pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Submission: On May 26 via api (May 26th 2023, 11:16:05 pm UTC) from TR — Scanned from DE

Summary HTTP 316 Redirects Behaviour Indicators

Summary

This website contacted 76 IPs in 6 countries across 57 domains to perform 316 HTTP transactions. The main IP is 20.60.220.36, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pcloak.blob.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on March 22nd 2023. Valid for: a year.

This is the only time pcloak.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	20.60.220.36 20.60.220.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NIOBEBILI...) (NIOBEBILISIMHIZMETLERI)
3	94.138.206.83 94.138.206.83	49126 (AS49126) (AS49126)
2	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
40	2a02:6ea0:c70... 2a02:6ea0:c700::19	60068 (CDN77 ^_^) (CDN77 ^_^)
2	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
2	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
20	185.7.176.222 185.7.176.222	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
20	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
26	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
3	13.224.192.181 13.224.192.181	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:20:... 2606:4700:20::681a:8a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.32.119.77 13.32.119.77	16509 (AMAZON-02) (AMAZON-02)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
4	85.111.6.48 85.111.6.48	9121 (TTNET) (TTNET)
1	3.123.171.139 3.123.171.139	16509 (AMAZON-02) (AMAZON-02)
6	2602:803:c004... 2602:803:c004:200::140	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2606:4700::68... 2606:4700::6812:272	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	95.101.149.35 95.101.149.35	16625 (AKAMAI-AS) (AKAMAI-AS)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	185.89.211.116 185.89.211.116	29990 (ASN-APPNEX) (ASN-APPNEX)
5	37.157.4.25 37.157.4.25	198622 (ADFORM) (ADFORM)
1	216.52.2.30 216.52.2.30	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1	2a02:2638:3::7 2a02:2638:3::7	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	185.89.208.11 185.89.208.11	29990 (ASN-APPNEX) (ASN-APPNEX)
15	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
3	2a04:4e42:400... 2a04:4e42:400::485	54113 (FASTLY) (FASTLY)
2	2602:803:c004... 2602:803:c004:200::154	() ()
4	37.157.2.247 37.157.2.247	() ()
1	13.32.121.66 13.32.121.66	() ()
1	76.223.26.175 76.223.26.175	() ()
1	108.138.15.119 108.138.15.119	() ()
2	2600:1901:0:7... 2600:1901:0:76b9::	() ()
8	2606:4700:20:... 2606:4700:20::681a:ad1	() ()
4	2a00:1450:400... 2a00:1450:4001:82f::2004	() ()
5	185.29.134.245 185.29.134.245	() ()
4 14	172.217.18.2 172.217.18.2	() ()
1	23.45.237.121 23.45.237.121	() ()
1	37.157.4.23 37.157.4.23	() ()
2	2a02:2638:d::2 2a02:2638:d::2	() ()
4	23.56.202.187 23.56.202.187	() ()
8	138.201.64.38 138.201.64.38	() ()
2	2.18.233.201 2.18.233.201	() ()
1 2	2620:116:800d... 2620:116:800d:21:ef75:8280:f209:5ba1	() ()
1 5	185.29.134.248 185.29.134.248	() ()
1 2	2606:4700::68... 2606:4700::6812:18ad	() ()
3	15.197.193.217 15.197.193.217	() ()
1	34.96.105.8 34.96.105.8	() ()
2 2	37.157.6.233 37.157.6.233	() ()
2	35.227.252.103 35.227.252.103	() ()
6	2a00:1450:400... 2a00:1450:4001:803::2006	() ()
2	2606:4700:20:... 2606:4700:20::681a:71b	() ()
2 3	52.46.155.104 52.46.155.104	() ()
7 9	69.173.144.165 69.173.144.165	() ()
2 3	52.95.125.22 52.95.125.22	() ()
1 1	2a05:d018:d29... 2a05:d018:d29:3605:f945:6b7b:b26d:656c	() ()
1	2620:1ec:21::14 2620:1ec:21::14	() ()
2	138.201.63.164 138.201.63.164	() ()
2	142.250.186.34 142.250.186.34	() ()
1 1	85.114.159.93 85.114.159.93	() ()
2 4	145.239.193.130 145.239.193.130	() ()
2	2a0b:4d07:101::1 2a0b:4d07:101::1	() ()
2	18.169.125.16 18.169.125.16	() ()
2 2	94.23.99.218 94.23.99.218	() ()
2	54.76.176.197 54.76.176.197	() ()
1	104.102.45.165 104.102.45.165	() ()
2 2	35.186.231.97 35.186.231.97	() ()
2	13.224.189.92 13.224.189.92	() ()
4	2606:4700:20:... 2606:4700:20::ac43:4a81	() ()
1	2a00:1450:400... 2a00:1450:4001:82b::200a	() ()
1	18.66.147.98 18.66.147.98	() ()
1	99.86.4.36 99.86.4.36	() ()
3	52.222.214.123 52.222.214.123	() ()
316	76

4 20.60.220.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pcloak.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NIOBEBILISIMHIZMETLERI, TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 94.138.206.83 (Turkey)

ASN49126 (AS49126, TR)

ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a02:6ea0:c700::19 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

cdn.ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 185.7.176.222 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

static.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c1.imgiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng2.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.192.181 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-192-181.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:8a9 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.119.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-119-77.fra60.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 85.111.6.48 (Turkey)

ASN9121 (TTNET, TR)
PTR: ns2.ttidc.com.tr

cpm.programattik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.123.171.139 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-171-139.eu-central-1.compute.amazonaws.com

prebid-server.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2602:803:c004:200::140 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:272 (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.101.149.35 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-149-35.deploy.static.akamaitechnologies.com

a.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.211.116 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.157.4.25 (Denmark)

ASN198622 (ADFORM, DK)

adx.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.52.2.30 (United States)

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::7 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

feed.pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.208.11 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: prebid.ams3.adnexus.net

prebid.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2602:803:c004:200::154 (None, )

ASN- ()

beacon-fra2.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.2.247 (None, )

ASN- ()

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.121.66 (None, )

ASN- ()

choices.truste.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.223.26.175 (None, )

ASN- ()

de1-bid.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.15.119 (None, )

ASN- ()

ad.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:76b9:: (None, )

ASN- ()

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:20::681a:ad1 (None, )

ASN- ()

as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2004 (None, )

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.29.134.245 (None, )

ASN- ()

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 172.217.18.2 (None, ) 4 redirects

ASN- ()

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.45.237.121 (None, )

ASN- ()

ad.yieldlab.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.4.23 (None, )

ASN- ()

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:d::2 (None, )

ASN- ()

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.56.202.187 (None, )

ASN- ()

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 138.201.64.38 (None, )

ASN- ()

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hal900011.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.201 (None, )

ASN- ()

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:ef75:8280:f209:5ba1 (None, ) 1 redirects

ASN- ()

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.29.134.248 (None, ) 1 redirects

ASN- ()

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (None, ) 1 redirects

ASN- ()

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 15.197.193.217 (None, )

ASN- ()

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (None, )

ASN- ()

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.233 (None, ) 2 redirects

ASN- ()

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.252.103 (None, )

ASN- ()

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:803::2006 (None, )

ASN- ()

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:71b (None, )

ASN- ()

static-de.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.46.155.104 (None, ) 2 redirects

ASN- ()

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 69.173.144.165 (None, ) 7 redirects

ASN- ()

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.95.125.22 (None, ) 2 redirects

ASN- ()

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3605:f945:6b7b:b26d:656c (None, ) 1 redirects

ASN- ()

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (None, )

ASN- ()

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 138.201.63.164 (None, )

ASN- ()

hal90006.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.34 (None, )

ASN- ()

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (None, ) 1 redirects

ASN- ()

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 145.239.193.130 (None, ) 2 redirects

ASN- ()

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a0b:4d07:101::1 (None, )

ASN- ()

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.169.125.16 (None, )

ASN- ()

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 94.23.99.218 (None, ) 2 redirects

ASN- ()

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.76.176.197 (None, )

ASN- ()

ad-server.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.102.45.165 (None, )

ASN- ()

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.231.97 (None, ) 2 redirects

ASN- ()

impfr.tradedoubler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.189.92 (None, )

ASN- ()

img.tradedoubler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:20::ac43:4a81 (None, )

ASN- ()

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (None, )

ASN- ()

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.98 (None, )

ASN- ()

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.36 (None, )

ASN- ()

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.222.214.123 (None, )

ASN- ()

choices.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	doubleclick.net 4 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 184 googleads.g.doubleclick.net — Cisco Umbrella Rank: 34 cm.g.doubleclick.net googleads4.g.doubleclick.net	292 KB
43	ye-mek.net ye-mek.net — Cisco Umbrella Rank: 414703 cdn.ye-mek.net	663 KB
38	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 93 c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 132	503 KB
22	rubiconproject.com 7 redirects prebid-server.rubiconproject.com — Cisco Umbrella Rank: 811 fastlane.rubiconproject.com — Cisco Umbrella Rank: 469 beacon-fra2.rubiconproject.com eus.rubiconproject.com pixel.rubiconproject.com token.rubiconproject.com	37 KB
18	virgul.com static.virgul.com — Cisco Umbrella Rank: 68795 ng.virgul.com — Cisco Umbrella Rank: 62090 ng2.virgul.com — Cisco Umbrella Rank: 67803	231 KB
12	mathtag.com 1 redirects tags.mathtag.com pixel.mathtag.com sync.mathtag.com	9 KB
12	ad4m.at as.ad4m.at ad4m.at	56 KB
12	adform.net 2 redirects adx.adform.net — Cisco Umbrella Rank: 4394 track.adform.net — Cisco Umbrella Rank: 3725 s1.adform.net cm.adform.net c1.adform.net	228 KB
10	redintelligence.net hal9000.redintelligence.net hal900011.redintelligence.net hal90006.redintelligence.net	260 KB
10	amazon-adsystem.com 4 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 286 aax.amazon-adsystem.com — Cisco Umbrella Rank: 387 s.amazon-adsystem.com aax-eu.amazon-adsystem.com	64 KB
9	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 181	478 KB
7	google.com adservice.google.com — Cisco Umbrella Rank: 68 www.google.com	743 B
6	medialead.de 4 redirects pv.medialead.de medialead.de	2 KB
6	2mdn.net s0.2mdn.net	111 KB
5	adsrvr.org de1-bid.adsrvr.org ad.adsrvr.org match.adsrvr.org	197 KB
4	tradedoubler.com 2 redirects impfr.tradedoubler.com img.tradedoubler.com	2 KB
4	ad4mat.net prod-rtb.ad4mat.net static-de.ad4mat.net	8 KB
4	programattik.com cpm.programattik.com — Cisco Umbrella Rank: 54660	565 B
4	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 320 imasdk.googleapis.com — Cisco Umbrella Rank: 437 fonts.googleapis.com	155 KB
4	windows.net pcloak.blob.core.windows.net	3 KB
3	trustarc.com choices.trustarc.com	16 KB
3	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 344	77 KB
3	adnxs.com ib.adnxs.com — Cisco Umbrella Rank: 214 prebid.adnxs.com — Cisco Umbrella Rank: 1505	37 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 9037	818 B
3	4dex.io script.4dex.io — Cisco Umbrella Rank: 1351 mp.4dex.io — Cisco Umbrella Rank: 1975	25 KB
2	ad-server.eu ad-server.eu	624 B
2	webgains.com track.webgains.com	4 KB
2	office-partner.de adv.office-partner.de	931 B
2	openx.net rtb.openx.net	348 B
2	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	1 KB
2	quantserve.com 1 redirects cms.quantserve.com	797 B
2	criteo.net static.criteo.net	59 KB
2	imgiz.com c1.imgiz.com — Cisco Umbrella Rank: 121400	131 KB
2	pghub.io pghub.io — Cisco Umbrella Rank: 1628 feed.pghub.io — Cisco Umbrella Rank: 7466	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 157	89 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 13287	6 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	46 KB
2	cloakan.co www.cloakan.co	1 KB
1	webgains.team cdn.track.production.webgains.team	3 KB
1	webgains.io analytics.webgains.io	31 KB
1	awin1.com www.awin1.com	702 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	586 B
1	linkedin.com px.ads.linkedin.com	645 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com	617 B
1	blismedia.com tr.blismedia.com	174 B
1	yieldlab.net ad.yieldlab.net	400 B
1	truste.com choices.truste.com	10 KB
1	criteo.com bidder.criteo.com — Cisco Umbrella Rank: 723	189 B
1	lijit.com ap.lijit.com — Cisco Umbrella Rank: 597	397 B
1	pubmatic.com hbopenbid.pubmatic.com — Cisco Umbrella Rank: 477	112 B
1	teads.tv a.teads.tv — Cisco Umbrella Rank: 1373	386 B
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 30	21 KB
0	smartadserver.com Failed ssbsync.smartadserver.com Failed
0	3lift.com Failed eb2.3lift.com Failed
0	bidswitch.net Failed x.bidswitch.net Failed
0	emxdgt.com Failed hb.emxdgt.com Failed
0	addthis.com Failed s7.addthis.com Failed
316	57

	Domain	Requested by
40	cdn.ye-mek.net	ye-mek.net cdn.ye-mek.net
20	securepubads.g.doubleclick.net	static.virgul.com securepubads.g.doubleclick.net c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com pcloak.blob.core.windows.net www.googletagservices.com
18	pagead2.googlesyndication.com	static.virgul.com pagead2.googlesyndication.com c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com pcloak.blob.core.windows.net googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net www.googletagservices.com
15	tpc.googlesyndication.com	c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com googleads.g.doubleclick.net ye-mek.net tpc.googlesyndication.com pagead2.googlesyndication.com
14	cm.g.doubleclick.net	4 redirects c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com ye-mek.net googleads.g.doubleclick.net
9	www.googletagservices.com	c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com securepubads.g.doubleclick.net googleads.g.doubleclick.net s0.2mdn.net
8	ad4m.at	as.ad4m.at ad4m.at
8	ng.virgul.com	static.virgul.com ye-mek.net
7	googleads.g.doubleclick.net	pagead2.googlesyndication.com pcloak.blob.core.windows.net googleads.g.doubleclick.net
7	static.virgul.com	ye-mek.net static.virgul.com pcloak.blob.core.windows.net
6	s0.2mdn.net	pcloak.blob.core.windows.net s0.2mdn.net
6	hal9000.redintelligence.net	pcloak.blob.core.windows.net hal90006.redintelligence.net hal900011.redintelligence.net
6	fastlane.rubiconproject.com	static.virgul.com
5	pixel.rubiconproject.com	3 redirects ye-mek.net
5	sync.mathtag.com	1 redirects tags.mathtag.com sync.mathtag.com c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
5	tags.mathtag.com	c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com tags.mathtag.com
5	c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	pv.medialead.de	2 redirects hal90006.redintelligence.net hal900011.redintelligence.net
4	token.rubiconproject.com	4 redirects
4	eus.rubiconproject.com	ye-mek.net eus.rubiconproject.com
4	www.google.com	c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com googleads.g.doubleclick.net
4	as.ad4m.at	c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com as.ad4m.at googleads.g.doubleclick.net ad4m.at
4	s1.adform.net	static.virgul.com track.adform.net s1.adform.net ye-mek.net
4	cpm.programattik.com	static.virgul.com
4	pcloak.blob.core.windows.net	pcloak.blob.core.windows.net
3	choices.trustarc.com	choices.truste.com ye-mek.net
3	aax-eu.amazon-adsystem.com	2 redirects ye-mek.net
3	s.amazon-adsystem.com	2 redirects ye-mek.net
3	match.adsrvr.org	c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com ye-mek.net
3	track.adform.net	static.virgul.com s1.adform.net
3	cdn.jsdelivr.net	securepubads.g.doubleclick.net
3	ng2.virgul.com	ye-mek.net
3	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
3	adservice.google.de	securepubads.g.doubleclick.net pagead2.googlesyndication.com
3	c.amazon-adsystem.com	static.virgul.com c.amazon-adsystem.com
3	ye-mek.net	www.cloakan.co ye-mek.net
2	img.tradedoubler.com	c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
2	impfr.tradedoubler.com	2 redirects
2	ad-server.eu	c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
2	medialead.de	2 redirects
2	track.webgains.com	pcloak.blob.core.windows.net
2	adv.office-partner.de	hal90006.redintelligence.net hal900011.redintelligence.net
2	googleads4.g.doubleclick.net	pcloak.blob.core.windows.net
2	hal90006.redintelligence.net	hal9000.redintelligence.net hal90006.redintelligence.net
2	static-de.ad4mat.net	as.ad4m.at
2	hal900011.redintelligence.net	hal9000.redintelligence.net hal900011.redintelligence.net
2	rtb.openx.net	c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
2	c1.adform.net	2 redirects
2	cms.quantserve.com	1 redirects c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
2	pixel.mathtag.com	tags.mathtag.com
2	static.criteo.net	static.virgul.com static.criteo.net
2	prod-rtb.ad4mat.net	pcloak.blob.core.windows.net googleads.g.doubleclick.net
2	beacon-fra2.rubiconproject.com	pcloak.blob.core.windows.net ye-mek.net
2	c1.imgiz.com	static.virgul.com c1.imgiz.com
2	adx.adform.net	static.virgul.com
2	ib.adnxs.com	static.virgul.com
2	script.4dex.io	static.virgul.com script.4dex.io
2	connect.facebook.net	ye-mek.net connect.facebook.net
2	images.dmca.com	ye-mek.net
2	www.googletagmanager.com	ye-mek.net adv.office-partner.de
2	ajax.googleapis.com	ye-mek.net s0.2mdn.net
2	www.cloakan.co	pcloak.blob.core.windows.net
1	cdn.track.production.webgains.team	c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
1	analytics.webgains.io	track.webgains.com
1	fonts.googleapis.com	hal90006.redintelligence.net hal900011.redintelligence.net
1	www.awin1.com	c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
1	dsp.adfarm1.adition.com	1 redirects
1	px.ads.linkedin.com	ye-mek.net
1	pr-bh.ybp.yahoo.com	1 redirects
1	tr.blismedia.com	c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
1	s.tribalfusion.com	c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
1	a.tribalfusion.com	1 redirects
1	cm.adform.net	googleads.g.doubleclick.net
1	ad.yieldlab.net	googleads.g.doubleclick.net
1	ad.adsrvr.org	pcloak.blob.core.windows.net
1	de1-bid.adsrvr.org	pcloak.blob.core.windows.net
1	choices.truste.com	pcloak.blob.core.windows.net
1	imasdk.googleapis.com	c1.imgiz.com
1	prebid.adnxs.com	static.virgul.com
1	feed.pghub.io	pghub.io
1	bidder.criteo.com	static.virgul.com
1	ap.lijit.com	static.virgul.com
1	hbopenbid.pubmatic.com	static.virgul.com
1	a.teads.tv	static.virgul.com
1	mp.4dex.io	static.virgul.com
1	prebid-server.rubiconproject.com	static.virgul.com
1	pghub.io	static.virgul.com
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	www.google-analytics.com	www.googletagmanager.com
0	ssbsync.smartadserver.com Failed	c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
0	eb2.3lift.com Failed	c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
0	x.bidswitch.net Failed	c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
0	hb.emxdgt.com Failed	static.virgul.com
0	s7.addthis.com Failed	ye-mek.net
316	94

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2023-03-22` - `2024-03-22`	a year	crt.sh
cpanel.cloakan.co R3	`2023-05-03` - `2023-08-01`	3 months	crt.sh
www.ye-mek.net RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-11-29` - `2023-07-07`	7 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
1099124734.rsc.cdn77.org R3	`2023-04-04` - `2023-07-03`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
images.dmca.com R3	`2023-05-13` - `2023-08-11`	3 months	crt.sh
*.virgul.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-24` - `2023-09-28`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-03-05` - `2023-06-03`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
script.4dex.io Cloudflare Inc ECC CA-3	`2022-11-23` - `2023-11-22`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
*.google.de GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
*.programattik.com GeoTrust RSA CA 2018	`2022-10-25` - `2023-10-25`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-31` - `2023-08-31`	a year	crt.sh
teads.tv R3	`2023-05-11` - `2023-08-09`	3 months	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2022-06-27` - `2023-06-05`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-12` - `2023-08-10`	3 months	crt.sh
*.imgiz.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-27` - `2023-09-09`	a year	crt.sh
prebid.adnxs.com GeoTrust TLS RSA CA G1	`2022-05-26` - `2023-06-26`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
*.truste.com Amazon RSA 2048 M02	`2023-02-28` - `2024-01-16`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
prod-rtb.ad4mat.net GTS CA 1D4	`2023-04-09` - `2023-07-08`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
*.mathtag.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-30` - `2024-04-29`	a year	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-24` - `2023-06-18`	3 months	crt.sh
redintelligence.net R3	`2023-04-10` - `2023-07-09`	3 months	crt.sh
pixel.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-05`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-04-12` - `2023-07-11`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
pv.medialead.de R3	`2023-04-15` - `2023-07-14`	3 months	crt.sh
adv.office-partner.de R3	`2023-05-01` - `2023-07-30`	3 months	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
*.webgains.io Amazon RSA 2048 M02	`2023-03-02` - `2023-09-21`	7 months	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M01	`2023-02-28` - `2023-10-28`	8 months	crt.sh
*.trustarc.com Amazon RSA 2048 M02	`2023-04-17` - `2024-05-14`	a year	crt.sh

This page contains 38 frames:

Primary Page: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Frame ID: AAD55422A29C984CF49B5B3BF5DEEBCB
Requests: 6 HTTP requests in this frame

Frame: https://ye-mek.net/
Frame ID: 6C31FDCAFF24269B938D0C8F96EE2CDF
Requests: 117 HTTP requests in this frame

