclick.net/dbm/ Frame 6D0A 42 B
63 B 30ms
29ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BrzfKSK4_Gf7-wF2Nr6ex1mLBKI6tLb4axkKylaR4UupBLnmuMlzNfCQvVziJm9HcATLEtHJGDWMNeyTUngoHZ_RYUQIalgnfJ5HgVhNPNfFPxWnX_KtAbCRF7iN-ZQgXynILDy4YUnD4HguvIIy504GZEIw&dbm_d=AKAmf-DjO87yg7fSxNiI5KRFpWxVHko_7kwy_pVWseKiWnITrhAQCj4VH2LKjg6F0R3Y-21xj58W2i0JUcPUH1myuP6pNl_Gitlo1oXP_HAPS3jBHVVf9XPUTF4lRQR_MgAm6vA0iI_0T7DEmAeudbEtbslMJVebVvGpxaN7Zi6n3wxUNKV3gcgnp-JzmR8Grk7HDdBywvb2M2A-sgAt2hiwAzAV3DmS-5fTrM_h3QH7Dhp4kdtNudTOLuttyg7rc6SHJxlPl9QQ8bo368EVbKBtoLAgo6hysNg60vTFe0qg5KgvGrX0h9JfVitciWi4uEQjzKBO-Fg-LNBlUVMXOmPh2Umf1mcKeIMNsN9hLzitBX7S19pE1YihId8cSX0Agg4RZVzELrbsGoP2OydrTkCAdXSYEewemp3m9-Gx478IxxxHHDFzDgs798QptiEAmK7LHLbuxZ4enSmlpRq_mJ4Xb6HFt3BNJUyB1HCfqwbfOfLQ9QgGCA8P8007JKeDWd8_GOM4OnT06PHs7SsD941p2JhEUeQ11B_uM9X_RCi_4VhqARtdXbFKBANeHQFotD9s_YcyMNRFJthWGVn_NcYCX0tidWj7ZmrPjNlHwr5wTEC4JtvcTMJlU8UbStwbPjBU9IivOihb9W53Q6rcWi747rzNdq32ZZwWCvkyWRbiQnsD8-iylV4A8diXdc2vV3THe0gBhk4dvRUj3JuGTMXBZV83NvTLXctU8NJgirDJG4fALHQI6bnF4P07EKL7yqFtkJ5MPJpIp4GEUQT_KUn8BaiWsZ1-dG21D5DAnkkK8M1n-Q1OxniCBeP8NdCc41wb7WFXB45eNUuy6mQi0-T6TQOQtarZxiumCaIUU04J_ldximykuVx3HOaSbVIWt0A6uJpRQT50K2uCdXLho1yk5ZchqSZ6D8xxg7-MYYLxZ6YogPoFRsVe2CWG9o8CkkHmq80v4eR7iUkAyekHN5KXvq4na7mz7Uy79jA7l0fkvIjfTB3vx8wPi8hB-vjAuBGsrOOZb7ghbdSkHef3ZUF2ZeDZinYL4y1bkpduEboqEfpF2kTSK7YUxeuyFkhISypbM-z5YjJLIaZIVfPOc18Y-fjxtIfUboimXqtT0XwnvXDwNJKtVZvKM4_XFO7H2uNFdY4BtrJU0yMDO8KXdi4LErIEhWqH5ktgvZdYQup8QuWAirAwRbwzLTNH-necPet8hZA2peuW_u8uWJEzIhhZdK0klGnmH-JzsuVCE6FO4gLfclob6wDdaN3IiObEaCdcUSaC2AShHVXsgawhHSA-zdLvAuaRcbDU5xxom8g_A4V6snTzmHQaOpDgKytT4CBS6fFtyPj_2CvAAlOq9GNiLs_M67nHCX64phraKAquSXWz3G-XmBXiKjQkeOVtkXOGs6uBssr76jrY7JtSwLzJGSBoF0V3XMNrpISc3Pa1zwyjNvG-FzkrubcBOIAyAmNV9sgylRisa3mWzyPfK-ZBJTiMr4vHCMAud9PK1xyIRvCQT99F__NJsEFZDad7cRfWk94U7Ut3o31wrsNWXeA3VjyALf-w1sSaWqc5Qc1gEZUrBUphsLBFgCepdNU1WM63giEieUuBBjaqEJnZxPzZI54J9ly0RomSQL0piFjEAqOkbbwleN8h_cgZDolfaNWbX3mrFPqHUcRpIAijRXOoBUNYJ82QaSxfbEtECwnvb6Q7-VmwlAJqOZ9jE1mKHKo_jhqjEK50np8vqAqKA9FpcSYfTQq4cDn2X8FL5NPaJmzXfH3gP-T6BRtNw6RfG2DJ9fEeWM3MDWqA2geC5xMjRQuxeiyoYv3IR5Ku7qSVOTfvoQDtK2LhtK0cTpVGy7HerVL7jbF2THvdUU6QoqenaMDwOGSsYwrNlM2ORAVKd_EAx7tIy3FIoKT0Vn3NHJF-oOjK2n0n4oIQcaEtuyU2a_4K0Jb95q6PpOQpi-BqSXUGuYeX5Fi8gNSz4u2gVymJW-4BdDlcJK0KO1BXA9rhEOp0aRuwazg4bcBrGMNIUTsUG5GvTYW3fsEbW3yfG8-EbrM-t8nMiIQoWyUCi0iWLfh03f2o47KfdVTUYdA7--dQqxYBa2SjkOQDsg0hg-tI2aESqFJKmGSyqTw7DhWm7WTvJQQm2UOIzXM4UdUPQyBhaWnElJDirudymS9bIDXpEF61pFITwyYvVUiFbw-L7u0wYYPwzutTKDKiMdo-DwuajCKZcQV2J6o7sbcMR92nTtSdGWcH-OW5Yq1jnIABFVxv6myxojxngtgstD0k0R-VJvnT2LUswciV_XDYkWSC6SKs5w1AzGV3dKz2pgOOjqytcrxsfr0oo_ahMOBkVwhrczclK5wqo0Zq2RAe0_lDcvzo2pKi4kuz7F15CqhOSSVRjZXHPGqazEpvITodPwJ5cAzTbV1kCHmyIdRPlOg-DhvzH6SMiQ-31iB_NjAzACgIDn7A-oehBL68F4d7qXRHc4IcF_JeH1pKEu0yethQT07-2Cq_ru9vDjpK_EghCjB1Y5hbsbOwYYPlHRLh5LhFYngpVKebt9MeyNUbG4ByOwJmto7hOoBzHLHVtRGAK_Y-FitdyZh2sS2MP5rokjo02QGcqaviNMnH0OXTzbi16mfk-3EYTWxUVDm2tyIPT49Ric8zAQB4F7X1Fcw-Hv9hCVowHlRyGVwj7wWIL_xIRk4nrLop6eyi8UGYaHKTH-31uR2EtaQmgeLSThxCKff_4y8jtuTfUTXZgBAuEs5A-7pFzYJBxJK-OVG1yZPw2qdKjqv4lYUcYBuHQ6IlmDxWtoBSh7i2VxLVHvSdl_R8otsO5HFOZCQfi1AOs_h2XTtvpWJbrYIUhIukMqK7VyN_XRFK9Sm2GJrp8ejLpG8wMw39qgK226uJdiT53N9GafUlgYcV8Gz31zcSAxYE1-bsyfipCcaVLfGVgYItFxnytREyqXbjV3vTHCxG631Yz6Mfbk9Qg9P4_EWV0I4nzjocrrMVyE1AoLbnLRPAmrvuJbc6kLUyk2uy25lTnpgsjwJ6f292SFpaushCVbRwZy7UC0Kqh06eKV-IVED7SM0fEn1SAfxxgRITad5GHFfgBf-7G3iUaUEjrYyyLzBYdUYIDvdPdWSTP-76DotGMidfnvAm4Aa_HT7z6Fn1yWTy5fwu7fcuJm-MQao0N90DaN5Jrn5bjxn1nlwxzktCoR4JCaF9rdGmt2lgePcC8R_Io5TA7WUvaNg4jbaVcFLYWkFZctosXqHNIYYjAzNO7nKlva8GqWLPwQdQml1ls5-gnklOqh9XfsBCJMS96FlN0TCpisyAKsfSFAtU9PtZIhPljNRFzc2v50yyEm7rTtu7ApRVB8e70GPPLdLkyAuW1O-eo2K_sPB-NJM9s3zyf_aoOUjlTfHUiLqctM1NyYmq3-o611KaCg4RewKqXuQ9wFLqk84fNk8sz_rg4HoiUGiAJH2je1k8iJBwp0EskFfiwIu8VzvNRq-77aONvWtFmAeIZ7HSIwFD8Z826iEJruXDMuWk-_BzlhiXD2dIw8esSMB8mUq5kNktCw2CJL7fjBVaovqJUqw&cid=CAQSOwBygQiDCsdPUMyFh4228B9Ub68xvdqyKnN4WpB2XFCuUCHap95vUumh-ppLECRdWGXnrb7mo3asipOiGAE&dc_exteid=31137909556520854736732909254263342&dc_pubid=4&cbvp=2

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F353 143 B
166 B 23ms
9ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2468
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:16:32 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame B3BC 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7bab9bda18a7f4cbe2e40d5adbcbc7a59bc837dda8089a3d55aa9d103a366183

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame BC6E 172 KB
60 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Origin: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42016
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/ Frame BC6E 11 KB
4 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DO8vYDqm_PQ0tDUkfp1SBT_XPmoAnO1Uz8XuWv7ZRQMyWE0ln70nnMB3DPbH-DzHVmXp4vaOqb6TfaHtuWvuZgW5bLfR1hPyonN2iOSmZROSDrano&cry=1&dbm_d=AKAmf-CAX6GD7qKJruMtwCppLXkZHj-JTN7R6dsA-tfFvoWupndEXPoPftcH9uZhuYK4GwJIQ7Th89aQepo9e8uc2uqw_JBN-nYDBzfoksty2PE0f3sZHIsVjvblXImNPWvDvu6CheQTHkfi2wRZyOVVN2zjWk_fYN50dw8mGorGKwfH6KiNra-0JJm7fOXZC0alt8sTSZcXx3ejIw6kD51WDs07U7QSChDAUk3R3B3_k4ZuUjIoM_dZwme5TR_PRfudYO6ZkBpoQIzMybKIYbpgbRO0-8ffh4BrKroYK7RAw3GBPF9-KUMkL_MipHS6rmWt76OHFuEFZ02mFsdyHdrbD-6Vm6tOeDpKIqVXFtvqq0CQwg0i7M5gYFht9h8S3JWLn3mypGdZeQrh9dIWIpyV0crlE1wbADOI2zQOiRxrktbNhpZ8E81kQqMXQoPPLo1umQ0a8bSc8JvcaR9_h7js6423q7vsHiF8DPVN2NeQ4mzhbPlLl5beVHxbRNR0wv0iHPH-gXI-xMTjUIyvYAonyO-UfUNzXXoSxHfGEnEZ4Og56UWukbZFl285jBrLgjXhKnd6xl2APBVb8uRDMltj2U7htY1oo7jTSFexwZjTlJM4zRixTMlLUpO3LHnTiUiaIhlzfbB1nxLh7wAPmVrq6BADma6IDh8YDmdZhVBGVVh7_bFwuZdruLIlCdUNlRbCshxtxRifpL7wz2sJmoAKE1qF5jN9Sg5JZeaDCSgZ-4oizPoxGX7LGAbKrRCBAeKV3tm3JJV3nMIsP1hhAsK-yRSM13mrU-ISKH182qGgstmFuLV_ZIpet6FmmkvjOPPp2VZvm4o3bAggUbPGLQhR9xCu2CGqi0KXRsUHsMpg-B7EYQlhR1ASylBVoDQvicOwEyarq2ofazFZeBBDd0felsdRRRTlL8oMYNDeFDL3_2Jy_tPSl6sMhDi75HLVPbyXxmUuWwX9FbW9pf5qeqYCcjm2QJAIrp18w6t1csHxckhivivkN6fTfprr75BjHrE4XF3JP23bAmmg4EbFAdxC9kDf7dhsiADMLPve-vYdOyI94IJd2w3jgypFktBJtBSsV0dvnF17WltibuAvBFxHzHU1J6VGQ1u7LvK_Dr0yf8Uvb58zACCzQrygbrCIOY5Zl29oXDlGknybPSDlbE2Htbv6-eMHyBzBFoQI6tkK7ixsVuqn2RaEj49pTRmBIIc0CBPh65XAsE6ygFJvuF8qab3_fxh3r6Bm_FzdyNqiU9lNTtEpHXGF3LAGv48huBa-hoGPeIBjLw4cBf-ZyDu9mYHvDdvvIwHh2Cf2wRkoGcI79R9t1sfkLPLl0OSJ8GXeAzx0WwwnLMf_lzdO1FMX8YpS3RtEF2c_B4AY4nw8W3Alm_lhrfuYRwYwJiWVOaTiJwVSTnf3xPTo_PP4-DYVDfPOBop5Gg20WJfmvuCS_k3rtqgveua2MIvEH2nlyGXmu_XDwQPrplae90xfF_UtAzXJsZUnSm6xSacB_8mKOG-GcQYhDtv5siVcCNh8AnM2ikBWGG7Pbb62dD2LZyOS4H2Ftx8s_G60nrVNd0SX04vy9O5x8PXt9pAreAvemThi-xxh8yH1JSAHoB61-2GBkqgGkx-1QTisiHhL4hYccvOGsWVmO1mqZR9lC4jm5kHeTZDGzmNfrFd_6cy17RPLFYiUoxzxnC5R1zRNSfSvlSEDeYmyMl-tps1PCxYosHbEO0ruBw7JiSZHQezml8VtSsr059kMPW0GcRDGQIBXzXjI5Fbvcvn9lMzefJv1fa7fTE9Tx6oANky5h3jBjNmnP3iW3lzfdChJqUsKY2fybw6TiPVbCUNQo1O1JkDHrOvgIT4mCZNr9sS7ZvP_BkZur25rVP66NLExjjxC_WJhyL35fdnMxjQOn6vEHk4_jOI_d7oNS4OEvSB1EmCUlIeqHVS_eFeGtcbu6uJLWUYmKHnbAPzL3PsZbr8MOywqXwyf8sOqjwIkJw6-CWWmyixJy2uaLAxrXcDosEitkF4J6gLx9iRX9o6uvnHKf4djSqK1_hQDNU8_g4a4jEA5hhlzXkw0fQnMhC9eewFZSlLAESu1SZ2rJpmYvGy18hloM0PNp42L1yGnJlln68JOBg9GmitzgZHixF9E1sNXCdV-1ypg1Ok2nejge8v1i7Vyf7POn5cDmcWJ6HurERozsL81wUAgQuSqN1hk8SAYHwycIfdx7qZ8sKqVc2dXvS4m4Pslw-LYuGN1TEwyRwD2D80-xTNgqAg1wgVunDjZvD7TYRT84bziSo8KU5NyOrpkDWX5nPjmvIVcn3CYXSeK8JWaDWhEkC-h3oFup3MI2fWttMa6EBCKOBK0RMzvYrj-O67Nq7vacEj42AFEIrVpLAdEBpzJ1sdExOBU-xWhHqxDMKe17pht8IBz5h3W2pY8hpGWm9J_-0fiLIYvvE_QfrHCZte0_FVh_f6ZC6nKXE8mndRG3vDbbDsoNVIGOudxFJ9r9dLMbtepSdlXPk22nQNJ62m9DtiRNpBAnujMmeDM95Iag3lgpoKsgzaeKuthbHs6zjBA2iBugjWz-Nl7eUCpB3_5ZNupZfB8DXhu89mwxQShCAvLfPn469jVEYg_B1e9Vfn63tZBGJeU0yqe_4ypg4tYapdxovnrSdZDAqVltqyyXh72zWNtcRojfV6vygeyfwnf6GCXW6bRF-U9nwPTfpzvcuWqLmFCxM2neH-1V9ZfCWGLD6QIm8_BalpsipucJTXUpkunuRjXmkdvaOL0n2_gSPKP1iQs8mAY1Ay9uEIk6TFCvZHGqhBpNLeI3NYgc8MSmd6mhix9CxoTd1kzG6gQCzlDmiYQaXPBB5P3s_Fiz4c3o6gk7ZbqU02N_H9mXQ3C-gIk9mEIG4CsXaf5NQI9Ms5R4erZvo5szbJkYh_yTP_CZZt3-vuaVOIU3uX046YXk9rO8O3ZY1FKeP8V_XHHRBiZs4SbhMBjI4Ok9UT6i7KrtnB0gMEpQ9P1JOXE2RvyMjFh2GDCvOmiklbcTDEz04XbQDcLlNzvjucouemhQmfmF9A8cotFcdcyMB7rc9UTO9PCldwi1xp7X_MGtyyh40ToXNN0p7Lt9tTMdzn4kVUB9Zwg8ZZmBqzXJZ8TDFzvRSR4ykz3S1e8f9Z7Zx0q5z0A3AkAIEtnbT0CYGw6SSMlqm3nJkcZI38PPkm7RQHHCG_d4coi1hQ66W_uOlH93XsnDckGCNidbb6u2GB-fQ085yNdENE_H5J38zF3mph1fPFbKYXfMDJwD8w2EUbn12aeEy9AvwHngsfuvWeiwcRojhCJ4ZySm7DYhf9PQryyOldokYS5vgXdwc-C8Qi29xrqM6BZOgJyROp_83b4YxfspkS6jOooeNMvsfCnlwbKjUx_IlMptA0s5OnbLNcQhfvYGxBU7jvcw3kVhDNzepOjGLA9lR68-PlTf0HlubxY9XFlCbm0dmtwplNpTn-0IDfyJ_TEHvqjITi9TsQ9HS4w4GCmQE3RPgshSLNnml10380J_bycc5cBoi_qERaTKXvh-25UK1ukoCDfnAIIKDCISezsoCvfgESbmCIFqiXPAUJUNLY00q-GW9Ox8etA1hZTXO9mLybqAMrn9CWl1GkLI9li-WKYqGYczGADNsppJS2o-5wbssFMwB2-1GlB8qsdzDewlh5yXzFjNUDkqYbpXvg&cid=CAQSOwBygQiDjojB-cn9DritT8m8wJG7kNyIPaAPqckYqevKvfQNFiZRKqtPLrmuCGO4CeYCtxAc0srPAFt3GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=17581292203637305000&adk=3860319555&idt=53&cac=0&dtd=39

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:12:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9906
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:12:34 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame BC6E 30 KB
11 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:10:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17223
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11398
x-xss-protection: 0
server: cafe
etag: 3934322099733601226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 17:10:37 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame BC6E 41 KB
13 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 115505
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D42E 22 KB
8 KB 15ms
8ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 115199
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 5ed76f76e4b07a92411bc03a
ng2.virgul.com/tck/imp/ Frame 1E5F 0
209 B 65ms
51ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed76f76e4b07a92411bc03a?g=1&t=gb&r=153377@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687989458630&userId=vnet87604c0e-85b9-4694-a152-c65714f2ee85
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:57:40 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 6D0A 0
0 46ms
45ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=COJCP06ycZNr6CK767_UPuPan-A6X9tbmb7ebyK2NEd_Gor3AARABIMCygmtglYKAgJgHoAHTqd35AsgBBqkC0-pTdV1Ssj6oAwGqBNoBT9Coxxqmsnimy7f4aiZiqayCviL_hsbi4dkl5_9MW-K7QEPZ7G7K_MyLPlBkt6sVAgXGuBUppQkfL8SKsqqEUprPCiR-akdy0sadzElFIcNY5kXEO4ssXEmTy2_INCC6O_pA4Qlilm9KO1jo3cMlW7pWQxW_u8LnUQP0Zr1aPzb6ywSRnttMm9ylNNXmuzBreGG1oyRzMKmlK7KSx2vXfyvD12I7HlouIotxR6RQdwqvsbQjLGeIkwajomvdgxq-Jqtc8OrWECRGP5bBQRuuu1qCVuzo4tTFfxPABPD3u5yvBOAEA4gFzvmblUqSBQYIGxACGAGSBQYIHRAEGAGSBQYIHRABGAGSBQYIHhABGAGQBgGgBjeAB5XWooYBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwoQy7MIGLSRwOUB0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOYAKA8gLAbATw7zjE8gTm-2O4gPQEwDYEw2IFALYFAHQFQGAFwGyFx4KHAgAEhRwdWItNjU5MzUyMzIxMDAxMDE1NBjqwW0&sigh=f3e47ohAkPE&uach_m=[]&cid=CAQSOwBygQiDCsdPUMyFh4228B9Ub68xvdqyKnN4WpB2XFCuUCHap95vUumh-ppLECRdWGXnrb7mo3asipOiGAE&template_id=509&vt=10&cbvp=2
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H/1.1

200
OK

request.php Show response
hal900017.redintelligence.net/ Frame A9C0
Redirect Chain

https://hal900017.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=29b2e8e068&subid=&uid=b4ea66f64868f61c&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900017.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=29b2e8e068&subid=&uid=b4ea66f64868f61c&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

356ms
339ms

Script
application/x-javascript

159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900017.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=29b2e8e068&subid=&uid=b4ea66f64868f61c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCN-Db06ycZJ3iCLu89u8P79iSuAGm5b2gaa2VnKfJD_AuEAEgwLKCa2CV0rSCwAfIAQmpAtPqU3VdUrI-qAMByAObBKoE4wFP0AWla6HvhyZwY5fwKL5ZcNsTLlaPEsr-BWk0UMPvZrnqSMvgY6j_KGw172RFkH0ix38XlKXXqnAl-VRGkFOEN884DjGJcBVXjU-jOmZuIFpyGZr4FWXK1u0g2-Oe7OKd2nJBJoOqq3I3AIO75Zkc2bhA77Tn-OaSVJyyy05jxYVciDLa77opj6hK42fZk-5EsnHGgl1A3MJdgsvGdt9g2zLNmA-DGJ4OTJf1jM_5VzKLH8Rs2K0SMbCL5PxjMYHwAZLK1TCd0lFddxOf4oviOUPttrI3vOcnKH-eptwQtLe9_MAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoDmAsByAsBgAwBsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiD4uFUJbggLmfY2mUbDHx42r49fbLk1zuOVCvH0Ho26lTG0VVcoI8WBsh8zOV4siutO3n7miJwblcKPUe0fNlbQqAEp9sFOsb8-j0upMCIPvjUX3W2yO6PFPLBB8iNTLeMHzpRvrlL7Z0YAQ%26sig%3DAOD64_0BcFkOsP_h_-hSDjZJyWWO9eeZpg%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-B1NOcddcc4m9UUW8YSTTZ_YZwa7AnYBOdixO71tCXS9SoYx1GQQCfKSNhbcIb2ktpQjwNN_xO5OEN_hAoHkmy-rMGHz00hFOWe0uhPCrr0uL0Nv4XD3nDRvhvWJwghCfMf-tYrrJM48psmILPb1_Yssi3-d-5ggF-5G9f1aLGqbxtCYOA%26cry%3D1%26dbm_d%3DAKAmf-DJyhaunJEJO2tRxl1K2M6TSdQxyOXNxlwwD_PS8Dg2RduBCNNStC8-3Oes6TQtO8q9zOvP8srPUT06wTluZXEnzQsrqn4QObUXJh2AbStl-GaKs0JTF8JNmusDZrBBZrN8plq78CVAkym0ZMb065_CN7d3znDt8UOo3Z6KCtgtVATNERsvnIxh_OGTvIdGlIrrYzxP5x6KlaY61NSebqNh5a9R23rOi8VvTdFzBJNLsNmeTIpl6vjMu2jaQX_SmIYc2kEn6_RJ1AVYUxozztMwmGOKpeEBQkCVWrDmMpIGQSnc_FhBgjfEFS3F13-U8MnxR0gAxok713v2GO2mxVKkSnr07aDKHhEE2gZ2T4vFSdE33lCSzDNtPJzsEISh4r4pYVP0Ryf-KkPNEKu6ohvXiRM0P1RXDLaK7eyeUEaev4wi3DhzkviRfa9t45FKnfSPgB7c3jOk_GxFv281DdHdw9G6GM4Gs0PwzkJ54MyODwYt4ulStDqbgcg0iIDkoEHeTC8kEiwRX0jZusVUqbidDyXEc1Zvsz_fHL9LDU6ezzBVNR0%26adurl%3D&documentReferer=https%3A%2F%2Fye-mek.net%2F&ancestorOrigins=https%3A%2F%2Fye-mek.net%2Chttps%3A%2F%2Fpcloak.blob.core.windows.net&random=2475204389369&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Server: 159.69.70.9 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: ff15988d9a44878f505e85294f735d8cbc1a19f45b89491a07ed20358dce243a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:57:40 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 94391000174047304444554012369017
Connection: close
Content-Length: 1364
Expires: Wed, 28 Jun 2023 22:57:40 +0200

Redirect headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:57:40 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=29b2e8e068&subid=&uid=b4ea66f64868f61c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCN-Db06ycZJ3iCLu89u8P79iSuAGm5b2gaa2VnKfJD_AuEAEgwLKCa2CV0rSCwAfIAQmpAtPqU3VdUrI-qAMByAObBKoE4wFP0AWla6HvhyZwY5fwKL5ZcNsTLlaPEsr-BWk0UMPvZrnqSMvgY6j_KGw172RFkH0ix38XlKXXqnAl-VRGkFOEN884DjGJcBVXjU-jOmZuIFpyGZr4FWXK1u0g2-Oe7OKd2nJBJoOqq3I3AIO75Zkc2bhA77Tn-OaSVJyyy05jxYVciDLa77opj6hK42fZk-5EsnHGgl1A3MJdgsvGdt9g2zLNmA-DGJ4OTJf1jM_5VzKLH8Rs2K0SMbCL5PxjMYHwAZLK1TCd0lFddxOf4oviOUPttrI3vOcnKH-eptwQtLe9_MAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoDmAsByAsBgAwBsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiD4uFUJbggLmfY2mUbDHx42r49fbLk1zuOVCvH0Ho26lTG0VVcoI8WBsh8zOV4siutO3n7miJwblcKPUe0fNlbQqAEp9sFOsb8-j0upMCIPvjUX3W2yO6PFPLBB8iNTLeMHzpRvrlL7Z0YAQ%26sig%3DAOD64_0BcFkOsP_h_-hSDjZJyWWO9eeZpg%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-B1NOcddcc4m9UUW8YSTTZ_YZwa7AnYBOdixO71tCXS9SoYx1GQQCfKSNhbcIb2ktpQjwNN_xO5OEN_hAoHkmy-rMGHz00hFOWe0uhPCrr0uL0Nv4XD3nDRvhvWJwghCfMf-tYrrJM48psmILPb1_Yssi3-d-5ggF-5G9f1aLGqbxtCYOA%26cry%3D1%26dbm_d%3DAKAmf-DJyhaunJEJO2tRxl1K2M6TSdQxyOXNxlwwD_PS8Dg2RduBCNNStC8-3Oes6TQtO8q9zOvP8srPUT06wTluZXEnzQsrqn4QObUXJh2AbStl-GaKs0JTF8JNmusDZrBBZrN8plq78CVAkym0ZMb065_CN7d3znDt8UOo3Z6KCtgtVATNERsvnIxh_OGTvIdGlIrrYzxP5x6KlaY61NSebqNh5a9R23rOi8VvTdFzBJNLsNmeTIpl6vjMu2jaQX_SmIYc2kEn6_RJ1AVYUxozztMwmGOKpeEBQkCVWrDmMpIGQSnc_FhBgjfEFS3F13-U8MnxR0gAxok713v2GO2mxVKkSnr07aDKHhEE2gZ2T4vFSdE33lCSzDNtPJzsEISh4r4pYVP0Ryf-KkPNEKu6ohvXiRM0P1RXDLaK7eyeUEaev4wi3DhzkviRfa9t45FKnfSPgB7c3jOk_GxFv281DdHdw9G6GM4Gs0PwzkJ54MyODwYt4ulStDqbgcg0iIDkoEHeTC8kEiwRX0jZusVUqbidDyXEc1Zvsz_fHL9LDU6ezzBVNR0%26adurl%3D&documentReferer=https%3A%2F%2Fye-mek.net%2F&ancestorOrigins=https%3A%2F%2Fye-mek.net%2Chttps%3A%2F%2Fpcloak.blob.core.windows.net&random=2475204389369&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Wed, 28 Jun 2023 22:57:40 +0200

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 6A12
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEAMcXb61OJQfdBD3mA5E4MA&google_cver=1

43 B
548 B

42ms
15ms

Image
image/gif

185.94.180.125
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEAMcXb61OJQfdBD3mA5E4MA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjstJ_sATAB&v=APEucNV9T6EHURO6TzSqWmSDPVmFT5l_sz02bmQXcRsvENjgNP9sClJZ_hYl_U2OiqtkTP-uSOgqr4YvlkGsorO6WpAolL0HQisDyKe2-gcwn_GAFgr6Zvn985F0ast8ubJq06lvNsX_3pQAKqyspl5X4DIqGS6VpoNfgqkiw0UskUteRCYvZ6k
Protocol: HTTP/1.1
Server: 185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:57:40 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 89
Connection: keep-alive
Content-Length: 43

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEAMcXb61OJQfdBD3mA5E4MA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 306
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6A12
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Y2Q2ZDVjZDMtMTVmZS0xMWVlLTgwODItMTRkNTM0MTMwMTA2

170 B
188 B

23ms
22ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Y2Q2ZDVjZDMtMTVmZS0xMWVlLTgwODItMTRkNTM0MTMwMTA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjstJ_sATAB&v=APEucNV9T6EHURO6TzSqWmSDPVmFT5l_sz02bmQXcRsvENjgNP9sClJZ_hYl_U2OiqtkTP-uSOgqr4YvlkGsorO6WpAolL0HQisDyKe2-gcwn_GAFgr6Zvn985F0ast8ubJq06lvNsX_3pQAKqyspl5X4DIqGS6VpoNfgqkiw0UskUteRCYvZ6k

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 28 Jun 2023 21:57:40 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Y2Q2ZDVjZDMtMTVmZS0xMWVlLTgwODItMTRkNTM0MTMwMTA2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 129
Connection: keep-alive
Content-Length: 0

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58269/ Frame 6A12 0
15 B 12ms
10ms Image
text/plain 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:40 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1E8F 1 KB
643 B 7ms
7ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 24798
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 15:04:22 GMT
etag: 48472445140208031
expires: Thu, 29 Jun 2023 15:04:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame BC6E 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c50d4891dca5d3a9dc6706a10197373afe9bd96ae55a10783499214ae65ef305

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/7493198391404092334/ Frame 780F 13 KB
3 KB 19ms
18ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=WT7wEhgLt2&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c6d900511c502a6d0b97a298ecab07040eb48a8756ec785beddb35006825f0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2701
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:40 GMT
expires: Thu, 27 Jun 2024 21:57:40 GMT
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3CDD 0
0 95ms
54ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsszGlCDwHRZraqtuCVAdR-YpWaH7zJnSIxjJHD-5KyCdl8EEGFR3m1QrplxhNCvvIxv-gBRGP7yMM_vgZFFTYXla58whc591fiyDYkTXQA24zavBcgRfD42DPTirJ50bOwY_OhkMf_drLQH8JBrC71J7iFdKbcH7AjalwK14M23STTnQ-1_dHjyP_Vi-voKhJ3WQNpg4ZdxntUwzSRr_Nf4MNUaeZ8OkwSbCMM7-WK0vbqflNb4pE0BGdl5EPFdpiMBW76Z42klUcjk884ok27dRgVJdXhP8tPU8fSt8p3W0GD8otnf0FR0G7HvB2ua_pdn_8cz348Mhjtum3oldpG-9xtoLb98Wom70WqEqLdwOtwxYq2bYkoeUBVd7-QRJ6zLhDWyuRXD6KKD27HZX1WhF_wvFhG1BFOZI7O8pJ6Imq0hywhZ1ZOZQoP07l76wIqxJ-cxY8G6_nX1fJ4LSOiLiNHkxUvxtzB3HFETYWBcWzZwdj8W1T30KMx3WpX2JrhWOJ-zHf3ugiomztgkmdKaj4oaO__OLZJh7NcMqe33EDBG81Jv1T7SrJD_Ii60Cdu0SS4MSnIwEwoFHeQGbu6bc6vJIr2lFlPNO3yV-EY0zvCsTmKrPuuS7mbVMROtPk8iUDvQfBt1JPVc-LNkwweGIfALDKd5ZMwmHdLDF-qCWIk-00BswWi1QBXpNRZGEQRPw2nw0S8Ux3VrPPUvEiVQp3NBn_pkaB7t2ahDfuYy1hqrD-11pmQ_iy7kOj6-BH5BTqtWcVnBoSRLXQDL5Olphz_HgbCsQ6dkrgcrjAHUE1aP3x1JGbkXQKCGnBDbQelZ1UzSQB5qz7Ybkxrj4USnIVA3l4KBfj5jcCAmMJzCutDlXWuiy8PUj7y6WZLjXmC7Kqous2GSmLxUA897hatPz1xdihZwtiYhh1vdyRqnOb_OTW01q3zvY_UGAAia885h16ukUscC21V3lOzK0KVX-hw5mrePHPK2YQOmwiKdJrzWP3VYe-nRj6GVTSx3TXVmJQJkC6pb28_Ef1kTMzjjIAZQ9w7GZUd2axq2lXQcrCb3A_C39AYvYge_0dMozZQfPweBw-VJ6hgj5gAPGIRhmzTdjQREQUtK2VMbOGTP7TL3vV0oVUdh5LnEs-C98HlWfmBwbzBLtJY51ytP5ptLWoZTwRdCptCBTF-icEHDL-2XSXnw8TW7CFnafO1xyjtdhghNrjtAiWkqsbq5AKVJ1kLxacWcZutkYRPxrijf9yxX5LyNKOAqvUGnCgMqH3A_GOCef9yyiMg7JojOLRDAZWFYoRb2WNWQmncU3ahY&sai=AMfl-YQtl3cj7bDZLaSmvgkpw5UAGgXcbWIpvr_v6wHa-gema-jEN_JUh-fM5qW9UeOPHTXpcbt0RT6rgofibxIdk8qhrucLUlk6zM1ec9O3ZLKOmM_y9CqJHzQ9bOs-BK5pRZlC81y3DqgmkCOXVy3bm4qXzRswushco7CO4fumoUmNM-JcM4PgrVFOPvFYccwHsoVdBYTMPnHMwLyPGP9FPgOiwSNaOaP4wRxu6AZyjjjpX33edt-lTf6vJeu6Tsp1dSc8NxT_KsurgxhX4DneX23A4K5LOQ&sig=Cg0ArKJSzJ7bfpKZE9oREAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=259&cbvp=1&cstd=249&cisv=r20230620.83667&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 28 Jun 2023 21:57:40 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:57:40 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B90B 0
20 B 43ms
42ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9808191757993&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B90B 0
20 B 45ms
44ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9808191757993&version=m202301230201&ct=76&x=1&cor=9779544960699990000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B90B 95 KB
37 KB 71ms
70ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B4WiI_dsdNPy7qhda-0emmSdi1rU3UJ7x0yNMIpERfbOwrIiejCgLUuhjMxWddWlOMe_caCdPtp4EPOl8SbJQ5qIt4K8y18yBjM1qzB3R1nagYrIY&cry=1&dbm_d=AKAmf-A00nyvhUvijqBllqN6G-J2K9XAsO5li6WP2ZJjyFhprXG6Brf8Ztik_fIy-qlqjxw6qX79JlLsqTwDAXedfMWTPLZtHPpSCxJ9KszdWiOglDD5ablOU-zQIHqTqU8LWEPBUyIgBXU-bZAy4GH2EDiN4fWR_tclK3Bbp3upe1jTGc4J3OrlWFUdV4k83FrX4G226fY0-DfLTz0HbNKUVYMRvQjN6J6AEJwOULZvbk-AMAOtjqZLZddD5CaYAoCG-hB7pdRG_-LVk4VtHaplefCcAKSU0ujacEZouknqW5VPQz0Q6UhaJYVrs22ELfZ2beQMFvJsQmEq2_wtoxugZYkQQqvB_NSIg_oUBcmOtzh5WbQ4Haq-jMwyyldjPKlkPFS-t3TcZBNzkp2FAw3dk1OBBUf6zzcqBxLZRRj3jC_qfBbUUnGml_Iu_GhcrdHbv49jE7IGeanO9Ox53L8Q0J6nIEbHI3z927YBzOxctSaKv3zylr2o6v6DtQkpXGJTycor9zs7POCMfIiJnrGMNktRDuEMsL20h9IZRXqrsfTi_qpQtkKL4cRSXTlxXwEmeXtww04icljYzPbchL5sZM0k8SZ8P32dwYWQDNrtyLG9jvHaBUSnP6JLpnTqkFRuhw-xnKgoSABV_WE6E0RXR1IhKxZtaoMWRh8py2dFCIizi4xexCqUO4yfz8HYzfmRiypkzv17SS09Xly1ThlYgHBNyjGwIYE2wMzgQsZyv9wm3vfTd9vf6tbywLmh7sZCaQC4-kMarkvdvQf5w_jMD3_lfKbob6jUR4HaROPZfHdhy6LY1l2dRfE93iE6I19C_iGr9pKMf8YcFi6We6mO3mwa0FwOULdgqyHvd6irIb_ZngX8EemJd3VL52eEkjdj49ONABx4oV2eYKwMWr0A7KttPEZmvXYR7ED_nMQEPNEAzkZCczPAjiS2RkUiLCUCcDBwbJJvvHbiXWsC2PmG50d0nr0xn8Mjl0HPAI3-K1m6gGdo8lPYvbWh-QhwINzlM9oXMatDMRm-wxDUM_gDNTRTGGiIb9nqVG67cAQ3XqdYU0ddyPbqPmU2G3VAZ7cpuDGBtDAG9JyExkF8ezntTh8vP038MxnztXoA7XNfDvz85Uv-hRHT1V_XuKQn98fGxNS6HcPUVPKEf0J2FSCIq-HAfiIZRNjDWdzRSgNIN53vlsKS9JEygh_yBucDp-zHWSyiZN0HOF9e3s_m92n_R_v1FsXnUP4x-RcZ-BJSsypBgs4PeYaFTzc8R9ctbqmWB4FKnDuAtpSgwQRNiHrEAjxhvUZltbjRepMMemqVQ5EblYj3QDYf5a-THJbgejq_2pf4_lk39rmhxwmBGYPPJCaOiTRgwdxkq31z3e9vatzO13ngAScFEtZC1yOHV9IzpJxqWvcqqwtY0K3Zd3PanqvQL-le_blwF36i2RhNjTpkFYobRjyWegYOfLyGp6Y1OmYZyci6XsPUrc8e8rTkU6qH0eoJCbHBkPuU7oBhDgZYVpV4lLXpNFAap2pW4pumpamtx5neX_gKia_m0RQRLAncOpy9J4EQIwb9kr36fD4Mo7gHYtbmOqWEqRn93crBiOQlA6-x9m4l-lBJDnXjdsu17wqghlHYbNdqJObprg4Pkn8yyoh2hsXRn_v4L-wg5rKOkDIHoDXZFdjFYhWvwTe7MDJwNpdfXqrcV0fZpTiX2Ls_aKL_QADpC88X5eFKeSjaENI2uuujxedjEGBd7iI7cRb68E7jy9vGPcod7wjgH1sVEpixDhpl8TQvEhCeAY1zQCdJH56zNPprY1-on8p481jDvTV-IwdEBkJu0qIRjfsJ72a9N6zuKvzFhCNr3n33B5DhebZRL9OxLB9ia1MNBsOuZhkrvq-iya4JRJp384u2exM3h4InuUGv9tvwdQHLtjkP9YeRVeVD8bAUQt_3K3lTN7ST8mSs-oKAG4ajiG5KPNjmA5B0m9BjY2u2xcRvvdpqQbhkbgJtBqBv-5n8dtwiHVUdy_8nkH2owsiVoitGem6r_7kHZPdV26A9mQyio9Yz2rfLiF9yJ2dmjyWToUkh6ljgrzjbiO-NhyOWugIHWGfD6MrP1oOE1MVql2FIRI5NUhwR3nRZaYYsAh9o2aJqYKQLwlyP2JK0zPAeAsyJhwa0MrZF4DfoTEHqmzbanWNE1NB9RxrxgxsC3kJXg6MuFz2JbkZJywSBf6Um8ROMsFeycCoey3ctYWtW2D-WcIPskNrlcGi6cc3csl1qp6Cr2dESGKZtFtJj3mEVBLFbJA_sVZo0KsINa8vLMPgOkaLaMWigJgH0iULfp41m3lip1q8k3a5dlo62_3ZTurfBoADXgV32fWjyV72bZVeNdKVqESy5ErtJe2oHsMFrX2CyzmyFXyaoFOg9vE4-b2oauV1HTn7hXf3FOxQI-5lgcSCtfu--jg5UN1xo7qqecq69WQrWVGN0IK9WHuXXtL3H3dMzEAqEfRBg-QDloD44RUpSfqzmDlwjorSs_8ldE3_jnBT5ESUb8rcCOAzYGnhps2kXvLyQYmY7LlZTIKLZqGd0XWuYC4N08F42Y7IXd_YQgf0aNXaxPrFMi4H3zlzgiy0EQ9BF3MDiToJ1wm2T5GFy_6T9EDIqoJLkere26dAWKvvcwrj0EGh78O8EbR8uO9Bae4QMVIYHhAv8kH0m-_9JbkM_mHwGmAB2g2hSroupYGpIQ_YGJWisp4OaxJxG0LInReEAkm6XiZkjg688c_E68YaDBweres0_fOjh2g1xTZzrWDVo1KGg2rtbv0bfBPndRHVywfKvYsnsI5qUVcltNjZm7qOXlR2bDzy8wSF3AmkriA6MoaoV0YmfpA3tpq3XuddBKG-HYc_SFDB3uGuTspkMa80VjH2fP-p4o4r4Vt2UEp4DyZcv2pQnsx_gKt_RM9HvEPJgw1jXA4QU6EDspW7aZN26HF_fjCLSpLqtiNA-7Glgha9jG_m19rwsRO2VZJ1KojMe6Cjk46KI6E0eHrV-yafnlM0kHpMIvmThWIkS2HoAwKEfzhOzI7fc3Uj-qNvQXsgKa8If2pstHTevXCWtAj0V-d89iC9WcLd8fU-AsAXo7IE9UvTjpSTYtk2f_PwyjJMdGFYBo4QhYhD-yDsfeMPQNyBzNRq9w6Xlx31X75BKw1SdxpR-z3ehfahatTuxYuxbdEfpbwUAOj9fWltA3BCEU4qd_2WcgbYPIV1ZtQTYJQoAVXutd4ZFixe_Sg29WRIXJ2D0GTq10XTaEtwkR6h1I7FG3o5bwHp0KY0Xe_zL9grLaHa1Bdf7Myo9v-SHkg6QB2GgpLKr-cvtK4CLptI7qS49gdwrKJKYYkxKTb0XuxgCzqgghN4eAwSqficbaYtqR-QlS3N3DIXf6mnGq-dvYv0e5-H4-7EkzzjSiHLkknUTlT0Tj2PYv4-lqrrQ0YwOS1jaayf6aRNaNPQ3m9fgTYbHEyJKe8MGxQpXVsAFb4tQpmESbr00hlXVwNfkLjy-7WejNjyD9HADpHGwtUrbcBrvh-n-YmQW6rP_gxEAXwkQ3WAFiSn0un49v8oERp4P4JzVwlt8WFpYZHaUePlhLhRBpX0Hc6OmTYxSrD7108N7xk0su5ZuitKNh9mWEqxQc_s3ch0UfOaXCg1ZuiTAyIVjP6-EIQP4Sw&cid=CAQSKQBygQiD2zxU64l6BSPhdsulF8Mj-5egKBF2a82N0aBpPs63DSg25UhXGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=9779544960699990000&adk=2719198038&idt=96&cac=0&dtd=19

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8b27ca5fd77fbf4dee1584f2ce3447fd40086d335f40bae8a30a0c5688371b83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687989459344&bpp=1&bdt=152&idt=641&shv=r20230620&mjsv=m202306200101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=5745559093563&frm=8&ife=1&pv=1&ga_vid=466283811.1687989460&ga_sid=1687989460&ga_hid=1804320350&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=950156678&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C44788442%2C44789819&oid=2&pvsid=2334320663502809&tmod=1083788450&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.udqxk4vi63ph&fsb=1&dtd=656
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37834
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 9C5C 0
104 B 94ms
29ms Image
text/plain 2a02:fa8:8806:16::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEEm7CAWfAJTttWCJGcDeKo8&google_cver=1&google_push=ATf1kGMcL6k87cWNeQsi2gbPREqUUVFE3k9zD8eQpAJ7es_Y7vuoktU3FbHYLXB0oicf9GMa375Lt45MBHBLbHhSN1zaeHq5S7Q
Requested by: Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 9C5C
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESECE8Tu-_i5qvh9bxs3krw8w&google_cver=1&google_push=ATf1kGP9uU8O2-dq7BbjDxDV15XeyxhztHtXtpqg7772R27-cqFSzmbZZuzbZqe649A3fW32NgyI5uTWAq27L0X_OVQDInYFWvc&r...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESECE8Tu-_i5qvh9bxs3krw8w&google_cver=1&google_push=ATf1kGP9uU8O2-dq7BbjDxDV15XeyxhztHtXtpqg7772R27-cqFSzmbZZuzbZqe649A3fW32NgyI5uTWAq27L0X_OVQDInYFWvc...