Frame: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Frame ID: AD4BCFC6B1F1101EFE0BFA3289CEFF97
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230523/r20190131/zrt_lookup.html
Frame ID: 492D2BE8F68454A2013053325F3BF538
Requests: 1 HTTP requests in this frame

Frame: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 696C1CEE32D21EC96EA7260B4A48AD4B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685142958233&bpp=4&bdt=819&idt=396&shv=r20230523&mjsv=m202305240101&ptt=9&saldr=aa&nras=1&correlator=285619391144&frm=24&ife=1&pv=2&ga_vid=1177810583.1685142958&ga_sid=1685142959&ga_hid=1330668805&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31074911%2C44788441%2C44792645&oid=2&pvsid=2833400146064414&tmod=612573993&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.vwsz76kq7m00&fsb=1&dtd=419
Frame ID: DE7EA0B61CE782157E775DBB26347C03
Requests: 1 HTTP requests in this frame

Frame: https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D
Frame ID: 5D005211A55460E9A8AF5C540A5F89BE
Requests: 1 HTTP requests in this frame

Frame: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 256A3EE62648A8178AB63CFD4813EC02
Requests: 12 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuUFeNnm8OgLLC6lQ_IHAkUSGURiRd9vZ2u4cuFg9Xm2DPu0qmhvzKZiC0SG0WwIaiVu6BkkW5STLUu3P3Tn-fL9NFBOHbfI_sgezBZ4HqsKvWmQJLw-7WHr9Ol1FOIPJt2O0ItXRWp283r9Uoyn5ZusEJmLuQIjL3HpeLa00p2t0VUfxKpvn6_l3Q7-vAqKCftvPafzL2KFff93AxdZ9L4WKRQp8D6sK2IjXU7aCHja9zAAnGb-XBO8TVYnCeVKG70eM0OwXLT04nfVr0nGJywd6IoieQ1fUvVxhXY67e17AQHoqxdpv7MfU0lFvxZIxFHIbaeXK4LTkPvGD8&sai=AMfl-YSR4nbOnNdsXTz5V0BSdgYewn6Lg8jf6JtCVacEtfgfVn8psl3qUaFnRqH2u2BedehYCoRPbePSVW-ajnvEQkbZWfgZENIjfi5Jvp3hIDHfw7ZERzvV3jFOZs00Og&sig=Cg0ArKJSzL-4jDcWx-LyEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 197C96F953E0309F4BF944B1C2A8CAE7
Requests: 19 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvKxLdPDuCoix8yf4uX8SDrCGjE-LXaeBFKzJ7KvfWgjFpWrO8qrYLHNHlMpE0oPEdx_KwL0TA_6OCNO9QbE6QB0Ipr0yeUPdmunrJBRQAO6TS3gs5E6mfYCMEtn0nG4dBZPLt7Kzcz2TSKg46wRfuMWIcFS2bA1O8RG_5wgkRLKnuUyUGSkC4v63hi7JZvoZ6pkSg9EY6E5WHGU61SIg4O17Yp65XAcY7QjRNHjAOL6UKBHOZLqZ53RqvnK0MQ1IjepuiBJ7SupdKpM1cxF7Q9w8ehfFKHepm_7nfXQaNSf08kKo_njrVbjVrgYp-4HagUc6bwOU4ZKCoa3Qi-J23PiAf3JUt1fZ0IqNEmSS76&sai=AMfl-YRXukjfP4PszmPjgDX50FEDnWU1qQ2sOQxIxJUHW43SkYQ55fVobZ4FPNqYu90eRXgRbscG_dpfsnxDg80Ui7Wqs-UxFVxtNUmpeAaSWB0LYatxhfFYHABBnaluIA&sig=Cg0ArKJSzPiQTNpTOGkCEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: F8C52638FCE6B3F1E8E44D20CD6BDBD2
Requests: 13 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstgjxPHhAyvh8LLCVO94cyKJx21mxoqtAbtpRNaFGjGUI63-nxjxeff90o4O4cBzFpqsSbHSmGWBKis5XtKuzBsqamyx0vU8X3Fiyt2dNUff4L8MOn6WT6MDB4DaYC1Cs5weFCTsUxMY5ljNW0dTe58_Mk8vzDNg-6MIcv855Y74S1zzzesCRhXAA-Bvon-up45t_e2aJ7fONnqw1gpfed_nhovakEII-10PfhdeGuX8RQfxl16toiZ5ivdjQysos-86vjo1C2qrAhuuIhCT0zFke91w6OrRutnKKDwE9XUv4Xb-NabH78KnTVXY9BzKrDbY-xHk94lfw-vCu0&sai=AMfl-YTZDmLKguapbxqh_gZRVllYKoLUZxARXbpQf6OukR_itw14D9ogbAqxFXC9geBabWG4avQ9RsZkIk-zRpJk--0lMUNDdVu8EJE1Ly1r7NXajf5Ntwx8oOif8eMCdA&sig=Cg0ArKJSzGSV9MhePv2SEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 74701AA6C606D20246C8DAD844B9FD15
Requests: 13 HTTP requests in this frame

Frame: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 39419F93EB4CB272431D8FDEEFFD248F
Requests: 9 HTTP requests in this frame

Frame: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: C980053728FA2F487EDD50B658463421
Requests: 17 HTTP requests in this frame

Frame: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: E51B8897AD98EA3FEBC9AC30413AE09C
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-dzjwAEwAQ&v=APEucNXsr_vrCKGy2rTCRwqWKMoNvu2ow7MdEjpvU987cyjeUHSq5GsaYKgqCdWDJDzrpn9oVJQZ4Zf6iFrjtrfIYgNOR-gy7Vj5IaTNDnrQzHjDNo47_jokI5KGL5kGyAP8YZM39Bs8SmyTjc46rvPQJM9jRX6kSgTL5OIggvkzG8WJnw-mrkY
Frame ID: E2DC823BA98BAAD8666804164383ACE9
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407250215&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685142959434&bpp=18&bdt=240&idt=380&shv=r20230523&mjsv=m202305230101&ptt=9&saldr=aa&nras=1&correlator=4147856985454&frm=8&ife=1&pv=2&ga_vid=372334874.1685142960&ga_sid=1685142960&ga_hid=1691016324&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1257201828&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759842%2C44759927%2C44788442%2C44789779&oid=2&pvsid=2476697498375493&tmod=1504218110&uas=0&nvt=1&fsapi=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.137mk5572zic&fsb=1&dtd=416
Frame ID: D5438C37696D9F047F892FF6F1516E7B
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1gb5bn62ae8zcm5af7pfvbzhe45mv08fs5e8kt3cwgzf6vrg7bxhjnjykys6fe7m8xynjgnsvfz94xcc1eyh84h1xg641m0jpwhhsk0v5n34dzm75w5rxppqx85j8xmq5qpm22gevtc2nhrgf0ttr4ycgvm3geqgz0ykeftt1a8xtakpdctb4bx5sga52ng87fwk35asbbq12sjkpqx7z1dhrv8dd5pypn9asmx4nc0qb5ntq7cem1sb7qkbz8bb8zw91r3mcqt3fh5agkqvk6awdat00fy7deykrgne86scnvv48793ke5767z5n30yx0a17n7e7yqxvjv3zz5xczqkfvc4jq230gjeessa878hsgswfjz13jn19qp34ghkjjeekk8g2tkywhmxnd0gjyrkk4xfyx91wm2jcsfftfj5fzb1wjzfq3k5sv85k521dsr1xmj8&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCHkPurz1xZNbJEMOi7gPCxI7wA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQmpAnf2uKOa_rE-4AIAqAMByAMCqgSkAk_QnhUfiOv4hrYFZRmSZDbQ9YY56V1VmA5lOB16INHOcFHUpwJlGbpJoWErEMcbtLlbrfo9qRe7xrEPwlf5ugG5IWDWewpGsp2f53pvbpUPRh_VgPujYoZDh5zq8h0xLjy9H_ArNedIPQAVbueaI-V8LdahJCkH9O_sCshHG2WBZZiTm16egMU9VwkDfImsOeQRZN2jBN3-IW8vlIljc2IRtSNi0_u1wfzLU-ajw5NV0HTjv02Bd3jEunp7_fjBNaWROZBDeXbhkFgHXpbq0BPoL9OFsUNEvOxCAAnrwyK-d_7BsWfHp1BsDzUaxpSK5ZjpUGAJnW_dQZIu98r76n3wjXIph8oHkxxEa2xRDqbL5hIAZ6YIYpMZiOS2A6pwr-DQVL7gBAGABrnqssHX0466vgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA8ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2rOzCMougoFrqDlJZntzd_XRSTVA%26client%3Dca-pub-7983651257838282%26adurl%3D
Frame ID: 905F84722976CD970D4431E807F2CB1D
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: AC5439EAC0099FCE7D8123CE9E11CFEB
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685142959452&bpp=4&bdt=259&idt=460&shv=r20230523&mjsv=m202305230101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=4147856985454&frm=8&ife=1&pv=1&ga_vid=372334874.1685142960&ga_sid=1685142960&ga_hid=1691016324&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1257201828&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759842%2C44759927%2C44788442%2C44789779&oid=2&pvsid=2476697498375493&tmod=1504218110&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.cxiv9ygyii7p&fsb=1&dtd=480
Frame ID: D5E22632F6B91B4F141323BD2C71C309
Requests: 8 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Frame ID: 1AE0AC8DCEFCE061494B8D7554292F19
Requests: 10 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1hbpc5zx0h9jndag5vkm6baw75apxxwjsvcykhzjppg66mnre8pb1ee36rv636kp1hmfhwxkn40hrpqje0t6n6a8bpfpxjh275536agvqs9zaaak6j0tq9tetbrssr9tbqg4b1aktgtmc00pc62y54b5v82xsgvty4c25915ejx1m7yf5mtdywbrewtq782j0vkt8qvw60afx544akxq2ajh3j90q63g6brh4s2fbrkv9df2e7bwk2tmrqgrjfa66jbrna6p8mg2a8r71d1ejnd6h7dg0qc8f5wa8fz7c13gfm1042f4scskachvckdp5hksfrjkavxe1h8b1kc6wk96nym04yneajyh0xt8jqfkzy2gkn54fyf9zfqa7avt16wry7exn1cwc1h1g0s3rpjrngtn6vszps7mwr34k93818qvmcmg&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC36zbsD1xZLK5B4i0ZfaolqAJkOGBhFy2qMKK8ALAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNjU5MzUyMzIxMDAxMDE1NMgBCakCd_a4o5r-sT6oAwGqBNUBT9BMnBQEHL-EinYrZrSSLiiDP34GuCovotDbQR84WaS7pLIHZC9_QtenFd9tSVbPGqiHw_JG4_qeMuvuUEqigeUlWdggk9muJFMOgiqmGlnxbupxIuumvfWrqGw8EG0O2xojgVrO397fBaASimTg5F5ULnnm0PFnQJGxEtB-OF4n1OazsGp4ms0ypbmBA4lWbUtIJhRv6pJl2UVeh9jLAnZQqQIHEWgyHlc8WuPZBucUh01EM203vqK0yMLPYJkrySLxboPsZngYv664ttJQuHeL_c8-gAaCho6y_LDZlvoBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1ylhGBoPGQ6NQMstrqYvTjh8bEVg%26client%3Dca-pub-6593523210010154%26adurl%3D
Frame ID: 92DA3459431772E393EE3874E739E1CD
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 817141897D091231C30738C62632348C
Requests: 5 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 55E4BFFA54F548DC68A12E7A226C152A
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Frame ID: 1CFAE4E28A754E2A1E6569DA2DD627CB
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=F8hviuhgl8&t=1&renderingType=2&ev=01_250
Frame ID: EC0F2EB6DD2570E4FED93DA0AB905352
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F14C8C6C77AD6C032F3C62FBEB4FF035
Requests: 2 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 6DA128217853D53894B35651F349C977
Requests: 1 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=17458800004130100951403012337006&gdpr=1&gdpr_consent=li
Frame ID: D991A9256E30B5C14101EE4B640B369C
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 858E2A7E3C6D94A5D78C6FE81126BADB
Requests: 2 HTTP requests in this frame

Frame: https://hal90006.redintelligence.net/request_content.php?s=17458800004130100951403012337006&a=2b35cfd5
Frame ID: 3912182E6492A870D2E918E44DA2E66D
Requests: 6 HTTP requests in this frame

Frame: https://sync.mathtag.com/sync/iframe?mt_uuid=3c576471-3db0-4501-a31d-c8cce6968c79&no_iframe=1&synclist=4&mt_lim=1&type=1&source=bidder
Frame ID: D6B33ED2000322B0DA55EB4108F8712F
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 823F5638818114E716346805CA54CA33
Requests: 9 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=63574300002816900951389012337011&gdpr=1&gdpr_consent=li
Frame ID: 1D5FB66798472BF8A1ABC6238B4B0158
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 39FCC3DE119915A5DF1C4ED2464AAB71
Requests: 2 HTTP requests in this frame

Frame: https://hal900011.redintelligence.net/request_content.php?s=63574300002816900951389012337011&a=168bc11c
Frame ID: 86253D1E9651D7DDCAC3724551072AF5
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 809082E9751BACCEA7ACD32EAEAD5F94
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=14019%2C23576%2C195017&b=V8Xuwfr7H1zMSVHbHAtRtE9bhkTzT46hQ%2CYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C71gSqfWBsj2ZKtrHXHgtAtVVZCGT1TKqCM&f=m8ruefe8CweqsmHZHZtQCJGjTDTwT6rHA%2CqDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CEbGSDfqQSE1QkCzHAHjt6C44bfqTVT1dc7&c=728&d=90&e=&g=71f4e760a01b4d270fcb3df73c1b5c1c%2F17295789925511898489&i=21596%2C20774%2C20773&j=16%2C14%2C14&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1685142961690&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jxky6q7e997zqqnbyv4ny06rm3r98ekgyhkm064bhzd7t4vcky7rrg77dcmbfta1z6gs9945jmgmk6bgnqhxe0rk3zpwjby1xbacyk6w0s165a9cqyva84kz1k50jrbjmxveqzyk60nb9tf141z6qgckv9nhj4veyrahteysrgn2stcp30k10e93pfb9j3p8579x8g7an54hqa86h5erkdpav7079cwjxtsj2433b2zf7ze08svn5n7t07p4zyb4yvrxaqx1667c125fvng%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC36zbsD1xZLK5B4i0ZfaolqAJkOGBhFy2qMKK8ALAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNjU5MzUyMzIxMDAxMDE1NMgBCakCd_a4o5r-sT6oAwGqBNUBT9BMnBQEHL-EinYrZrSSLiiDP34GuCovotDbQR84WaS7pLIHZC9_QtenFd9tSVbPGqiHw_JG4_qeMuvuUEqigeUlWdggk9muJFMOgiqmGlnxbupxIuumvfWrqGw8EG0O2xojgVrO397fBaASimTg5F5ULnnm0PFnQJGxEtB-OF4n1OazsGp4ms0ypbmBA4lWbUtIJhRv6pJl2UVeh9jLAnZQqQIHEWgyHlc8WuPZBucUh01EM203vqK0yMLPYJkrySLxboPsZngYv664ttJQuHeL_c8-gAaCho6y_LDZlvoBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1ylhGBoPGQ6NQMstrqYvTjh8bEVg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0
Frame ID: 3B1B6612EEE6BFBDA8917F6862C3FF44
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=117569%2C19877%2C15579&b=JMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eY%2Cek8a3fVfkbrajHZHet1t445HwSQTKKMsJxEG%2Cbk8aQfZfeDWSYHbHztKt1d8fbSJTMMZHKqQP&f=G1rtBfpf6g8PcKHeHGtBC7qzTZSYTJJkCQV5M%2CD13t3fwfApGU3HmH9twCZZJSxSmTYYQSZMQg%2C3qjcpf4fkY8T7HrHAtXC1E7fPSWTKKMsg2Y3&c=728&d=90&e=&g=915090b5ba1fc39b3691c60bd1dda0e8%2F2756910361821184742&i=29981%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach121_BESTPERFORMER&r=1685142961692&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j52fyfz7rq78nz755wstrbn98tz0j86m948t7ykwct8g5dee25m4njyfsj5g4btb7bjtfp0d726m47g9cxsjcq1bpzmqdq27wck5acfdvt6jzbshzz03398csvmj9zb0bx2cbaj2bpb0f5zzq7fhx1ebtm0g3t637wf0xm7ngc7pjcbc03krd0jnq902w0ehze36172ydk0gfj22tjf6mwtzrk051derw67dk3sbkah87t7apnatnxf28nhss0g2j6z0fc7w7kamepzjq8d9nck%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCHkPurz1xZNbJEMOi7gPCxI7wA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQmpAnf2uKOa_rE-4AIAqAMByAMCqgSkAk_QnhUfiOv4hrYFZRmSZDbQ9YY56V1VmA5lOB16INHOcFHUpwJlGbpJoWErEMcbtLlbrfo9qRe7xrEPwlf5ugG5IWDWewpGsp2f53pvbpUPRh_VgPujYoZDh5zq8h0xLjy9H_ArNedIPQAVbueaI-V8LdahJCkH9O_sCshHG2WBZZiTm16egMU9VwkDfImsOeQRZN2jBN3-IW8vlIljc2IRtSNi0_u1wfzLU-ajw5NV0HTjv02Bd3jEunp7_fjBNaWROZBDeXbhkFgHXpbq0BPoL9OFsUNEvOxCAAnrwyK-d_7BsWfHp1BsDzUaxpSK5ZjpUGAJnW_dQZIu98r76n3wjXIph8oHkxxEa2xRDqbL5hIAZ6YIYpMZiOS2A6pwr-DQVL7gBAGABrnqssHX0466vgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA8ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2rOzCMougoFrqDlJZntzd_XRSTVA%2526client%253Dca-pub-7983651257838282%2526adurl%253D&y=1&s=&z=0
Frame ID: 49773A37BE08654057DCF0320514768E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

googleapis\.com/.+webfont

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

316
Requests

89 %
HTTPS

39 %
IPv6

57
Domains

94
Subdomains

76
IPs

6
Countries

3857 kB
Transfer

8994 kB
Size

12
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 172

https://cm.g.doubleclick.net/pixel?google_nid=yieldlab&google_cm&google_dbm HTTP 302
https://ad.yieldlab.net/m?dt_id=52&ext_id=CAESELxnGJddX7elH6ZaM9IZ8V0&google_cver=1

Request Chain 173

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_dbm HTTP 302
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOcumol0-L_WgWfqJXUYL5M&google_cver=1&adform_v=1

Request Chain 193

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESECF-vdfxC9P_0Pg73eJYcuo&google_cver=1&google_push=ATf1kGNtZqz5HVlM0mr-Tz-34BlnvZ2Lh3gPcQRYISStb2O1ILxt98CHz0leRy50p1ovV5yUHBXx9W_P__u_PwdQNO2ou4qLvBWBKg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=PFdkcT2wRQGjHcjM5paMeQ&google_push=ATf1kGNtZqz5HVlM0mr-Tz-34BlnvZ2Lh3gPcQRYISStb2O1ILxt98CHz0leRy50p1ovV5yUHBXx9W_P__u_PwdQNO2ou4qLvBWBKg

Request Chain 194

https://a.tribalfusion.com/i.match?p=b6&u=CAESEPPu5w3wQdNctklUBGo03bM&google_cver=1&google_push=ATf1kGMSGbVWqXwDPs3FAr5Hyl-cH2hcZFVE7LuTv_NdHlGnPZvK7-o2ncv3wBY-ouxHEwbkECFUPzjCEgc9NoXJC-1FFjH1T1wHRg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGMSGbVWqXwDPs3FAr5Hyl-cH2hcZFVE7LuTv_NdHlGnPZvK7-o2ncv3wBY-ouxHEwbkECFUPzjCEgc9NoXJC-1FFjH1T1wHRg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPPu5w3wQdNctklUBGo03bM&google_cver=1&google_push=ATf1kGMSGbVWqXwDPs3FAr5Hyl-cH2hcZFVE7LuTv_NdHlGnPZvK7-o2ncv3wBY-ouxHEwbkECFUPzjCEgc9NoXJC-1FFjH1T1wHRg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGMSGbVWqXwDPs3FAr5Hyl-cH2hcZFVE7LuTv_NdHlGnPZvK7-o2ncv3wBY-ouxHEwbkECFUPzjCEgc9NoXJC-1FFjH1T1wHRg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 197

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEMk_NkyIcKUwTEzZqGDvtKk&google_cver=1&google_push=ATf1kGMA3srE_Y7QAoI7lU99xKS6dv0dUl-78vAVa8SxXPlgSmmT8d-bPudOWLucfNfg7ermW0pC4yllCDkYpCPI9jtA2Wk1vkgxlg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODI5MzQwMzk2MzY3NDg4ODI0Ng&google_push=ATf1kGMA3srE_Y7QAoI7lU99xKS6dv0dUl-78vAVa8SxXPlgSmmT8d-bPudOWLucfNfg7ermW0pC4yllCDkYpCPI9jtA2Wk1vkgxlg

Request Chain 230

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=oE0Y336SQP2OuYk5xEiwAw&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=oE0Y336SQP2OuYk5xEiwAw

Request Chain 231

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=annRYCwiQJ-qHI1uliGSDQ&rk=usync-other HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=annRYCwiQJ-qHI1uliGSDQ

Request Chain 232

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMqh3iTIAdlNgM2c2jEZvzM&google_cver=1

Request Chain 233

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TEk1NkxXTFctWS1FVEpZ HTTP 302
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEC67DTpfhxVV-v-rg-d4dts&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEk1NkxXTFctWS1FVEpZ&google_push=

Request Chain 234

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/nfY9Dur2lwM6Rc76vZIPNQ?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-5rxJDNhE2oJlhtb1vkkq79Os6t4vhDihVRStgQ--~A