43 B
445 B

188ms
169ms

Image
image/gif

2606:4700::6812:18ad

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESECE8Tu-_i5qvh9bxs3krw8w&google_cver=1&google_push=ATf1kGP9uU8O2-dq7BbjDxDV15XeyxhztHtXtpqg7772R27-cqFSzmbZZuzbZqe649A3fW32NgyI5uTWAq27L0X_OVQDInYFWvc&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGP9uU8O2-dq7BbjDxDV15XeyxhztHtXtpqg7772R27-cqFSzmbZZuzbZqe649A3fW32NgyI5uTWAq27L0X_OVQDInYFWvc%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2606:4700::6812:18ad -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:41 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7de92fd36a9f3612-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 625
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESECE8Tu-_i5qvh9bxs3krw8w&google_cver=1&google_push=ATf1kGP9uU8O2-dq7BbjDxDV15XeyxhztHtXtpqg7772R27-cqFSzmbZZuzbZqe649A3fW32NgyI5uTWAq27L0X_OVQDInYFWvc&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGP9uU8O2-dq7BbjDxDV15XeyxhztHtXtpqg7772R27-cqFSzmbZZuzbZqe649A3fW32NgyI5uTWAq27L0X_OVQDInYFWvc%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7de92fd1d9393612-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9C5C
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEMsFuPR88HkxnaXjuaCwLVg&google_cver=1&google_push=ATf1kGNDuOegS5TLned3uwcmyQwux1y3aKGAwe2l0FOu6Lt8ye-hVIw9GDj3-rKOhAZzu3e59zn0zDS4HUeXk1b7-v5PtZLVY60
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=7202DCF58EA74A52980318834DFA9208&google_push=ATf1kGNDuOegS5TLned3uwcmyQwux1y3aKGAwe2l0FOu6Lt8ye-hVIw9GDj3-rKOhAZzu3e59zn0zDS4HUeXk1b...

170 B
188 B

30ms
28ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=7202DCF58EA74A52980318834DFA9208&google_push=ATf1kGNDuOegS5TLned3uwcmyQwux1y3aKGAwe2l0FOu6Lt8ye-hVIw9GDj3-rKOhAZzu3e59zn0zDS4HUeXk1b7-v5PtZLVY60

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 28 Jun 2023 21:57:40 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=7202DCF58EA74A52980318834DFA9208&google_push=ATf1kGNDuOegS5TLned3uwcmyQwux1y3aKGAwe2l0FOu6Lt8ye-hVIw9GDj3-rKOhAZzu3e59zn0zDS4HUeXk1b7-v5PtZLVY60
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Tue, 27 Jun 2023 21:57:40 GMT

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 9C5C 43 B
363 B 65ms
16ms Image
image/gif 178.250.7.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESELbfAvSJVIi2y5DEFUxBdQk&google_cver=1&google_push=ATf1kGM3AaTbqSJMnm6tXA7nyWcdpcd1leR2TsVZYP_D0UUpVt4ruug6unV6L9_Sg7HHX7LW2sCZMjpHoDx5eM5UdVxxiS20xA

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:39 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 215021
expires: Wed, 28 Jun 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9C5C
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDHxjhbbmFEFl6yJKZwnOHY&google_cver=1&google_push=ATf1kGPjv1KgIaiOXP42bYKyL4uDla-HOPh9e53dhMQO7kraMYdimDRqyXFBPNPG2SmmfiYjyvW82eSh...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEDHxjhbbmFEFl6yJKZwnOHY&google_cver=1&google_push=ATf1kGPjv1KgIaiOXP42bYKyL4uDla-HOPh9e53dhMQO7kraMYdimDRqyXFBPNPG2SmmfiYjyvW...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjMxNTE2MTAyNDc4NjIxNTUzMw&google_push=ATf1kGPjv1KgIaiOXP42bYKyL4uDla-HOPh9e53dhMQO7kraMYdimDRqyXFBPNPG2SmmfiYjyvW82e...

170 B
188 B

21ms
19ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjMxNTE2MTAyNDc4NjIxNTUzMw&google_push=ATf1kGPjv1KgIaiOXP42bYKyL4uDla-HOPh9e53dhMQO7kraMYdimDRqyXFBPNPG2SmmfiYjyvW82eShDQn8dvrpwEpp6YNrZA

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjMxNTE2MTAyNDc4NjIxNTUzMw&google_push=ATf1kGPjv1KgIaiOXP42bYKyL4uDla-HOPh9e53dhMQO7kraMYdimDRqyXFBPNPG2SmmfiYjyvW82eShDQn8dvrpwEpp6YNrZA
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1

200

0.gif
id5-sync.com/i/495/ Frame 9C5C
Redirect Chain

https://sync.inmobi.com/gob?google_gid=CAESELS1odvgMr166rIIkUNE_iQ&google_cver=1&google_push=ATf1kGM2WVZKjKt0GJ7WhB0kob00DpfPkm2HyeyU_Ocmz4o4uxwsfZ-7AP_lQXPLCUUX8KotF7zS8Es-Qja6-RrsD1gRmZ44ysU
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DATf1kGM2WVZKjKt0GJ7WhB0kob00DpfPkm2HyeyU_Ocmz4o4...

43 B
1 KB

47ms
10ms

Image
image/gif

162.19.138.120

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DATf1kGM2WVZKjKt0GJ7WhB0kob00DpfPkm2HyeyU_Ocmz4o4uxwsfZ-7AP_lQXPLCUUX8KotF7zS8Es-Qja6-RrsD1gRmZ44ysU

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

HTTP/1.1

Server

162.19.138.120 -, , ASN (),

Reverse DNS

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Wed, 28 Jun 2023 21:57:41 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

Redirect headers

date: Wed, 28 Jun 2023 21:57:41 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
expect-ct: max-age=0
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=utf-8
location: https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DATf1kGM2WVZKjKt0GJ7WhB0kob00DpfPkm2HyeyU_Ocmz4o4uxwsfZ-7AP_lQXPLCUUX8KotF7zS8Es-Qja6-RrsD1gRmZ44ysU
x-download-options: noopen
vary: Accept
content-length: 270
x-xss-protection: 0

GET
H2

200

/
onetag-sys.com/match/ Frame 9C5C
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEFDK8BltSShuHc5Rkf5ZKRc&google_cver=1&google_push=ATf1kGN-w798wwfhe0athEF8WYVFqfmXkMqwr445MG6d-axyEafZU-s3BYffPwFZNdeCZC2qBrZfiF1tGQa...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGN-w798wwfhe0athEF8WYVFqfmXkMqwr445MG6d-axyEafZU-s3BYffPwFZNdeCZC2qBrZfiF1tGQagso5ZCC2PZ40LxFIa
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

25ms
17ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 9C5C 0
12 B 17ms
16ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LXoxYFkos13KGTJm6rB8StM2ASNO8C4sxsDeAzeSUByreWXa8RAmBRv1KodWEsuSd9enPQalg

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 styles.css
s0.2mdn.net/sadbundle/7493198391404092334/css/ Frame 780F 6 KB
1 KB 9ms
8ms Stylesheet
text/css 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=WT7wEhgLt2&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac2429c9dd60bbe0eeab4fb4322667db2a3566125b4a1d772c488381de05b9e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=WT7wEhgLt2&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 00:00:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 424644
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1446
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 00:00:16 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 780F 118 KB
40 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=WT7wEhgLt2&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=WT7wEhgLt2&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 10:36:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40879
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 10:36:21 GMT

GET
H3 200 overlay.png
s0.2mdn.net/sadbundle/7493198391404092334/img/ Frame 780F 95 B
122 B 20ms
12ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/img/overlay.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=WT7wEhgLt2&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=WT7wEhgLt2&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:47:53 GMT
x-content-type-options: nosniff
age: 360587
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 17:47:53 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/7493198391404092334/img/ Frame 780F 6 KB
3 KB 17ms
14ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/img/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=WT7wEhgLt2&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b1bfbac0178604f4dce665117d962743d2916a2a37968438f3d49d7e9c04445

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=WT7wEhgLt2&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 11:00:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 385043
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2563
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 11:00:17 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 780F 60 KB
24 KB 30ms
25ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=WT7wEhgLt2&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=WT7wEhgLt2&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Jun 2023 21:57:40 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 01C4 22 KB
8 KB 18ms
17ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 115199
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17428105819714486272/ Frame ACE2 3 KB
590 B 22ms
18ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=LpYJpmpjOk&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71afb38e0805648d18592ed8395ece1c81a419dcbedca76be5aecd85e13ae11d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 562
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:40 GMT
expires: Thu, 27 Jun 2024 21:57:40 GMT
last-modified: Fri, 02 Jun 2023 16:34:31 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame BC6E 0
0 69ms
54ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuLPs8neWAaUUSElWqp19RyBbl4q_UI2XZlS61gzWVaWWV6hcEbM2ir7sD9_ls9Iz2XfILTCx3U3R8c0fDs7lOE4d3dK9WM85EjHaJwpESpHyXRiA1e9EvzQKgpmbommqimPd3Vk_0OPZGmgFnlmeYXUjScYidXI0lfkPU4d2WRCO54DQevt6uojEVtFZKINCEAjZJzSTQz_ic9NGrq__Q6Thww6K3BRpXdCPWT1A_jQ-Uodf9oe7V9YltQa7gOSUX0tV-ED8-sFXLDNzRmaSKm6uRD59K9U014sBlJ4CR5OK-dpXFSiwloqeqkEcfL9NPex2tvc-wdN7PvI3AAbGGZfad2X0FrNTDLtUNqi7vnEG7a5QYrNSQLLQFZ-L_wIuJrhKrfk172Hz4L4mIA01cUZfkeiSXn-4ftCqexGBQQyDiytkI8-AOsDs75cspJNGQn4N_1tWQzu-XHyusbDXaqiSPRKb0aMq272vfQ3mn5zf5-2xnaGO-sIHkPCDCV7hg0XbsS3QUPkYEgWtOgrTl6FVFSPlJwVLy-SuwEYnys2-IQu8gCgdV-EhYgAYbq-jpF3xIzxd1oXfTOq5vv1JmwXo2BP9ewfgud-fNsGv9YEIMi9NBEGZNe4WRMBXTHdtMm9eED_GNk4aVHnGSLWKhDLcvvNvAEbhtSs_UyJsxTgpD5nDs8NvrYBgT44D5wtiN6zReC9mTmw1RS8oRYX98_F5J3psWY5IZkwpYyLiRA1JKF6EMTdUjmnj_pR-Y73Z-aW7j54pIVDhz31YDRVeTmxDfAqSeIFRqnDB7kMxAeDYY95aBN9JRSqwwYF9zmtwpGsK9xDOTkMRRJlBglTCJ3e4oD0rIlxudKUU5mnh0CEPRt6K0CI0g69d47GyFzgVj8sEo5kEPvInBoXx8LEn2gkEBFSLd20dLOctAAI6LWmpwaYYjRyz0qJ61-8phZfNAdx6uGH4S0ckdfuzt1GLWhiJnZwIzd5L6vfD1CKiTj3vJF5Ajg62wCU6bLzu7DcU25fUGH5z-dqnfLbGIGWWr1qf0vtS1yC-EzAaFJlE7dRRLirhkaUmDqRvPe7fPK7Ooa7ox6F6fdIAfxBmkdmy5Ywgvt6r117V3htOu9ooOoeFNk-Uy1Ac3UoSfJgS1Kd4OdhI-8CSrcW4Z86RTDR47QlIifQzkHv91BcLJjyQSkiTTvqIt-vIYTifyHbXcvcp40TqKbs01zsJaGlsyJmROr8Auu-nXMn0mNI3g6HsSw7QY6zvnRdngxbZ79Pxz0j4ZLbZDYnHbQX0KDnMNRVg&sai=AMfl-YSmXDQbBl8jkEOJETjoywPHN5FxRvscE7APvbbC9Y2ohq1I7z3rhhO9IdzNkqAcq4pZMLbvNwzrh8g1pbmNMlVMpEj2nvBnSns5kl-mTxJcDCtdyu074Rk7KNCAcm0FRHiOfwQAeVpSqPyC1tyCwFiDSEllxhxuewNyFNJN8Zye5L0IEKq5RCJwEUFpvACrEmmP19uS34xQphQkSRCXY_X57M572KekJT4jOUlAywHpWYiS0xUy9qtdC4gTT-iS1ecQ&sig=Cg0ArKJSzEnTdXSvbLwpEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=244&cbvp=1&cstd=235&cisv=r20230620.18586&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 28 Jun 2023 21:57:40 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:57:40 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 1E8F 0
103 B 20ms
13ms Image
text/plain 2a02:fa8:8806:16::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEFwDo4pWr5KZpxT03vGAzc0&google_cver=1&google_push=ATf1kGPlyozDagfAYUfK2y5-cBy_850P6GOjgwVagsl3wwwe_SwOUrG-K5p4pnkaGwRppyCh-fouprmKepp5jPqOF33sPpRddvyR
Requested by: Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1E8F
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEP5KcOhSO3e4WXQLNpObJ94&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=UkZtVjFzQ1IxUWVEYXM1&google_gid=CAESEP5KcOhSO3e4WXQLNpObJ94&google_cver=1&google_push=ATf1kGNF4mMpP1v15xKQKYILjXEIbP1eQiB-b2Z4XKwQs7A...

170 B
188 B

21ms
19ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=UkZtVjFzQ1IxUWVEYXM1&google_gid=CAESEP5KcOhSO3e4WXQLNpObJ94&google_cver=1&google_push=ATf1kGNF4mMpP1v15xKQKYILjXEIbP1eQiB-b2Z4XKwQs7A-Z9lqTSteKyLGk8DCn7rud6sp_LG8lS8mHB0lthGqLn7wo0bnrkNH

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:57:40 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-782-g97d928b#rel-ec2-master i-008a7b4f528d14c6d@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=UkZtVjFzQ1IxUWVEYXM1&google_gid=CAESEP5KcOhSO3e4WXQLNpObJ94&google_cver=1&google_push=ATf1kGNF4mMpP1v15xKQKYILjXEIbP1eQiB-b2Z4XKwQs7A-Z9lqTSteKyLGk8DCn7rud6sp_LG8lS8mHB0lthGqLn7wo0bnrkNH
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1E8F
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEPwXeLOIGFazVcokBNm-K1Q&google_cver=1&google_push=ATf1kGNJ4LNVJH77LEm92rtUkqQQ56XTDnwvB6Z1MCOzTEOPfCZvo7vrG9FgWidaH1df1I8x1CjY04eTteI_Rmuo-XXMEUX7TkOUwQ
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=7202DCF58EA74A52980318834DFA9208&google_push=ATf1kGNJ4LNVJH77LEm92rtUkqQQ56XTDnwvB6Z1MCOzTEOPfCZvo7vrG9FgWidaH1df1I8x1CjY04eTteI_Rmu...

170 B
188 B

24ms
21ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=7202DCF58EA74A52980318834DFA9208&google_push=ATf1kGNJ4LNVJH77LEm92rtUkqQQ56XTDnwvB6Z1MCOzTEOPfCZvo7vrG9FgWidaH1df1I8x1CjY04eTteI_Rmuo-XXMEUX7TkOUwQ

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 28 Jun 2023 21:57:40 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=7202DCF58EA74A52980318834DFA9208&google_push=ATf1kGNJ4LNVJH77LEm92rtUkqQQ56XTDnwvB6Z1MCOzTEOPfCZvo7vrG9FgWidaH1df1I8x1CjY04eTteI_Rmuo-XXMEUX7TkOUwQ
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Tue, 27 Jun 2023 21:57:40 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1E8F
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESENX8AuviXk6jNxAgbZCD9fc&google_cver=1&google_push=ATf1kGP3PXhH3xutakmJmZenB4fWk5Qzthv42NlqWeqeqWdQ5W_eJB6HfU7hE82YO1Ur3llTKkuj5ykpemovQyFK...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=R99iWR-HSSmvLLceF1VgFQ2&google_push=ATf1kGP3PXhH3xutakmJmZenB4fWk5Qzthv42NlqWeqeqWdQ5W_eJB6HfU7hE82YO1Ur3llTKkuj5ykpemovQyFKcm0LqA7s0P10ig

170 B
188 B

22ms
20ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=R99iWR-HSSmvLLceF1VgFQ2&google_push=ATf1kGP3PXhH3xutakmJmZenB4fWk5Qzthv42NlqWeqeqWdQ5W_eJB6HfU7hE82YO1Ur3llTKkuj5ykpemovQyFKcm0LqA7s0P10ig

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 28 Jun 2023 21:57:40 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=R99iWR-HSSmvLLceF1VgFQ2&google_push=ATf1kGP3PXhH3xutakmJmZenB4fWk5Qzthv42NlqWeqeqWdQ5W_eJB6HfU7hE82YO1Ur3llTKkuj5ykpemovQyFKcm0LqA7s0P10ig
x-host: tde-deliveryengine-production-7c97bc8457-p4zqp
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 dds
rtb.openx.net/sync/ Frame 1E8F 43 B
245 B 111ms
73ms Image
image/gif 35.227.252.103

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEM5Z7HVwQIHnmX3VBTqw020&google_cver=1&google_push=ATf1kGP6vA5OAc-3T9Lj09J_fgo4hAVWxRX-1spZV3AFAFuutcyVOzo2LtIFyqtFqBXx2cgciYEaSJY3OIG0HK69WHOTLNLGeA3M
Requested by: Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:40 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58281/ Frame 1E8F 0
15 B 17ms
10ms Image
text/plain 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEB7GFLoMr205CEqKb-sQYT0&google_cver=1&google_push=ATf1kGOYBzgyAQMNQiOUwEh8790m3UfQvcLDX-bLooGI4DzNvTJk9_bjKC6tb4upd4iQLmICmh05zmPrkgyffTbDoblkDKmUrPoIpFc

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:40 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200

0.gif
id5-sync.com/i/495/ Frame 1E8F
Redirect Chain

https://sync.inmobi.com/gob?google_gid=CAESEDZuq1a1gIpGp-WuSe5tHXk&google_cver=1&google_push=ATf1kGNZekS-zhN6dTr_ipaxatv_znz6pBh3iFYhBWElCUVmTxOW4zFDagPZndU9_HYs8r7q2SG9bKxQhlxqNbc0r6fFEgOaPBqIVg
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DATf1kGNZekS-zhN6dTr_ipaxatv_znz6pBh3iFYhBWElCUVm...

43 B
1 KB

48ms
11ms

Image
image/gif

162.19.138.120

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DATf1kGNZekS-zhN6dTr_ipaxatv_znz6pBh3iFYhBWElCUVmTxOW4zFDagPZndU9_HYs8r7q2SG9bKxQhlxqNbc0r6fFEgOaPBqIVg

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Server

162.19.138.120 -, , ASN (),

Reverse DNS

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Wed, 28 Jun 2023 21:57:41 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

Redirect headers

date: Wed, 28 Jun 2023 21:57:41 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
expect-ct: max-age=0
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=utf-8
location: https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DATf1kGNZekS-zhN6dTr_ipaxatv_znz6pBh3iFYhBWElCUVmTxOW4zFDagPZndU9_HYs8r7q2SG9bKxQhlxqNbc0r6fFEgOaPBqIVg
x-download-options: noopen
vary: Accept
content-length: 273
x-xss-protection: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 1E8F 0
12 B 26ms
21ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LspH8TvNZfdzQKrFkE-oXFbE14FDh6eVMk9Nuu-J7iye_wJGDXyV8wqJesSNL_6NofQex1eC0

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:40 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F353
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