Request Chain 235

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LI56LWLW-Y-ETJY

Request Chain 236

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ODlmOWM4MGI3ODVkY2E1NTkyZDQ4ZGNjNWFhYmQxYzgyOGFmYmFkZA

Request Chain 246

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEBVaZon4vrEhR6pi1MM9WFI&google_cver=1&google_push=ATf1kGOzFwzuPcWOHR6DsIun98HD_TG6AQr8XQyGnz79pjTGmccn8qlSBD5ifxXjMPqEBUO7R_6xPMBZ89KiiRguS8UIcjeyGe4lyw HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGOzFwzuPcWOHR6DsIun98HD_TG6AQr8XQyGnz79pjTGmccn8qlSBD5ifxXjMPqEBUO7R_6xPMBZ89KiiRguS8UIcjeyGe4lyw&google_hm=zMn3J4GD1ytU0IlqFqZdbA

Request Chain 247

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEGsEPjf_pCLDjovgoatDcIQ&google_cver=1&google_push=ATf1kGMT6EDi9mRUdSg8CFQEgjRawNsQEzvuwwNDvigdnaxzp6VsABIhh3YJZOERDc_D3rlXPdNktQw7BNJPMFJX5vK7j69jqagJ_Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIzNzYzMzkwMjMwMjY1NjY2Mg%3D%3D&google_push=ATf1kGMT6EDi9mRUdSg8CFQEgjRawNsQEzvuwwNDvigdnaxzp6VsABIhh3YJZOERDc_D3rlXPdNktQw7BNJPMFJX5vK7j69jqagJ_Q

Request Chain 248

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDYcypaQi0FuCPQX4F5on9A&google_cver=1&google_push=ATf1kGMjMuwE4l5G47Z1E_4TmaTO_vKOzUuFRFfhc4b1tIQ-vNyvDjD-2UMU7-JF9C78rvO15YP-64U7tH2uatwv2SCXJPvIok9evw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODI5MzQwMzk2MzY3NDg4ODI0Ng&google_push=ATf1kGMjMuwE4l5G47Z1E_4TmaTO_vKOzUuFRFfhc4b1tIQ-vNyvDjD-2UMU7-JF9C78rvO15YP-64U7tH2uatwv2SCXJPvIok9evw

Request Chain 262

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=17458800004130100951403012337006&gdpr=1&gdpr_consent=li HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=17458800004130100951403012337006&gdpr=1&gdpr_consent=li HTTP 302
https://ad-server.eu/wm/pb/native.png

Request Chain 264

https://impfr.tradedoubler.com/imp?type(inv)g(24495172)a(1565155)epi(17458800004130100951403012337006)443468054 HTTP 302
https://img.tradedoubler.com/images/inv.gif

Request Chain 283

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=63574300002816900951389012337011&gdpr=1&gdpr_consent=li HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=63574300002816900951389012337011&gdpr=1&gdpr_consent=li HTTP 302
https://ad-server.eu/wm/pb/native.png

Request Chain 284

https://impfr.tradedoubler.com/imp?type(inv)g(24495172)a(1565155)epi(63574300002816900951389012337011)620649888 HTTP 302
https://img.tradedoubler.com/images/inv.gif

Request Chain 308

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEGsEPjf_pCLDjovgoatDcIQ&google_cver=1&google_push=ATf1kGNX66SIKurYq8PAWSv5N0xecK2PURlHlX1cn_d035H2aWsRlwmMVHa2zF5lmWeVLU_GsGrFLjNQn70oGLsuk98qImBPxog HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIzNzYzMzkwMjMwMjY1NjY2Mg%3D%3D&google_push=ATf1kGNX66SIKurYq8PAWSv5N0xecK2PURlHlX1cn_d035H2aWsRlwmMVHa2zF5lmWeVLU_GsGrFLjNQn70oGLsuk98qImBPxog

Request Chain 309

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEGen015pdKFE36mHTNG1vYY&google_cver=1&google_push=ATf1kGNbuDE9E_Wbmz9Ny2TYD9rOhhKm8ULsEscSzEZeNh0xQfcJieE2QN_jtGfnkcl7Yqh2Xz7vUmtxhCW9FHQOzMZ7PWPqVA HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEGen015pdKFE36mHTNG1vYY&google_cver=1&google_push=ATf1kGNbuDE9E_Wbmz9Ny2TYD9rOhhKm8ULsEscSzEZeNh0xQfcJieE2QN_jtGfnkcl7Yqh2Xz7vUmtxhCW9FHQOzMZ7PWPqVA

Request Chain 311

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEHCUPHUuQZjrrDFQ_wCrzt4&google_cver=1&google_push=ATf1kGOQ2TskGb1Sv1spNY-2Nuqm138JcGVSQQxQnKGepLNjP83QfR3IhbmcNI_gFmS6ZhugxTpqvtx3eHx3SSIYeURm0lfmANw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOQ2TskGb1Sv1spNY-2Nuqm138JcGVSQQxQnKGepLNjP83QfR3IhbmcNI_gFmS6ZhugxTpqvtx3eHx3SSIYeURm0lfmANw

Request Chain 312

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEO_QL9-t2WbQ0vm6uhCueww&google_cver=1&google_push=ATf1kGPtQUuEhykKRCwDHcrEDi78qNx3KMYuwdE43at6AIdD3ruptcXtmip1fEf8rlwgvPimo_7xnNGOIfZbOzAVRgPHXChEP24 HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=ATf1kGPtQUuEhykKRCwDHcrEDi78qNx3KMYuwdE43at6AIdD3ruptcXtmip1fEf8rlwgvPimo_7xnNGOIfZbOzAVRgPHXChEP24&google_gid=CAESEO_QL9-t2WbQ0vm6uhCueww

316 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 6x6uf5z9e3262.html Show response
pcloak.blob.core.windows.net/web/ 1 KB
2 KB 433ms
103ms Document
text/html 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 22fee539734d38c9e84e3982188b21bafc9457236279a136ce1b3b9d55667437

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 1324
Content-MD5: XPHdOVCmWyxrVVstkB9xGw==
Content-Type: text/html
Date: Fri, 26 May 2023 23:15:55 GMT
ETag: 0x8DB304DFD1C41BC
Last-Modified: Wed, 29 Mar 2023 12:06:12 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 07abfc79-c01e-0053-0e28-906139000000
x-ms-version: 2009-09-19

GET
H/1.1 404
The specified blob does not exist. jquery.min.js
pcloak.blob.core.windows.net/web/ 0
0 95ms
95ms Script
application/xml 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/jquery.min.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-ms-request-id: 07abfcf1-c01e-0053-7a28-906139000000
Date: Fri, 26 May 2023 23:15:55 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 200
OK cloakan.js Show response
pcloak.blob.core.windows.net/web/ 308 B
717 B 291ms
97ms Script
text/javascript 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 26 May 2023 23:15:55 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: zPiKctHo6j8i1UGOFPpInw==
ETag: 0x8DA4D4A263C11C2
Content-Type: text/javascript
x-ms-request-id: 07abfda3-c01e-0053-2028-906139000000
x-ms-version: 2009-09-19
Content-Length: 308

GET
H/1.1 200
OK style.css
pcloak.blob.core.windows.net/web/ 166 B
568 B 193ms
98ms Stylesheet
text/css 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/style.css
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 26 May 2023 23:15:55 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 9ruAIrm4XHnQO3/sM8J0AQ==
ETag: 0x8DA4D4A26527CA0
Content-Type: text/css
x-ms-request-id: 07abfd51-c01e-0053-5528-906139000000
x-ms-version: 2009-09-19
Content-Length: 166

GET
H2 200 px.php Show response
www.cloakan.co/ 743 B
681 B 235ms
101ms XHR
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/px.php?id=6x6uf5z9e3262
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:52 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 404

GET
H2 200 nv.php Show response
www.cloakan.co/ 232 B
385 B 213ms
96ms Script
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/nv.php?id=6x6uf5z9e3262-m
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:53 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 112

GET
H2 200 / Show response
ye-mek.net/ Frame 6C31 77 KB
77 KB 198ms
54ms Document
text/html 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/
Requested by: Host: www.cloakan.co
URL: https://www.cloakan.co/nv.php?id=6x6uf5z9e3262-m
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 976a0a8811d8382ae20de2c8145bbe6337a77f2682a7f3dea6a2d9b979adb024

Request headers

Referer: https://pcloak.blob.core.windows.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-length: 78876
content-type: text/html; charset=utf-8
date: Fri, 26 May 2023 23:15:57 GMT
expires: -1
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame 6C31 90 KB
33 KB 140ms
38ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 24 May 2023 18:01:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 191639
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33018
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 May 2024 18:01:58 GMT

GET
H2 200 yemeknet.js Show response
ye-mek.net/js/ Frame 6C31 10 KB
2 KB 83ms
83ms Script
application/javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/js/yemeknet.js?v=1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Fri, 26 May 2023 23:15:57 GMT
content-encoding: br
last-modified: Tue, 20 Aug 2019 13:15:54 GMT
server: Microsoft-IIS/10.0
etag: "0a144655957d51:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=691200
accept-ranges: bytes
content-length: 2179

GET
H2 200 maincss.css
cdn.ye-mek.net/ Frame 6C31 40 KB
12 KB 31ms
7ms Stylesheet
text/css 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ye-mek.net/maincss.css?v=434
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 3333504
x-accel-date: 1681809453
x-77-nzt: AcO1qhFScU3/gN0yAA
x-accel-expires: @1713345453
last-modified: Tue, 24 Nov 2020 00:00:32 GMT
server: CDN77-Turbo
etag: W/"5fbc4d20-9e5b"
x-77-nzt-ray: 4c1562248e8427acad3d7164e6b62f1a
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 6C31 118 KB
46 KB 131ms
48ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-38733763-1

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5cb0fcc6057ab8c61f3702692e8c1ef98e591ca715aee4b893b377fd78e9932f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46891
x-xss-protection: 0
last-modified: Fri, 26 May 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 26 May 2023 23:15:57 GMT

GET
H2 200 WebResource.axd Show response
ye-mek.net/ Frame 6C31 23 KB
23 KB 45ms
45ms Script
application/x-javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/WebResource.axd?d=YeedoL8dFzo5gymDuarFXngFaaXpLN8jYlixY-HzMyr_r8lEwXsCQefYQgi2kFzYfrVacpu_9us1eVTBWQamZuI0ynrH9LDfafZF-A5wZF41&t=637811837229275428
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Fri, 26 May 2023 23:15:57 GMT
last-modified: Wed, 23 Feb 2022 00:28:42 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: application/x-javascript
cache-control: public
content-length: 23063
expires: Sat, 04 May 2024 23:14:43 GMT

GET
H2 200 searchButton.png
cdn.ye-mek.net/App_UI/Img/ Frame 6C31 542 B
896 B 7ms
7ms Image
image/png 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/searchButton.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3333569
x-accel-date: 1681809388
content-length: 542
x-77-nzt: AcO1qhEbfP//wd0yAA
x-accel-expires: @1713345388
last-modified: Sat, 22 Oct 2022 20:00:57 GMT
server: CDN77-Turbo
etag: "63544bf9-21e"
x-77-nzt-ray: 4c1562248e8427acad3d716486dbce23
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ara.png
cdn.ye-mek.net/App_UI/Img/ Frame 6C31 2 KB
2 KB 14ms
6ms Image
image/png 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/ara.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3333504
x-accel-date: 1681809453
content-length: 1651
x-77-nzt: AcO1qhEd3vv/gN0yAA
x-accel-expires: @1713345453
last-modified: Mon, 14 May 2018 22:41:08 GMT
server: CDN77-Turbo
etag: "5afa1084-673"
x-77-nzt-ray: 4c1562248e8427acad3d716493732b26
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 limon-peltesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/05/ Frame 6C31 10 KB
11 KB 16ms
8ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/05/limon-peltesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: f9b00efa272f04561d93ec35d1c255090fa1e77d2b9c7d08b2ed1bea585dbb90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 337
x-accel-date: 1685142620
content-length: 10405
x-77-nzt: AcO1qhGa7v7/UQEAAA
x-accel-expires: @1716678620
last-modified: Fri, 26 May 2023 22:51:57 GMT
server: CDN77-Turbo
etag: "6471380d-28a5"
x-77-nzt-ray: 4c1562248e8427acad3d716483a04726
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-salcali-tavuk-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/05/ Frame 6C31 17 KB
17 KB 19ms
10ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/05/firinda-salcali-tavuk-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 25384b36677ec71b3678443817eb7d4876fdeb68a889bdd6ea15a16864f00308

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 86087
x-accel-date: 1685056870
content-length: 17122
x-77-nzt: AcO1qhFfcWfvR1ABAA
x-accel-expires: @1716592870
last-modified: Thu, 25 May 2023 23:00:46 GMT
server: CDN77-Turbo
etag: "646fe89e-42e2"
x-77-nzt-ray: 4c1562248e8427acad3d7164cd544c26
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ic-bakla-salatasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/05/ Frame 6C31 18 KB
18 KB 21ms
13ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/05/ic-bakla-salatasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a7fe9caf3097b900fe4584c14eac69d82dcf3bccf9f53de5513dacc0b0c7e1d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 177394
x-accel-date: 1684965563
content-length: 18368
x-77-nzt: AcO1qhGl9Jz/8rQCAA
x-accel-expires: @1716501563
last-modified: Wed, 24 May 2023 21:42:02 GMT
server: CDN77-Turbo
etag: "646e84aa-47c0"
x-77-nzt-ray: 4c1562248e8427acad3d7164de515026
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 bes-5-dakika-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/05/ Frame 6C31 11 KB
11 KB 31ms
23ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/05/bes-5-dakika-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: dfd9a5c0bb1644bc374d77486e9da375da18ac81d1476f25466329c0cb8c437c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 262430
x-accel-date: 1684880527
content-length: 10934
x-77-nzt: AcO1qhFfx8T/HgEEAA
x-accel-expires: @1716416527
last-modified: Tue, 23 May 2023 18:07:36 GMT
server: CDN77-Turbo
etag: "646d00e8-2ab6"
x-77-nzt-ray: 4c1562248e8427acad3d716420ff5326
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuklu-ekmek-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/03/ Frame 6C31 12 KB
12 KB 32ms
24ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/03/tavuklu-ekmek-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 59641e17cbf2747c31456e5ac08ddd332816ebb6b9fc9273ed4989ef979ca5cc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3331887
x-accel-date: 1681811070
content-length: 12285
x-77-nzt: AcO1qhHyWPT/L9cyAA
x-accel-expires: @1713347070
last-modified: Wed, 01 May 2019 23:13:15 GMT
server: CDN77-Turbo
etag: "5cca280b-2ffd"
x-77-nzt-ray: 4c1562248e8427acad3d716412dd5726
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tas-kebabi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/10/ Frame 6C31 11 KB
11 KB 32ms
24ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/10/tas-kebabi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8c47b44c2eb52f803ff7faa3cc7043d75a2814f83cf9c1dd66a1c669184e68f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3332006
x-accel-date: 1681810951
content-length: 10807
x-77-nzt: AcO1qhEHK/f/ptcyAA
x-accel-expires: @1713346951
last-modified: Wed, 01 May 2019 23:24:41 GMT
server: CDN77-Turbo
etag: "5cca2ab9-2a37"
x-77-nzt-ray: 4c1562248e8427acad3d716422646026
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-et-yemegi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/03/ Frame 6C31 17 KB
17 KB 32ms
24ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/03/firinda-et-yemegi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4c5deb00f38b73c0882d773ade1a2084150544c3129128fc0655f419ef157e93

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3328997
x-accel-date: 1681813960
content-length: 17033
x-77-nzt: AcO1qhGDq3n/5csyAA
x-accel-expires: @1713349960
last-modified: Sat, 19 Mar 2022 23:39:57 GMT
server: CDN77-Turbo
etag: "623669cd-4289"
x-77-nzt-ray: 4c1562248e8427acad3d7164e2f96926
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cacikli-arap-koftesi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/05/ Frame 6C31 17 KB
17 KB 32ms
24ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/05/cacikli-arap-koftesi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 391f0374b07f1b2c4eab58066cdee9bbc7c14507b5be3ea7e34e26c9ec575bb4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3333343
x-accel-date: 1681809614
content-length: 17042
x-77-nzt: AcO1qhE/0jX/39wyAA
x-accel-expires: @1713345614
last-modified: Tue, 24 May 2022 21:33:02 GMT
server: CDN77-Turbo
etag: "628d4f0e-4292"
x-77-nzt-ray: 4c1562248e8427acad3d716481ba7126
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-kazan-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/06/ Frame 6C31 13 KB
13 KB 32ms
25ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/06/firinda-kazan-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8696856d40a33bb1143b9f31c9d507fccab76523f0f3e431bf6e03997017950e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3331250
x-accel-date: 1681811707
content-length: 13223
x-77-nzt: AcO1qhHsfEP/stQyAA
x-accel-expires: @1713347707
last-modified: Wed, 01 May 2019 23:36:40 GMT
server: CDN77-Turbo
etag: "5cca2d88-33a7"
x-77-nzt-ray: 4c1562248e8427acad3d716480e67326
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 acem-koftesi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/03/ Frame 6C31 14 KB
14 KB 33ms
25ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/03/acem-koftesi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b0a9edd9406b9e846d2613b16def49dca3d2307816622cb274acc4d0d2314245

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3332928
x-accel-date: 1681810029
content-length: 14065
x-77-nzt: AcO1qhFzjmr/QNsyAA
x-accel-expires: @1713346029
last-modified: Sun, 15 Mar 2020 20:02:10 GMT
server: CDN77-Turbo
etag: "5e6e89c2-36f1"
x-77-nzt-ray: 4c1562248e8427acad3d7164cc0b9826
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 bezirgan-salatasi-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/11/ Frame 6C31 16 KB
16 KB 33ms
25ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/11/bezirgan-salatasi-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 307c9a6fb38fb46cf2c9dd451fe6509a4818f1c23b93749902d078155492a90b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3330884
x-accel-date: 1681812073
content-length: 15882
x-77-nzt: AcO1qhFt1M//RNMyAA
x-accel-expires: @1713348073
last-modified: Fri, 06 Nov 2020 22:42:53 GMT
server: CDN77-Turbo
etag: "5fa5d16d-3e0a"
x-77-nzt-ray: 4c1562248e8427acad3d716427999e26
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 besni-tava-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/03/ Frame 6C31 18 KB
18 KB 33ms
26ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/03/besni-tava-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 599bb6748f60ecce39049c7c6feed7bfd65e9ba09ef478ff0661381840117a9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3332837
x-accel-date: 1681810120
content-length: 18119
x-77-nzt: AcO1qhFuFMv/5doyAA
x-accel-expires: @1713346120
last-modified: Wed, 29 Mar 2023 22:35:22 GMT
server: CDN77-Turbo
etag: "6424bd2a-46c7"
x-77-nzt-ray: 4c1562248e8427acad3d7164d484a626
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-orman-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/05/ Frame 6C31 12 KB
12 KB 33ms
26ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/05/firinda-orman-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d5544013c9c882cd032a4ed06f6f8338f6fce934e82311a1267f59b5e717c4c7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3329865
x-accel-date: 1681813092
content-length: 12058
x-77-nzt: AcO1qhGJP7X/Sc8yAA
x-accel-expires: @1713349092
last-modified: Wed, 01 May 2019 23:34:49 GMT
server: CDN77-Turbo
etag: "5cca2d19-2f1a"
x-77-nzt-ray: 4c1562248e8427acad3d7164655aa826
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yufkadan-findik-lahmacun-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/01/ Frame 6C31 16 KB
17 KB 33ms
26ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/01/yufkadan-findik-lahmacun-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d82c4906e4b728e92a7fcec80c1f8bcb5b16502d30a9de09a361dc503a70145a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3333481
x-accel-date: 1681809476
content-length: 16684
x-77-nzt: AcO1qhGSMfz/ad0yAA
x-accel-expires: @1713345476
last-modified: Wed, 01 May 2019 22:52:17 GMT
server: CDN77-Turbo
etag: "5cca2321-412c"
x-77-nzt-ray: 4c1562248e8427acad3d7164184bae26
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kirmizi-et-marinesi-terbiyesi-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/09/ Frame 6C31 13 KB
14 KB 33ms
26ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/09/kirmizi-et-marinesi-terbiyesi-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: be0c8346ffda26948856770034cf143c5aed0530f870ebfddb218f8e895954c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3316843
x-accel-date: 1681826114
content-length: 13718
x-77-nzt: AcO1qhH4Wwrva5wyAA
x-accel-expires: @1713362114
last-modified: Wed, 01 May 2019 23:04:57 GMT
server: CDN77-Turbo
etag: "5cca2619-3596"
x-77-nzt-ray: 4c1562248e8427acad3d71642f63b026
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sodali-kofte-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/04/ Frame 6C31 15 KB
16 KB 34ms
27ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/04/sodali-kofte-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: c95864adde9fe8a23911034d261ca90d154b87611afb584416b2b317c1357813

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3333466
x-accel-date: 1681809491
content-length: 15812
x-77-nzt: AcO1qhGwUn//Wt0yAA
x-accel-expires: @1713345491
last-modified: Fri, 29 Apr 2022 00:25:19 GMT
server: CDN77-Turbo
etag: "626b306f-3dc4"
x-77-nzt-ray: 4c1562248e8427acad3d71648cc8bd26
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 terbiyeli-tavuk-haslama-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/01/ Frame 6C31 14 KB
14 KB 34ms
27ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/01/terbiyeli-tavuk-haslama-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 895b747078615b23f6386c387ff4bafdc3a6c17676228fac66485d250ab87584