31ms
27ms

Document
text/html

2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:40 GMT
expires: Wed, 28 Jun 2023 21:57:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:40 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame B90B 172 KB
60 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42016
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/ Frame B90B 11 KB
4 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B4WiI_dsdNPy7qhda-0emmSdi1rU3UJ7x0yNMIpERfbOwrIiejCgLUuhjMxWddWlOMe_caCdPtp4EPOl8SbJQ5qIt4K8y18yBjM1qzB3R1nagYrIY&cry=1&dbm_d=AKAmf-A00nyvhUvijqBllqN6G-J2K9XAsO5li6WP2ZJjyFhprXG6Brf8Ztik_fIy-qlqjxw6qX79JlLsqTwDAXedfMWTPLZtHPpSCxJ9KszdWiOglDD5ablOU-zQIHqTqU8LWEPBUyIgBXU-bZAy4GH2EDiN4fWR_tclK3Bbp3upe1jTGc4J3OrlWFUdV4k83FrX4G226fY0-DfLTz0HbNKUVYMRvQjN6J6AEJwOULZvbk-AMAOtjqZLZddD5CaYAoCG-hB7pdRG_-LVk4VtHaplefCcAKSU0ujacEZouknqW5VPQz0Q6UhaJYVrs22ELfZ2beQMFvJsQmEq2_wtoxugZYkQQqvB_NSIg_oUBcmOtzh5WbQ4Haq-jMwyyldjPKlkPFS-t3TcZBNzkp2FAw3dk1OBBUf6zzcqBxLZRRj3jC_qfBbUUnGml_Iu_GhcrdHbv49jE7IGeanO9Ox53L8Q0J6nIEbHI3z927YBzOxctSaKv3zylr2o6v6DtQkpXGJTycor9zs7POCMfIiJnrGMNktRDuEMsL20h9IZRXqrsfTi_qpQtkKL4cRSXTlxXwEmeXtww04icljYzPbchL5sZM0k8SZ8P32dwYWQDNrtyLG9jvHaBUSnP6JLpnTqkFRuhw-xnKgoSABV_WE6E0RXR1IhKxZtaoMWRh8py2dFCIizi4xexCqUO4yfz8HYzfmRiypkzv17SS09Xly1ThlYgHBNyjGwIYE2wMzgQsZyv9wm3vfTd9vf6tbywLmh7sZCaQC4-kMarkvdvQf5w_jMD3_lfKbob6jUR4HaROPZfHdhy6LY1l2dRfE93iE6I19C_iGr9pKMf8YcFi6We6mO3mwa0FwOULdgqyHvd6irIb_ZngX8EemJd3VL52eEkjdj49ONABx4oV2eYKwMWr0A7KttPEZmvXYR7ED_nMQEPNEAzkZCczPAjiS2RkUiLCUCcDBwbJJvvHbiXWsC2PmG50d0nr0xn8Mjl0HPAI3-K1m6gGdo8lPYvbWh-QhwINzlM9oXMatDMRm-wxDUM_gDNTRTGGiIb9nqVG67cAQ3XqdYU0ddyPbqPmU2G3VAZ7cpuDGBtDAG9JyExkF8ezntTh8vP038MxnztXoA7XNfDvz85Uv-hRHT1V_XuKQn98fGxNS6HcPUVPKEf0J2FSCIq-HAfiIZRNjDWdzRSgNIN53vlsKS9JEygh_yBucDp-zHWSyiZN0HOF9e3s_m92n_R_v1FsXnUP4x-RcZ-BJSsypBgs4PeYaFTzc8R9ctbqmWB4FKnDuAtpSgwQRNiHrEAjxhvUZltbjRepMMemqVQ5EblYj3QDYf5a-THJbgejq_2pf4_lk39rmhxwmBGYPPJCaOiTRgwdxkq31z3e9vatzO13ngAScFEtZC1yOHV9IzpJxqWvcqqwtY0K3Zd3PanqvQL-le_blwF36i2RhNjTpkFYobRjyWegYOfLyGp6Y1OmYZyci6XsPUrc8e8rTkU6qH0eoJCbHBkPuU7oBhDgZYVpV4lLXpNFAap2pW4pumpamtx5neX_gKia_m0RQRLAncOpy9J4EQIwb9kr36fD4Mo7gHYtbmOqWEqRn93crBiOQlA6-x9m4l-lBJDnXjdsu17wqghlHYbNdqJObprg4Pkn8yyoh2hsXRn_v4L-wg5rKOkDIHoDXZFdjFYhWvwTe7MDJwNpdfXqrcV0fZpTiX2Ls_aKL_QADpC88X5eFKeSjaENI2uuujxedjEGBd7iI7cRb68E7jy9vGPcod7wjgH1sVEpixDhpl8TQvEhCeAY1zQCdJH56zNPprY1-on8p481jDvTV-IwdEBkJu0qIRjfsJ72a9N6zuKvzFhCNr3n33B5DhebZRL9OxLB9ia1MNBsOuZhkrvq-iya4JRJp384u2exM3h4InuUGv9tvwdQHLtjkP9YeRVeVD8bAUQt_3K3lTN7ST8mSs-oKAG4ajiG5KPNjmA5B0m9BjY2u2xcRvvdpqQbhkbgJtBqBv-5n8dtwiHVUdy_8nkH2owsiVoitGem6r_7kHZPdV26A9mQyio9Yz2rfLiF9yJ2dmjyWToUkh6ljgrzjbiO-NhyOWugIHWGfD6MrP1oOE1MVql2FIRI5NUhwR3nRZaYYsAh9o2aJqYKQLwlyP2JK0zPAeAsyJhwa0MrZF4DfoTEHqmzbanWNE1NB9RxrxgxsC3kJXg6MuFz2JbkZJywSBf6Um8ROMsFeycCoey3ctYWtW2D-WcIPskNrlcGi6cc3csl1qp6Cr2dESGKZtFtJj3mEVBLFbJA_sVZo0KsINa8vLMPgOkaLaMWigJgH0iULfp41m3lip1q8k3a5dlo62_3ZTurfBoADXgV32fWjyV72bZVeNdKVqESy5ErtJe2oHsMFrX2CyzmyFXyaoFOg9vE4-b2oauV1HTn7hXf3FOxQI-5lgcSCtfu--jg5UN1xo7qqecq69WQrWVGN0IK9WHuXXtL3H3dMzEAqEfRBg-QDloD44RUpSfqzmDlwjorSs_8ldE3_jnBT5ESUb8rcCOAzYGnhps2kXvLyQYmY7LlZTIKLZqGd0XWuYC4N08F42Y7IXd_YQgf0aNXaxPrFMi4H3zlzgiy0EQ9BF3MDiToJ1wm2T5GFy_6T9EDIqoJLkere26dAWKvvcwrj0EGh78O8EbR8uO9Bae4QMVIYHhAv8kH0m-_9JbkM_mHwGmAB2g2hSroupYGpIQ_YGJWisp4OaxJxG0LInReEAkm6XiZkjg688c_E68YaDBweres0_fOjh2g1xTZzrWDVo1KGg2rtbv0bfBPndRHVywfKvYsnsI5qUVcltNjZm7qOXlR2bDzy8wSF3AmkriA6MoaoV0YmfpA3tpq3XuddBKG-HYc_SFDB3uGuTspkMa80VjH2fP-p4o4r4Vt2UEp4DyZcv2pQnsx_gKt_RM9HvEPJgw1jXA4QU6EDspW7aZN26HF_fjCLSpLqtiNA-7Glgha9jG_m19rwsRO2VZJ1KojMe6Cjk46KI6E0eHrV-yafnlM0kHpMIvmThWIkS2HoAwKEfzhOzI7fc3Uj-qNvQXsgKa8If2pstHTevXCWtAj0V-d89iC9WcLd8fU-AsAXo7IE9UvTjpSTYtk2f_PwyjJMdGFYBo4QhYhD-yDsfeMPQNyBzNRq9w6Xlx31X75BKw1SdxpR-z3ehfahatTuxYuxbdEfpbwUAOj9fWltA3BCEU4qd_2WcgbYPIV1ZtQTYJQoAVXutd4ZFixe_Sg29WRIXJ2D0GTq10XTaEtwkR6h1I7FG3o5bwHp0KY0Xe_zL9grLaHa1Bdf7Myo9v-SHkg6QB2GgpLKr-cvtK4CLptI7qS49gdwrKJKYYkxKTb0XuxgCzqgghN4eAwSqficbaYtqR-QlS3N3DIXf6mnGq-dvYv0e5-H4-7EkzzjSiHLkknUTlT0Tj2PYv4-lqrrQ0YwOS1jaayf6aRNaNPQ3m9fgTYbHEyJKe8MGxQpXVsAFb4tQpmESbr00hlXVwNfkLjy-7WejNjyD9HADpHGwtUrbcBrvh-n-YmQW6rP_gxEAXwkQ3WAFiSn0un49v8oERp4P4JzVwlt8WFpYZHaUePlhLhRBpX0Hc6OmTYxSrD7108N7xk0su5ZuitKNh9mWEqxQc_s3ch0UfOaXCg1ZuiTAyIVjP6-EIQP4Sw&cid=CAQSKQBygQiD2zxU64l6BSPhdsulF8Mj-5egKBF2a82N0aBpPs63DSg25UhXGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=9779544960699990000&adk=2719198038&idt=96&cac=0&dtd=19

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:12:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9906
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:12:34 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame B90B 30 KB
11 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:10:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17223
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11398
x-xss-protection: 0
server: cafe
etag: 3934322099733601226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 17:10:37 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B90B 41 KB
13 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 115505
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H3 200 YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js Show response
pagead2.googlesyndication.com/bg/ Frame D42E 37 KB
14 KB 30ms
25ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6139cf28f27e43ef93d80278423db91715a6c3b6c0a155c4f7386dcf578de617

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 10:30:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 214027
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14704
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 10:30:33 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame BB22 22 KB
8 KB 65ms
59ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 115199
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 style.css
s0.2mdn.net/sadbundle/17428105819714486272/ Frame ACE2 4 KB
1 KB 26ms
21ms Stylesheet
text/css 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17428105819714486272/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=LpYJpmpjOk&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff3aab1b58d4fcef7acc02e44ae8c3b4daccda6ddbac8015ac91e70b260e66d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=LpYJpmpjOk&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 09:54:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 216216
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1090
x-xss-protection: 0
last-modified: Fri, 02 Jun 2023 16:34:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Jun 2024 09:54:04 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame ACE2 120 KB
41 KB 27ms
21ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=LpYJpmpjOk&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=LpYJpmpjOk&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 02:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71275
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 02:09:45 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame ACE2 60 KB
24 KB 56ms
51ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=LpYJpmpjOk&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=LpYJpmpjOk&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Jun 2023 21:57:40 GMT

GET
H3 200 pa.js Show response
s0.2mdn.net/sadbundle/17428105819714486272/ Frame ACE2 4 KB
1 KB 29ms
24ms Script
application/x-javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17428105819714486272/pa.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=LpYJpmpjOk&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b88a304d6162d0e7bc1ea1c3b8c9e9f6b6751002a6d58b6a7bb2c4dd383dea8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=LpYJpmpjOk&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 08:56:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46869
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1443
x-xss-protection: 0
last-modified: Fri, 02 Jun 2023 16:34:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 08:56:31 GMT

GET
H3 200 logic.js Show response
s0.2mdn.net/sadbundle/17428105819714486272/ Frame ACE2 26 KB
4 KB 29ms
24ms Script
application/x-javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17428105819714486272/logic.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=LpYJpmpjOk&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95dc2fd2d6660cddee1ecf5114f8017512f5f017e2cd96f71efb880957a69564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=LpYJpmpjOk&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 09:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 216226
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3855
x-xss-protection: 0
last-modified: Fri, 02 Jun 2023 16:34:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Jun 2024 09:53:54 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 98C5 1 KB
643 B 60ms
53ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 24798
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 15:04:22 GMT
etag: 48472445140208031
expires: Thu, 29 Jun 2023 15:04:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame B90B 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b7aea34ff06f8c7255d9cc46ac175f4051716c9b6a4ac51906dc21f6902ad3be

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 FordAntennaCondMedium.subline.woff
s0.2mdn.net/sadbundle/7493198391404092334/fonts/ Frame 780F 13 KB
13 KB 15ms
10ms Font
font/woff 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/fonts/FordAntennaCondMedium.subline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 13:35:08 GMT
x-content-type-options: nosniff
age: 548552
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13336
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 21 Jun 2024 13:35:08 GMT

GET
H3 200 FordAntennaBlack.headline.woff
s0.2mdn.net/sadbundle/7493198391404092334/fonts/ Frame 780F 12 KB
12 KB 16ms
11ms Font
font/woff 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/fonts/FordAntennaBlack.headline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 08:50:42 GMT
x-content-type-options: nosniff
age: 392818
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11876
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 08:50:42 GMT

GET
H3 200 FordAntennaRegular.legal.woff
s0.2mdn.net/sadbundle/7493198391404092334/fonts/ Frame 780F 14 KB
14 KB 15ms
10ms Font
font/woff 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/fonts/FordAntennaRegular.legal.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:25:01 GMT
x-content-type-options: nosniff
age: 1959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14468
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 21:25:01 GMT

GET
H3 200 YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js Show response
pagead2.googlesyndication.com/bg/ Frame 01C4 37 KB
14 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6139cf28f27e43ef93d80278423db91715a6c3b6c0a155c4f7386dcf578de617

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 10:30:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 214028
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14704
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 10:30:33 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17428105819714486272/ Frame DC66 3 KB
595 B 16ms
16ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=wCagNPJ00m&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71afb38e0805648d18592ed8395ece1c81a419dcbedca76be5aecd85e13ae11d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 562
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:41 GMT
expires: Thu, 27 Jun 2024 21:57:41 GMT
last-modified: Fri, 02 Jun 2023 16:34:31 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B90B 0
0 56ms
56ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstAEaH1-qqxKSshBWIDNupMD_gISFUd_OetKbL5GTod7gekhYKIqJQb9UReBW4lxnFUPlTrNfrrYZgoG0hoYCsIVBQAaXPK3qxiko2iMXHV16r7qqrUH5rehOz6yoAsptCcr3-lhFq0rrHXcXBFyjO7Z1nQUB236NXs4YwCfldOsDdj7NDXsWBctjI9ml3mPYjaehI75jAEE342aoDn4nxEqajezDVMtyXgP_OtlAqBgK463dD3U50Y0rv6RupUDnMoFyyn47mllSZRM3lgkLVcNSKRpyUQv4T5xGpT7HyWoBp5qHqzZXiWOGyF78u7N_fs0hL2AGeqPpSiuM0I2Lyhz_pkC7-LwGZdcZ-P7pWcHfYRdncpLcK6-SkK_Hs6S75rwLVJlRN0XLOvJtuwbcJbAR92_YlvQpi8Z1Z1pNU7my0xuk-6w89tU4ksDRIZATFlluxRLgcPTcuPMG-v6nK-zph8Nv_jwRKa759uJyGyFSQKcgValea3VrSmvM0hsZlWCCHwzaUqwiXrJ89eYio5baHLf-9JN11EblhJ__QzvI6FZ3X0EyYNVtX5gxph9yuECWtELmiXRi6NcPLt_aqPapfPqwazRP_ABpOoCBwFNeFZw8G3GguOFbIEZ2UOrd1lKgs9NUMczbJuMqsSCe3tbe0EVCnWttRuPXgyPBLrg2jbGKSI5x_SuzX4kFO4Vsu2_t5UOQJCJeRQTBPH7oah4gCqUd3lh8X9KHnsVx67GaCsG6HRyjgL7USntkBW_vWIFJx435Cf4qPo_u0RdwkRRjKxzZfmmd7corB8uhYTsS7IGRx7IA7jmcaD8ga9qkeO24VIH9K8ntdI1DyPaj7VHZJMqN83kkp5Gvax52nYDwNL5Fregxe9Vp9i_7TLXc2JaOiGKswbqWHZaWaDaVxb15PBVocenxdiPdA7GpRYl4KTXtUeWt-CLB7N9S2NlfitC5fLkO-Z12U-ObR9vaOSp8l9g7lK2b2-z0d6nz54IfSfMnVFQdd6NkUuvK4s2Vbb5REJgP8ZZTX-degLcKO6mrtDnGy0QGeJG3WC30ebi72Ip_me0ltHEIhsggigdVxhI5EXdxv1vhRcdhozaAR0VnaBl5FTgjZwOHrJtw_LFBv4z-Kz43ahS-HAuTIOYARifVyoFqFctAPCcG3ljLZNptPKfrwWvDfKGZ1lzbuL4zIRuaRER2Uua6Ly1-3uu4P0PZRQBy7FXFCMo68YcpguJzKwIGyFq3ei4YAi-VQwQRSm7aqiMya3I_UB68DpL0Z9IXbb9HGITuHj8570iw&sai=AMfl-YTKD8EhD4mHT5w6oNGST9Zkh9-IG9TuYJErYCXsTPcSzxk1SznJ2w6w1a9BFopBSjjLNeRjA9HBQjsRLHSwLSgnRpYKyGoDTQAzNK3JLK5xGaCsVM1FdnI4OQ3iXxPsA2fjDTlhOmNx2IptCPoddxKICqNs8GfgaKrLEGiG7ixnV3oIOcnCAKP4VaRXkVL1XoqSaA2iD6Nw&sig=Cg0ArKJSzLkMu9JySV3sEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=146&cbvp=1&cstd=139&cisv=r20230620.25859&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 28 Jun 2023 21:57:41 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:57:41 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3CDD 0
0 49ms
49ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsszGlCDwHRZraqtuCVAdR-YpWaH7zJnSIxjJHD-5KyCdl8EEGFR3m1QrplxhNCvvIxv-gBRGP7yMM_vgZFFTYXla58whc591fiyDYkTXQA24zavBcgRfD42DPTirJ50bOwY_OhkMf_drLQH8JBrC71J7iFdKbcH7AjalwK14M23STTnQ-1_dHjyP_Vi-voKhJ3WQNpg4ZdxntUwzSRr_Nf4MNUaeZ8OkwSbCMM7-WK0vbqflNb4pE0BGdl5EPFdpiMBW76Z42klUcjk884ok27dRgVJdXhP8tPU8fSt8p3W0GD8otnf0FR0G7HvB2ua_pdn_8cz348Mhjtum3oldpG-9xtoLb98Wom70WqEqLdwOtwxYq2bYkoeUBVd7-QRJ6zLhDWyuRXD6KKD27HZX1WhF_wvFhG1BFOZI7O8pJ6Imq0hywhZ1ZOZQoP07l76wIqxJ-cxY8G6_nX1fJ4LSOiLiNHkxUvxtzB3HFETYWBcWzZwdj8W1T30KMx3WpX2JrhWOJ-zHf3ugiomztgkmdKaj4oaO__OLZJh7NcMqe33EDBG81Jv1T7SrJD_Ii60Cdu0SS4MSnIwEwoFHeQGbu6bc6vJIr2lFlPNO3yV-EY0zvCsTmKrPuuS7mbVMROtPk8iUDvQfBt1JPVc-LNkwweGIfALDKd5ZMwmHdLDF-qCWIk-00BswWi1QBXpNRZGEQRPw2nw0S8Ux3VrPPUvEiVQp3NBn_pkaB7t2ahDfuYy1hqrD-11pmQ_iy7kOj6-BH5BTqtWcVnBoSRLXQDL5Olphz_HgbCsQ6dkrgcrjAHUE1aP3x1JGbkXQKCGnBDbQelZ1UzSQB5qz7Ybkxrj4USnIVA3l4KBfj5jcCAmMJzCutDlXWuiy8PUj7y6WZLjXmC7Kqous2GSmLxUA897hatPz1xdihZwtiYhh1vdyRqnOb_OTW01q3zvY_UGAAia885h16ukUscC21V3lOzK0KVX-hw5mrePHPK2YQOmwiKdJrzWP3VYe-nRj6GVTSx3TXVmJQJkC6pb28_Ef1kTMzjjIAZQ9w7GZUd2axq2lXQcrCb3A_C39AYvYge_0dMozZQfPweBw-VJ6hgj5gAPGIRhmzTdjQREQUtK2VMbOGTP7TL3vV0oVUdh5LnEs-C98HlWfmBwbzBLtJY51ytP5ptLWoZTwRdCptCBTF-icEHDL-2XSXnw8TW7CFnafO1xyjtdhghNrjtAiWkqsbq5AKVJ1kLxacWcZutkYRPxrijf9yxX5LyNKOAqvUGnCgMqH3A_GOCef9yyiMg7JojOLRDAZWFYoRb2WNWQmncU3ahY&sai=AMfl-YQtl3cj7bDZLaSmvgkpw5UAGgXcbWIpvr_v6wHa-gema-jEN_JUh-fM5qW9UeOPHTXpcbt0RT6rgofibxIdk8qhrucLUlk6zM1ec9O3ZLKOmM_y9CqJHzQ9bOs-BK5pRZlC81y3DqgmkCOXVy3bm4qXzRswushco7CO4fumoUmNM-JcM4PgrVFOPvFYccwHsoVdBYTMPnHMwLyPGP9FPgOiwSNaOaP4wRxu6AZyjjjpX33edt-lTf6vJeu6Tsp1dSc8NxT_KsurgxhX4DneX23A4K5LOQ&sig=Cg0ArKJSzJ7bfpKZE9oREAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=638&vt=11&dtpt=379&dett=3&cstd=249&cisv=r20230620.83667&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 28 Jun 2023 21:57:41 GMT

GET
H3 200 style.css
s0.2mdn.net/sadbundle/17428105819714486272/ Frame DC66 4 KB
1 KB 9ms
8ms Stylesheet
text/css 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17428105819714486272/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=wCagNPJ00m&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff3aab1b58d4fcef7acc02e44ae8c3b4daccda6ddbac8015ac91e70b260e66d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=wCagNPJ00m&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 09:54:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 216217
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1090
x-xss-protection: 0
last-modified: Fri, 02 Jun 2023 16:34:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Jun 2024 09:54:04 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame DC66 120 KB
41 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=wCagNPJ00m&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=wCagNPJ00m&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 02:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71276
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 02:09:45 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame DC66 60 KB
24 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=wCagNPJ00m&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=wCagNPJ00m&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Jun 2023 21:57:41 GMT

GET
H3 200 pa.js Show response
s0.2mdn.net/sadbundle/17428105819714486272/ Frame DC66 4 KB
1 KB 13ms
11ms Script
application/x-javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17428105819714486272/pa.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=wCagNPJ00m&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b88a304d6162d0e7bc1ea1c3b8c9e9f6b6751002a6d58b6a7bb2c4dd383dea8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=wCagNPJ00m&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 08:56:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46870
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1443
x-xss-protection: 0
last-modified: Fri, 02 Jun 2023 16:34:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 08:56:31 GMT

GET
H3 200 logic.js Show response
s0.2mdn.net/sadbundle/17428105819714486272/ Frame DC66 26 KB
4 KB 14ms
12ms Script
application/x-javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17428105819714486272/logic.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=wCagNPJ00m&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95dc2fd2d6660cddee1ecf5114f8017512f5f017e2cd96f71efb880957a69564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=wCagNPJ00m&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 09:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 216227
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3855
x-xss-protection: 0
last-modified: Fri, 02 Jun 2023 16:34:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Jun 2024 09:53:54 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9083 22 KB
8 KB 12ms
8ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 115200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dpixel
cms.quantserve.com/ Frame 98C5 35 B
463 B 52ms
9ms Image
image/gif 2620:116:800d:21:de2e:c7b3:55c0:d5a0

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPcDviovP5jZIW6mIDMIVxg&google_cver=1&google_push=ATf1kGPMtdrh99opri804l5g6eg1Db5RScb59nTSNKVE2oGZd1otkPIUd_lXGHwJvusBh4z4xh5P1FZejutzRV3UrvwufRgTasYXEoDVAMV9nzhkrGJIU9CObTuSX5N-k15lxFiXg4QUIa76leVp9YW8Vivy-Mw

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:de2e:c7b3:55c0:d5a0 -, , ASN (),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:41 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 98C5
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEBpEgO10VrmczKono5XSEeY&google_cver=1&google_push=ATf1kGOZvyfMGlmaCyZXUToTyTXx_Ulp5rnnLvepNJfW5EebS6-_qjAhOKCEDjrJPAOjXkzAlQS5aGyRkbSHWh9miswdQ95...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGOZvyfMGlmaCyZXUToTyTXx_Ulp5rnnLvepNJfW5EebS6-_qjAhOKCEDjrJPAOjXkzAlQS5aGyRkbSHWh9miswdQ95hwMxEl4ezJ7WvPOzZR3oAVA5-tl7AkeJQwZ0AH...