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3332933
x-accel-date: 1681810024
content-length: 13835
x-77-nzt: AcO1qhGLfUz/RdsyAA
x-accel-expires: @1713346024
last-modified: Mon, 03 Jan 2022 22:47:59 GMT
server: CDN77-Turbo
etag: "61d37d1f-360b"
x-77-nzt-ray: 4c1562248e8427acad3d7164066cc026
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 misoriz-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/04/ Frame 6C31 18 KB
18 KB 34ms
27ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/04/misoriz-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4729a15791a374bfdb0f0fb0e1f19f5fe0657483ad7eab3d56dd849626ae4726

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3333153
x-accel-date: 1681809804
content-length: 18498
x-77-nzt: AcO1qhGzdc7/IdwyAA
x-accel-expires: @1713345804
last-modified: Sat, 08 Apr 2023 21:49:25 GMT
server: CDN77-Turbo
etag: "6431e165-4842"
x-77-nzt-ray: 4c1562248e8427acad3d7164cc7dcd26
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cafe-de-paris-soslu-tavuk-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/09/ Frame 6C31 13 KB
13 KB 34ms
27ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/09/cafe-de-paris-soslu-tavuk-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7f77595ef2e4eb11d9f19fd5858399d25663ea63168d0efdf4042b9d85a7dadf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3332933
x-accel-date: 1681810024
content-length: 13167
x-77-nzt: AcO1qhHm+bj/RdsyAA
x-accel-expires: @1713346024
last-modified: Tue, 22 Sep 2020 21:48:39 GMT
server: CDN77-Turbo
etag: "5f6a7137-336f"
x-77-nzt-ray: 4c1562248e8427acad3d7164eb73cf26
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuklu-buhara-pilavi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/03/ Frame 6C31 15 KB
16 KB 34ms
28ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/03/tavuklu-buhara-pilavi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 1b03fd3fa3f31290953a4de0da547b6f833489691c8f447fa19019095a60c8a6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3333488
x-accel-date: 1681809469
content-length: 15804
x-77-nzt: AcO1qhGlqMH/cN0yAA
x-accel-expires: @1713345469
last-modified: Wed, 22 Mar 2023 20:32:55 GMT
server: CDN77-Turbo
etag: "641b65f7-3dbc"
x-77-nzt-ray: 4c1562248e8427acad3d716428ffd026
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 zeytinyagli-havuclu-taze-fasulye-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/09/ Frame 6C31 14 KB
14 KB 34ms
28ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/09/zeytinyagli-havuclu-taze-fasulye-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 372e646203759b4bf2ddab1f01469d03dd8bc920f187a3a09bb316f4edf6d604

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3330443
x-accel-date: 1681812514
content-length: 14135
x-77-nzt: AcO1qhGPUeT/i9EyAA
x-accel-expires: @1713348514
last-modified: Sat, 11 Sep 2021 20:22:26 GMT
server: CDN77-Turbo
etag: "613d1002-3737"
x-77-nzt-ray: 4c1562248e8427acad3d716478b9d226
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 portakalli-kereviz-yemegi-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/12/ Frame 6C31 12 KB
12 KB 34ms
28ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/12/portakalli-kereviz-yemegi-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d5e0fdb2ad865d955935adf33701334ebd02983bd9c18274844cd4a9317717bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3331165
x-accel-date: 1681811792
content-length: 11931
x-77-nzt: AcO1qhEF0vr/XdQyAA
x-accel-expires: @1713347792
last-modified: Wed, 01 May 2019 23:42:47 GMT
server: CDN77-Turbo
etag: "5cca2ef7-2e9b"
x-77-nzt-ray: 4c1562248e8427acad3d71642cb0da26
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 isirgan-otu-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/02/ Frame 6C31 18 KB
18 KB 34ms
28ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/02/isirgan-otu-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 810d32051c0846f13bef612415c9c68be7bd6197fb8570d6bfcc2c9cc86c4be1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3330940
x-accel-date: 1681812017
content-length: 18244
x-77-nzt: AcO1qhHSaz//fNMyAA
x-accel-expires: @1713348017
last-modified: Fri, 03 Feb 2023 22:46:05 GMT
server: CDN77-Turbo
etag: "63dd8ead-4744"
x-77-nzt-ray: 4c1562248e8427acad3d71640879dc26
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ispanak-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/12/ Frame 6C31 16 KB
16 KB 34ms
29ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/12/ispanak-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e7daac1a70a29c2b63b9f09c9a488fab0c4b0c2bb3661847a2c484a65ec2145c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3332216
x-accel-date: 1681810741
content-length: 15973
x-77-nzt: AcO1qhHOlN7/eNgyAA
x-accel-expires: @1713346741
last-modified: Sat, 12 Dec 2020 21:08:34 GMT
server: CDN77-Turbo
etag: "5fd53152-3e65"
x-77-nzt-ray: 4c1562248e8427acad3d7164c463e526
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yesil-mercimekli-manti-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/07/ Frame 6C31 14 KB
14 KB 35ms
29ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/07/yesil-mercimekli-manti-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4e0a07ec787f2e0dbb5b2d9b2fda1a14fc819cdfbede1b6eb8a1a63d05cb8fd3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3333139
x-accel-date: 1681809818
content-length: 13873
x-77-nzt: AcO1qhEJrDb/E9wyAA
x-accel-expires: @1713345818
last-modified: Wed, 01 May 2019 22:44:24 GMT
server: CDN77-Turbo
etag: "5cca2148-3631"
x-77-nzt-ray: 4c1562248e8427acad3d7164f9b4eb26
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 artan-pilavdan-corba-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/07/ Frame 6C31 16 KB
16 KB 35ms
29ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/07/artan-pilavdan-corba-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 77af57ca4ce17d7c314af86374beb25f91954ffab631b365e738061c6e7b4bbf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3332675
x-accel-date: 1681810282
content-length: 15904
x-77-nzt: AcO1qhFRF0L/Q9oyAA
x-accel-expires: @1713346282
last-modified: Sun, 17 Jul 2022 23:27:26 GMT
server: CDN77-Turbo
etag: "62d49ade-3e20"
x-77-nzt-ray: 4c1562248e8427acad3d7164b5b0f126
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kofteli-sehriye-corbasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/02/ Frame 6C31 14 KB
14 KB 35ms
29ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/02/kofteli-sehriye-corbasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d5c32d8a3e3a0b89b8cc18b304886b129bb4f29165927e5155a0a33721e3b730

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3332958
x-accel-date: 1681809999
content-length: 14076
x-77-nzt: AcO1qhEzlBz/XtsyAA
x-accel-expires: @1713345999
last-modified: Mon, 08 Feb 2021 23:01:32 GMT
server: CDN77-Turbo
etag: "6021c2cc-36fc"
x-77-nzt-ray: 4c1562248e8427acad3d716401fbfb26
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tutmac-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/04/ Frame 6C31 14 KB
14 KB 35ms
30ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/04/tutmac-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b50ffd6561ea35566998d330555e5df43a5d0846cd846909883a47b72b696081

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3331601
x-accel-date: 1681811356
content-length: 14163
x-77-nzt: AcO1qhEPwi//EdYyAA
x-accel-expires: @1713347356
last-modified: Sat, 25 Apr 2020 01:28:29 GMT
server: CDN77-Turbo
etag: "5ea3923d-3753"
x-77-nzt-ray: 4c1562248e8427acad3d71647e150527
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kokostar-cocostar-pasta-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/07/ Frame 6C31 13 KB
14 KB 35ms
30ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/07/kokostar-cocostar-pasta-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a6cc789aba8ac76bed3b32f93c97b5848d1e04c2866c15a0cbe39d9c25783af9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3330872
x-accel-date: 1681812085
content-length: 13783
x-77-nzt: AcO1qhFntmD/ONMyAA
x-accel-expires: @1713348085
last-modified: Wed, 01 May 2019 23:02:27 GMT
server: CDN77-Turbo
etag: "5cca2583-35d7"
x-77-nzt-ray: 4c1562248e8427acad3d7164ea4a0727
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sultan-tatlisi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/05/ Frame 6C31 17 KB
17 KB 35ms
30ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/05/sultan-tatlisi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b6f592ba4dc1ddfac8ff32673d97d7aa580f6ea2ac20e5415d7ad6207d6f99f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3332706
x-accel-date: 1681810251
content-length: 17431
x-77-nzt: AcO1qhEJPb3/YtoyAA
x-accel-expires: @1713346251
last-modified: Fri, 15 May 2020 21:50:10 GMT
server: CDN77-Turbo
etag: "5ebf0e92-4417"
x-77-nzt-ray: 4c1562248e8427acad3d71648eb21627
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 portakal-peltesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/05/ Frame 6C31 10 KB
11 KB 35ms
30ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/05/portakal-peltesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: c823a8dc72da0b43f82b11d1d42668d0fa4c4c622529a5b5cbf7ef6564c0a39b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 1904207
x-accel-date: 1683238750
content-length: 10619
x-77-nzt: AcO1qhEjnb3/Tw4dAA
x-accel-expires: @1714774750
last-modified: Thu, 04 May 2023 21:54:50 GMT
server: CDN77-Turbo
etag: "645429aa-297b"
x-77-nzt-ray: 4c1562248e8427acad3d7164ea9a1f27
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 huriye-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/02/ Frame 6C31 13 KB
13 KB 35ms
31ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/02/huriye-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2e167b6fecb4ef543ecd8ee19cb31be92d4129a233ce2cf18bd87bf8af32e6c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3332851
x-accel-date: 1681810106
content-length: 13409
x-77-nzt: AcO1qhEd2FH/89oyAA
x-accel-expires: @1713346106
last-modified: Tue, 22 Feb 2022 21:05:44 GMT
server: CDN77-Turbo
etag: "62155028-3461"
x-77-nzt-ray: 4c1562248e8427acad3d7164ad3c2827
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 peynirli-dereotlu-pastane-pogacasi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/09/ Frame 6C31 14 KB
14 KB 36ms
31ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/09/peynirli-dereotlu-pastane-pogacasi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8ff302bac88a8e2d73c24d1173bac73e58ab2132413c3de165b33d5b5dbce50f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3330436
x-accel-date: 1681812521
content-length: 14437
x-77-nzt: AcO1qhHSO0H/hNEyAA
x-accel-expires: @1713348521
last-modified: Wed, 01 May 2019 23:04:30 GMT
server: CDN77-Turbo
etag: "5cca25fe-3865"
x-77-nzt-ray: 4c1562248e8427acad3d7164d78a2e27
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ispanakli-mantarli-yumurta-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/01/ Frame 6C31 11 KB
11 KB 36ms
31ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/01/ispanakli-mantarli-yumurta-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2216e20f57afc7e5430a4a51e5bd5a8995763a95bd03d67cd519395fb82e75dd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3332216
x-accel-date: 1681810741
content-length: 11247
x-77-nzt: AcO1qhFqwsH/eNgyAA
x-accel-expires: @1713346741
last-modified: Wed, 01 May 2019 23:29:21 GMT
server: CDN77-Turbo
etag: "5cca2bd1-2bef"
x-77-nzt-ray: 4c1562248e8427acad3d71640cfb3427
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-kasarli-ekmek-dilimleri-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/06/ Frame 6C31 16 KB
16 KB 36ms
31ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/06/firinda-kasarli-ekmek-dilimleri-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 270780ee9ab262cea703d0c35bb215bc45d2ae223fce2110c1af2b688e49152d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 2799946
x-accel-date: 1682343011
content-length: 16380
x-77-nzt: AcO1qhHKonX/SrkqAA
x-accel-expires: @1713879011
last-modified: Fri, 11 Jun 2021 22:08:19 GMT
server: CDN77-Turbo
etag: "60c3ded3-3ffc"
x-77-nzt-ray: 4c1562248e8427acad3d7164e13c3727
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 pofuduk-bulut-omlet-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/06/ Frame 6C31 13 KB
14 KB 36ms
32ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/06/pofuduk-bulut-omlet-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 296f1d7fdfd20eada2afea94621798ff10feabb9782f9ba00d13c8986ed01254

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3330436
x-accel-date: 1681812521
content-length: 13553
x-77-nzt: AcO1qhEdkLr/hNEyAA
x-accel-expires: @1713348521
last-modified: Tue, 23 Jun 2020 23:52:00 GMT
server: CDN77-Turbo
etag: "5ef295a0-34f1"
x-77-nzt-ray: 4c1562248e8427acad3d716461d13d27
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 _dmca_premi_badge_5.png
images.dmca.com/Badges/ Frame 6C31 5 KB
6 KB 80ms
18ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_5.png?ID=da1d399b-5fd3-4da3-b5cd-8af692c19999
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:57 GMT
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: Microsoft-IIS/10.0
etag: "8ae3cdbd420cc1:0"
x-powered-by: ASP.NET
x-hw: 1685142957.cds293.am5.hn,1685142957.cds292.am5.c
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/_dmca_premi_badge_5.png>; rel="canonical"
content-length: 5605

GET addthis_widget.js
s7.addthis.com/js/300/ Frame 6C31 0
0

GET
H2 200 DMCABadgeHelper.min.js Show response
images.dmca.com/Badges/ Frame 6C31 465 B
585 B 82ms
20ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://images.dmca.com/Badges/DMCABadgeHelper.min.js
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:57 GMT
content-encoding: gzip
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
server: Microsoft-IIS/10.0
etag: "26b181f16d28d51:0"
x-powered-by: ASP.NET
x-hw: 1685142957.cds293.am5.hn,1685142957.cds017.am5.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/DMCABadgeHelper.min.js>; rel="canonical"
content-length: 395

GET
H2 200 outside.js Show response
static.virgul.com/theme/mockups/adcode/ Frame 6C31 74 KB
26 KB 310ms
46ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19503
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a0847b5e0373e2fd011803f2dc04baa326f849fe2b2684b4e89cb11122cb5b17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:57 GMT
content-encoding: gzip
last-modified: Thu, 18 May 2023 15:23:45 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=43200

GET
H2 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 6C31 3 KB
3 KB 54ms
7ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c303857b14be04d338c608c7048c6ad6d5b6b7c57f0727ca3120427266b436b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 26 May 2023 23:15:57 GMT
content-md5: z7JWOd9aBIDib+42btCYIg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: 73ye+F94RLUYp9i3ri7OC8Netl8/5uV0Ee98jEVL/MTtE4qZfEbDxK7WZcsiCbaoLVKXjVKIdBjq+ztgHEPLnw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
x-fb-content-md5: d84027092edb49d62996d7de4f4fede2
cross-origin-opener-policy: same-origin-allow-popups
etag: "91bbef582752e20763a18fbd4d00228d"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
x-frame-options: DENY
timing-allow-origin: *
expires: Fri, 26 May 2023 23:16:28 GMT

GET
H2 200 sprite_3.png
cdn.ye-mek.net/grafik/ Frame 6C31 21 KB
21 KB 33ms
31ms Image
image/png 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/grafik/sprite_3.png
Requested by: Host: cdn.ye-mek.net
URL: https://cdn.ye-mek.net/maincss.css?v=434
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.ye-mek.net/maincss.css?v=434
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 26 May 2023 23:15:57 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 3333504
x-accel-date: 1681809453
content-length: 21525
x-77-nzt: AcO1qhHMzB//gN0yAA
x-accel-expires: @1713345453
last-modified: Mon, 14 May 2018 20:55:05 GMT
server: CDN77-Turbo
etag: "5af9f7a9-5415"
x-77-nzt-ray: 4c1562248e8427acad3d716469f04327
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H3 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 6C31 306 KB
87 KB 18ms
8ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js?hash=a0e53de34f4d80dc05ff1d054996b190

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/tr_TR/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

af16e81657491cb65417b6e82ac07aac930c4f7b5efba44ead3814b20978bcb6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 26 May 2023 23:15:57 GMT
content-md5: ftCrRzoDF33LRr+rWbqTXw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88729
x-fb-rlafr: 0
x-fb-debug: xEE9FQjuRrYDFpc0OyFuYz6U09dpQQYSrqhuMjgRKQKzA1prKHpB/8KMvO1hV2GpIATBlE8cxWWchQZYU5UmGA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: afbc2f99377a24751a3aeabc20f64baa
cross-origin-opener-policy: same-origin-allow-popups
etag: "4bc4f7ddc09335de0cf9ce9c23d5b07e"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Sat, 25 May 2024 22:32:39 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 6C31 51 KB
21 KB 121ms
37ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-38733763-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 26 May 2023 22:35:34 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 2423
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Sat, 27 May 2023 00:35:34 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 6C31 75 KB
25 KB 191ms
71ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19503

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d6923869921b3bcfdaf660268b5f13140d47f30b9aa277bf994d5c960e68285

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25140
x-xss-protection: 0
server: cafe
etag: 462 / 19503 / m202305230101 / config-hash: 5486929009166019583
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 26 May 2023 23:15:58 GMT

GET
H2 200 ads.js Show response
static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ Frame 6C31 120 B
306 B 45ms
44ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ads.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19503
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:58 GMT
last-modified: Wed, 21 Dec 2022 18:47:42 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 120

GET
H2 200 str.html Show response
static.virgul.com/theme/mockups/outside/ Frame AD4B 891 B
1 KB 47ms
44ms Document
text/html 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19503
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
content-length: 891
content-type: text/html
date: Fri, 26 May 2023 23:15:58 GMT
last-modified: Wed, 28 Sep 2022 10:07:57 GMT
server: openresty/1.15.8.3

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 6C31 136 KB
47 KB 160ms
59ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19503

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

94638653e6f4bc4f9c8f3dc96f8bff773f0b88dd3bde413fb678b43739640099

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47323
x-xss-protection: 0
server: cafe
etag: 16810087775928787936
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 26 May 2023 23:15:58 GMT

GET
H2 200 prebid7.38.0.js Show response
static.virgul.com/theme/mockups/outside/ Frame 6C31 489 KB
182 KB 50ms
49ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19503
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:58 GMT
content-encoding: gzip
last-modified: Mon, 27 Mar 2023 14:56:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 6C31 228 KB
56 KB 44ms
8ms Script
application/javascript 13.224.192.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19503
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-181.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 33566729393f70e95f9e326dbc67dedbb3bdc4d6a743ef40141fa1d126f079ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 22:43:11 GMT
content-encoding: gzip
via: 1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront), 1.1 59d92388a3a66e5f245f384a437fa024.cloudfront.net (CloudFront)
last-modified: Mon, 22 May 2023 19:17:46 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA2-C1
age: 1968
etag: W/"d18b57a80b57082ffb531a2e077b3016"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: 0Mzkv9jYvAjgkkH8S9lxq7MRQBKYFMjVkEe-gyyvVClzo3WNqPw69A==

GET
H2 200 pageview Show response
ng.virgul.com/ Frame 6C31 33 KB
5 KB 410ms
84ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/pageview?c=site_geneli&mt=1685142958007&v=https%3A%2F%2Fye-mek.net%2F&r=yemek_net:site_geneli&userId=&tp=&os=&call=noktaad.ads.vvad&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc0,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.6548736316175172
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19503
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: f0527c432d4ce64f5b432e05bcf6c3139291af3126f666a26746cc4d54f2e055

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:58 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/fallback/ Frame 6C31 12 KB
2 KB 45ms
44ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/fallback/yemek_net.js?dts=19503
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19503
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 58712a4f1909f78e6b3cb7b01dfbb8e2952037880985e4fc91ccf08d37a7bd84

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:58 GMT
content-encoding: gzip
last-modified: Sun, 14 May 2023 21:52:48 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 hb Show response
ng.virgul.com/ Frame 6C31 49 KB
5 KB 379ms
60ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/hb?call=noktaad.setHbParameters&site=yemek_net&dts=468095
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19503
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: b2cdc6ff1c7cbbea12eb1e9b14734b17c71733eb703b3579d7a092f1271abc6f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:58 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
cache-control: max-age=3600
access-control-allow-credentials: true

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 6C31 0
306 B 8ms
7ms XHR
text/plain 13.224.192.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fye-mek.net&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-181.fra2.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 20:30:27 GMT
via: 1.1 59d92388a3a66e5f245f384a437fa024.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
age: 9931
x-cache: Hit from cloudfront
access-control-allow-origin: https://ye-mek.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: nIIF0qjBt6HnqZiKzEDwW-8k3Fj6PAQC_hQRqoHI7dKKh72I_qwAhw==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 6C31 6 KB
3 KB 24ms
8ms XHR
application/javascript 13.224.192.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-181.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 01:35:52 GMT
x-amz-version-id: Zm_tZQQ808JKRizBfXGgSN2OWn8Z6JUU
content-encoding: gzip
via: 1.1 3bf3e75bcb9a86b3eb343a1d4392a6de.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 78007
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 26 May 2023 01:35:48 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: TtSTPSC7nqr_213pOx5hb4tAP-0waDbqb7OnVJ5DaH6M31xEhTySNw==

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202305240101/ Frame 6C31 350 KB
118 KB 149ms
71ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202305240101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net&bust=31074911

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cc73a3d43fdab9dbad3b924fc3a09755b3f48b8ca0b25cfa51223be70df9cc43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120386
x-xss-protection: 0
server: cafe
etag: 8521898069992754624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 26 May 2023 23:15:58 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230523/r20190131/ Frame 492D 10 KB
5 KB 121ms
35ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230523/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 61116
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 26 May 2023 06:17:22 GMT
etag: 15057649708203361565
expires: Fri, 09 Jun 2023 06:17:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/ Frame 6C31 403 KB
125 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8106b51011b26cf5f69cf7769a95b3f7faf34e2f26191c4e657e705ad3f4ecb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 20:38:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9458
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127382
x-xss-protection: 0
server: cafe
etag: 12178286523779166803
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sat, 25 May 2024 20:38:20 GMT

GET
H2 200 empowerwebplayer3.js Show response
static.virgul.com/theme/mockups/outside/ Frame 6C31 9 KB
3 KB 48ms
48ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=19
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 6463a8285a9c7d54fde4f62d247208584a061d3a0028a516ec3b902164256306

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:58 GMT
content-encoding: gzip
last-modified: Mon, 17 Apr 2023 09:38:48 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ Frame 6C31 483 B
1 KB 50ms
15ms Script
application/javascript 2606:4700:20::681a:8a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:15:58 GMT
Content-Encoding: br
CF-Cache-Status: HIT
Last-Modified: Wed, 23 Nov 2022 15:43:18 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Age: 1914068
ETag: W/"922cffdd75f7192f75231d92684885aa"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZEmBkDbpA%2FIhh6Jfx4RaUl2TONsOyDHXrbboQzm%2FY790lmpWHsKqDwZYeCCAEFJ4JBOk3S2YnC%2B6woQzmhfTy1r5G4VRTIgmw3f1kC4XSca%2Fi1%2BiYeIyKI3ZXlTwt3ntjDKh%2BfN8eJviQOJ2"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Connection: keep-alive
CF-RAY: 7cd9b922c8213671-FRA

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ Frame 6C31 23 B
458 B 435ms
380ms XHR
text/javascript 13.32.119.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pr=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pid=D6werRKv2zrBb&cb=0&ws=1600x1200&v=23.517.1921&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338221728129623web_yemeknet_right_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_right_tower%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15336621728129623web_yemeknet_masthead%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%2C%22300x250%22%2C%22200x200%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_masthead%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338321728129623web_yemeknet_left_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_left_tower%22%7D%5D&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.119.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-119-77.fra60.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:58 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 06a27d66e25d02ebcfb014b9d194016a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA60-P1
x-amz-rid: XYQEGQJ66CVPK0GFRSCP
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: tyyicT4zvZugC5NZMRATo3Zvh0PGjc5os0bDpmK6ItOAX4u9Trbd1g==

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/sites/ Frame 6C31 11 KB
5 KB 45ms
45ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/sites/yemek_net.js?dts=468095
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19503
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:58 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 09:08:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ Frame 6C31 17 KB
5 KB 57ms
15ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19503
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 09244740f4a5bf8ab1aa815df2f809d370c932e5c5e977221091acbee7b66570

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 22:58:54 GMT
content-encoding: gzip
age: 1024
x-guploader-uploadid: ADPycdva583yPkOVme66a9sSiaU68tFMJT492ZfafHCDpA3SnZNpLGRKYarIVwfg2jSWhu--gLO-X5R5vlVWfrXQeVuf
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4955
last-modified: Fri, 20 Jan 2023 18:31:19 GMT
server: UploadServer
etag: "b3517e216253857ea8c4209cb84004df"
vary: Accept-Encoding
x-goog-generation: 1674239479122517
x-goog-hash: crc32c=rClt4g==, md5=s1F+IWJThX6oxCCcuEAE3w==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 4955
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 zoneview
ng.virgul.com/ Frame 6C31 0
209 B 46ms
45ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1685142958429&v=https%3A%2F%2Fye-mek.net%2F&r=153366@153377@153378@153379@153379@153382@153383:yemek_net&userId=vnet55bff539-6bd9-463f-ad04-3c780b66c4bb&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.1478224676800699
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 26 May 2023 23:15:58 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 6C31 107 B
531 B 148ms
46ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 6C31 107 B
456 B 143ms
46ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 6C31 26 KB
11 KB 307ms
307ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2833400146064414&correlator=2721181326619014&output=ldjh&gdfp_req=1&vrg=202305230101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=2&adks=3733009076&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1685142958007%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet55bff539-6bd9-463f-ad04-3c780b66c4bb%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet55bff5396bd9463fad043c780b66c4bb&sc=1&cdm=ye-mek.net&abxe=1&dt=1685142958542&lmt=1685142958&dlt=1685142957414&idt=981&adxs=436&adys=2665&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=a1d6qirybv4o&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=1177810583.1685142958&ga_sid=1685142959&ga_hid=1330668805&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

714aed07ce3b4d83d282356e362b5d9cd8696fb54833a1146e2e5c1fb324421d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:58 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11273
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425583933
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 696C 6 KB
3 KB 190ms
44ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 26 May 2023 23:15:58 GMT
expires: Sat, 25 May 2024 23:15:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 hb Show response
cpm.programattik.com/ Frame 6C31 0
141 B 238ms
55ms XHR
text/plain 85.111.6.48
TTNET

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.programattik.com/hb?zone=43&v=1.6
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 85.111.6.48 , Turkey, ASN9121 (TTNET, TR),
Reverse DNS: ns2.ttidc.com.tr
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ye-mek.net
pragma: no-cache
date: Fri, 26 May 2023 23:15:58 GMT
cache-control: no-store
access-control-allow-credentials: true
server: nginx
age: 0

POST
H2 204 hb Show response
cpm.programattik.com/ Frame 6C31 0
142 B 236ms
54ms XHR
text/plain 85.111.6.48
TTNET

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.programattik.com/hb?zone=45&v=1.6
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 85.111.6.48 , Turkey, ASN9121 (TTNET, TR),
Reverse DNS: ns2.ttidc.com.tr
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ye-mek.net
pragma: no-cache
date: Fri, 26 May 2023 23:15:58 GMT
cache-control: no-store
access-control-allow-credentials: true
server: nginx
age: 0

POST
H2 204 hb Show response
cpm.programattik.com/ Frame 6C31 0
141 B 236ms
55ms XHR
text/plain 85.111.6.48
TTNET

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.programattik.com/hb?zone=44&v=1.6
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 85.111.6.48 , Turkey, ASN9121 (TTNET, TR),
Reverse DNS: ns2.ttidc.com.tr
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ye-mek.net
pragma: no-cache
date: Fri, 26 May 2023 23:15:58 GMT
cache-control: no-store
access-control-allow-credentials: true
server: nginx
age: 0

POST
H2 204 hb Show response
cpm.programattik.com/ Frame 6C31 0
141 B 237ms
56ms XHR
text/plain 85.111.6.48
TTNET

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.programattik.com/hb?zone=80&v=1.6
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 85.111.6.48 , Turkey, ASN9121 (TTNET, TR),
Reverse DNS: ns2.ttidc.com.tr
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ye-mek.net
pragma: no-cache
date: Fri, 26 May 2023 23:15:58 GMT
cache-control: no-store
access-control-allow-credentials: true
server: nginx
age: 0

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ Frame 6C31 173 B
398 B 109ms
9ms XHR
application/json 3.123.171.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.123.171.139 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-171-139.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: f066a311829c51cdc4f1128cea54eef78e3095d3e26d973cbc7cc497ad8db6c1

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:15:58 GMT
content-encoding: gzip
x-prebid: pbs-java/1.119.0
content-type: application/json
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 166
expires: 0

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 6C31 416 B
965 B 191ms
109ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13760&site_id=333016&zone_id=2862172&size_id=2&alt_size_ids=1&rp_schain=1.0,1!empower.net,5ed754bfe4b07a92411bbff0,1,,,&eid_pubcid.org=1a56b633-91c3-46c9-9464-1e023a917a18%5E1&rf=https%3A%2F%2Fye-mek.net%2F&tg_i.page=https%3A%2F%2Fye-mek.net%2F&tg_i.domain=ye-mek.net&tg_i.pbadslot=div-gpt-ad-1455783126174-15337921728129623web_yemeknet_kategori_sayfalari_728x90_repeating&tk_flint=pbjs_lite_v7.38.0&x_source.tid=1780f778-076a-4ea4-83b6-1bc0fe14b917&l_pb_bid_id=79e2930c424828&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.1435828678874045
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 31626b94d662220f87e1079856b62cdb83eb0474e72a9a46839fd186e3e5934f

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:15:58 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://ye-mek.net
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 416
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 6C31 410 B
736 B 192ms
110ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13760&site_id=333016&zone_id=2862174&size_id=2&alt_size_ids=1&rp_schain=1.0,1!empower.net,5ed754bfe4b07a92411bbff0,1,,,&eid_pubcid.org=1a56b633-91c3-46c9-9464-1e023a917a18%5E1&rf=https%3A%2F%2Fye-mek.net%2F&tg_i.page=https%3A%2F%2Fye-mek.net%2F&tg_i.domain=ye-mek.net&tg_i.pbadslot=div-gpt-ad-1455783126174-15337721728129623web_yemeknet_kategori_sayfalari_ust_728x90&tk_flint=pbjs_lite_v7.38.0&x_source.tid=03a5ca4e-1f3c-4dc0-ba1d-b1592c7deff3&l_pb_bid_id=8ad0345896c7a&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.9480744280360189
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 63b775362d0cbff5e1d08a26f04ed974fe268ef8a7431e605152394d9e1829f9

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:15:58 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://ye-mek.net
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 410
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 6C31 404 B
731 B 198ms
116ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13760&site_id=333016&zone_id=1746578&size_id=15&alt_size_ids=2%2C1%2C13%2C14%2C55%2C57&rp_schain=1.0,1!empower.net,5ed754bfe4b07a92411bbff0,1,,,&eid_pubcid.org=1a56b633-91c3-46c9-9464-1e023a917a18%5E1&rf=https%3A%2F%2Fye-mek.net%2F&tg_i.page=https%3A%2F%2Fye-mek.net%2F&tg_i.domain=ye-mek.net&tg_i.pbadslot=div-gpt-ad-1455783126174-15336621728129623web_yemeknet_masthead&tk_flint=pbjs_lite_v7.38.0&x_source.tid=ba777a3a-8168-42e4-ae9a-3217eb147491&l_pb_bid_id=956db04cbe2d07&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.060497027370793655
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 565640b1ddba3be1213824a77dfa12ac064219d6d85c88043e0dc635ab1a3542

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:15:58 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://ye-mek.net
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 404
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 6C31 5 KB
3 KB 231ms
149ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13760&site_id=333016&zone_id=1746730&size_id=15&alt_size_ids=9%2C8%2C10&rp_schain=1.0,1!empower.net,5ed754bfe4b07a92411bbff0,1,,,&eid_pubcid.org=1a56b633-91c3-46c9-9464-1e023a917a18%5E1&rf=https%3A%2F%2Fye-mek.net%2F&tg_i.page=https%3A%2F%2Fye-mek.net%2F&tg_i.domain=ye-mek.net&tg_i.pbadslot=div-gpt-ad-1455783126174-15338221728129623web_yemeknet_right_tower&tk_flint=pbjs_lite_v7.38.0&x_source.tid=fc9c82f3-7c03-4d82-842e-5bbc885117ba&l_pb_bid_id=1011ab67d4e6b6d&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.10212360691549738
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: f884d5ce2f9b0c51f6f4dfee4f30c13993afc36463a5902c2f5aa6684db6fce5

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:15:58 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://ye-mek.net
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 6C31 12 KB
6 KB 217ms
136ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13760&site_id=333016&zone_id=1746580&size_id=15&alt_size_ids=9%2C8%2C10&rp_schain=1.0,1!empower.net,5ed754bfe4b07a92411bbff0,1,,,&eid_pubcid.org=1a56b633-91c3-46c9-9464-1e023a917a18%5E1&rf=https%3A%2F%2Fye-mek.net%2F&tg_i.page=https%3A%2F%2Fye-mek.net%2F&tg_i.domain=ye-mek.net&tg_i.pbadslot=div-gpt-ad-1455783126174-15338321728129623web_yemeknet_left_tower&tk_flint=pbjs_lite_v7.38.0&x_source.tid=01985e25-e2a8-4381-90a8-a608c4cde3d3&l_pb_bid_id=11a9cab7dd75eef&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6423826357002183
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 368a0d06ef4d3fd3ac312d7db81f995157e73f5c895da1150db0090cd74ed25e

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:15:58 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://ye-mek.net
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 6C31 408 B
734 B 358ms
277ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13760&site_id=333016&zone_id=2862158&size_id=2&alt_size_ids=1&rp_schain=1.0,1!empower.net,5ed754bfe4b07a92411bbff0,1,,,&eid_pubcid.org=1a56b633-91c3-46c9-9464-1e023a917a18%5E1&rf=https%3A%2F%2Fye-mek.net%2F&tg_i.page=https%3A%2F%2Fye-mek.net%2F&tg_i.domain=ye-mek.net&tg_i.pbadslot=div-gpt-ad-1455783126174-15337821728129623web_yemeknet_kategori_sayfalari_728x90_2&tk_flint=pbjs_lite_v7.38.0&x_source.tid=f6f0b5a3-c8a5-4982-9c09-5319b55bcf65&l_pb_bid_id=137f8feaecc457b&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7140712985815749
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 820d07e8cf270a528baedfcad945b99a8ec0ec5ec581f32cb8397871b782f7d5

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:15:58 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://ye-mek.net
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 408
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 prebid Show response
mp.4dex.io/ Frame 6C31 0
281 B 91ms
38ms XHR
text/plain 2606:4700::6812:272
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:272 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:15:58 GMT
x-err: Parsing the Prebid Request. adrequest and manager domains do not match
x-version: 3.0.0-gcp-ams
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
vary: Origin, Accept-Encoding
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7cd9b9238eaf2bb0-FRA
expires: 0

POST
H2 200 bid-request Show response
a.teads.tv/hb/ Frame 6C31 16 B
386 B 102ms
42ms XHR
application/json 95.101.149.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/hb/bid-request
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.149.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-149-35.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:15:58 GMT
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://ye-mek.net
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 42
expires: Fri, 26 May 2023 23:15:58 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 6C31 0
112 B 247ms
190ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 26 May 2023 23:15:58 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 6C31 49 KB
21 KB 177ms
131ms XHR
application/json 185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

53bdbeb79f1e8a1976d145aecfe7a7cda0a55d934c879c551739c72c82e10e09

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 26 May 2023 23:15:58 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.161; 185.213.155.161; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 3a53ffc4-a132-4c74-a558-6f15370901a1
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://ye-mek.net
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 openrtb Show response
adx.adform.net/adx/ Frame 6C31 2 KB
2 KB 152ms
81ms XHR
application/json 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e0a95094e940824bf9e575c3cf8e1c07f09fdcf952409476cdcf691d5888fc96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 26 May 2023 23:15:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
access-control-allow-methods: POST,OPTIONS
content-type: application/json
access-control-allow-origin: https://ye-mek.net
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 6C31 48 KB
16 KB 281ms
237ms XHR
application/json 185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

7495abbe1d4000d67dbbc497a9f44bd8a83c209b38cf037182b1b9e77530a921

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 26 May 2023 23:15:58 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.161; 185.213.155.161; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 92721609-2452-4c8a-a7ab-d06534239f34
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://ye-mek.net
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST /
hb.emxdgt.com/ Frame 6C31 0
0

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame 6C31 24 B
397 B 83ms
22ms XHR
application/json 216.52.2.30
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.38.0
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: e62eac1414d0b723be276b9b4ac2fccc09fef3bcc73599603d2aa6a46a84ceb6

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 26 May 2023 23:15:58 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://ye-mek.net
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 24

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 6C31 0
528 B 141ms
75ms XHR
text/plain 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:15:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 6C31 0
189 B 169ms
21ms XHR
text/plain 2a02:2638:3::7
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=35&wv=7.38.0&cb=80674499535&lsavail=0

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 26 May 2023 23:15:58 GMT
strict-transport-security: max-age=31536000; preload;
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Kestrel
vary: Origin

GET
H3 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DE7E 603 B
67 B 76ms
73ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685142958233&bpp=4&bdt=819&idt=396&shv=r20230523&mjsv=m202305240101&ptt=9&saldr=aa&nras=1&correlator=285619391144&frm=24&ife=1&pv=2&ga_vid=1177810583.1685142958&ga_sid=1685142959&ga_hid=1330668805&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31074911%2C44788441%2C44792645&oid=2&pvsid=2833400146064414&tmod=612573993&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.vwsz76kq7m00&fsb=1&dtd=419

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202305240101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net&bust=31074911

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 26 May 2023 23:15:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ Frame 6C31 7 KB
3 KB 362ms
53ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19503
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=19
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Fri, 02 Jun 2023 23:15:58 GMT

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/ Frame 6C31 74 KB
23 KB 32ms
15ms Fetch
application/javascript 2606:4700:20::681a:8a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed87a83a9df154b61d76e8b9b53bb9d23db3eea194e66bca6b575e3e4f7a57bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:15:58 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 1626419
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 23 Nov 2022 15:43:17 GMT
Server: cloudflare
ETag: W/"c56b6332dacf72f135afcd153ae22448"
Vary: Origin, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GmpcjfBzu8P%2FN9XTZ5gV%2FIeysfqDYMtz7aejZ5X3k7yYVgMDF5UkOW2EftDqdbnz%2FPETSNyKULgXk8jT9C9L2z4t0dTgfAAQyA6bUiIkS%2F%2FizV1CDK72XlDdAAC8gnH83spTHuTlXDomhlB7"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: public, max-age=1800
CF-RAY: 7cd9b923ce042c63-FRA

GET
H2 200 zoneview
ng.virgul.com/ Frame 6C31 0
209 B 46ms
45ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1685142958680&v=https%3A%2F%2Fye-mek.net%2F&r=153394@153493:yemek_net&userId=vnet55bff539-6bd9-463f-ad04-3c780b66c4bb&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.8352136417408762
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 26 May 2023 23:15:58 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 tag Show response
feed.pghub.io/ Frame 5D00 13 B
257 B 106ms
26ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Fri, 26 May 2023 23:15:58 GMT
strict-transport-security: max-age=31536000
via: 1.1 google

POST
H/1.1 200
OK cache Show response
prebid.adnxs.com/pbc/v1/ Frame 6C31 63 B
320 B 194ms
24ms XHR
application/json 185.89.208.11
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.adnxs.com/pbc/v1/cache
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.89.208.11 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: prebid.ams3.adnexus.net
Software: nginx/1.21.3 /
Resource Hash: 14a62ec8e7e36404b5e5eb7df3256330238f77442d784cb63366b1ebd051891b

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 26 May 2023 23:15:58 GMT
Server: nginx/1.21.3
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://ye-mek.net
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 63

GET
H2 200 container.html Show response
c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 256A 6 KB
3 KB 59ms
43ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 26 May 2023 23:15:58 GMT
expires: Sat, 25 May 2024 23:15:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 6C31 107 B
165 B 58ms
44ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 6C31 107 B
165 B 63ms
46ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 6C31 28 KB
11 KB 325ms
311ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2833400146064414&correlator=4379001205126395&output=ldjh&gdfp_req=1&vrg=202305230101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_right_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=3&adks=3203893797&sfv=1-0-40&prev_scp=hb_format%3Dbanner%26hb_size%3D300x600%26hb_pb%3D1.59%26hb_adid%3D7691acb923516cc%26hb_bidder%3Drubicon%26hb_format_rubicon%3Dbanner%26hb_size_rubicon%3D300x600%26hb_pb_rubicon%3D1.59%26hb_adid_rubicon%3D7691acb923516cc%26hb_bidder_rubicon%3Drubicon%26hb_format_projectago%3Dbanner%26hb_size_projectagora%3D300x600%26hb_pb_projectagora%3D0.86%26hb_adid_projectagora%3D78372c6c9f7647c%26hb_bidder_projectago%3Dprojectagora%26hg_pb%3D1.59&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1685142958007%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet55bff539-6bd9-463f-ad04-3c780b66c4bb%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet55bff5396bd9463fad043c780b66c4bb&sc=1&cdm=ye-mek.net&abxe=1&dt=1685142959091&lmt=1685142959&dlt=1685142957414&idt=981&adxs=1318&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=c7uevrneiqbi&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&psts=ABHeCvi4Gdnd349QzCvF2NflY7HA3WS1tQBQUz5ojg3QrhzKOEjKH_n_shKL9EOF9J7JmkBYPlifdgP5K6sgHln_rw&ga_vid=1177810583.1685142958&ga_sid=1685142959&ga_hid=1330668805&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0f22a6e556e3f27e9f9af61b44cb16deb28105fd54688d68b58e2f23235e131a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11660
x-xss-protection: 0
google-lineitem-id: 5616789736
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138339352911
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 6C31 32 KB
14 KB 357ms
342ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2833400146064414&correlator=3690893667024483&output=ldjh&gdfp_req=1&vrg=202305230101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C970x250%7C970x90%7C728x90%7C300x250%7C468x60%7C250x250%7C200x200%7C160x160%7C640x205&fluid=height&ifi=4&adks=3050045420&sfv=1-0-40&prev_scp=hb_format%3Dbanner%26hb_size%3D250x250%26hb_pb%3D0.85%26hb_adid%3D7766b217f803577%26hb_bidder%3Dprojectagora%26hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D970x250%26hb_pb_appnexus%3D0.23%26hb_adid_appnexus%3D690ecaa14fe8fae%26hb_bidder_appnexus%3Dappnexus%26hb_format_projectago%3Dbanner%26hb_size_projectagora%3D250x250%26hb_pb_projectagora%3D0.85%26hb_adid_projectagora%3D7766b217f803577%26hb_bidder_projectago%3Dprojectagora%26hg_pb%3D0.85&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1685142958007%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet55bff539-6bd9-463f-ad04-3c780b66c4bb%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet55bff5396bd9463fad043c780b66c4bb&sc=1&cdm=ye-mek.net&abxe=1&dt=1685142959143&lmt=1685142959&dlt=1685142957414&idt=981&adxs=315&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=9ssd1e1f0bm4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=996x0&msz=996x0&fws=388&ohw=1600&psts=ABHeCvi4Gdnd349QzCvF2NflY7HA3WS1tQBQUz5ojg3QrhzKOEjKH_n_shKL9EOF9J7JmkBYPlifdgP5K6sgHln_rw&ga_vid=1177810583.1685142958&ga_sid=1685142959&ga_hid=1330668805&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1ba67b951b293dcfe88496df90c0a46113da710ecd2d570d70b949d9fd3c2498