170 B
188 B

30ms
29ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGOZvyfMGlmaCyZXUToTyTXx_Ulp5rnnLvepNJfW5EebS6-_qjAhOKCEDjrJPAOjXkzAlQS5aGyRkbSHWh9miswdQ95hwMxEl4ezJ7WvPOzZR3oAVA5-tl7AkeJQwZ0AHmIyZ5IJhlLeQvoF4z1_1PdUPnw&google_hm=eS0weGhrYnNsRTJwRktfR05FVlA3TDI1OUJheW9VMXE0Wn5B

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 28 Jun 2023 21:57:41 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGOZvyfMGlmaCyZXUToTyTXx_Ulp5rnnLvepNJfW5EebS6-_qjAhOKCEDjrJPAOjXkzAlQS5aGyRkbSHWh9miswdQ95hwMxEl4ezJ7WvPOzZR3oAVA5-tl7AkeJQwZ0AHmIyZ5IJhlLeQvoF4z1_1PdUPnw&google_hm=eS0weGhrYnNsRTJwRktfR05FVlA3TDI1OUJheW9VMXE0Wn5B
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 98C5 0
12 B 19ms
19ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L50XjtLZIwJs0Hvlk5gCZFXdb40So4vQbFs2A

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:41 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame BC6E 0
0 50ms
49ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuLPs8neWAaUUSElWqp19RyBbl4q_UI2XZlS61gzWVaWWV6hcEbM2ir7sD9_ls9Iz2XfILTCx3U3R8c0fDs7lOE4d3dK9WM85EjHaJwpESpHyXRiA1e9EvzQKgpmbommqimPd3Vk_0OPZGmgFnlmeYXUjScYidXI0lfkPU4d2WRCO54DQevt6uojEVtFZKINCEAjZJzSTQz_ic9NGrq__Q6Thww6K3BRpXdCPWT1A_jQ-Uodf9oe7V9YltQa7gOSUX0tV-ED8-sFXLDNzRmaSKm6uRD59K9U014sBlJ4CR5OK-dpXFSiwloqeqkEcfL9NPex2tvc-wdN7PvI3AAbGGZfad2X0FrNTDLtUNqi7vnEG7a5QYrNSQLLQFZ-L_wIuJrhKrfk172Hz4L4mIA01cUZfkeiSXn-4ftCqexGBQQyDiytkI8-AOsDs75cspJNGQn4N_1tWQzu-XHyusbDXaqiSPRKb0aMq272vfQ3mn5zf5-2xnaGO-sIHkPCDCV7hg0XbsS3QUPkYEgWtOgrTl6FVFSPlJwVLy-SuwEYnys2-IQu8gCgdV-EhYgAYbq-jpF3xIzxd1oXfTOq5vv1JmwXo2BP9ewfgud-fNsGv9YEIMi9NBEGZNe4WRMBXTHdtMm9eED_GNk4aVHnGSLWKhDLcvvNvAEbhtSs_UyJsxTgpD5nDs8NvrYBgT44D5wtiN6zReC9mTmw1RS8oRYX98_F5J3psWY5IZkwpYyLiRA1JKF6EMTdUjmnj_pR-Y73Z-aW7j54pIVDhz31YDRVeTmxDfAqSeIFRqnDB7kMxAeDYY95aBN9JRSqwwYF9zmtwpGsK9xDOTkMRRJlBglTCJ3e4oD0rIlxudKUU5mnh0CEPRt6K0CI0g69d47GyFzgVj8sEo5kEPvInBoXx8LEn2gkEBFSLd20dLOctAAI6LWmpwaYYjRyz0qJ61-8phZfNAdx6uGH4S0ckdfuzt1GLWhiJnZwIzd5L6vfD1CKiTj3vJF5Ajg62wCU6bLzu7DcU25fUGH5z-dqnfLbGIGWWr1qf0vtS1yC-EzAaFJlE7dRRLirhkaUmDqRvPe7fPK7Ooa7ox6F6fdIAfxBmkdmy5Ywgvt6r117V3htOu9ooOoeFNk-Uy1Ac3UoSfJgS1Kd4OdhI-8CSrcW4Z86RTDR47QlIifQzkHv91BcLJjyQSkiTTvqIt-vIYTifyHbXcvcp40TqKbs01zsJaGlsyJmROr8Auu-nXMn0mNI3g6HsSw7QY6zvnRdngxbZ79Pxz0j4ZLbZDYnHbQX0KDnMNRVg&sai=AMfl-YSmXDQbBl8jkEOJETjoywPHN5FxRvscE7APvbbC9Y2ohq1I7z3rhhO9IdzNkqAcq4pZMLbvNwzrh8g1pbmNMlVMpEj2nvBnSns5kl-mTxJcDCtdyu074Rk7KNCAcm0FRHiOfwQAeVpSqPyC1tyCwFiDSEllxhxuewNyFNJN8Zye5L0IEKq5RCJwEUFpvACrEmmP19uS34xQphQkSRCXY_X57M572KekJT4jOUlAywHpWYiS0xUy9qtdC4gTT-iS1ecQ&sig=Cg0ArKJSzEnTdXSvbLwpEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=517&vt=11&dtpt=273&dett=3&cstd=235&cisv=r20230620.18586&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 28 Jun 2023 21:57:41 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 780F 7 KB
6 KB 58ms
56ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

72b49306d1b583cc3d09fd5b76b2f0c83e7e6ffa5841d052883597a33d24e4b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5748
x-xss-protection: 0

GET
H3 200 visual.jpg
s0.2mdn.net/sadbundle/7493198391404092334/img/ Frame 780F 84 KB
84 KB 11ms
10ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/img/visual.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b438fcb0b6409866bcf245a57397590528a9db351cceb09953f27f9105069895

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=WT7wEhgLt2&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 23:04:37 GMT
x-content-type-options: nosniff
age: 427984
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86025
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 22 Jun 2024 23:04:37 GMT

GET
H3 200 YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js Show response
pagead2.googlesyndication.com/bg/ Frame BB22 37 KB
14 KB 24ms
7ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6139cf28f27e43ef93d80278423db91715a6c3b6c0a155c4f7386dcf578de617

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 10:30:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 214028
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14704
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 10:30:33 GMT

GET
H3 200 btn_cta_arrow.svg
s0.2mdn.net/sadbundle/17428105819714486272/ Frame ACE2 366 B
306 B 11ms
10ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17428105819714486272/btn_cta_arrow.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65ecaacea233cbd58cd42e885e80df77cbc92fc6cfd6e85f1d0e9d2852e1e7ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 09:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 216227
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 269
x-xss-protection: 0
last-modified: Fri, 02 Jun 2023 16:34:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Jun 2024 09:53:54 GMT

GET
H3 200 kia.woff
s0.2mdn.net/sadbundle/17428105819714486272/ Frame ACE2 23 KB
23 KB 11ms
11ms Font
font/woff 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17428105819714486272/kia.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4974622fff31e0fe9dcc6c31c33e3f74dfb665d2678bd876ab807506e3bab60c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 25 Jun 2023 05:00:03 GMT
x-content-type-options: nosniff
age: 320258
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23072
x-xss-protection: 0
last-modified: Fri, 02 Jun 2023 16:34:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 24 Jun 2024 05:00:03 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame ACE2 7 KB
6 KB 73ms
73ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e5109e4a33b205d20e33727b3e4e2f80effcf63966f5c50e42c8e3ab0efbaa84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5801
x-xss-protection: 0

GET
H3 200 60029391_20230503010142811_logo_kia.svg
s0.2mdn.net/ads/richmedia/studio/60029391/ Frame ACE2 1 KB
710 B 10ms
9ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60029391/60029391_20230503010142811_logo_kia.svg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4caec19fb48c8b123d8f1dd3443f2bd70863adf6408db3ea83b1ee46df65c454

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=LpYJpmpjOk&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:45:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 733
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 674
x-xss-protection: 0
last-modified: Thu, 08 Jun 2023 13:51:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 21:45:28 GMT

GET
H3 200 60029391_20230515064253176_Ceed_728x90_01.jpg
s0.2mdn.net/ads/richmedia/studio/60029391/ Frame ACE2 19 KB
19 KB 13ms
12ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60029391/60029391_20230515064253176_Ceed_728x90_01.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3578599c04427db93b8dbb9856b31ec74706adab651288a8444b48a833606c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=LpYJpmpjOk&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 10:13:18 GMT
x-content-type-options: nosniff
age: 42263
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19143
x-xss-protection: 0
last-modified: Mon, 15 May 2023 13:42:53 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 10:13:18 GMT

GET
H3 200 60029391_20230515061715964_Ceed_728x90_02.jpg
s0.2mdn.net/ads/richmedia/studio/60029391/ Frame ACE2 16 KB
16 KB 16ms
15ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60029391/60029391_20230515061715964_Ceed_728x90_02.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99d22e206a5ac6e477ce8a4466d3f01ab5db135dc1fdb8a75b9bf8f0d10a28d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=LpYJpmpjOk&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 10:21:00 GMT
x-content-type-options: nosniff
age: 41801
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16509
x-xss-protection: 0
last-modified: Mon, 15 May 2023 13:17:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 10:21:00 GMT

GET
H3 200 60029391_20230515061719220_Ceed_728x90_03.jpg
s0.2mdn.net/ads/richmedia/studio/60029391/ Frame ACE2 17 KB
17 KB 15ms
14ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60029391/60029391_20230515061719220_Ceed_728x90_03.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d0045314684d37447b37f42a67c55caaf3d04c98a68cb75a760ed799899a965

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=LpYJpmpjOk&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 05:02:53 GMT
x-content-type-options: nosniff
age: 60888
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17219
x-xss-protection: 0
last-modified: Mon, 15 May 2023 13:17:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 05:02:53 GMT

GET
H3 200 60029391_20230515061720732_Ceed_728x90_04.jpg
s0.2mdn.net/ads/richmedia/studio/60029391/ Frame ACE2 13 KB
13 KB 18ms
16ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60029391/60029391_20230515061720732_Ceed_728x90_04.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aaae67d76785ca3c10c3ec64930c48342d5ee67f49a7ce60854e38b80b7d0774

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=LpYJpmpjOk&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 10:13:18 GMT
x-content-type-options: nosniff
age: 42263
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13772
x-xss-protection: 0
last-modified: Mon, 15 May 2023 13:17:20 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 10:13:18 GMT

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame C93E 0
366 B 120ms
72ms Document
application/javascript 145.239.193.130

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=94391000174047304444554012369017&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=29b2e8e068&subid=&uid=b4ea66f64868f61c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCN-Db06ycZJ3iCLu89u8P79iSuAGm5b2gaa2VnKfJD_AuEAEgwLKCa2CV0rSCwAfIAQmpAtPqU3VdUrI-qAMByAObBKoE4wFP0AWla6HvhyZwY5fwKL5ZcNsTLlaPEsr-BWk0UMPvZrnqSMvgY6j_KGw172RFkH0ix38XlKXXqnAl-VRGkFOEN884DjGJcBVXjU-jOmZuIFpyGZr4FWXK1u0g2-Oe7OKd2nJBJoOqq3I3AIO75Zkc2bhA77Tn-OaSVJyyy05jxYVciDLa77opj6hK42fZk-5EsnHGgl1A3MJdgsvGdt9g2zLNmA-DGJ4OTJf1jM_5VzKLH8Rs2K0SMbCL5PxjMYHwAZLK1TCd0lFddxOf4oviOUPttrI3vOcnKH-eptwQtLe9_MAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoDmAsByAsBgAwBsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiD4uFUJbggLmfY2mUbDHx42r49fbLk1zuOVCvH0Ho26lTG0VVcoI8WBsh8zOV4siutO3n7miJwblcKPUe0fNlbQqAEp9sFOsb8-j0upMCIPvjUX3W2yO6PFPLBB8iNTLeMHzpRvrlL7Z0YAQ%26sig%3DAOD64_0BcFkOsP_h_-hSDjZJyWWO9eeZpg%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-B1NOcddcc4m9UUW8YSTTZ_YZwa7AnYBOdixO71tCXS9SoYx1GQQCfKSNhbcIb2ktpQjwNN_xO5OEN_hAoHkmy-rMGHz00hFOWe0uhPCrr0uL0Nv4XD3nDRvhvWJwghCfMf-tYrrJM48psmILPb1_Yssi3-d-5ggF-5G9f1aLGqbxtCYOA%26cry%3D1%26dbm_d%3DAKAmf-DJyhaunJEJO2tRxl1K2M6TSdQxyOXNxlwwD_PS8Dg2RduBCNNStC8-3Oes6TQtO8q9zOvP8srPUT06wTluZXEnzQsrqn4QObUXJh2AbStl-GaKs0JTF8JNmusDZrBBZrN8plq78CVAkym0ZMb065_CN7d3znDt8UOo3Z6KCtgtVATNERsvnIxh_OGTvIdGlIrrYzxP5x6KlaY61NSebqNh5a9R23rOi8VvTdFzBJNLsNmeTIpl6vjMu2jaQX_SmIYc2kEn6_RJ1AVYUxozztMwmGOKpeEBQkCVWrDmMpIGQSnc_FhBgjfEFS3F13-U8MnxR0gAxok713v2GO2mxVKkSnr07aDKHhEE2gZ2T4vFSdE33lCSzDNtPJzsEISh4r4pYVP0Ryf-KkPNEKu6ohvXiRM0P1RXDLaK7eyeUEaev4wi3DhzkviRfa9t45FKnfSPgB7c3jOk_GxFv281DdHdw9G6GM4Gs0PwzkJ54MyODwYt4ulStDqbgcg0iIDkoEHeTC8kEiwRX0jZusVUqbidDyXEc1Zvsz_fHL9LDU6ezzBVNR0%26adurl%3D&documentReferer=https%3A%2F%2Fye-mek.net%2F&ancestorOrigins=https%3A%2F%2Fye-mek.net%2Chttps%3A%2F%2Fpcloak.blob.core.windows.net&random=2475204389369&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 -, , ASN (),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 0
Content-Type: application/javascript; charset=utf-8
Date: Wed, 28 Jun 2023 21:57:41 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40028
X-IPLB-Request-ID: 50FF0ACA:E330_91EFC182:01BB_649CACD5_537013A:1ECFE

GET
H2 200 / Show response
adv.office-partner.de/ Frame 2BFC 930 B
931 B 51ms
10ms Document
text/html 2a0b:4d07:101::1

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=29b2e8e068&subid=&uid=b4ea66f64868f61c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCN-Db06ycZJ3iCLu89u8P79iSuAGm5b2gaa2VnKfJD_AuEAEgwLKCa2CV0rSCwAfIAQmpAtPqU3VdUrI-qAMByAObBKoE4wFP0AWla6HvhyZwY5fwKL5ZcNsTLlaPEsr-BWk0UMPvZrnqSMvgY6j_KGw172RFkH0ix38XlKXXqnAl-VRGkFOEN884DjGJcBVXjU-jOmZuIFpyGZr4FWXK1u0g2-Oe7OKd2nJBJoOqq3I3AIO75Zkc2bhA77Tn-OaSVJyyy05jxYVciDLa77opj6hK42fZk-5EsnHGgl1A3MJdgsvGdt9g2zLNmA-DGJ4OTJf1jM_5VzKLH8Rs2K0SMbCL5PxjMYHwAZLK1TCd0lFddxOf4oviOUPttrI3vOcnKH-eptwQtLe9_MAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoDmAsByAsBgAwBsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiD4uFUJbggLmfY2mUbDHx42r49fbLk1zuOVCvH0Ho26lTG0VVcoI8WBsh8zOV4siutO3n7miJwblcKPUe0fNlbQqAEp9sFOsb8-j0upMCIPvjUX3W2yO6PFPLBB8iNTLeMHzpRvrlL7Z0YAQ%26sig%3DAOD64_0BcFkOsP_h_-hSDjZJyWWO9eeZpg%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-B1NOcddcc4m9UUW8YSTTZ_YZwa7AnYBOdixO71tCXS9SoYx1GQQCfKSNhbcIb2ktpQjwNN_xO5OEN_hAoHkmy-rMGHz00hFOWe0uhPCrr0uL0Nv4XD3nDRvhvWJwghCfMf-tYrrJM48psmILPb1_Yssi3-d-5ggF-5G9f1aLGqbxtCYOA%26cry%3D1%26dbm_d%3DAKAmf-DJyhaunJEJO2tRxl1K2M6TSdQxyOXNxlwwD_PS8Dg2RduBCNNStC8-3Oes6TQtO8q9zOvP8srPUT06wTluZXEnzQsrqn4QObUXJh2AbStl-GaKs0JTF8JNmusDZrBBZrN8plq78CVAkym0ZMb065_CN7d3znDt8UOo3Z6KCtgtVATNERsvnIxh_OGTvIdGlIrrYzxP5x6KlaY61NSebqNh5a9R23rOi8VvTdFzBJNLsNmeTIpl6vjMu2jaQX_SmIYc2kEn6_RJ1AVYUxozztMwmGOKpeEBQkCVWrDmMpIGQSnc_FhBgjfEFS3F13-U8MnxR0gAxok713v2GO2mxVKkSnr07aDKHhEE2gZ2T4vFSdE33lCSzDNtPJzsEISh4r4pYVP0Ryf-KkPNEKu6ohvXiRM0P1RXDLaK7eyeUEaev4wi3DhzkviRfa9t45FKnfSPgB7c3jOk_GxFv281DdHdw9G6GM4Gs0PwzkJ54MyODwYt4ulStDqbgcg0iIDkoEHeTC8kEiwRX0jZusVUqbidDyXEc1Zvsz_fHL9LDU6ezzBVNR0%26adurl%3D&documentReferer=https%3A%2F%2Fye-mek.net%2F&ancestorOrigins=https%3A%2F%2Fye-mek.net%2Chttps%3A%2F%2Fpcloak.blob.core.windows.net&random=2475204389369&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 -, , ASN (),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Wed, 28 Jun 2023 21:57:41 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Wed, 05 Jul 2023 21:57:41 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2

200

htlp Show response
futalis.de/ Frame F9AD
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=94391000174047304444554012369017&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2829309064

350 B
401 B

51ms
7ms

Document
text/html

49.12.16.151

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2829309064
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=29b2e8e068&subid=&uid=b4ea66f64868f61c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCN-Db06ycZJ3iCLu89u8P79iSuAGm5b2gaa2VnKfJD_AuEAEgwLKCa2CV0rSCwAfIAQmpAtPqU3VdUrI-qAMByAObBKoE4wFP0AWla6HvhyZwY5fwKL5ZcNsTLlaPEsr-BWk0UMPvZrnqSMvgY6j_KGw172RFkH0ix38XlKXXqnAl-VRGkFOEN884DjGJcBVXjU-jOmZuIFpyGZr4FWXK1u0g2-Oe7OKd2nJBJoOqq3I3AIO75Zkc2bhA77Tn-OaSVJyyy05jxYVciDLa77opj6hK42fZk-5EsnHGgl1A3MJdgsvGdt9g2zLNmA-DGJ4OTJf1jM_5VzKLH8Rs2K0SMbCL5PxjMYHwAZLK1TCd0lFddxOf4oviOUPttrI3vOcnKH-eptwQtLe9_MAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoDmAsByAsBgAwBsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiD4uFUJbggLmfY2mUbDHx42r49fbLk1zuOVCvH0Ho26lTG0VVcoI8WBsh8zOV4siutO3n7miJwblcKPUe0fNlbQqAEp9sFOsb8-j0upMCIPvjUX3W2yO6PFPLBB8iNTLeMHzpRvrlL7Z0YAQ%26sig%3DAOD64_0BcFkOsP_h_-hSDjZJyWWO9eeZpg%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-B1NOcddcc4m9UUW8YSTTZ_YZwa7AnYBOdixO71tCXS9SoYx1GQQCfKSNhbcIb2ktpQjwNN_xO5OEN_hAoHkmy-rMGHz00hFOWe0uhPCrr0uL0Nv4XD3nDRvhvWJwghCfMf-tYrrJM48psmILPb1_Yssi3-d-5ggF-5G9f1aLGqbxtCYOA%26cry%3D1%26dbm_d%3DAKAmf-DJyhaunJEJO2tRxl1K2M6TSdQxyOXNxlwwD_PS8Dg2RduBCNNStC8-3Oes6TQtO8q9zOvP8srPUT06wTluZXEnzQsrqn4QObUXJh2AbStl-GaKs0JTF8JNmusDZrBBZrN8plq78CVAkym0ZMb065_CN7d3znDt8UOo3Z6KCtgtVATNERsvnIxh_OGTvIdGlIrrYzxP5x6KlaY61NSebqNh5a9R23rOi8VvTdFzBJNLsNmeTIpl6vjMu2jaQX_SmIYc2kEn6_RJ1AVYUxozztMwmGOKpeEBQkCVWrDmMpIGQSnc_FhBgjfEFS3F13-U8MnxR0gAxok713v2GO2mxVKkSnr07aDKHhEE2gZ2T4vFSdE33lCSzDNtPJzsEISh4r4pYVP0Ryf-KkPNEKu6ohvXiRM0P1RXDLaK7eyeUEaev4wi3DhzkviRfa9t45FKnfSPgB7c3jOk_GxFv281DdHdw9G6GM4Gs0PwzkJ54MyODwYt4ulStDqbgcg0iIDkoEHeTC8kEiwRX0jZusVUqbidDyXEc1Zvsz_fHL9LDU6ezzBVNR0%26adurl%3D&documentReferer=https%3A%2F%2Fye-mek.net%2F&ancestorOrigins=https%3A%2F%2Fye-mek.net%2Chttps%3A%2F%2Fpcloak.blob.core.windows.net&random=2475204389369&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 49.12.16.151 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

content-length: 0
content-type: text/html; charset=utf-8
date: Wed, 28 Jun 2023 21:57:41 GMT
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2829309064
p3p: policyref="https://www.retailads.net/w3c/p3p.xml",CP="NOI CUR OUR STP"
server: Apache
xphp81: true

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame A9C0 0
366 B 133ms
82ms Script
application/javascript 145.239.193.130

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=94391000174047304444554012369017&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 -, , ASN (),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:57:41 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: 50FF0ACA:E332_91EFC182:01BB_649CACD5_52E4D5A:25BD1
X-IPLB-Instance: 40027
Content-Type: application/javascript; charset=utf-8
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75
pv.medialead.de/trck/eview/ Frame A9C0 43 B
382 B 114ms
62ms Image
image/gif 145.239.193.130

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e58733936cdd965d03e75?subid=94391000174047304444554012369017&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 -, , ASN (),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:57:41 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: 50FF0ACA:E334_91EFC182:01BB_649CACD5_53696D5:1ECFC
X-IPLB-Instance: 40028
Content-Type: image/gif
Keep-Alive: timeout=20
Content-Length: 43
Proxy-Host: pv.medialead.de

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 780F 17 KB
6 KB 28ms
25ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 28 Jun 2023 21:57:41 GMT

GET
H3 200 YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js Show response
pagead2.googlesyndication.com/bg/ Frame 9083 37 KB
14 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6139cf28f27e43ef93d80278423db91715a6c3b6c0a155c4f7386dcf578de617

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 10:30:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 214028
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14704
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 10:30:33 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B90B 0
0 47ms
47ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstAEaH1-qqxKSshBWIDNupMD_gISFUd_OetKbL5GTod7gekhYKIqJQb9UReBW4lxnFUPlTrNfrrYZgoG0hoYCsIVBQAaXPK3qxiko2iMXHV16r7qqrUH5rehOz6yoAsptCcr3-lhFq0rrHXcXBFyjO7Z1nQUB236NXs4YwCfldOsDdj7NDXsWBctjI9ml3mPYjaehI75jAEE342aoDn4nxEqajezDVMtyXgP_OtlAqBgK463dD3U50Y0rv6RupUDnMoFyyn47mllSZRM3lgkLVcNSKRpyUQv4T5xGpT7HyWoBp5qHqzZXiWOGyF78u7N_fs0hL2AGeqPpSiuM0I2Lyhz_pkC7-LwGZdcZ-P7pWcHfYRdncpLcK6-SkK_Hs6S75rwLVJlRN0XLOvJtuwbcJbAR92_YlvQpi8Z1Z1pNU7my0xuk-6w89tU4ksDRIZATFlluxRLgcPTcuPMG-v6nK-zph8Nv_jwRKa759uJyGyFSQKcgValea3VrSmvM0hsZlWCCHwzaUqwiXrJ89eYio5baHLf-9JN11EblhJ__QzvI6FZ3X0EyYNVtX5gxph9yuECWtELmiXRi6NcPLt_aqPapfPqwazRP_ABpOoCBwFNeFZw8G3GguOFbIEZ2UOrd1lKgs9NUMczbJuMqsSCe3tbe0EVCnWttRuPXgyPBLrg2jbGKSI5x_SuzX4kFO4Vsu2_t5UOQJCJeRQTBPH7oah4gCqUd3lh8X9KHnsVx67GaCsG6HRyjgL7USntkBW_vWIFJx435Cf4qPo_u0RdwkRRjKxzZfmmd7corB8uhYTsS7IGRx7IA7jmcaD8ga9qkeO24VIH9K8ntdI1DyPaj7VHZJMqN83kkp5Gvax52nYDwNL5Fregxe9Vp9i_7TLXc2JaOiGKswbqWHZaWaDaVxb15PBVocenxdiPdA7GpRYl4KTXtUeWt-CLB7N9S2NlfitC5fLkO-Z12U-ObR9vaOSp8l9g7lK2b2-z0d6nz54IfSfMnVFQdd6NkUuvK4s2Vbb5REJgP8ZZTX-degLcKO6mrtDnGy0QGeJG3WC30ebi72Ip_me0ltHEIhsggigdVxhI5EXdxv1vhRcdhozaAR0VnaBl5FTgjZwOHrJtw_LFBv4z-Kz43ahS-HAuTIOYARifVyoFqFctAPCcG3ljLZNptPKfrwWvDfKGZ1lzbuL4zIRuaRER2Uua6Ly1-3uu4P0PZRQBy7FXFCMo68YcpguJzKwIGyFq3ei4YAi-VQwQRSm7aqiMya3I_UB68DpL0Z9IXbb9HGITuHj8570iw&sai=AMfl-YTKD8EhD4mHT5w6oNGST9Zkh9-IG9TuYJErYCXsTPcSzxk1SznJ2w6w1a9BFopBSjjLNeRjA9HBQjsRLHSwLSgnRpYKyGoDTQAzNK3JLK5xGaCsVM1FdnI4OQ3iXxPsA2fjDTlhOmNx2IptCPoddxKICqNs8GfgaKrLEGiG7ixnV3oIOcnCAKP4VaRXkVL1XoqSaA2iD6Nw&sig=Cg0ArKJSzLkMu9JySV3sEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=371&vt=11&dtpt=225&dett=3&cstd=139&cisv=r20230620.25859&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 28 Jun 2023 21:57:41 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1666 0
0 66ms
45ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv_cuToVoyL0MDbEHHu0dNDLflIIwU2_hgeYpzJ4mJmCewBzPv5yLnQJjBD40lGhug5C2bR8F_nwwYA_CgeMkGbZ2vtz2Zv9iwh08DycQVC7AFe9D1J9aASmw5mNWPJBUu5RAdbJsSJFUe8VVijKKLPEoIflmSKL7vNwp-YGwbHQ0arFfBHOhKgzaJSotROxHvM1syEML7UHfggEBjmq1DcjN7R-eqnQFOCWrWIp4GyddfRh0uafYwThONePMb-_IOONsov5xucOJO2pabAELEA8bQ1vmblmrCGhIVnsIP2wsX50IpID8r9SIQOuPh_W8XMxK9iDVmY9nberWISzsW_XVo6x3FJPqS8iPlPPHfV60guttqQSV1GPTOF&sai=AMfl-YSrBRyyvC761j48RJZG8OwhDHtB-K-8oZJlDUWr1LFmavBLQxCfCCS5VrOy5vvXGYV5jQBA_plF4_AtgbpRpo2Wcunc0UawO_5PSjdiTf4&sig=Cg0ArKJSzJvK4Z3rgSYIEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 28 Jun 2023 21:57:41 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1666 14 KB
11 KB 62ms
59ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230620&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5cfa90136cebd0560505c59212c51599674286ace6c34a1f0282179e151941ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11175
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame ACE2 17 KB
6 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 28 Jun 2023 21:57:41 GMT

GET
H3 200 60029391_20230503010142811_logo_kia.svg
s0.2mdn.net/ads/richmedia/studio/60029391/ Frame DC66 1 KB
710 B 9ms
9ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60029391/60029391_20230503010142811_logo_kia.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/logic.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4caec19fb48c8b123d8f1dd3443f2bd70863adf6408db3ea83b1ee46df65c454

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=wCagNPJ00m&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:45:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 733
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 674
x-xss-protection: 0
last-modified: Thu, 08 Jun 2023 13:51:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 21:45:28 GMT

GET
H3 200 btn_cta_arrow.svg
s0.2mdn.net/sadbundle/17428105819714486272/ Frame DC66 366 B
306 B 10ms
10ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17428105819714486272/btn_cta_arrow.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65ecaacea233cbd58cd42e885e80df77cbc92fc6cfd6e85f1d0e9d2852e1e7ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 09:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 216227
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 269
x-xss-protection: 0
last-modified: Fri, 02 Jun 2023 16:34:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Jun 2024 09:53:54 GMT

GET
H3 200 kia.woff
s0.2mdn.net/sadbundle/17428105819714486272/ Frame DC66 23 KB
23 KB 15ms
14ms Font
font/woff 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17428105819714486272/kia.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4974622fff31e0fe9dcc6c31c33e3f74dfb665d2678bd876ab807506e3bab60c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 25 Jun 2023 05:00:03 GMT
x-content-type-options: nosniff
age: 320258
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23072
x-xss-protection: 0
last-modified: Fri, 02 Jun 2023 16:34:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 24 Jun 2024 05:00:03 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame DC66 7 KB
6 KB 83ms
82ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

25d14233cc34c5284032e301f03fc7ce873062c6b8b4c041f6597353ed1057c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5681
x-xss-protection: 0

GET
H3 200 60029391_20230515061835797_ProCeed_728x90_01.jpg
s0.2mdn.net/ads/richmedia/studio/60029391/ Frame DC66 14 KB
14 KB 16ms
15ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60029391/60029391_20230515061835797_ProCeed_728x90_01.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a298013dbdb4c2fd03dd00d73b1e25c072a6870c88b715abcc177c430742d8e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=wCagNPJ00m&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 11:54:17 GMT
x-content-type-options: nosniff
age: 36204
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14099
x-xss-protection: 0
last-modified: Mon, 15 May 2023 13:18:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 11:54:17 GMT

GET
H3 200 60029391_20230515061838949_ProCeed_728x90_02.jpg
s0.2mdn.net/ads/richmedia/studio/60029391/ Frame DC66 13 KB
13 KB 20ms
19ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60029391/60029391_20230515061838949_ProCeed_728x90_02.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f11804d1ef933b0bc1743a89e33afbd528eeda107a6c0c2444be61d739af5a73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=wCagNPJ00m&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 11:54:39 GMT
x-content-type-options: nosniff
age: 36182
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13509
x-xss-protection: 0
last-modified: Mon, 15 May 2023 13:18:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 11:54:39 GMT

GET
H3 200 60029391_20230515061842090_ProCeed_728x90_03.jpg
s0.2mdn.net/ads/richmedia/studio/60029391/ Frame DC66 18 KB
18 KB 17ms
17ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60029391/60029391_20230515061842090_ProCeed_728x90_03.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

568d6d51abf60ead0a44ada316a65a027f6c172b194e3858ae0fe30c983c857d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=wCagNPJ00m&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 11:54:17 GMT
x-content-type-options: nosniff
age: 36204
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17922
x-xss-protection: 0
last-modified: Mon, 15 May 2023 13:18:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 11:54:17 GMT

GET
H3 200 60029391_20230515061845211_ProCeed_728x90_04.jpg
s0.2mdn.net/ads/richmedia/studio/60029391/ Frame DC66 15 KB
15 KB 20ms
19ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60029391/60029391_20230515061845211_ProCeed_728x90_04.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04a06dd9dfb3eab995476062839b8367ec2586183fdef7e93d08994db0a50654

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=wCagNPJ00m&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 11:54:17 GMT
x-content-type-options: nosniff
age: 36204
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15494
x-xss-protection: 0
last-modified: Mon, 15 May 2023 13:18:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 11:54:17 GMT

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame F9AD 5 KB
5 KB 7ms
6ms Script
application/javascript 2a01:4f8:d0a:2321::2

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2829309064
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a01:4f8:d0a:2321::2 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:41 GMT
last-modified: Wed, 05 Apr 2023 20:14:46 GMT
server: Apache
etag: "1416-5f89c717cdc2f"
content-type: application/javascript
xphp81: true
accept-ranges: bytes
content-length: 5142

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 2BFC 113 KB
44 KB 26ms
15ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

75624d201728ac36424bd5ea3daa01e59f0917744622142e76b8f60653de345c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44566
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 21:27:54 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 28 Jun 2023 21:57:41 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1666 17 KB
6 KB 43ms
34ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 28 Jun 2023 21:57:41 GMT

GET
H3 200 YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js Show response
pagead2.googlesyndication.com/bg/ Frame 07C9 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6139cf28f27e43ef93d80278423db91715a6c3b6c0a155c4f7386dcf578de617

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 10:30:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 214028
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14704
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 10:30:33 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame DC66 17 KB
6 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 28 Jun 2023 21:57:41 GMT

GET
H2 200 link.html Show response
track.webgains.com/ Frame A9C0 2 KB
2 KB 139ms
77ms Script
text/html 35.178.131.157

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=94391000174047304444554012369017&nw=1
Requested by: Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.178.131.157 -, , ASN (),
Reverse DNS
Software: nginx / PHP/7.4.26
Resource Hash: bb6615ee877d1bd2ee3ace511b79c163ad852890ddacbadabd603a33f4b2a866

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:41 GMT
last-modified: Wed, 28 Jun 2023 21:57:41 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 28 Jun 2023 21:58:41 GMT

GET
H2

200

activityi;dc_pre=CLip-OH65v8CFVuPsgod8YkH5Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7028113949201.755 Show response
5994599.fls.doubleclick.net/ Frame 9391
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7028113949201.755?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CLip-OH65v8CFVuPsgod8YkH5Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7028113949201.755?

391 B
327 B

61ms
56ms

Document
text/html

142.250.186.134

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CLip-OH65v8CFVuPsgod8YkH5Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7028113949201.755?

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

20f77b0ce4f6178311313a1922f03d35965e833a82399984b90f73f49fefd690

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 218
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:41 GMT
expires: Wed, 28 Jun 2023 21:57:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:41 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CLip-OH65v8CFVuPsgod8YkH5Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7028113949201.755?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900017.redintelligence.net/ Frame 12BB 7 KB
2 KB 21ms
8ms Document
text/html 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900017.redintelligence.net/request_content.php?s=94391000174047304444554012369017&a=507e02cd
Requested by: Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: cc56c196907a23a36a0d76524b31eb59432539344cf734212744adb562621442

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2041
Content-Type: text/html; charset=utf-8
Date: Wed, 28 Jun 2023 21:57:41 GMT
Expires: Wed, 28 Jun 2023 22:57:41 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame A9C0 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 58761096bdc8161f6bd209346ae5d8908f1b2cc9fcc5abec844faf6cf8a5545a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js Show response
pagead2.googlesyndication.com/bg/ Frame 992E 37 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6139cf28f27e43ef93d80278423db91715a6c3b6c0a155c4f7386dcf578de617

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 10:30:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 214028
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14704
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 10:30:33 GMT

GET
H2 200 5ed7702fe4b07a92411bc03e
ng2.virgul.com/tck/imp/ Frame 1E5F 0
209 B 56ms
56ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7702fe4b07a92411bc03e?g=1&t=gb&r=153378@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687989458630&userId=vnet87604c0e-85b9-4694-a152-c65714f2ee85
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:57:41 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 93E8 13 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 973
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:41:28 GMT
expires: Thu, 27 Jun 2024 21:41:28 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 30F0 783 B
535 B 19ms
19ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b13b4e4fe3e2e2b06dd177c7f8dd5bfca45bc174909e3982befe3cda1f9e38af

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-beTS6mi324pP7QEF0rzc6A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-beTS6mi324pP7QEF0rzc6A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:41 GMT
expires: Wed, 28 Jun 2023 21:57:41 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ Frame 12BB 5 KB
778 B 18ms
16ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=94391000174047304444554012369017&a=507e02cd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 28 Jun 2023 21:57:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 21:20:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 28 Jun 2023 21:57:41 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 12BB 11 KB
11 KB 22ms
8ms Image
image/png 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=94391000174047304444554012369017&a=507e02cd
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: fe1c4472e5593cbad87e00318338a8c8f7cbb2c140749decc385d00b7861e649

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:57:41 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 11559
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 12BB 12 KB
12 KB 39ms
13ms Image
image/png 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=94391000174047304444554012369017&a=507e02cd
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 012bfcecfc2ede88246f38790e1f6523713e0e2bb0f98c87949ae28594faf004

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:57:41 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 12072
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 12BB 9 KB
9 KB 39ms
13ms Image
image/png 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=94391000174047304444554012369017&a=507e02cd
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 348e796d5c91608f48049d7bcb53e6f9ee78abf87f0c71edf955a27f6b9b5fe8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:57:41 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9494
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js Show response
pagead2.googlesyndication.com/bg/ Frame ECAA 37 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6139cf28f27e43ef93d80278423db91715a6c3b6c0a155c4f7386dcf578de617

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 10:30:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 214028
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14704
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 10:30:33 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D42E 0
20 B 52ms
52ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BvsFD1KycZJqQDpDL7_UP_rwJAAAAADgB4AQC&bg=!zs2lzZnNAAYQ3eRoMN07ADkAdvg8WniegkiGXNKKLgl3-g_yewio_HLZLX7pD4zX0WVcQ3Mx6-yAL7QAHPTMyTWL99wq8JakVscCAAAB8lIAAAADaAEHmQMQ2STTRT8Y-KCbM2wnMsBcHEoUVSEkkHa7dD84EBRvfj9mXdiQruP5awYgtTrAA1mK5VJ0vhjy6Kq74BZAXhRWAiE3vJ36BFGcmSbThyYeM-ChQTNtKvYbXBP8dQcbvRW-3QkLP4-7ptvpZ4nZGz2xWxPPfYqfDtN3q2WX66fX1fMtExvxVJqJUqEdXhtrspU4N8r7I8xCpeEMR6XTNqvaONYGlC9dlHYmEoOpMVCAJ5Kj7nrZK9sog6Uh9D1-M1PTkixH4-dhFjKFaVxbVDh4_2qkQHpgBDgft7x2zSrVXOWR3dPMPJb9Uxb1LsxeTwZNskxtzbIYLqpreC5txeyK0aEoFQqFlW8bWTF4Ozs1kWKj8sM8P1kQ4wf0P1ZB6yVLdbqp2xBBSv5b_O-zkUiwdQLO1M3EDHbGrxqTEcCBOIjk4PP5_Oxuy9bqt_spQLHAeRIE_dqySBbCCm4dIhNyhzI_8LSbsk639gy-GvLtuLk0owPKqBCyEOTFC-LNaDh62Pp6LoIf4DsgNhiYaOg5GDVbCBQw74fKpqf_32RqdVOFapo13wokhC8H3KN4-zGQreKbwnexahQd6MAP5_GHguaHBm0meGd1Diu-mFTSOxVtMIJ0orHeP9EtEGNuo-dMPljT4XL36IenNTl-YhuLyBvYbhFJ_i_dm14mc7IiP0Gdgiv6s9Hy1ecwRAv15YICxSqXkO2VdJNEus9-FRGoDW5MclqUpEQBwquqTowphlA9gm1ZHCnjkV8v8a03Fh4S9Unxk44Yd0DNfVJktNpClLVFBje5dRTLzONBjP0iEjjBeCH33dttDhtlQ_KSnC64kTDHyLcC9uiz4WMdGn-59O-PM3R2F_3Xupg5dRxhlKMFGKTH8lJQtb_km0Z061V4Y-ubSRpX74SQM956DSpjHjbPmwXDpfD3F0CcS1_bcNFW9PpIbPLuxPu4l052AGovnowLcrPrOxEgHvO_jFKMA4PlM2Z1SfMFSwpJ9PeZXxn5dQRUby6lYprkdoP-LZlndqOfH8MdfE5ytiLaFqSQ4g

Requested by

Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B3BC 42 B
64 B 47ms
46ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssrmq7HEysJVCXYpMun91ivb9YGIcEcZzWleG7EgUDdibEuGrvOgCORpImN-rnIaAYEf12LuKLTzzbv0nsU7jIRM5YeKG4x7Bn2ezdbAEwoH14nAwYKUdrOEx-Q4SUNUcs8N8jzOt8vEGKO&sai=AMfl-YRbeIVdi3A5ApNc-ui8PAGH9C2JbrZkgQBe7xaA4-fmRXB2os5jjfPnVlQls77C4HeI58SaNyfcIEFtfWvOzw21Akb4a5GUSzV2nDCVgvpVSOfk7AZq0HgKZRme9WmwX6cWo0s8BBj-NN5dZw1kWYghz3DWg_orPMKGBf--Qgvo-jmcLZyXQY3MwogV_Q&sig=Cg0ArKJSzBr6rXG-rP9WEAE&cid=CAQSbQBygQiDIE2MqTma_R9zgqy7I7w8EU92v6kgmO690n-Fhv2_tyTDAJ6rM3NplU6qPCZy9NnjXNn_LpNMXjEQ7oWzI07wZw5n-1a8xXy_iVGNB8Bv3k2ujIUZVYwZ9cybd47BrEK8_gFQFemqcj0YAQ&id=lidar2&mcvt=1048&p=1,1,213.953125,301&mtos=1048,1048,1048,1048,1048&tos=1048,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=9&adk=3962850263&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1687989460030&rpt=570&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 6D0A 42 B
64 B 53ms
53ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvu3PPbxvNJZcZKSnNU4mLEEdS_T6NzjgnSJq3zkKgIddB871vvsvKI4sN8Xsfc_oVxF41sCWfKH2UUfEW4c4aqh6ioMiIUdKEozOD81bdL8wevzfkbRyEL3A54oVgshSCHh2nmlSn4Cah-&sai=AMfl-YTV4G5IBA8AQLKdYMiLjzzpGfhTUGS1TfN8ofANwLLRROrPaqtCXrrgEkI8iveL9Sf6tM115Jit32CzrcUmZkPslJ_VyBdixcXRBf5z2SqRcJFm5GOSlTDylFs&sig=Cg0ArKJSzJ8dON_RaFl8EAE&cid=CAQSOwBygQiDCsdPUMyFh4228B9Ub68xvdqyKnN4WpB2XFCuUCHap95vUumh-ppLECRdWGXnrb7mo3asipOiGAE&id=ampim&o=0,229&d=160,228&ss=1600,1200&bs=160,228&mcvt=1066&mtos=0,0,0,1066,1066&tos=0,0,0,1066,0&tfs=1129&tls=2195&g=100&h=100&tt=2195&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 01C4 0
20 B 50ms
46ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BEf9M1KycZMa2DvOn9u8PvoCEiAQAAAAAOAHgBAI&bg=!U1ClUATNAAYQ3eRoMN07ADkAdvg8Wu2QR6OU5q4aVxzRbU0UvrpyA-4Trrlzqa2ZAsUAzVxIJRXBkeMDfABhJlr7Lw8TjyZAM-oCAAABp1IAAAAGaAEHmQMPEfxbGL2z2XIvqJWhPCn_TYxxLkpDjOAzZByf17OXLu0xj96LLlUNiQ2rXJs8iXsADDmNYVDfq_JBC2SxsHTii4yGh_tgXtijEqXVnnuKTapKreKC2sStgtDmmWVFSr1KLnRg88-D1dVFkHFGOo5g_GcUpNyiy-DuhoWQ-OHlJ3LWtZDgTQJCBukTLWIUviMMtL2PXvkndyZHdBizgksJl1eysW2-wRwS2MJha8mKX5lkl2BDbH4vANOsE17GUFSd36oK5MIYx3hdPP0aEVq8S_YiGkczN_qE8uG5VjMvsvrLXQVDL8FIrmMr1kt5wt9lhMIKXjyIH4KV8xXbpG9fK3LvAxfS7m9_p_VIwXeYJUkcimDNMvYp9sLB1MIAnfNgmZEBgD7vQ9LhZE-H4zYmQpuYzLQ0Fxgd5EOkVZjVeo25fZLqFHmXfuYnIBf7FLoEQslA6-FfqRdOecAde4AQUAMN6BNwXxsHTQ3RuNVsSeGKp4Iqb2LDQB11vM8OhRFqoInbRZbka8LoqAuN71GsSN4AKEZulX_YaJ_KLn2-J6Z13hTH0_vbHBcTMRKcBBm5lG_KeVT8CZQ70ZjyaFZMVW_lDgVzg_KgqATCATB43QDMyTM9pTzrz7fltYXWVqz8yRtPfoth-BGlxdrVi3QL3mTAaSoNLW0sQy_YMpbosxIOkZiCN2AAvhigUHbGwGxBVHfkpMCFyFEDTrXVDuh6WLUVf7W0qQM7bmWh2A8Mvp_AfXhewLg014OpK5_kdVbPH8KiOHZBlgPQO422_C8aOJIKwJbdWNq23HXxBmaOAXVF0FBLsuE8gUs8MoIRL-Tt8dEmlR0WH2ZisFmETgHdSkhrqd1vCYmx7hSoUZH1m8mjxP9hZo0mQtJpNjov5TAOa_NyLrNrfThim6zY3t0xSDzOx1CvNPA8yl8Dg_YYATwW1-lf1LF6mT8dSKvaA4ggzl0HQn7Fk2vskowb0mxSRslhe9N2curAKm1U-XJDVPVzP2vhMj39CMf9-aKODz7e0_as4t0J8d2NvLgZFU8J

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900017.redintelligence.net/ Frame 12BB 0
150 B 26ms
10ms Script
text/html 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900017.redintelligence.net/viewability?s=94391000174047304444554012369017&a=b9d977de&vb=m
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=94391000174047304444554012369017&a=507e02cd
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/request_content.php?s=94391000174047304444554012369017&a=507e02cd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:57:41 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 dc_pre=CLip-OH65v8CFVuPsgod8YkH5Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7028113949201.755
adservice.google.com/ddm/fls/z/ Frame 9391 42 B
63 B 47ms
46ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CLip-OH65v8CFVuPsgod8YkH5Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7028113949201.755

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CLip-OH65v8CFVuPsgod8YkH5Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7028113949201.755?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3CDD 42 B
64 B 50ms
50ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvEFH6MO_Ep5piVBOugsEGw3l_EQEYbMOQM8NX0ok_rzU0hy_8T4X0U35Fl-l8aOXY3ZZJJW9fyC24G_IMPOvb8QPwbID7BcJilwFa4sF6Sue9wOSb-FMm7rr5vuLjZO08oyXg5PbPPdVkp&sai=AMfl-YS_jE2RN9BzMw5wRrJZ4-9lZPXwXVZCPFLeUuePlpsU6jtcdX_7sAl6RVSUHdR1yGLac-Yqf8bs91_GgNPqgE3hsYx4a9vxL4_-_Zo7vj_sFonFUBDDFJyhf7U&sig=Cg0ArKJSzCG6Uxjz13JGEAE&cid=CAQSOwBygQiD5J8V2FbCYge5ebufKkgn8PxphBpPQ_tHNulg5Ep6MTua4vDqrlzPvAL1YjMVRIOB7ZPiJuZfGAE&id=lidar2&mcvt=1037&p=0,119,40,160&mtos=1037,1037,1037,1037,1037&tos=1037,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3203893797&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1687989459427&rpt=1120&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BC6E 42 B
64 B 53ms
52ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvgMxzHQ0jyBTa29D-9u7sQu-MEkfNQ2IB1WcUbOcbnl6lzt83A6MEWVYN9rEp1MLgx8VWvJ6dggalUOVCejMRxwJZ96OfwgJITlH_I8NRIvDL4UDLDQ6Ak_wPxZLWlp5lkj4fixwkUrLeQ&sai=AMfl-YRE5R7ealvvCt5FwNbqJlnesrsttxf27UtORvPQVV2g8zB2AR20bTsec4Oq0fFDkTIBN6MVnHXF8KcKz4FHZxoWNQrxdpw9IOZd44cagaP4h0c-UrbPuBegjBk&sig=Cg0ArKJSzMPkz-HNLJtcEAE&cid=CAQSOwBygQiDjojB-cn9DritT8m8wJG7kNyIPaAPqckYqevKvfQNFiZRKqtPLrmuCGO4CeYCtxAc0srPAFt3GAE&id=lidar2&mcvt=1039&p=0,0,90,728&mtos=1039,1039,1039,1039,1039&tos=1039,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=456810305&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1687989459481&rpt=1192&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame A9C0 85 KB
31 KB 326ms
9ms Script
text/javascript 65.9.95.34