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13989
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 6C31 27 KB
11 KB 317ms
303ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2833400146064414&correlator=4288037824695999&output=ldjh&gdfp_req=1&vrg=202305230101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_ust_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=5&adks=456810305&sfv=1-0-40&prev_scp=hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D2.91%26hb_adid%3D687cee07161e5d6%26hb_bidder%3Dadformpbs%26hb_format_adformpbs%3Dbanner%26hb_size_adformpbs%3D728x90%26hb_pb_adformpbs%3D2.91%26hb_adid_adformpbs%3D687cee07161e5d6%26hb_bidder_adformpbs%3Dadformpbs%26hg_pb%3D2.91&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1685142958007%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet55bff539-6bd9-463f-ad04-3c780b66c4bb%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet55bff5396bd9463fad043c780b66c4bb&sc=1&cdm=ye-mek.net&abxe=1&dt=1685142959155&lmt=1685142959&dlt=1685142957414&idt=981&adxs=436&adys=751&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=pyo01vk8br4k&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&psts=ABHeCvi4Gdnd349QzCvF2NflY7HA3WS1tQBQUz5ojg3QrhzKOEjKH_n_shKL9EOF9J7JmkBYPlifdgP5K6sgHln_rw&ga_vid=1177810583.1685142958&ga_sid=1685142959&ga_hid=1330668805&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

445bc557ce264ffa4dce57989ffb85432b2fea75622836f8bb16a18f7457751f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11671
x-xss-protection: 0
google-lineitem-id: 5616791968
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138339352911
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 6C31 32 KB
13 KB 334ms
319ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2833400146064414&correlator=2052166157765384&output=ldjh&gdfp_req=1&vrg=202305230101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=6&adks=2157304621&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1685142958007%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet55bff539-6bd9-463f-ad04-3c780b66c4bb%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet55bff5396bd9463fad043c780b66c4bb&sc=1&cdm=ye-mek.net&abxe=1&dt=1685142959161&lmt=1685142959&dlt=1685142957414&idt=981&adxs=436&adys=2027&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=nasoc9qid3n7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&psts=ABHeCvi4Gdnd349QzCvF2NflY7HA3WS1tQBQUz5ojg3QrhzKOEjKH_n_shKL9EOF9J7JmkBYPlifdgP5K6sgHln_rw&ga_vid=1177810583.1685142958&ga_sid=1685142959&ga_hid=1330668805&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03cc2818fd1ff87dc62ced8717528939eab9869ec1fcb63d574ce9165d8c9263

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13672
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 6C31 28 KB
11 KB 285ms
273ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2833400146064414&correlator=479767502225974&output=ldjh&gdfp_req=1&vrg=202305230101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_left_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=7&adks=3299242717&sfv=1-0-40&prev_scp=hb_format%3Dbanner%26hb_size%3D160x600%26hb_pb%3D3.35%26hb_adid%3D7565cc3f2ac1086%26hb_bidder%3Drubicon%26hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D300x600%26hb_pb_appnexus%3D0.09%26hb_adid_appnexus%3D7023680aa2992bd%26hb_bidder_appnexus%3Dappnexus%26hb_format_rubicon%3Dbanner%26hb_size_rubicon%3D160x600%26hb_pb_rubicon%3D3.35%26hb_adid_rubicon%3D7565cc3f2ac1086%26hb_bidder_rubicon%3Drubicon%26hb_format_projectago%3Dbanner%26hb_size_projectagora%3D160x600%26hb_pb_projectagora%3D0.94%26hb_adid_projectagora%3D79d699bf0e0fd95%26hb_bidder_projectago%3Dprojectagora%26hg_pb%3D3.35&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1685142958007%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet55bff539-6bd9-463f-ad04-3c780b66c4bb%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet55bff5396bd9463fad043c780b66c4bb&sc=1&cdm=ye-mek.net&abxe=1&dt=1685142959170&lmt=1685142959&dlt=1685142957414&idt=981&adxs=122&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=ycnrdnykpudf&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&psts=ABHeCvi4Gdnd349QzCvF2NflY7HA3WS1tQBQUz5ojg3QrhzKOEjKH_n_shKL9EOF9J7JmkBYPlifdgP5K6sgHln_rw&ga_vid=1177810583.1685142958&ga_sid=1685142959&ga_hid=1330668805&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8dce6683bb91229302c3dda2f18c96459e6eb39148d27c581e451d88e9fbaad6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11717
x-xss-protection: 0
google-lineitem-id: 5615619072
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138339352911
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 6C31 33 KB
14 KB 337ms
324ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2833400146064414&correlator=2123804468528137&output=ldjh&gdfp_req=1&vrg=202305230101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=8&adks=345722362&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1685142958007%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet55bff539-6bd9-463f-ad04-3c780b66c4bb%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet55bff5396bd9463fad043c780b66c4bb&sc=1&cdm=ye-mek.net&abxe=1&dt=1685142959176&lmt=1685142959&dlt=1685142957414&idt=981&adxs=436&adys=1389&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=w4zy24y1jy5e&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&psts=ABHeCvi4Gdnd349QzCvF2NflY7HA3WS1tQBQUz5ojg3QrhzKOEjKH_n_shKL9EOF9J7JmkBYPlifdgP5K6sgHln_rw&ga_vid=1177810583.1685142958&ga_sid=1685142959&ga_hid=1330668805&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

35750254f94abb416e96194d562d1597d871bae550eb0cad6194b3ab4f12b2f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14404
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 256A 24 KB
7 KB 165ms
37ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30224
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 25 May 2024 14:52:15 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 256A 135 KB
46 KB 69ms
60ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02055a2b24ba9ee91dc4b24f82ae82a14a3dc81b6a88087ce148c53c2ba79a7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
Origin: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47246
x-xss-protection: 0
server: cafe
etag: 9126582902063872430
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 26 May 2023 23:15:59 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 256A 171 KB
54 KB 167ms
45ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c3e04a3f536b4a6300aeee8ee1dbbfddaacaf29d9f44dadff76b136fab44e38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54244
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1684927996807358"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 26 May 2023 23:15:59 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 6C31 361 KB
121 KB 169ms
60ms Script
text/javascript 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19503

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a3f09c64a229e9f2bd2ad089b6d9e67093339e5a5a21948f30f15be34549c63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123025
x-xss-protection: 0
expires: Fri, 26 May 2023 23:15:59 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ Frame 6C31 398 KB
128 KB 61ms
57ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=5/26/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19503
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a2bd03a89a32099068ca9ca2a7f6a61ed04029d3f196d8ab9285d32de87a07f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: gzip
last-modified: Tue, 23 May 2023 15:46:17 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Fri, 02 Jun 2023 23:15:59 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 256A 0
0 87ms
86ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuX71lrnddkgj6Dk714aYQAO5nFBx9spSmyvmdf6l1dhezNH432dzmN1X_6mdR49Gc7z_ldecsr5FK_HOQs3k4bv2XQBLA-REayfAS7EGMBRAjenl1qbxoNj4ntjWIjetiE7OH1U_of66O2SVKJy1roHyQ-vnqSuxrneI-DfH2DXYTzbMOYndq4agho8emBpHlcelf4-PgWqlwaSBDSJPzdz1TkfAxv6SNJSgkJmtnsjBfLGxleTu4wGP136maqJ7l-z6uKH5Us2kmOw_JWHwMvb5wn8SSGNmYSTah5mrx-9_m-PZJp0jvsHYvhSYr-JhH9AF_8so2rFJ6FNkolq1B7G2cIOf8wqiq2hp2pblRbtiNchBo&sai=AMfl-YRu86RJw-crwLyC_lVEKCkIXojpWKeDLnzxBaj9YsmhuOrSMjxnoXOidcC6p-Zo_npNZ_uyd7n3kMcDWcccMmid9IivGi9ADKcWT_DiUpc&sig=Cg0ArKJSzKkgkstNNpOvEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 26 May 2023 23:15:59 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202305230101/ Frame 256A 350 KB
118 KB 86ms
85ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202305230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfedc75cfe7b945bb38c0d7c7aa2c2e0cbbb53be3b787c051cb1efc06cb32fb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120274
x-xss-protection: 0
server: cafe
etag: 11768213732084284165
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 26 May 2023 23:15:59 GMT

GET
H2 200 5ed7638be4b07a92411bbffe
ng2.virgul.com/tck/imp/ Frame 6C31 0
209 B 94ms
46ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7638be4b07a92411bbffe?g=1&t=gb&r=153366@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1685142958007&userId=vnet55bff539-6bd9-463f-ad04-3c780b66c4bb
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 26 May 2023 23:15:59 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 197C 0
0 105ms
103ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuUFeNnm8OgLLC6lQ_IHAkUSGURiRd9vZ2u4cuFg9Xm2DPu0qmhvzKZiC0SG0WwIaiVu6BkkW5STLUu3P3Tn-fL9NFBOHbfI_sgezBZ4HqsKvWmQJLw-7WHr9Ol1FOIPJt2O0ItXRWp283r9Uoyn5ZusEJmLuQIjL3HpeLa00p2t0VUfxKpvn6_l3Q7-vAqKCftvPafzL2KFff93AxdZ9L4WKRQp8D6sK2IjXU7aCHja9zAAnGb-XBO8TVYnCeVKG70eM0OwXLT04nfVr0nGJywd6IoieQ1fUvVxhXY67e17AQHoqxdpv7MfU0lFvxZIxFHIbaeXK4LTkPvGD8&sai=AMfl-YSR4nbOnNdsXTz5V0BSdgYewn6Lg8jf6JtCVacEtfgfVn8psl3qUaFnRqH2u2BedehYCoRPbePSVW-ajnvEQkbZWfgZENIjfi5Jvp3hIDHfw7ZERzvV3jFOZs00Og&sig=Cg0ArKJSzL-4jDcWx-LyEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 creative.js Show response
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/ Frame 197C 26 KB
26 KB 40ms
7ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e0bfcf41c566f571ea252620518b4bee4496dba2b1df9a1aa3e436f81592e1b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 26 May 2023 23:15:59 GMT
x-content-type-options: nosniff
age: 36859
x-jsd-version: 1.15.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26200
x-served-by: cache-fra-eddf8230121-FRA
x-jsd-version-type: version
etag: W/"6658-uUC6DsKFQz3nsj0JP3lp528lwJQ"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 197C 171 KB
53 KB 54ms
52ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c3e04a3f536b4a6300aeee8ee1dbbfddaacaf29d9f44dadff76b136fab44e38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54244
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1684927996807358"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 26 May 2023 23:15:59 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F8C5 0
0 88ms
86ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvKxLdPDuCoix8yf4uX8SDrCGjE-LXaeBFKzJ7KvfWgjFpWrO8qrYLHNHlMpE0oPEdx_KwL0TA_6OCNO9QbE6QB0Ipr0yeUPdmunrJBRQAO6TS3gs5E6mfYCMEtn0nG4dBZPLt7Kzcz2TSKg46wRfuMWIcFS2bA1O8RG_5wgkRLKnuUyUGSkC4v63hi7JZvoZ6pkSg9EY6E5WHGU61SIg4O17Yp65XAcY7QjRNHjAOL6UKBHOZLqZ53RqvnK0MQ1IjepuiBJ7SupdKpM1cxF7Q9w8ehfFKHepm_7nfXQaNSf08kKo_njrVbjVrgYp-4HagUc6bwOU4ZKCoa3Qi-J23PiAf3JUt1fZ0IqNEmSS76&sai=AMfl-YRXukjfP4PszmPjgDX50FEDnWU1qQ2sOQxIxJUHW43SkYQ55fVobZ4FPNqYu90eRXgRbscG_dpfsnxDg80Ui7Wqs-UxFVxtNUmpeAaSWB0LYatxhfFYHABBnaluIA&sig=Cg0ArKJSzPiQTNpTOGkCEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 creative.js Show response
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/ Frame F8C5 26 KB
26 KB 17ms
7ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e0bfcf41c566f571ea252620518b4bee4496dba2b1df9a1aa3e436f81592e1b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 26 May 2023 23:15:59 GMT
x-content-type-options: nosniff
age: 36859
x-jsd-version: 1.15.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26200
x-served-by: cache-fra-eddf8230121-FRA
x-jsd-version-type: version
etag: W/"6658-uUC6DsKFQz3nsj0JP3lp528lwJQ"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F8C5 171 KB
53 KB 66ms
63ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c3e04a3f536b4a6300aeee8ee1dbbfddaacaf29d9f44dadff76b136fab44e38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54244
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1684927996807358"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 26 May 2023 23:15:59 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7470 0
0 84ms
83ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstgjxPHhAyvh8LLCVO94cyKJx21mxoqtAbtpRNaFGjGUI63-nxjxeff90o4O4cBzFpqsSbHSmGWBKis5XtKuzBsqamyx0vU8X3Fiyt2dNUff4L8MOn6WT6MDB4DaYC1Cs5weFCTsUxMY5ljNW0dTe58_Mk8vzDNg-6MIcv855Y74S1zzzesCRhXAA-Bvon-up45t_e2aJ7fONnqw1gpfed_nhovakEII-10PfhdeGuX8RQfxl16toiZ5ivdjQysos-86vjo1C2qrAhuuIhCT0zFke91w6OrRutnKKDwE9XUv4Xb-NabH78KnTVXY9BzKrDbY-xHk94lfw-vCu0&sai=AMfl-YTZDmLKguapbxqh_gZRVllYKoLUZxARXbpQf6OukR_itw14D9ogbAqxFXC9geBabWG4avQ9RsZkIk-zRpJk--0lMUNDdVu8EJE1Ly1r7NXajf5Ntwx8oOif8eMCdA&sig=Cg0ArKJSzGSV9MhePv2SEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 creative.js Show response
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/ Frame 7470 26 KB
26 KB 26ms
13ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e0bfcf41c566f571ea252620518b4bee4496dba2b1df9a1aa3e436f81592e1b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 26 May 2023 23:15:59 GMT
x-content-type-options: nosniff
age: 36860
x-jsd-version: 1.15.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26200
x-served-by: cache-fra-eddf8230121-FRA
x-jsd-version-type: version
etag: W/"6658-uUC6DsKFQz3nsj0JP3lp528lwJQ"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7470 171 KB
53 KB 67ms
54ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c3e04a3f536b4a6300aeee8ee1dbbfddaacaf29d9f44dadff76b136fab44e38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54244
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1684927996807358"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 26 May 2023 23:15:59 GMT

GET
H3 200 container.html Show response
c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3941 6 KB
3 KB 80ms
47ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 26 May 2023 23:15:58 GMT
expires: Sat, 25 May 2024 23:15:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C980 6 KB
3 KB 49ms
40ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 26 May 2023 23:15:58 GMT
expires: Sat, 25 May 2024 23:15:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E51B 6 KB
3 KB 168ms
40ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305230101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 26 May 2023 23:15:58 GMT
expires: Sat, 25 May 2024 23:15:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 256A 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0b6a4d5614f62f61ce8c29539ad1ee773077ec787f05e19f90b7eb9064dfb2c5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame E2DC 261 B
122 B 117ms
117ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-dzjwAEwAQ&v=APEucNXsr_vrCKGy2rTCRwqWKMoNvu2ow7MdEjpvU987cyjeUHSq5GsaYKgqCdWDJDzrpn9oVJQZ4Zf6iFrjtrfIYgNOR-gy7Vj5IaTNDnrQzHjDNo47_jokI5KGL5kGyAP8YZM39Bs8SmyTjc46rvPQJM9jRX6kSgTL5OIggvkzG8WJnw-mrkY

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8e7c0b0b1c36228ba736e564a00405f72bf3b6bcfe6ac826cde2b6b9c14e55ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 102
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 26 May 2023 23:15:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 197C 78 KB
27 KB 57ms
56ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 26 May 2023 23:15:59 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 197C 42 B
63 B 73ms
71ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DkaK1ot_qbi7p0g6Ey0-BFkxUU1DmI1epZ-wV2lCOhn1zC5fl0AJR6t30JohDfHd3pTYICZpXnDfQda0YDgE7XP6EevZdzEVd5eKKSmueUXOQJqKs

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:15:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 197C 0
20 B 76ms
73ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=7921769331533316826&x=8&ct=76

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:15:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 2c7b8706-42ef-4863-85b9-32510b9fbede
beacon-fra2.rubiconproject.com/beacon/d/ Frame 197C 43 B
75 B 315ms
9ms Image
image/avif 2602:803:c004:200::154

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beacon-fra2.rubiconproject.com/beacon/d/2c7b8706-42ef-4863-85b9-32510b9fbede?oo=0&accountId=13760&siteId=333016&zoneId=1746580&sizeId=9&e=6A1E40E384DA563B59F799ED1FA9D4208B04BDF42C759930F47D666B53700A5A275810E600C41060F4340246F1AB8E7D172DB22D3B21A9B5BDC5CF800F3D1E4BDA176B8B0F5750178DB70DA02D1440A5BC9995CA8FFF9ED1D7666FFF3CF2A3DB732332EACBE237035CCDB910228F688B373F5A0B4A7D6EE4FCDA30520FCD4B64F8173AA165278123B94A025FB431E77A8676DD7D42BC1DCA2C3B6510973FB739BB427AD5E65DB6C0B40143DBB531EA56C6A03F9E54FA1A36E82A954C1004678A

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2602:803:c004:200::154 -, , ASN (),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:15:59 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/avif
cache-control: private, max-age=0, no-cache
content-length: 43
x-xss-protection: 1; mode=block
expires: 01 Jan 1970 10:00:00 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame F8C5 1 KB
2 KB 38ms
21ms Script
text/javascript 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=60438886;rtbwp=K6MT8i251AN5IeUJzzRRF6zboUFQG3yp0;rtbdata=JZ80VHNWRdQXdeZXhKB_lMhmuiHo3AG-TA76CFq4OhsKM5YG4JyY-ezQlxN84uJ6SJXmhnn2GM_DxtJMuHT_ev28e48nnUhLdh1-0cCC3WWagLfcoAY8jW3MU5R_9CbfRyF8AUZcZD-PU39zjExzCnuH8KSjkBUKyeuGl_f7SXZDp5Wjm3oV3luVzOneeMIRL6pLH5Z2-gdtdKB08LHtcfag7eQU4_cLSyNdq_WLD5sVZAKg3IsGKfteVNGVfJS7tDi0uEszGOIEMoXZIHySlvuVj4K9C0gIp7SDrVOpsB9CydiJ-dQ6ctnyCfbK0xoHZPSVCRcBPzE1;csid=81917;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=Y3pzq6lakRIWcRYtgUbgFLZ_YNfPuvzUJpKVb6pS6aOWjYTNV3_sR9ol5kSYxyp8a-WKcMFZWlaADjMRxcq0PPn9nYWv3IZgXV1-8MlA_iFAxXdTKHgqhEpyVlHMEISopS7YClASUixq-zcwZEr1tE3wpmCc8byYRSYI4uWV-ymg9RRgtMED4-9r5mjjYXtGebwH7-C6fvXt-qFCxi8X-JKnIACB__HK0;pui=2ShljixBLrbi0hXl08juHHFAHCKQ7jOEBbcyLuqp61lpmtbmslqMbVBGhpFBz2sMBaXjqN_aHzNjCQ33kTitPt6vWmW1dlSa0;

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

9b339ccfd1220bc6419a539004c50e8fad7070b765cce23439c96c897b56869c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 1332
expires: -1

GET
H2 200 adx.js Show response
s1.adform.net/banners/scripts/ Frame F8C5 62 KB
26 KB 334ms
33ms Script
application/javascript 37.157.2.247

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/adx.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.247 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 8ed86e2b928c1b3c7035f47e16f70e3e71131b34c86b59e783a0559fcc8de4b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:51 GMT
content-encoding: gzip
last-modified: Mon, 15 May 2023 06:47:18 GMT
server: nginx
x-amz-request-id: tx00000df20864aa422a80a-006461d90a-32950a8f-default
etag: W/"cd30185b4774b9eb12ea46ca45e76972"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 ca Show response
choices.truste.com/ Frame 7470 27 KB
10 KB 305ms
6ms Script
text/javascript 13.32.121.66

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.truste.com/ca?pid=tradedesk01&aid=tradedesk01&cid=46h40h0_ji7q872_21d7ybe9&c=tradedesk01cont1&js=pmw0&w=300&h=600&sid=0

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.66 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

0b3e6ba89fb5f942cb17ffc33ba608bc55ad030cbf91aed611636fbeaece8f17

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 16:47:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 bc0a0f9f99d36a68240a31a25e39addc.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
x-amz-cf-pop: FRA60-P1
cross-origin-embedder-policy: unsafe-none
age: 23318
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: 14_k0Kxe-PThhxmtS5Ji05p4tnAqp-jSQF0e5xyBPsCTULMuYy3OCQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK rubicon
de1-bid.adsrvr.org/bid/feedback/ Frame 7470 807 B
1 KB 293ms
10ms Image
image/gif 76.223.26.175

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://de1-bid.adsrvr.org/bid/feedback/rubicon?t=1&iid=15f716e5-104f-4e90-9a3e-2e3a9f34d2b3&crid=21d7ybe9&wp=4418708488AC7779&aid=1&wpc=USD&sfe=16a8bdae&puid=&tdid=&pid=d0oyyor&ag=ji7q872&adv=fas3qh7&sig=1DPMeI_lM3oCY2RJurX2WKTctf2L0uI5GzBYmb38Wc3c.&bp=0.21804841944930072&cf=4907937&fq=0&td_s=ye-mek.net&rcats=7gr,5rf,hmy,d3i,qn2,7sp,hp6,e7y,2ic,3c6,2gy,cdz,hhr,y29,zm4,usw,3oc,26o,enb,jba,pmr,tmc&mste=&mfld=4&mssi=&mfsi=&uhow=145&agsa=&rgz=60326&svbttd=1&dt=PC&osf=Windows&os=Windows10&br=Chrome&rlangs=de&mlang=&svpid=13760&did=&rcxt=Other&lat=50.100000&lon=8.620000&tmpc=14.840000000000032&daid=&vp=0&osi=&osv=&bffi=41&mk=Google&mdl=Chrome%20-%20Windows&c=CgdHZXJtYW55EgVIZXNzZRoAIhFGcmFua2Z1cnQgYW0gTWFpbjgCUAGAAQCIAQGQAQGwAQDAAbupBtABu6kGkgJCZGl2LWdwdC1hZC0xNDU1NzgzMTI2MTc0LTE1MzM4MjIxNzI4MTI5NjIzd2ViX3llbWVrbmV0X3JpZ2h0X3Rvd2Vy&dur=CjAKDGNoYXJnZS1hbGwtMSIgCP___________wESE3R0ZF9kYXRhX2V4Y2x1c2lvbnMKSAohY2hhcmdlLWFsbE1vYXRWaWV3YWJpbGl0eVRyYWNraW5nIiMIpf__________ARIObW9hdC1yZXBvcnRpbmcqBgigjQYYDA..&durs=AuzKvO&crrelr=&fpa=536&pcm=3&vc=3&said=da7a255a17ed77638ab378fc6ff290c5a99d9e68&ict=Unknown&auct=1&im=1&mc=f97af928-780e-47ff-86ff-ee4eb0ea8caa&abr=d695b573-4085-43c0-90b7-13b774b67ea7&tail=1
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 76.223.26.175 -, , ASN (),
Reverse DNS
Software: Kestrel /
Resource Hash: 3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:15:59 GMT
server: Kestrel
transfer-encoding: chunked
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
content-type: image/gif
cache-control: must-revalidate, no-cache
x-connection: close

GET
H2 200 21d7ybe9_300x600.jpg
ad.adsrvr.org/d0oyyor/fas3qh7/ Frame 7470 195 KB
195 KB 304ms
5ms Image
image/jpg 108.138.15.119

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.adsrvr.org/d0oyyor/fas3qh7/21d7ybe9_300x600.jpg?cb=810269
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.15.119 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: edf7feb7e0931456f4a7df0dd85ebcf3e47909f33d0367accdb3da9dd0a12f06

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 14:54:27 GMT
via: 1.1 0d78cc90106520d13c1b5c5b16dd8246.cloudfront.net (CloudFront)
last-modified: Tue, 23 May 2023 14:53:20 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P7
age: 30094
x-amz-server-side-encryption: AES256
etag: "d5f307459d1b8050630ae2f81bc9c744"
x-cache: Hit from cloudfront
content-type: image/jpg
accept-ranges: bytes
content-length: 199448
x-amz-cf-id: 0O21OAmSHjpk-vkQ7hGBAQl2JVO5BnXUx8-JQbLO3QdmmPSTdbJrjg==

GET
H2 200 b8984191-b056-47e6-9026-2165a832b51a
beacon-fra2.rubiconproject.com/beacon/d/ Frame 7470 43 B
227 B 306ms
8ms Image
image/avif 2602:803:c004:200::154

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beacon-fra2.rubiconproject.com/beacon/d/b8984191-b056-47e6-9026-2165a832b51a?oo=0&accountId=13760&siteId=333016&zoneId=1746730&sizeId=10&e=6A1E40E384DA563BD60399A0668B7BCCC3D5602ADA46C6440F70DC1023F7CBFAFB1B64EA871A96799BBB020E8A30251E172DB22D3B21A9B5E4E546E22F5E8C70DA176B8B0F5750178DB70DA02D1440A53F4F9208028F7157DE9EAC10AE2BC192EF88EF4384B1B512E4082C75FDF09FA9A8E97FA4546EF9ABD80C1E7E279F2B06F8173AA165278123E391AC92484F53F976DBDC68F2B161DF8E9CB94DA0DDF2FF72A1DF97800BDF58E18A1C2FC5481C2B32CE1014E80C54A6

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2602:803:c004:200::154 -, , ASN (),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:15:59 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/avif
cache-control: private, max-age=0, no-cache
content-length: 43
x-xss-protection: 1; mode=block
expires: 01 Jan 1970 10:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 256A 107 B
122 B 48ms
47ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202305230101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 256A 107 B
122 B 49ms
48ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D543 0
16 B 194ms
187ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407250215&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685142959434&bpp=18&bdt=240&idt=380&shv=r20230523&mjsv=m202305230101&ptt=9&saldr=aa&nras=1&correlator=4147856985454&frm=8&ife=1&pv=2&ga_vid=372334874.1685142960&ga_sid=1685142960&ga_hid=1691016324&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1257201828&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759842%2C44759927%2C44788442%2C44789779&oid=2&pvsid=2476697498375493&tmod=1504218110&uas=0&nvt=1&fsapi=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.137mk5572zic&fsb=1&dtd=416

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 26 May 2023 23:16:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 3941 0
0 85ms
84ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CmU3nrz1xZNbJEMOi7gPCxI7wA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQmpAnf2uKOa_rE-4AIAqAMByAMCqgShAk_QnhUfiOv4hrYFZRmSZDbQ9YY56V1VmA5lOB16INHOcFHUpwJlGbpJoWErEMcbtLlbrfo9qRe7xrEPwlf5ugG5IWDWewpGsp2f53pvbpUPRh_VgPujYoZDh5zq8h0xLjy9H_ArNedIPQAVbueaI-V8LdahJCkH9O_sCshHG2WBZZiTm16egMU9VwkDfImsOeQRZN2jBN3-IW8vlIljc2IRtSNi0_u1wfzLU-ajw5NV0HTjv02Bd3jEunp7_fjBNaWROZBDeXbhkFgHXpbq0BPoL9OFsUNEvOxCAAnrwyK-d_7BsWfHp1BsDzUaxpSK5ZjpUGAJnW_dQZIutcjaeKoJCjLhAIKRSVXWmVVFBAvByArd52RB8GuNlsiu1nbv7yjgBAGABrnqssHX0466vgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA8ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTc5ODM2NTEyNTc4MzgyODIY6sFt&sigh=lMQO1KdwNmo&uach_m=[UACH]&cid=CAQSOwBygQiDZ51U3vOMTP7ostjSs4LxweFe7CslgbwgVsdKQQ7COE01I9I0AaRPcUg2oEBFiDnqwIKnF5WGGAE
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 3941 0
0 260ms
18ms Fetch
image/gif 2600:1901:0:76b9::

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1h44sttsrrjwrmtac7702m5jwddwr4kb5j551gseast7tne4812mhnwybb58crh7hvvcp7eq8s74gmfg819c89cgsas4qrtfn2m0mr02wrhtv6r6kbaeb31bcbz8qczj0szqj5jz3g40hanrff4nmrf6d81rg9r78j0phxh0mg4skn4gsf9v0wwenk5qk95t20g85ygrjrzbzvxb8r8acsh69k1t4pb0y0yysvhfsxajdfc768nhahbwdfemqwshss75e9tey1a2tjhp3mgk82q7ah4vc713s5yz4y3qm47vyk5ycks4mve4pvg0re1vp2wc28dfj1dcejw32jy6g862vtkpf8ssddvadx5dgqd21edmxd2br7z19v3k1hj5g8m9jgxkjdgm3zr&b=ZHE9rwAEJNYKe5FDAAOiQos_XQZv7KV5cEcs3w
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 26 May 2023 23:16:00 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame 905F 2 KB
3 KB 153ms
15ms Document
text/html 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1gb5bn62ae8zcm5af7pfvbzhe45mv08fs5e8kt3cwgzf6vrg7bxhjnjykys6fe7m8xynjgnsvfz94xcc1eyh84h1xg641m0jpwhhsk0v5n34dzm75w5rxppqx85j8xmq5qpm22gevtc2nhrgf0ttr4ycgvm3geqgz0ykeftt1a8xtakpdctb4bx5sga52ng87fwk35asbbq12sjkpqx7z1dhrv8dd5pypn9asmx4nc0qb5ntq7cem1sb7qkbz8bb8zw91r3mcqt3fh5agkqvk6awdat00fy7deykrgne86scnvv48793ke5767z5n30yx0a17n7e7yqxvjv3zz5xczqkfvc4jq230gjeessa878hsgswfjz13jn19qp34ghkjjeekk8g2tkywhmxnd0gjyrkk4xfyx91wm2jcsfftfj5fzb1wjzfq3k5sv85k521dsr1xmj8&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCHkPurz1xZNbJEMOi7gPCxI7wA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQmpAnf2uKOa_rE-4AIAqAMByAMCqgSkAk_QnhUfiOv4hrYFZRmSZDbQ9YY56V1VmA5lOB16INHOcFHUpwJlGbpJoWErEMcbtLlbrfo9qRe7xrEPwlf5ugG5IWDWewpGsp2f53pvbpUPRh_VgPujYoZDh5zq8h0xLjy9H_ArNedIPQAVbueaI-V8LdahJCkH9O_sCshHG2WBZZiTm16egMU9VwkDfImsOeQRZN2jBN3-IW8vlIljc2IRtSNi0_u1wfzLU-ajw5NV0HTjv02Bd3jEunp7_fjBNaWROZBDeXbhkFgHXpbq0BPoL9OFsUNEvOxCAAnrwyK-d_7BsWfHp1BsDzUaxpSK5ZjpUGAJnW_dQZIu98r76n3wjXIph8oHkxxEa2xRDqbL5hIAZ6YIYpMZiOS2A6pwr-DQVL7gBAGABrnqssHX0466vgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA8ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2rOzCMougoFrqDlJZntzd_XRSTVA%26client%3Dca-pub-7983651257838282%26adurl%3D

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:ad1 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

21c973189fe21f70af633c6a24d179897510b63d2f4b6e32d528b40cd7059e05

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7cd9b92cacaf1c1c-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Fri, 26 May 2023 23:16:00 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230523/r20110914/client/ Frame 3941 3 KB
1 KB 39ms
37ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230523/r20110914/client/window_focus_fy2021.js

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 19:01:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Jun 2023 19:01:43 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame AC54 1 KB
643 B 143ms
55ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 45744
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 26 May 2023 10:33:36 GMT
etag: 48472445140208031
expires: Sat, 27 May 2023 10:33:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230523/r20110914/client/ Frame 3941 19 KB
8 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230523/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d47e9b04cf995a35fac50d2d39cd0006ef7e7f07f9373cad2fe5a207745f1b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 14:12:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7987
x-xss-protection: 0
server: cafe
etag: 5788035530912182302
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Jun 2023 14:12:57 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 3941 0
0 281ms
46ms Image
text/html 2a00:1450:4001:82f::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR8g5cvdeObHkgK_jn7ABpIBMURDmF-87-9-p_ddfT-lfNwG-Y-oa9SGmtg0xj_LYv0nRp2BAGvjOgRNxn2u5XGsVS5sA
Requested by: Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 3941 24 KB
6 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30224
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 25 May 2024 14:52:15 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3941 171 KB
53 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c3e04a3f536b4a6300aeee8ee1dbbfddaacaf29d9f44dadff76b136fab44e38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54244
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1684927996807358"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 26 May 2023 23:15:59 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D5E2 30 KB
12 KB 361ms
288ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685142959452&bpp=4&bdt=259&idt=460&shv=r20230523&mjsv=m202305230101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=4147856985454&frm=8&ife=1&pv=1&ga_vid=372334874.1685142960&ga_sid=1685142960&ga_hid=1691016324&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1257201828&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759842%2C44759927%2C44788442%2C44789779&oid=2&pvsid=2476697498375493&tmod=1504218110&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.cxiv9ygyii7p&fsb=1&dtd=480

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5b4713513fc71dd25abe93ca3404d7f18cc6477325ba19ba9f71154da56c7169

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 12524
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 26 May 2023 23:16:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C980 0
0 100ms
93ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CS3MSrz1xZL-6EJmDx_AP8fK0sAvPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMBqgSZAk_QNoOH2HvZfl4QUAEnHkjhSw9rdzaZhnQwcXsJ7zIXcX8-YW-9aAtqrJATOJtfrcbii2hPEusgTdw2JlgZ3z6FycSHurYNTFe1y0DZ2kqY-XxZp9xDCIduyWjgG3x-aZDnVHBTCxkuD5SLeUjHveHI12ca10q2a8pAS6ADUDZ3-uysYzdpXQrbw4JDEwqH9Z_f3ETFEgX47RCfF_UyVoMNm9UzLyTdUvCu8EqvlCpAse9GAASAZhjFwjU3qPh23qLIxaGcBBuDA615ZVd5UwHkNdamLJujevTdtYaR2oZ77iRikb5HQQEzlIoigFYYPF8ipq8mLAiKiKYKsT0aedS9lNcdBi4c1VUa3hnEji93aa3Bi9bGIdOM4AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOYAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi03OTgzNjUxMjU3ODM4MjgyGOrBbQ&sigh=yTY5Tn1i3nE&uach_m=[UACH]&cid=CAQSOwBygQiDmKDZv0352DZTfg5QfiO9ttzNqTBhiHYQoBFFFXtKVUG0Of1mdh87p83lz9Pl0WTvxdH7OgYwGAE&tpd=AGWhJmtNuHkno9TVGO8mvjqHTOJMZ5kgPNJyhmUzyEfHquVonnyahIbiHVZnOKWGcPSdqzBonNWzhl40XdO9W94WmVK49hK4RknxvNtY3P7acn50ohlZaFazLT_ARsy2Lk4MuEDiAAmCNlCU56nDLW4dBOij0UAY5yXDXkvhJ7WhMJKfx-xjyxnn093ju9BXbIzamt3W4Mew6aVeqy-2JqMkq2bpGtRQZ9LyJnJj97IocxKk53CgaSxl_t2_5sQIsjOe4Y4f015A7Q9jAqfrDlD73z1Mvy4Gab8SuFnx-D5jwcBrTiWHZ1hArxXSdlzW0rF4i8kFqq2ZiECI1QSxTzMKY_vcp1zdSbEpWsUnhPtLBv4nNqVKF7OWXQ5Xg9WReIqcRquKCr0l9TC6x7B40-2F36zWw2DFa3jEZ2nQhW1xixASBnMj90-4mzWC4OqIL7wGhJthSznGiiVls1TbIfpFD-Ktl-fvZ1Cm7fMzHTbBKyKbqnX7p5UrMGsZrSo5PcnIl7CjLuDYBrfTv-yc4hFwWYPWZBs0TdIYxE77XwADQz0UTJ95k1UgVEP8LBSKis7qfTVI1a5I5f84nP-Kh0P7CYMLuXElcTe6c4DKckOxsypcoApMyuqo5FEZVqam6QioEjMNc18XxoCVKAEFJsg8B4aCq0xGDjjzHn2Vj7o4u78-lqRDCPNIt7egpdOHkogRaPtkQcNhCTkj1gBSkYGhun_1IPbsNlaPmUbJ96_Fw10LVRypIRiwp6xrNijOJK-ZirL1B_pqFvc0fG3OeigKtfGm7WJ9yLIu_9iKj4Tvo-A4K2tV9L1ud3Gcv8QCbqjx8wor6sp1OEnY-MTb7SG2k-98T9ibqAL96dGhSBYy5zUnObppnhs7F8IF65ALXqPqF0DjGrPUbcvu-nISTP44Vk0dUuCzEYjI6V2gaIHzEvOI2C8aYjhpOOuo2vC8B-0PTHsFq7y2nRm0rugS_EsfOg4wFUDbMOKf2i8Dhoou8XakoNypngx1EI8MdaH-UWgCYRPQeU5LjzMMld4JCaHcuOW_n64qQdf0pqbLES_bF-6WsaDO82jxyQqsDYGuU9qHggAmKTwETcbbGtJNvpEKcrC5fmADeqdG7pkb_OtnsNM5hFUc
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame C980 3 KB
2 KB 158ms
44ms Script
application/x-javascript 185.29.134.245

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWmpkbE5qUXpPVEF0TUdSbVpDMWpNR016TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg3MzM2MDg1MzA3NDQ2ODE0NzkvNjYyMjMzMi80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1OVIzN2hwdFI4UWp5UTBUbUxBZk9hUS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC84NzMzNjA4NTMwNzQ0NjgxNDc5L3pyaC8wLzE0Ny81Lzk5OS8xNjIvMmEwMzoxYjIwOjY6Oi8wLjAwMC8xNjg1MTQyOTU5LzE2ODUxNTU1NTkvNC9wdWItNzk4MzY1MTI1NzgzODI4Mi8/HyxQJQ8Meaf3EKFhTGVdnZInYfg&nodeid=4829&group=zrh&auctionid=8733608530744681479&pbs_auctionid=8733608530744681479&shardkey=8733608530744681479&sid=4562306&cid=6622332&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.158&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCAL8Mrz1xZL-6EJmDx_AP8fK0sAvPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMBqgScAk_QNoOH2HvZfl4QUAEnHkjhSw9rdzaZhnQwcXsJ7zIXcX8-YW-9aAtqrJATOJtfrcbii2hPEusgTdw2JlgZ3z6FycSHurYNTFe1y0DZ2kqY-XxZp9xDCIduyWjgG3x-aZDnVHBTCxkuD5SLeUjHveHI12ca10q2a8pAS6ADUDZ3-uysYzdpXQrbw4JDEwqH9Z_f3ETFEgX47RCfF_UyVoMNm9UzLyTdUvCu8EqvlCpAse9GAASAZhjFwjU3qPh23qLIxaGcBBuDA615ZVd5UwHkNdamLJujevTdtYaR2oZ77iRikb5HQQEzlIoigFYYPF8ipu0kDZomNAINPJlS0gz9OycAEiSg33sCP6QEzoCNyLPtk3hfndQBW4-a4AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3ypWE76_gw6C0L5bnTUcTAQWmPUw%26client%3Dca-pub-7983651257838282%26adurl%3D
Requested by: Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 -, , ASN (),
Reverse DNS
Software: MMBD/3.388.2 /
Resource Hash: aa2de12ba413c088a0297b5f94c377c49393278e408483c1bf08182a69142c9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:16:00 GMT
x-mm-nodeid: 4829
Content-Encoding: gzip
x-mm-bid-request-time: 1685142959
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Connection: close
x-mm-handled-by-owner: true
Last-Modified: Fri, 26 May 2023 23:15:59 GMT
Server: MMBD/3.388.2
x-mm-latency: 29 (0)
Content-Type: application/x-javascript; charset=UTF-8
x-mm-dbg: NotCount
Cache-Control: no-cache
x-mm-host: cdg-router-x91, zrh-bidder-x169
x-mm-lag: 1
Expires: Fri, 26 May 2023 23:15:59 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230523/r20110914/client/ Frame C980 3 KB
1 KB 61ms
53ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230523/r20110914/client/window_focus_fy2021.js