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=94391000174047304444554012369017&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.34 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 00:08:33 GMT
content-encoding: gzip
via: 1.1 1f7383179aa19c47a962c46236696426.cloudfront.net (CloudFront)
last-modified: Wed, 15 Mar 2023 17:26:29 GMT
server: AmazonS3
x-amz-cf-pop: PRG50-C1
age: 78550
etag: W/"876c293e6c37046ecb0c11ce2e276942"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: TOQBvmC8iRpSGKhEOIoe5phDaLzq7LDa-VUGmyjQFgMwR8fA5gRLNw==

GET
H2 200 1x1_0.png
cdn.track.production.webgains.team/7121/ Frame A9C0 3 KB
3 KB 326ms
10ms Image
image/png 65.9.95.76

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1687989761&Signature=Kxob5tOx8pSXgFQX-FXL0x3j51tjblhIts3CPsoxETVqz61sEyQQ7ascx~xRRaYhcbR2Ok2F8VvODPDfRhqsSG9iQAAAPJ3jnszQfaAyVlR~WpAwz~-okdiKQDtvdR0UEenyF3II5ndmjV2p6C8wdsNv5TZ0NiorqI8cHU9ngnRFcd0toAnWS38hITokmJTWasiGUGbCcKA3UVlxRDd8XlHY4x1kmuKSSfeDT8uk1-mOgbBmQCYwUayj0xx4G-x6yf7vEwUoPvJU5OnrgtpZSo7N8~vGIgifQhPSocbMZwGqJhCfvJrOOrGiEgseIfoOg1FDtHyvRO0q4ghDzAgCYQ__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: 4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
URL: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.76 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: null
date: Wed, 28 Jun 2023 19:30:42 GMT
via: 1.1 6ec6c63eb2f7ec00507af95b1621674c.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: PRG50-C1
age: 9291
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: uk4cu_C2bJQHMsJC_TfijF6pr32BgnbxBRttn7ao3UMQaOJNs7facw==

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 30F0 0
0 46ms
46ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230620&jk=2334320663502809&rc=
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 12BB 14 KB
15 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900017.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 18:52:01 GMT
x-content-type-options: nosniff
age: 183940
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14824
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 25 Jun 2024 18:52:01 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 12BB 15 KB
15 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900017.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 18:52:01 GMT
x-content-type-options: nosniff
age: 183940
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 25 Jun 2024 18:52:01 GMT

GET
H2 200 6363a944e4b0125bde9e6739
ng.virgul.com/tck/i_vb2/ Frame 1E5F 0
209 B 50ms
49ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/6363a944e4b0125bde9e6739?l=&r=153366@site_geneli@yemek_net:site_geneli&cs=1687989461833&userId=vnet87604c0e-85b9-4694-a152-c65714f2ee85
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:57:41 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed76f76e4b07a92411bc03a
ng.virgul.com/tck/i_vb2/ Frame 1E5F 0
209 B 50ms
49ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed76f76e4b07a92411bc03a?l=&r=153377@site_geneli@yemek_net:site_geneli&cs=1687989461833&userId=vnet87604c0e-85b9-4694-a152-c65714f2ee85
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:57:41 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771bae4b07a92411bc04c
ng.virgul.com/tck/i_vb2/ Frame 1E5F 0
209 B 50ms
50ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771bae4b07a92411bc04c?l=&r=153382@site_geneli@yemek_net:site_geneli&cs=1687989461834&userId=vnet87604c0e-85b9-4694-a152-c65714f2ee85
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:57:41 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771e3e4b07a92411bc04e
ng.virgul.com/tck/i_vb2/ Frame 1E5F 0
209 B 50ms
50ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771e3e4b07a92411bc04e?l=&r=153383@site_geneli@yemek_net:site_geneli&cs=1687989461834&userId=vnet87604c0e-85b9-4694-a152-c65714f2ee85
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:57:41 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js Show response
pagead2.googlesyndication.com/bg/ Frame 93E8 37 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6139cf28f27e43ef93d80278423db91715a6c3b6c0a155c4f7386dcf578de617

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 10:30:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 214028
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14704
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 10:30:33 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BB22 0
20 B 47ms
46ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BxrSG1KycZPTHGNyb9u8P2Pq1gAsAAAAAOAHgBAI&bg=!BwSlBFDNAAYQ3eRoMN07ADkAdvg8WoNg-ioE2jlOgHnfmfTrt2E3lxbePmKOBdp3EjpslILFYe5fv9wF8NTDqgeLM3ZhWtMEs7ICAAACFVIAAAADaAEHCgA_a170LVm3osnHg08xw1hROkeFB7OPNuzqsQhSxpBvANj3vGOF-NPT9aYYTtDziKfx2Eok3ABcKxmNxyZQbDfpmQMV4o6cIm7VQLmezymHmG56yUkHyZXHnUGDAaQE10gOodhZx8F9Zszez9nVJ_CNMdvGbFZ0lgrjsFiibFt2ugDYAQ_XjygY-QF0EuAVyOxWM7Ga2xz7RXNyuQthz-gk6DoXI8d_i8qddjAOh4B8Wh2M1a7rp-nT9TF0UrKtRUu9k0RU6bXmL28ztHV15iW6LKAGicnkGaeKjRXl_hPygYKqwEdhNgVU27Q_D0z2xKsxCpmh039BiMSAnyLcBeo2BY8GIbYxEO7WtX1fBcZF0lpvSbdDrMqocuMEd2oaU0n5qz00vGf1UbqRC8ofn57J2ynMjn2CIH-qSG4y5mmHAXjWtu5jtm1wQLbQDGmXitmrcxYFwentnaZBNPrzOhXJuOCY9Lcn8uoyE3pvLDNDrYXas_Jb279qrJWxfdc7kW13DKy1F8c_XVB3ULz0DYwQG4yyVmVSfGHp-tYW5ZLMbb08utd3C3qNHQmuzltykKBaPfw4vJgU7pEW-XjgEAQN7n19F75vqW9tYs5ZMcf7GlWem-RLuerg4hbPqHBSHGEMmfEY-aPGnxoA1Ney2gO3JAZsvssHvGMXYAoPfZkZr9-w3pPdVoQDkJaiB7H_BKiGBL54kg4robjQoS4UncP0CJl4ijtZjezwAR5DEbLWCQNfULFb1vQD6JuTBRdKyrR1BafSFpxwTi8UyZwo-h5IoclhQr5GMDwjd_5ExZT5woxtw5RWUAosY1cbxwA8Qt54REFZT59v4xnvzn08mo7h_xxPawTOdUdNHbzGnB380H1xCahQgxDhcGuKa2Jqvxfmju80HaxuWYGotgjPc-wIWUjqJ3kPD6Zvq-Ll53cRJ7aQ_5nPj0wsZtDASSVFh1iL8zBfeCSuYYN0VsnZa49X_JssWa-rRuxuajDYxMa6wAszEswTxaI8y9Kcp3OoqW6Q9YwKlt33yILTvE7g7rk92C1KZFjQIhU8G4XazxjpME24e-DrQ_IERu9oE7RIoi-e_fN-P6YKESjcy_maeorvUTUpfvIl2iZ1nRH9DMz8Qmb1l3b6Tm1e

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9083 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bkpyc1KycZKC0Lems9u8Pj_eDoAsAAAAAOAHgBAI&bg=!e3ileCzNAAYQ3eRoMN07ADkAdvg8WnIXcgcsqGv64WI3xUHYPRMIjQnivrbvSUaMvh2thuLkXVnrtgugkJIEkfPTDPvifLZCsAYCAAAB5FIAAAADaAEHCgAXjtz4CIBQut4yUNvba1Lk85MGmqzOh62ZAzx0Z7O5JGKp8kAHz4HOD_RV_eQZZPhaeGuUKOhAm5lmcGrftb7RZCcnQCsDhVzQrG9pj306ggIKB3gdTB9y8kSHQQvOkrKVt5nT-nv3nzBjfwko67QgbsDSCBXJY17tWfuoBEtmBI2iTuJlJPORxemwQivFhuBBy2KCddqJFu2HmMlhm8zacOM0qNWWdXB2wW3CWAxm6HOcy5aXnWgit3OOoJxFOpSSyLrnoUyve39VORKn3kM_JsB2nyrfE_a_eX1lko_4KCft3KLwPXCLAEA0DNiCqEN_wjSVai8A0gSx0PZbWp-jaGzs9In0--RidiR3PiWA-YGFJGtS4vtJVxOl49mFQDqJIz7mXFBGjKN7-9FBwkT7uiySsxXnDZ2vMlvzofscY08NSr9bsTgbIu8AI6KIz37BW8NmeV9T9Up8KWvYA3-3pdi5CdUMjStWMCdugq3bdH_K0O_ZNV0d7iz3VsotwkFkXiBGuek3WPyY210BC3pvmEG5dxUkJ5DTfKP2A26pCu9EoUlNq8yTuwe6eVmHwG1prqDdTPuPzasGS-EZvUcqiTV1O2DkJvsUV_u3H91Y13bNlHCPvgGenIJnsvkyePujjLx7PKReTKcBon9RgBqyYr49ojNUUUqXxVAWbkNFFeq5TrfEHpm-urB20UGQ5eYvS-P7hUpRl5ZZMMKlt1BWjIrfyS68UHT0C9pwEKpYMIK8QVgua-aUUvnEyMR26gBH2GRYuUD7_45031gcLSvngAejGhL6inC-stx8_6-LHmp7Zx7msjHLS7TwouJCx7lna4okLoKfrsvQLg8qK-lVbNTFwb4ZUe7K61s5Z6R_PhnAPRNFzT_jfNqrX5QK-enUCpHtxZO1J0MHHO5p-XioYsNP7Mi3cRSWdtvQ_G1wDtubDV72jBaWTDu4FdRSPE1pX4rmOmugOY8Y0YX_r3MoUouSCmcOC7v1edmbfkrQR4smyc0FOE3IAfYjfJpjbn64NebVmwAPdWpF0QxSCVu13bDjpc3Jvzggccc6eZtoSHUeWO8LeyOD_qk0ZGLQQ-lAHnK9LKXduWguQm3BvU72ZPUlhe7IHBrwQTMY0kaYemyiA9RyMgg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3CDD 0
20 B 43ms
43ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5455837231627&version=m202301230201&ct=76&x=1&cor=101520509186363760

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BC6E 0
20 B 38ms
37ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5717995758518&version=m202301230201&ct=76&x=1&cor=17581292203637305000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1E5F 14 KB
11 KB 60ms
60ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202306260101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a064bbe6d5f1a06ed7e21b6947e324721a8ada11b25745d37ed4f245862a4616

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11171
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 93E8 0
12 B 7ms
7ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?D_Pupw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:42 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1E5F 17 KB
6 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js?cb=31075410

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 28 Jun 2023 21:57:42 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B90B 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9808191757993&version=m202301230201&ct=76&x=1&cor=9779544960699990000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame FA9C 13 KB
5 KB 9ms
8ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 974
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:41:28 GMT
expires: Thu, 27 Jun 2024 21:41:28 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7718 783 B
536 B 18ms
17ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

23f42d66b3c697dd2c2942101c6cd4914928ff891bd4ae23275eccf5280b9c53

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-jKAl4hxnsAHPgLWLZzDNJQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-jKAl4hxnsAHPgLWLZzDNJQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:57:42 GMT
expires: Wed, 28 Jun 2023 21:57:42 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js Show response
pagead2.googlesyndication.com/bg/ Frame FA9C 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6139cf28f27e43ef93d80278423db91715a6c3b6c0a155c4f7386dcf578de617

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 10:30:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 214029
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14704
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 10:30:33 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7718 0
0 41ms
40ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202306260101&jk=504671446663692&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 5ed7706de4b07a92411bc042
ng2.virgul.com/tck/imp/ Frame 1E5F 0
209 B 50ms
49ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7706de4b07a92411bc042?g=1&t=gb&r=153379@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687989458630&userId=vnet87604c0e-85b9-4694-a152-c65714f2ee85
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:57:42 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame FA9C 0
12 B 8ms
8ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?raPmCA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:57:42 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A9C0 42 B
64 B 47ms
47ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstyMtNpvtOQ5hH34sITWscRpoIXaTZPcHACeT7Wx35zxx9jIUt-4j64toFdUwp7-HtjrGIq0eecjypJJ9k6ps25GKD5FPfBWRx65KZ1F-U8-HI9uZvdaiyLNGK47Z2fqJg&sai=AMfl-YTlyDj0g0Fk-eIeTJl9MUfBYYAWhwZL_8J4MmfH0eWIzWBcIZJshow8UTraZ_H5Uk1JLKIcUuWUY0YXmc40bv77gHeBVhV7l7_Xz64h4HjuETM7CK7GD71bV58E_l1AHFu2rr3f0OH0T5dafBrTDUPqltUjXIl_MdxOFHlSlUOuxR-E9sNnyGHo0m3kiQ&sig=Cg0ArKJSzJnECdwFo8DaEAE&cid=CAQSbQBygQiD4uFUJbggLmfY2mUbDHx42r49fbLk1zuOVCvH0Ho26lTG0VVcoI8WBsh8zOV4siutO3n7miJwblcKPUe0fNlbQqAEp9sFOsb8-j0upMCIPvjUX3W2yO6PFPLBB8iNTLeMHzpRvrlL7Z0YAQ&id=lidar2&mcvt=1002&p=0,0,250,300&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=132540618&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1687989459412&rpt=2117&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900017.redintelligence.net/ Frame 12BB 0
150 B 28ms
14ms Script
text/html 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900017.redintelligence.net/viewability?s=94391000174047304444554012369017&a=b9d977de&vb=v
Requested by: Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=94391000174047304444554012369017&a=507e02cd
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900017.redintelligence.net/request_content.php?s=94391000174047304444554012369017&a=507e02cd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:57:42 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 google-vast-viewability
csm.eu.criteo.net/ Frame 5E36 43 B
245 B 14ms
13ms Image
image/gif 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://csm.eu.criteo.net/google-vast-viewability?cppv=3&cpp=rWTMDkAMfkDY2j2vnCwub3h2mkhJvb5Cvpj0qgT5FVb8rr3PDJiAbYR9Ypl7aRugzr2bUUQyBNAlKu0Jn4CnoDUln4zWz779kxBzgKmqDFyclnEKPLaOzSPdmayiYaZ6KY1yrS6f2usaBuhmMGmeVaMoX4gHJZC0YeAl001U5Yg8R5Qw6IXTojQ6g2Y0lS1BzeM_kwSswQw2ITlHDHhRV1VMyrANfKiyWEV6sRN-EYIi3b-0mAeCQH0Io3m94iyA4GQbRQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:42 GMT
strict-transport-security: max-age=31536000; preload;
server: Finatra
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-length: 43
expires: 0

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 5E36 42 B
64 B 42ms
42ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst4CI9bpaRrt3BL3emq8zpRdjOEuvwCtkxtnbgDIxoeqXQFZY9lzz84wASuVXnGprncdddDZHRSKw3_I5XT88ndghw&sig=Cg0ArKJSzMFPz0OJ0j8IEAE&id=lidarv&acvw=sv%3D953%26v%3D20230516%26cb%3Dout%26e%3D9%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,26,249,274%26tos%3D2063,0,0,0,0%26mtos%3D2063,2063,2063,2063,2063%26amtos%3D0,0,0,0,0%26mcvt%3D2063%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2354%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D1%26pst%3D291%26dur%3D15082%26vmtime%3D2382%26dtos%3D2063%26dtoss%3D1%26dvs%3D2063%26dfvs%3D2063%26dvpt%3D2354%26is%3D33554707%26i0%3D33554450%26ic%3D16777473%26cs%3D50331923%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D951304267%26psm%3D7%26psv%3D6%26psfv%3D6%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A1,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2063&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.03%26t%3D1687989460470

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1666 0
0 46ms
46ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230620&jk=2334320663502809&bg=!qKulq__NAAYQ3eRoMN07ADkAdvg8WnD0r-wuPK7iz4hJE2eD_PAHIt6gFKa2OGgh8Fs9mELYOLqZ3x-aSZ7Ol1adHJLvg7WNN6kCAAAAeFIAAAADaAEHmQMI3sP45NQfunPkekAq4JsOnFQNh4z56sucZ1nYVeLKtHFaxphfOiC2SyHfbEntYZ7Nvw89WV1zH-9buzkfe9yLTf5UmQLNc2wNGbgmCfXxWHTO7GxbsWxf_TkwOks1K2Nw2OqDna2bu5nI8RW5MTWOuBFiPRjgKmEa-Bq6X30vP4VRKCffk18Q6etooVGpsZwBx8-Jw5MMsZ9vH43nuGIyH3HIQ9LRlQMbFgVrDEAyYd8bgoxS3bIdaTLwarkUL3EVI33eGgsreD04RBHteF0LONnqtphw9jp3gjtNU6Yz40sgECyBgtMvZ3tfcFxDUBn6eN1F0GDTCWrFf61IQ-Z5xNxLVMFNhYNOidK5_r1d0y_AqjibBb6n-hSQ2vjPupxYtab4V1jTKtZRWTvCg_B1egmhRhqfej1i0wBYs4ROXzuw5q9UO8qmlz-cTSwBvUg82400oBR8LpaV_Py99rBB00w14Gmh5VBSF9G3f2eN6_jze6XDph2iGd3cM94ULhOWcWCtce7LnGTHEFz1X6mHyPLacwc4ArlSxaGl0Hjv9HLuX-jjZTJGw4X5MIjEWWRvdfD17JdqKacTaKT0hUzJurUtw9qdEnY_ASPPXjcFCJSGURZ05FfBs-KARcZScoaN0B8f_EuzcyeATA3gGmfQo0qWqV8p1c4zbohVVg_gZ4n29fqq7OhjH1u7L57OT7WkeziPOhdRXUz6602mTCZqNhkH1tCUXlXHYbNE6FVavTsilHTP-yOxwWjpRp9VJ5vP0IAjrM_P4RqcaVpHoch5g9f6LOvx9y9CfWbSOAdDTet_-ilS6-5MqM-jK40fLhVG6zD9xIrMK3caP2eSq1iqWoi8KDWlezK1-7ye79b30Jzch3mGRu7Cre5CsIf0DCk9QMlFr_QlNyp_QtF1B9bNTHofE-rXJPdaViy4zmzKvMlz2IUeCSf704cRW_2KdI4K415XwIf2D2F-LmX8SayIJ3zmt3ZpXgHBA0Kldf55b95GQyD_-6I1W62q7rnReYs7WUWgFOv64sU
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame A9C0 16 B
209 B 72ms
71ms Fetch
application/json 18.168.234.149

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.168.234.149 -, , ASN (),

Reverse DNS

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 28 Jun 2023 21:57:43 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 77ms
21ms Preflight 18.168.234.149

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.168.234.149 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 28 Jun 2023 21:57:42 GMT
server: nginx

GET
H/1.1

200
OK

firstevent
unilever.demdex.net/ Frame 1E5F
Redirect Chain

https://unilever.demdex.net/event?d_sid=25453995&cs=1687989462958
https://unilever.demdex.net/firstevent?d_sid=25453995&cs=1687989462958

42 B
952 B

39ms
38ms

Image
image/gif

54.195.140.228

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://unilever.demdex.net/firstevent?d_sid=25453995&cs=1687989462958

Protocol

HTTP/1.1

Server

54.195.140.228 -, , ASN (),

Reverse DNS

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v050-08a0e97dd.edge-irl1.demdex.com 7 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: VgRb4/FYQAE=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v050-0ae28a8cd.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 4maMjL/5Q8M=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://unilever.demdex.net/firstevent?d_sid=25453995&cs=1687989462958
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1E5F 0
0 44ms
44ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202306260101&jk=504671446663692&bg=!nJ-ln8vNAAYQ3eRoMN07ADkAdvg8WnuMh4r4NZ3h4ZQeAF5fFKRnPUBUSd5GLJQtqMeWZfASq2Qui7Hx6JLkjPg9BFLcNQBtXpECAAAAhlIAAAADaAEHCgBiyXIq-klx6Ufvc3lDZW3aUPO4msy5MLODWOlnAKIIVbCMiRsUqgKJ3qNqKp8rRFmBBLZXNfUTf1FNfnW0QQJvmNvAq8S9MJNdy8rj4uF6o66eR256_l1zCgKjDWVWm_ltf2CZAtaMhYeo2rhXKPvDACe-1Z6o_tHwhC74sDwxoVF4x9PwAE3YHXwL5KuqpxqtzGF6fRdEpHB-YnIFRdBvnb0QeusuDmLmQCiPhCXUZvdkwWVNnwF1JR1bvHrMGc60dAMSiMly9DaMcvb26n3Vr7tsjueTZwCUwbZTafRIgc5InuTw9iiIjdCInLysRrCs7-kUIqK_eJNfTsojFKjCxuhLWTofeNs8HfnJV4dfnawzjaBEb1gWGrRsoE7Nnr-hP__sb-1yodbJo8dZRO31tr26qZX_JOBFKjpdHmB2q24hHvWPNSYYXtAZEHYuYBvc2pqtvJ-orIcA53T1JTuWcbGnfI9lKkcZlPSM9FvMM9V3JOmC8zT_RNhrq4dlFPWR-ZToMgS4S7_I5F3bMX5TZZ-pmc21SzddlRPlxDYCmQeBcQgLF2okDgJOidYFJbAEQoc23JM2JBBmwQ-Ca5T-wvcmH-7c83iwJof5M8fH4mMXimKIExz9gpMlO8XRkidd92YZ2riREyPVo8PpoB-WxSJo2cPBlNs770NHMYjbAwtRc4GpJvwkOuwRi6ADfKqw5k-4zKKtCJ4do9qTiPuPY56nLDIkNoRObcCE60_pGRqn8e1lfmYup7NrMZUNIs0l10_v4kDLhGj5k5GCTuGo-kvmwcC_9pploqrSpFNi3wiN1tENVSqnb3MJD6har1UBfmZ64X5TB3u6f_0t2gAjMYSDHVX0IAWiGofM3SeQwNhDcXewQ5AG7Fy9k88p175yuN_cpflqfZasy54YAp7tQj-rZLEIhmQWMo4mrryJcER48gf-pKzelqjLEK4Lx7vFJNv3d0Y-RsD5CKdXZxFOa16YdMExKpiuFulmDkDNctKQyx79DLyzZkNJ3K--0_eT_2GEGakUeWR4fLYVzK0NmZ9aY0k9HjPVw-F0mQOF7RZexC6JRpQO6HCGq3ueNFBoXiq5HdT8gANZTw0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A9C0 0
20 B 44ms
43ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7574056547020&version=m202301230201&ct=77&x=1&cor=17560376016773622000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:57:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET 5ed7706de4b07a92411bc042
ng2.virgul.com/tck/imp/ Frame 1E5F 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ng2.virgul.com
URL: https://ng2.virgul.com/tck/imp/5ed7706de4b07a92411bc042?g=1&t=gb&r=153379@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687989458630&userId=vnet87604c0e-85b9-4694-a152-c65714f2ee85

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

40 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 22:14:45	Name: IDE Value: AHWqTUncbtQK2st8O1FK1sGJjrqUy2cTEc9ixGmUkldfGaIk2oSuiGaQKZInuSm0gks
.w55c.net/	1970-01-20 22:23:23	Name: wfivefivec Value: RFmV1sCR1QeDas5
.hspvst.com/	1969-12-31 23:59:59	Name: VIP2677 Value: 1
.hspvst.com/	1969-12-31 23:59:59	Name: VI2677 Value: %7B%22time%22%3A1687989458%2C%22utid%22%3A%22d0bc32db758e8f095c274405a7fb2503%22%2C%22t%22%3A%22P%22%2C%22s%22%3A%22%22%7D
.casalemedia.com/	1970-01-20 21:38:45	Name: CMID Value: ZJys1E7vk9jKptP3G7k5ogAA
.casalemedia.com/	1970-01-20 15:02:45	Name: CMPS Value: 5185
.casalemedia.com/	1970-01-20 15:02:45	Name: CMPRO Value: 5185
.doubleclick.net/	1970-01-20 12:53:13	Name: DSID Value: NO_DATA
.adnxs.com/	1970-01-20 15:02:45	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GTttD(rh!]tbPl1M>e)ZlrFUfJ+tGXxoL?6'Ie>N.dz>ltjdX]Xn$aVGcvc?0$)X=hbU3If)y3KL9D3I?+QBt+$q
.bidswitch.net/	1970-01-20 21:38:45	Name: tuuid Value: 2ada9ca5-ee63-43c0-920f-6ce81aa8a6c4
.bidswitch.net/	1970-01-20 21:38:45	Name: c Value: 1687989460
.bidswitch.net/	1970-01-20 21:38:45	Name: tuuid_lu Value: 1687989460
.ctnsnet.com/	1970-01-20 21:38:45	Name: cid_2185ce66031b42c3a2345b75b0201988 Value: 1
.ctnsnet.com/	1970-01-20 21:38:45	Name: gid_CAESEIUftAHuNGXmHtEfM6r_Rlw Value: 1
.travelaudience.com/	1970-01-20 22:23:23	Name: _tracker Value: %7B%22UUID%22%3A%2247DF6259-1F87-4929-AF2C-B71E17556015%22%7D
.mathtag.com/	1970-01-20 13:36:21	Name: mt_mop Value: 4:1687989460
.pubmatic.com/	1970-01-20 12:54:35	Name: KTPCACOOKIE Value: YES
.yahoo.com/	1970-01-20 21:39:07	Name: A3 Value: d=AQABBNSsnGQCEPprfPw9VDkl0tVVc0abMj8FEgEBAQH-nWSmZAAAAAAA_eMAAA&S=AQAAAu9-_e9eMSbRCSRrIn6ia1g
.adnxs.com/	1970-01-20 15:02:45	Name: uuid2 Value: 5430172821811105731
.pubmatic.com/	1970-01-20 21:38:45	Name: KADUSERCOOKIE Value: C2BA81D9-42DA-479C-9F69-678DC35069B7
.1rx.io/	1970-01-20 21:38:45	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-aa744d4f-d787-4af2-8ac8-e9f60882f536-003%22%7D
.redintelligence.net/	1970-01-20 15:02:45	Name: 8lcfmzhxc8d6_uid Value: 0e5ac3f0f14ed2a3
.spotxchange.com/	1970-01-20 13:33:28	Name: audience Value: cd6d5cd3-15fe-11ee-8082-14d534130106
.simpli.fi/	1970-01-20 21:40:11	Name: suid Value: 7202DCF58EA74A52980318834DFA9208
.targeting.unrulymedia.com/	1970-01-20 21:38:45	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-aa744d4f-d787-4af2-8ac8-e9f60882f536-003%22%7D
.adform.net/	1970-01-20 13:36:21	Name: C Value: 1
ads.travelaudience.com/	1970-01-20 22:23:23	Name: _tracker Value: %7B%22UUID%22%3A%2247DF6259-1F87-4929-AF2C-B71E17556015%22%7D
.adform.net/	1970-01-20 14:19:33	Name: uid Value: 6315161024786215533
.w55c.net/	1970-01-20 13:36:21	Name: matchgoogle Value: 5
.id5-sync.com/	1970-01-20 12:53:09	Name: cf Value:
.id5-sync.com/	1970-01-20 12:53:09	Name: cip Value:
.id5-sync.com/	1970-01-20 12:53:09	Name: cnac Value:
.id5-sync.com/	1970-01-20 12:53:09	Name: car Value:
.id5-sync.com/	1970-01-20 12:53:09	Name: gdpr Value:
.id5-sync.com/	1970-01-20 12:53:09	Name: callback Value:
.quantserve.com/	1970-01-20 15:02:45	Name: d Value: EBoBCQGrKYEA
.quantserve.com/	1970-01-20 22:23:23	Name: mc Value: 649cacd5-29ab1-c42af-d1f90
.tribalfusion.com/	1970-01-20 15:02:45	Name: ANON_ID Value: acntmIr2PKdFuYnRYa7TymeZa6pSZdstE4cN1VJZc5HBY9x7UwoOSHnMmAnVwHcO8uMXr2EaM0UvtRBDTyIeHPZdkDlo
.retailads.net/	1970-01-20 13:36:21	Name: ppb2172 Value: 2829309064
.futalis.de/	1970-01-20 14:19:33	Name: raSIDb Value: 2829309064

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pcloak.blob.core.windows.net/web/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
javascript	error	URL: https://ye-mek.net/(Line 39) Message: Unsafe attempt to initiate navigation for frame with URL 'https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html' from frame with URL 'https://ye-mek.net/'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/feature/5851021045661696.
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687989458730&bpp=3&bdt=480&idt=199&shv=r20230620&mjsv=m202306200101&ptt=9&saldr=aa&nras=1&correlator=4195667466855&frm=24&ife=1&pv=2&ga_vid=1416381702.1687989459&ga_sid=1687989459&ga_hid=495058756&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759842%2C44759876%2C31071258%2C44788442&oid=2&pvsid=504671446663692&tmod=1669191171&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.dinjdd7st8pw&fsb=1&dtd=214 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4616e95fc4d1f7f999ee52d32da8b848.safeframe.googlesyndication.com
5994599.fls.doubleclick.net
a.tribalfusion.com
aax.amazon-adsystem.com
ads.eu.criteo.com
ads.travelaudience.com
ads.w55c.net
adservice.google.com
adv.office-partner.de
ajax.googleapis.com
analytics.webgains.io
api.webgains.io
c.amazon-adsystem.com
c1.adform.net
c1.imgiz.com
cat.nl3.eu.criteo.com
cdn.ampproject.org
cdn.retailads.net
cdn.track.production.webgains.team
cdn.ye-mek.net
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
csi.gstatic.com
csm.eu.criteo.net
cti.w55c.net
dclk-match.dotomi.com
dis.criteo.com
dsum-sec.casalemedia.com
feed.pghub.io
fonts.googleapis.com
fonts.gstatic.com
futalis.de
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900017.redintelligence.net
i.w55c.net
ib.adnxs.com
id5-sync.com
image6.pubmatic.com
images.dmca.com
imasdk.googleapis.com
match.adsrvr.org
ng.virgul.com
ng2.virgul.com
onetag-sys.com
pagead2.googlesyndication.com
pcloak.blob.core.windows.net
pghub.io
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
pv.medialead.de
rtb.openx.net
s.tribalfusion.com
s0.2mdn.net
s7.addthis.com
secure.adnxs.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
static.criteo.net
static.virgul.com
sync.1rx.io
sync.inmobi.com
sync.mathtag.com
sync.search.spotxchange.com
sync.targeting.unrulymedia.com
sync.teads.tv
t.hspvst.com
tpc.googlesyndication.com
track.webgains.com
um.simpli.fi
unilever.demdex.net
ups.analytics.yahoo.com
us-u.openx.net
www.cloakan.co
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
ye-mek.net
ng2.virgul.com
104.75.89.75
142.250.186.130
142.250.186.134
142.250.186.66
145.239.193.130
15.197.193.217
151.139.128.10
154.58.197.185
159.69.70.9
162.19.138.120
178.250.1.6
178.250.7.11
18.168.234.149
185.29.132.245
185.7.176.221
185.7.176.223
185.80.39.216
185.86.138.152
185.89.210.101
185.89.210.180
185.94.180.125
198.47.127.19
20.127.253.7
20.60.220.36
2001:4860:4802:36::178
23.206.208.114
2404:6800:4005:81d::2003
2600:9000:2127:7a00:3:4706:a6c0:93a1
2600:9000:2127:8200:1b:f040:3600:93a1
2606:4700::6812:18ad
2620:116:800d:21:de2e:c7b3:55c0:d5a0
2a00:1450:4001:802::200a
2a00:1450:4001:806::2003
2a00:1450:4001:80b::2002
2a00:1450:4001:811::2006
2a00:1450:4001:813::2002
2a00:1450:4001:813::200a
2a00:1450:4001:829::2008
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2004
2a00:1450:4001:82b::2001
2a00:1450:4001:82f::2001
2a00:1450:4001:830::2002
2a00:1450:4001:830::200a
2a00:1450:4001:831::2001
2a01:4f8:d0a:2321::2
2a02:2638:3::12
2a02:2638:3::1a
2a02:2638:d::2
2a02:6ea0:c700::17
2a02:fa8:8806:16::1370
2a03:2880:f083:9:face:b00c:0:3
2a05:d018:d29:3602:702:e4aa:922d:1c38
2a0b:4d07:101::1
3.122.44.22
3.124.28.168
3.71.149.231
34.102.243.38
34.91.62.186
34.98.64.218
35.156.85.133
35.178.131.157
35.186.193.173
35.190.0.66
35.227.252.103
35.241.45.217
37.157.5.133
46.228.174.117
49.12.16.151
51.89.9.251
54.195.140.228
65.9.90.93
65.9.93.173
65.9.95.34
65.9.95.76
69.173.144.138
77.245.159.14
78.46.23.46
94.138.206.83
00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
012bfcecfc2ede88246f38790e1f6523713e0e2bb0f98c87949ae28594faf004
04a06dd9dfb3eab995476062839b8367ec2586183fdef7e93d08994db0a50654
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
072debf6d24e6a338b38c71afa1ae91639f38e35e89f4b8c27c9c1b176e16cab
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c27137a2a35027f8c2c54a979b8e27e8dab7f518bf439bf6068e0528591b4be
120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
187574c8a3cf0026b633b356842e03d60450be911027b697e9542a650d1049c8
1e5a28a902c7f1edfc9c082269da365300b36ceb1eed186bf26523d6867ed986
1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc
20f091e39a994eac247abb2db8c48d424cb5f3ea8280cea2194168c2bf5f437e
20f77b0ce4f6178311313a1922f03d35965e833a82399984b90f73f49fefd690
22fee539734d38c9e84e3982188b21bafc9457236279a136ce1b3b9d55667437
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
23bb7f2ebf20e66394beb69e3caa2a5354335a4f76f72ed19fb8a0a9ab82ad3e
23f42d66b3c697dd2c2942101c6cd4914928ff891bd4ae23275eccf5280b9c53
25abd3e2e7bdc06f4c3a53656f9cc00f6b6f349416a3e9310d40fa274e69d275
25b451f3cad26104f57800c79546bf5a40295d0cecf5623e623f4479b94d0ddd
25d14233cc34c5284032e301f03fc7ce873062c6b8b4c041f6597353ed1057c4
27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea
27b521443caa2567c561c9a2bd377929f40cf7fb68113ccbc4b42669c6841e79
298e30cd4e01948d540e8aff796e294da1ae095578b2403f2b97280e3b969a6f
2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f
2c481ccdb6e10e0136132ac25c732c873df15b1cf23a063a714f63606159551e
2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27
2ee4854a38ad37b61a8727c71e98305037bc4711d65f4bac43420986b4c9455f
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
348e796d5c91608f48049d7bcb53e6f9ee78abf87f0c71edf955a27f6b9b5fe8
3578599c04427db93b8dbb9856b31ec74706adab651288a8444b48a833606c2e
35f6087c073236f5b3791ae543446b31681841dd2d9dc2f4274dc204ea642a47
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
38a45d2622d89b3d2da8101fa1ecdc03ed87f51af4d93f1358530610ffd7cfcf
3a55a81ee41fb052562bfb3751492caf7ce85c5c029a7a7b03fa55797707b85a
3d8139674dae70e3d6825845bd963841ab4ce23d55252685fe8061f6276bdc1e
3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980
3f064267c64c1eeca604b20f9d60538c32c14e90528441d0524c2f30161f8b47
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
464be521d749b2ba1c7e8c1f87223b56a03ee0bd05484baa0e9067ce9eb9d2be
4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4974622fff31e0fe9dcc6c31c33e3f74dfb665d2678bd876ab807506e3bab60c
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b88a304d6162d0e7bc1ea1c3b8c9e9f6b6751002a6d58b6a7bb2c4dd383dea8
4c34341a8dd98234574a3accd5bb6f6c8eefbff21c59a6e5018189ccf75eccce
4caec19fb48c8b123d8f1dd3443f2bd70863adf6408db3ea83b1ee46df65c454
4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5064673ae91cda915c14e431a3d0f6eb6431aaee503afb2b7eca6c90075b130b
5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184
51d7824a2a15d6f54c1b60fa1b7e013f8219782d7618dade0ed1e6a81d5225e0
5203506f162f2e9541b742b9dd0b87544a8aed697f228e6eb71c7b8ecb95fff7
525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
568d6d51abf60ead0a44ada316a65a027f6c172b194e3858ae0fe30c983c857d
5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd
58761096bdc8161f6bd209346ae5d8908f1b2cc9fcc5abec844faf6cf8a5545a
599bb6748f60ecce39049c7c6feed7bfd65e9ba09ef478ff0661381840117a9f
59c949c5c11661d43e80180a727893dac9ea3095d0946fcc8a84a44d7ccfad69
5a890b96bb00fd6a96f4b5e43fa646fb4b331d9c55b88bf6ca5dafd2bf1bf184
5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8
5cfa90136cebd0560505c59212c51599674286ace6c34a1f0282179e151941ab
60553b12e1cecec323684ec8158d0fdcc8cc22ae5ee712fc104390e70637df74
6139cf28f27e43ef93d80278423db91715a6c3b6c0a155c4f7386dcf578de617
613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50
61a4427dbacae30aa41df3fb5c678e691cfec6699855046e29e6d2987aecdfac
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63715e8ffb3d4efab913b95b9369dc96445bde93529cdc97909bdf57a8134300
65ab75ed0100d9adf612b46d1e20ada64ac9530637f328dca42fd984da437919
65ecaacea233cbd58cd42e885e80df77cbc92fc6cfd6e85f1d0e9d2852e1e7ed
66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492
690fca14cfec3446c6987b26b03ce4308c280b6c62435486b73be10fe4e1b511
69b373db15cb1b814ed69e007d40fa9add8642a9e2445c449503ac023c674d8f
6bfe09f0e69c4c09277d895b1146f4217b705d6bee219c661b36031742c24dd0
6c6d900511c502a6d0b97a298ecab07040eb48a8756ec785beddb35006825f0a
6d3e3847d32018957683396a28234d93d0ecb002e4674244fffa3b6dea822b5a
716006b2a57d4f6b7d8c6c8e002c0aaa39ae7628de7924a4ad7d12415154d0b4
71afb38e0805648d18592ed8395ece1c81a419dcbedca76be5aecd85e13ae11d
71ba6158411aefbe602f8df67bf0bb2fb155dbf09c39eca150269c3449f4aca1
72b49306d1b583cc3d09fd5b76b2f0c83e7e6ffa5841d052883597a33d24e4b5
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
75624d201728ac36424bd5ea3daa01e59f0917744622142e76b8f60653de345c
75c5dcb0b1839bbb85275b03f330dd59c04167b59fe68b07cedad9f8292040f5
7619efea4ccd65a5edde7db90013478309541941826ee2aacacaf95614043b87
7b1bfbac0178604f4dce665117d962743d2916a2a37968438f3d49d7e9c04445
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
7b853fa579b3c596923a6ccd2f1c5707d8a48d0f257671d75de993bf2eb4a0bd
7bab9bda18a7f4cbe2e40d5adbcbc7a59bc837dda8089a3d55aa9d103a366183
7cac0c41994ce183aae7609ec1474b64149594430859614d7bc093b573e5d42f
7d0045314684d37447b37f42a67c55caaf3d04c98a68cb75a760ed799899a965
7d4095ea226f3f80d6d4fc62e3737dd5107fd9d4aa4a443cac11378b102f64b6
7e10c75356ec658e2f2fb4a409b04977fca9251f009aa4518d20c96ee4cf3440
7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851
8163fc9bc2f5b7dbce2b9abe00c80dcf9c57d68dac9a7142355ac83388b1c5ce
8169070527736f2296d9d72e169101428b2f9821205614dc54cd16d3130c70f8
81f66fb840c902b62f902bc4e27a6e3dee001d2f8babf5e767f78f16136ff0b7
81fa8db261275be7531fb128593cece26d5e679e6e7a633f28f77add13a0d217
822511e83f8f0a91a794447e76b86cbe86ec23663f925f814dfbe9d3d859e85a
8283fa9c09b96e5929d28f325fe46a231469f9966f4b66b323faada5bc39002a
845eb9ea29b7a5637e5caa0a807e46db1ad49dd0bfd4dd1145a6ea3e6895555f
8b27ca5fd77fbf4dee1584f2ce3447fd40086d335f40bae8a30a0c5688371b83
8c5275956fa1bf68a0418dddb092a5881af6b6be10f6dca54dfacda6ba41992a
8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
94f3f38a20da26643d99a9d74ca536d48882bc60399eeb02992bc1ca8fd19396
95dc2fd2d6660cddee1ecf5114f8017512f5f017e2cd96f71efb880957a69564
96e22a33f827f042ac4b239c21f468a17c87545df3f6b90e100d3a91b253a1e7
98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955
99d22e206a5ac6e477ce8a4466d3f01ab5db135dc1fdb8a75b9bf8f0d10a28d6
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c1d5eead33fb63bd3a19b2444461953449797f909ef408e9aef9bf572546736
9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86
9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a064bbe6d5f1a06ed7e21b6947e324721a8ada11b25745d37ed4f245862a4616
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0a4cc3fe2d3f622420ca59c87382ef49c8810febf4eed0cf5f5b37b0df663fa
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a298013dbdb4c2fd03dd00d73b1e25c072a6870c88b715abcc177c430742d8e4
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1
a9262e4f0004178b2eb384213e53dd3e0c71eb13584d3f6b6dba57437014c1b1
aaae67d76785ca3c10c3ec64930c48342d5ee67f49a7ce60854e38b80b7d0774
ac2429c9dd60bbe0eeab4fb4322667db2a3566125b4a1d772c488381de05b9e6
ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a
ade5e8523b8fd419b5eac06a3c3d881dea4c3b86852fc141c787476c46af8a8c
aea58111c9ed2213f90c3e7f7de388b16831fbdaffe5f0a5527aaa33c715f3da
aff61aadcc94c243e1dd0ff0cb91051de3139cf9ebfc910764e41f0a409f3cbf
b13b4e4fe3e2e2b06dd177c7f8dd5bfca45bc174909e3982befe3cda1f9e38af
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1fc8ce76e9c7372551b22ff3299ffb5b21371501fbbbe3bfa21f22909bd5ac5
b292d06c387f4a735162fe0db8f346c825617b9e0d50248d7bf8e4049b25fe56
b438fcb0b6409866bcf245a57397590528a9db351cceb09953f27f9105069895
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b688092247ab4473189c8ddcfd287b550d914fc1e8857fd56f8bfadc0d25ecd0
b736f3c590f550a31f5c5d2e0ce32c364cda805b06a730adc877dab95d115037
b7aea34ff06f8c7255d9cc46ac175f4051716c9b6a4ac51906dc21f6902ad3be
b927930fac90644d24523c173be181b6ecf87293484531a003184e2cfa4a38d8
bb6615ee877d1bd2ee3ace511b79c163ad852890ddacbadabd603a33f4b2a866
bb7675b559b6b715e1583e5b7267a368f56cb8961a364f5204695d500614bb67
bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c50d4891dca5d3a9dc6706a10197373afe9bd96ae55a10783499214ae65ef305
c7f7c5ee74eee4dc7a4fe83095dcff01b3bff30e7f068ad3535a559d76b34438
c8df879b833b0f6ab35338eb5282763cdcbcdc0b4e288ac7cb8531d90dad8c3e
c91573b72efe80fe702fc50dc1671342387bda7cbe83b6027d00c8fe4056e445
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
caba686e8a0a57536805240ee1ac6b56d9f5b5add5a8bf88fd6ff83d8a860b63
cb999f85fd1d501283263c9716367eb7fca38ef43777df0fa253ee71bdf19565
cc56c196907a23a36a0d76524b31eb59432539344cf734212744adb562621442
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5
cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d6350ccbc96e6f4089866ba29b8e2fcdf961c3c5b428e8611226d39922e1fce0
d660119d70fde473f7720a43fb960d95c8ff46768e67d762f9557179709b8942
d69f2b4ba0b3d3c411bb34844d812afa68128a4ad85f62bb62df1b31fcf05b2b
d6a0e678bddd69cf8c52d5056ebadbb5b1ce59e172bc5eb1b0a8f5aa4acac930
d74e04ab3e34cfe4622ad194e062b4e9f3e10cace748d78c291344fa086d57f5
d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60
dacdec6aa88bb9571d309c295248ee5b202de625eba8aaa232f863ad9ba9fed5
db6c8330efd6e6bfd20dbed90de2e76fe0bac473c76abe90aaa91fac7bb067c6
dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5109e4a33b205d20e33727b3e4e2f80effcf63966f5c50e42c8e3ab0efbaa84
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e59d1b0d96b90e0ca74ce82f5968496fbff52952f5d2db076d6e80f8241131dc
e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0
e8090651b52c256938df2fb0582f24521fe0476939aab81d01b7f31a7ac75beb
eab1145c02ae44ca45370dbdb689a98d1756fe3726fde675886a95730fee691d
eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d
ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f11804d1ef933b0bc1743a89e33afbd528eeda107a6c0c2444be61d739af5a73
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39
f84b072576c74ae653ae11e278fc81652b9adf54c299e3a131f355faa259537e
f8fd679d9f44bca3f206280b3e5601ccbd0a22d9d46be815a98859729a6e57f8
f9f1a664c3a25b3ed6926de216f0ea297044716c138915939d333c0792b5d595
fccddd1e6a8692d3d2e5d6b46551e32b87884f7d62de29057d5ff8558b786333
fe1c4472e5593cbad87e00318338a8c8f7cbb2c140749decc385d00b7861e649
ff15988d9a44878f505e85294f735d8cbc1a19f45b89491a07ed20358dce243a
ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884
ff3aab1b58d4fcef7acc02e44ae8c3b4daccda6ddbac8015ac91e70b260e66d7
ffc93f54f56adb02e7ce36af0a92e7a7d91f3e9f4424f3f34b2eb70cdf87ba82

pcloak.blob.core.windows.net Open in urlscan Pro 20.60.220.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

422 Requests

91 %HTTPS

37 %IPv6

57 Domains

84 Subdomains

67 IPs

12 Countries

23824 kBTransfer

30158 kBSize

40 Cookies

0 Outgoing links

Redirected requests

422 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Screenshot
Live screenshot

Full Image

422
Requests

91 %
HTTPS

37 %
IPv6

57
Domains

84
Subdomains

67
IPs

12
Countries

23824 kB
Transfer

30158 kB
Size

40
Cookies

422 HTTP transactions
10 data transactions