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 19:01:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Jun 2023 19:01:43 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230523/r20110914/client/ Frame C980 19 KB
8 KB 58ms
50ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230523/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d47e9b04cf995a35fac50d2d39cd0006ef7e7f07f9373cad2fe5a207745f1b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 14:12:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32582
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7987
x-xss-protection: 0
server: cafe
etag: 5788035530912182302
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Jun 2023 14:12:57 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame C980 0
0 168ms
45ms Image
text/html 2a00:1450:4001:82f::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR9BHW4lVZD2Jqb9zW8isSTyfYQJteBP7GJmsr5KVl5CoqDJbMGaDpnosomW_j00hbVKIvUbkta3ZJkalfxzla-NG1JaQ
Requested by: Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame C980 24 KB
6 KB 59ms
52ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30224
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 25 May 2024 14:52:15 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C980 171 KB
53 KB 91ms
85ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c3e04a3f536b4a6300aeee8ee1dbbfddaacaf29d9f44dadff76b136fab44e38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54244
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1684927996807358"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 26 May 2023 23:16:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 197C 0
20 B 105ms
73ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3650339821859&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 197C 0
20 B 100ms
75ms Ping
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3650339821859&version=m202301230201&ct=76&x=8&cor=7921769331533317000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 197C 92 KB
37 KB 112ms
98ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ANn8UMAEi2sgWUuxxFh7Ruq06xwtK29xw3PEe_e-SztVur2Ka67sc1C88EGFp_kTGguBMQ11k-xTkhh_v3r9GTR-qblTlG7o86W5RNUaC-d_nK1LxBQHEqlxUoZ5-5oiiM1TqAc5W6_sxy7GOHf1eiGRIKjA_QDZe70w_L-3G-Wl_wQD0&dbm_d=AKAmf-A8F3lKTEwZJSND1tXYto4qycNGBe4IvcrsyDst0izYFuEEnMkv1Tdp1WM8uaxia62dyetiHhHH79w8ycc8dZpQyKSZuMiLgShXSQ9wsJ894k1GDFflNhVqD9DIk_qvVQopoCIkQyJytzyquInVshliFqpLylAwE3LBi2gIufqe2G943upruCTJ0Qezgng8B4FpxaLkmvJ6GxYW0owssl-I7IHY0vOXjfw_BOeA4VXYTumpCs2BFC20JAuE9MslB91Z5PWvhcoV3iKgPi_PBcb3NP4LW7NagFrK2kKBrUP06TDckc4-PpaDQCeA9RhahSqMJK8L843RRA_U6Qa8JpwRfDjOoibUJLXmkGJ9qCj8PI2hCepSsV04AR8EclXHDMuxuhX7VdGUQj6oJDJTqEcEmXG4xKDSFfJEFp8WXJ5bLwnWA6fP2STDT5J-cJQ7o5XKtJawlFgrGD0Yxll3p6DHCjN2rPnvd4ylTp6IXK1oVlygEkaeRzj92sjz2U6oiKMDPRk0MB0LVU5qkEUsmaoS6GOfmFbtT9ZNiPWVsoITvcOZ5D5h2hSB1X1z5DpyM6wFQf2aNkbm_c3pHoboVYYR_-rRKn2DCDQaZAdJycgk2SsLvFjxbAkngoDeT4WXKarPbO59kc3XhvOCbyn0lymz2r5zyYKxZ31LI3wG90SJWZlRZzSCCE18i7rc1qo_kGQFfUr7_jxX4L8lrv0aVwlJM6x2whF9p9Y1ZsAIqHOU3rBfErKxj8S3TmPsjXQizH-vZuB-djDTz17COoi18Nga3t91OJt4VP-5yvteJXJmULeRzGEF9RGCSQ1G2rAgaolCSkjlOzGgZ-UudrOF9wf_BbEmfZIiTlGmMaWIoVsVXhLBfuGaac35Z07bSxqAoMQUEdQx7dq4EWu4FT-yUPjUXBFFPMQ-G61Zhnjyce6ULk4Na36ij-O732A_CP2NdsOXwnA1hOCwAklfPnOHeRzIIp-ZTfZ-trlZwEST2nNIgHiOb0ZDZpPBl5Jij4A1kUaFyutdS4hQxdio8KF0RRz0Knze94kGlpx1_gnreuB30eh3jMb8EvzNUvlKzwihfClGdTqOTOjSQ53kulKbv0aCcUD9e5zgy08PGys0K808Ge0dmntBhr_E3GdwGG5348bD3Uss6i_drAHF1lNUa9j4RATamY25RmySuXWCS--xNrwLke0Bq5yTrN3uHYc-a6xZt3xUFUGqKKdekVTXcFj6rL0Xdpo1i2BTL7_ovJLEOP3LFhiZfp0yNQXC5ya4AyZKhhUXoYNDwI2zRNOXISTp0J_NWTZDS4uEuxmGw0bpQ9wSqhCjgsCigWlbOwkAxoxPE8TxNXYdxVI3am3OO8TD2oqCzsJFPTFK43Znf2RjJrfGPR7pSl4H9mQ4ebPcy9cj7ILvtSipCI_IRFBvg92zVvkX1-iDM3a6ApcU9o-_y3lD3IgkWnh6_5n9vNJg4KTbeyWkxaAhwLhfIHTf8x4hYLO0T-V2K-CZU5mncak_B5xaQ6NrkBsEPGXvdzO5_R6JgtHYbh5I8WLyHb24i67W6tmLHtGt2z2tljfnbGHTVO2s-hhUeB5SkRJHv2B3UHFRnVUadr72pMAESWxkYIGGqCZ-Y0caFLAbODXzZpFTY2bA4i9Wp5s0oTdQdzIoxoSt--howx5NZFY6tfMYF6FKb1LtdfBHr6nXlsWpR4kMeSOgjyaCRlNNaXvSaFLNkbuOSVhfHjDwvSkn-kdv0x_v6ugBTyPbdE-1qH3H1uxGNSsVsCsxUEK4iPgOD_ErXON9-OQ0BOHnrVlA_mpg0RPBlTNGXcPgc90nmGLNlejjf-TEZ5DMRj8u4-vxWf5VHtncy8fxUhghDCVgvSVSxEX5NP_KQZM204JQ3CY7N9Y_4GLGhyVM0cHvOwBLwOzwoVmqpstB54DnqwDS3BcDCobmN7vYyPoXhTyUPlkrnrlRdJ1njmxBCa6fNXmstRS_8YRNiXsF0ezUUYDayNqFZoumjiflGYLc-zDbvd6NYqOXfcuCagVgp49dydRPtdoopZECN24TmGoQCvDaKsR4iJis8R5L0IcchXs1NDMKasR9-DXkwNZ1OQjmpWJxDLl8fMZzepjLwN4QEVDdvrRqNb49aloD_PwCV5KKRnhvqE6S5VF75OBq8kGt7sTxAyXFYTYElCltgazUIZNnr1vhlPmXraiTOt3RTNx8ty4rqYser57QEpViq2n7GpZOG4PsU23FUXC239MQCV6HnqUybpfJkKgVBWvCQQlrdHVerZJWZx9w8IjO1tx1819t_T39mU0CrWcCvR_ZN4aMrWXgsefygZID0BRMgJpdxvDjreFJpSpyIp0MsDsdmbcHj78q4GZUr1d-q_vUSJMDOzP82Luz4ssR1kTjwbMyUQTmMUk7KGcq-oQaKUDqJDJYuSS7OjrjaOQoPs9b15D92tsH6pl5aGu9_OcOA5v5Z4MqacOChcC-rQvYtv5-Bu6hhs00mjRJMonKqqWN84s1xYyI8lekwu2VuiEBsE7yABA7YLU_mT1eU4y3-Ll1efOyTQKO4FkDHRAiX4rijAHfXxDzKganjNhRzokmaBZra3635CrnSjH8scr52VPBPUH7lz8I15m9qERz3yQgHXYOR00ZZEj0UpVq0CXZ-ZVzo9uB4DmvXNp_xAh9wwy-JO9IQ9fWG2n5IWdxC5Vc9MasIenJb8EdHaiLA9DpE6lzOAmRibXvhPpvrP5mwW4cFQt8lVoqircIE5dpCSb7V0PpWcEJF7cD-ZeyU2Ithike24xxGIkib6bf8i46SAU2o2TGdb-uqMcynArMcDhyxuD-ffbMhTqwnme22zr98XnHSZvaJaApGVgwhJj8sZ8ZM0G7c3RGL6_a62BlFCp2DA66o74k7-8BzRE14l7ts34wRtMJdYruFoi2Ky4EE2A5pNfoyWuyYgoBtOwYlVDWi7MvJ1DD-OHpNMo4iaXILSm7O4HIasUDYW4fNZLEe2cFxX4p-oC81CTnrHiLdgnT8ruH9OihsI_ZQrMAmjGxzgQpeMzgdxi4GUMk-Y86oqyNMW375YYqdzylSiJQQRUI6h5c83sm-xhapJAiNTKxjKirbKinOmhkpVZQxaStGvMqqrj6kyKAdRrI5YvCHH9IdMcCiv2WWXi6KRkYEkkp42gJTQQhMtMEEqgbcaGDmYsw0rfW7DWMf7B9bysHrOAeCHozIsBF8R1UWtLFhda4K9-JhLNX7-q4DBNLIaKmz1LVHhjtNIM18LLUsez3jrp9WmW9qilssw2bP3DmK1-iR5N_eKqh_ULCTACj_Vi8ffBR0V6vo2G6aUHxOUUlVKcqAF7WHdHRd0GGZxXFkQbKlu5ylv-xwSq0k3zWow9uZGSFlnKCMvbsScEFhs3fxC-OKLNTic6X0SjR3g6-Nwz_KXjBNe5cw1spu9S3HkuurZsRff87oFNRUetVKLhaVZDqG2_a0TA8f6JHts-O_A&pr=8%3A57B13E26F19F9F52&cid=CAQSMgBygQiDg7j2IDfbnIb3kHp2GuAWa7Dclh5j3Li_fDESX1EXc8KkAPqqh0-HTG09r3stGAE&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ds=l&xdt=1&iif=1&cor=7921769331533317000&adk=288972495&idt=60&cac=0&dtd=85

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

13f31551cbfce1890f6d0a38e0193e6be7198fd083cd7cdf86e7559b26d41500

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37897
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

204
No Content

m
ad.yieldlab.net/ Frame E2DC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=yieldlab&google_cm&google_dbm
https://ad.yieldlab.net/m?dt_id=52&ext_id=CAESELxnGJddX7elH6ZaM9IZ8V0&google_cver=1

0
400 B

118ms
39ms

Image
text/plain

23.45.237.121

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.yieldlab.net/m?dt_id=52&ext_id=CAESELxnGJddX7elH6ZaM9IZ8V0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-dzjwAEwAQ&v=APEucNXsr_vrCKGy2rTCRwqWKMoNvu2ow7MdEjpvU987cyjeUHSq5GsaYKgqCdWDJDzrpn9oVJQZ4Zf6iFrjtrfIYgNOR-gy7Vj5IaTNDnrQzHjDNo47_jokI5KGL5kGyAP8YZM39Bs8SmyTjc46rvPQJM9jRX6kSgTL5OIggvkzG8WJnw-mrkY
Protocol: HTTP/1.1
Server: 23.45.237.121 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 26 May 2023 23:16:00 GMT
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection: keep-alive
Expires: Thu, 25 May 2023 23:16:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:00 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ad.yieldlab.net/m?dt_id=52&ext_id=CAESELxnGJddX7elH6ZaM9IZ8V0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame E2DC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_dbm
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOcumol0-L_WgWfqJXUYL5M&google_cver=1&adform_v=1

43 B
163 B

199ms
14ms

Image
image/gif

37.157.4.23

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOcumol0-L_WgWfqJXUYL5M&google_cver=1&adform_v=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY-dzjwAEwAQ&v=APEucNXsr_vrCKGy2rTCRwqWKMoNvu2ow7MdEjpvU987cyjeUHSq5GsaYKgqCdWDJDzrpn9oVJQZ4Zf6iFrjtrfIYgNOR-gy7Vj5IaTNDnrQzHjDNo47_jokI5KGL5kGyAP8YZM39Bs8SmyTjc46rvPQJM9jRX6kSgTL5OIggvkzG8WJnw-mrkY
Protocol: H2
Server: 37.157.4.23 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:00 GMT
last-modified: Wed, 11 Oct 2017 13:40:08 GMT
server: nginx
accept-ranges: bytes
etag: "59de1f38-2b"
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:00 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESEOcumol0-L_WgWfqJXUYL5M&google_cver=1&adform_v=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 312
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame F8C5 36 KB
17 KB 39ms
36ms Script
text/javascript 37.157.2.247

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=60438886;rtbwp=K6MT8i251AN5IeUJzzRRF6zboUFQG3yp0;rtbdata=JZ80VHNWRdQXdeZXhKB_lMhmuiHo3AG-TA76CFq4OhsKM5YG4JyY-ezQlxN84uJ6SJXmhnn2GM_DxtJMuHT_ev28e48nnUhLdh1-0cCC3WWagLfcoAY8jW3MU5R_9CbfRyF8AUZcZD-PU39zjExzCnuH8KSjkBUKyeuGl_f7SXZDp5Wjm3oV3luVzOneeMIRL6pLH5Z2-gdtdKB08LHtcfag7eQU4_cLSyNdq_WLD5sVZAKg3IsGKfteVNGVfJS7tDi0uEszGOIEMoXZIHySlvuVj4K9C0gIp7SDrVOpsB9CydiJ-dQ6ctnyCfbK0xoHZPSVCRcBPzE1;csid=81917;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=Y3pzq6lakRIWcRYtgUbgFLZ_YNfPuvzUJpKVb6pS6aOWjYTNV3_sR9ol5kSYxyp8a-WKcMFZWlaADjMRxcq0PPn9nYWv3IZgXV1-8MlA_iFAxXdTKHgqhEpyVlHMEISopS7YClASUixq-zcwZEr1tE3wpmCc8byYRSYI4uWV-ymg9RRgtMED4-9r5mjjYXtGebwH7-C6fvXt-qFCxi8X-JKnIACB__HK0;pui=2ShljixBLrbi0hXl08juHHFAHCKQ7jOEBbcyLuqp61lpmtbmslqMbVBGhpFBz2sMBaXjqN_aHzNjCQ33kTitPt6vWmW1dlSa0;
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.247 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b922302c22aaa52e4ee94cc4e8949e60012dc6625adcff0165ef193caf3a3ee3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:51 GMT
content-encoding: gzip
last-modified: Mon, 22 May 2023 15:24:09 GMT
server: nginx
x-cache-status: STALE
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 24 May 2023 10:46:06 GMT

GET
H2 200 publishertag.prebid.135.js Show response
static.criteo.net/js/ld/ Frame 6C31 89 KB
29 KB 100ms
22ms Script
text/javascript 2a02:2638:d::2

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.135.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

20678c305b50c0988193d64cb34f41e2dcb6f2fa48353106436ea301e07ce70a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:00 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 24 Feb 2023 07:57:32 GMT
server: nginx
etag: W/"63f86dec-16386"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 27 May 2023 23:16:00 GMT

GET
H2 200 default.css
as.ad4m.at/ad/style/0.1.40/one-ad/ Frame 905F 103 KB
13 KB 33ms
13ms Stylesheet
text/css 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.40/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1gb5bn62ae8zcm5af7pfvbzhe45mv08fs5e8kt3cwgzf6vrg7bxhjnjykys6fe7m8xynjgnsvfz94xcc1eyh84h1xg641m0jpwhhsk0v5n34dzm75w5rxppqx85j8xmq5qpm22gevtc2nhrgf0ttr4ycgvm3geqgz0ykeftt1a8xtakpdctb4bx5sga52ng87fwk35asbbq12sjkpqx7z1dhrv8dd5pypn9asmx4nc0qb5ntq7cem1sb7qkbz8bb8zw91r3mcqt3fh5agkqvk6awdat00fy7deykrgne86scnvv48793ke5767z5n30yx0a17n7e7yqxvjv3zz5xczqkfvc4jq230gjeessa878hsgswfjz13jn19qp34ghkjjeekk8g2tkywhmxnd0gjyrkk4xfyx91wm2jcsfftfj5fzb1wjzfq3k5sv85k521dsr1xmj8&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCHkPurz1xZNbJEMOi7gPCxI7wA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQmpAnf2uKOa_rE-4AIAqAMByAMCqgSkAk_QnhUfiOv4hrYFZRmSZDbQ9YY56V1VmA5lOB16INHOcFHUpwJlGbpJoWErEMcbtLlbrfo9qRe7xrEPwlf5ugG5IWDWewpGsp2f53pvbpUPRh_VgPujYoZDh5zq8h0xLjy9H_ArNedIPQAVbueaI-V8LdahJCkH9O_sCshHG2WBZZiTm16egMU9VwkDfImsOeQRZN2jBN3-IW8vlIljc2IRtSNi0_u1wfzLU-ajw5NV0HTjv02Bd3jEunp7_fjBNaWROZBDeXbhkFgHXpbq0BPoL9OFsUNEvOxCAAnrwyK-d_7BsWfHp1BsDzUaxpSK5ZjpUGAJnW_dQZIu98r76n3wjXIph8oHkxxEa2xRDqbL5hIAZ6YIYpMZiOS2A6pwr-DQVL7gBAGABrnqssHX0466vgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA8ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2rOzCMougoFrqDlJZntzd_XRSTVA%26client%3Dca-pub-7983651257838282%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: d77b5f2ca03eb8dab2acc515548b7b1ce7eeb4ca2189268552649e0391ee8c21

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1gb5bn62ae8zcm5af7pfvbzhe45mv08fs5e8kt3cwgzf6vrg7bxhjnjykys6fe7m8xynjgnsvfz94xcc1eyh84h1xg641m0jpwhhsk0v5n34dzm75w5rxppqx85j8xmq5qpm22gevtc2nhrgf0ttr4ycgvm3geqgz0ykeftt1a8xtakpdctb4bx5sga52ng87fwk35asbbq12sjkpqx7z1dhrv8dd5pypn9asmx4nc0qb5ntq7cem1sb7qkbz8bb8zw91r3mcqt3fh5agkqvk6awdat00fy7deykrgne86scnvv48793ke5767z5n30yx0a17n7e7yqxvjv3zz5xczqkfvc4jq230gjeessa878hsgswfjz13jn19qp34ghkjjeekk8g2tkywhmxnd0gjyrkk4xfyx91wm2jcsfftfj5fzb1wjzfq3k5sv85k521dsr1xmj8&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCHkPurz1xZNbJEMOi7gPCxI7wA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQmpAnf2uKOa_rE-4AIAqAMByAMCqgSkAk_QnhUfiOv4hrYFZRmSZDbQ9YY56V1VmA5lOB16INHOcFHUpwJlGbpJoWErEMcbtLlbrfo9qRe7xrEPwlf5ugG5IWDWewpGsp2f53pvbpUPRh_VgPujYoZDh5zq8h0xLjy9H_ArNedIPQAVbueaI-V8LdahJCkH9O_sCshHG2WBZZiTm16egMU9VwkDfImsOeQRZN2jBN3-IW8vlIljc2IRtSNi0_u1wfzLU-ajw5NV0HTjv02Bd3jEunp7_fjBNaWROZBDeXbhkFgHXpbq0BPoL9OFsUNEvOxCAAnrwyK-d_7BsWfHp1BsDzUaxpSK5ZjpUGAJnW_dQZIu98r76n3wjXIph8oHkxxEa2xRDqbL5hIAZ6YIYpMZiOS2A6pwr-DQVL7gBAGABrnqssHX0466vgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA8ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2rOzCMougoFrqDlJZntzd_XRSTVA%26client%3Dca-pub-7983651257838282%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1683559916
age: 373002
cf-polished: origSize=105839
x-guploader-uploadid: ADPycdv9IJsM9Nda_T-YCF8tGjLSR9_5GyrPWBCiXo7o_2KPFa29jeIDurPOQJdzBat54FnfGmUqvpjJPo5BCE2ydDX2ig
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 08 May 2023 15:32:28 GMT
server: cloudflare
etag: W/"44fa96b813e145cb8b915ae1fb6a3b7a"
vary: Accept-Encoding
x-goog-generation: 1683559948253618
content-type: text/css
x-goog-hash: crc32c=FELYSw==, md5=RPqWuBPhRcuLkVrh+2o7eg==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UYHf%2BRHR7u2gyGfUb6muYWfCuJOMynt17jS5GMr8ySuMMndUl9rXUmy%2FBeCRACrAAB9CB4yG6FPxw9mwnlgi5ExSkdiXovxS57q5GqNm2CkDr3Xk9J%2BcbWbTPsKZJ60DVHg4xhM2Tw8%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 105839
cf-ray: 7cd9b92d6d401c1c-FRA
expires: Sat, 27 May 2023 00:16:00 GMT

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame 905F 25 KB
10 KB 51ms
18ms Script
application/javascript 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1gb5bn62ae8zcm5af7pfvbzhe45mv08fs5e8kt3cwgzf6vrg7bxhjnjykys6fe7m8xynjgnsvfz94xcc1eyh84h1xg641m0jpwhhsk0v5n34dzm75w5rxppqx85j8xmq5qpm22gevtc2nhrgf0ttr4ycgvm3geqgz0ykeftt1a8xtakpdctb4bx5sga52ng87fwk35asbbq12sjkpqx7z1dhrv8dd5pypn9asmx4nc0qb5ntq7cem1sb7qkbz8bb8zw91r3mcqt3fh5agkqvk6awdat00fy7deykrgne86scnvv48793ke5767z5n30yx0a17n7e7yqxvjv3zz5xczqkfvc4jq230gjeessa878hsgswfjz13jn19qp34ghkjjeekk8g2tkywhmxnd0gjyrkk4xfyx91wm2jcsfftfj5fzb1wjzfq3k5sv85k521dsr1xmj8&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCHkPurz1xZNbJEMOi7gPCxI7wA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQmpAnf2uKOa_rE-4AIAqAMByAMCqgSkAk_QnhUfiOv4hrYFZRmSZDbQ9YY56V1VmA5lOB16INHOcFHUpwJlGbpJoWErEMcbtLlbrfo9qRe7xrEPwlf5ugG5IWDWewpGsp2f53pvbpUPRh_VgPujYoZDh5zq8h0xLjy9H_ArNedIPQAVbueaI-V8LdahJCkH9O_sCshHG2WBZZiTm16egMU9VwkDfImsOeQRZN2jBN3-IW8vlIljc2IRtSNi0_u1wfzLU-ajw5NV0HTjv02Bd3jEunp7_fjBNaWROZBDeXbhkFgHXpbq0BPoL9OFsUNEvOxCAAnrwyK-d_7BsWfHp1BsDzUaxpSK5ZjpUGAJnW_dQZIu98r76n3wjXIph8oHkxxEa2xRDqbL5hIAZ6YIYpMZiOS2A6pwr-DQVL7gBAGABrnqssHX0466vgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA8ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2rOzCMougoFrqDlJZntzd_XRSTVA%26client%3Dca-pub-7983651257838282%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Mar 2023 13:45:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 101400
etag: W/"fcb2a26b07bd76d9a925cae661d6d94d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wT51c32stMhtMq1niCuoO9TGXaSajwBCy7OnH7hDFacX%2BsTeOz%2B8DFh8fdcQba5xH9uxxMrkLHXTNJQc14dlcnZfW39orvzqZzDirSTi4yIwuEInTIAx9UrFMQNwCFUqkp%2FfcF0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 7cd9b92d9d5a1c1c-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 23 May 2023 13:46:09 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame E51B 0
0 113ms
104ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CUD2Frz1xZI61D5eSgQfS67PgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBIcCT9ARBgBF19YGg8nKqKnOoNolh35SJ8m6X_cjtXTI7L-_a_C_kXNpro93Tgt4ZMTPxqzcBAaQExHQuXHXGBIuZIvsrQIvU2sAXX1gqx2BrBnZCsnNrNo5V-D-E61fkV8jF5GbJnAqjmjUkl3x4xq0pvLRrCVt9QYi_D_X51O_FrO2RkkCSTWpZSQEMBKPyGMLw1wObPtOzCESwmXAqArHns20eP5E1IOkqCd_pxL6FvBJZmi2p_orMcz2WIVK2Dsxd4n87evZT_FVmpt-7DSN8akRMz1OJML0JstNwrTL3p--GTMzKjS_62zMA4Z53FFmCR9UVvpnfW94Eew4Xyxo_1qu3jKEPrPgBAGABoznzbbVuJuN0gGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA8ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTc5ODM2NTEyNTc4MzgyODIY6sFt&sigh=bsEEudrNc-E&uach_m=[UACH]&cid=CAQSOwBygQiDTumpIbriXdTnd8ZoP-5R0kYnGNnfMqj9exjoSMSHpW1zZNnaI9QXF6hMzNUpGb8Rx388TArzGAE&tpd=AGWhJmveFQUqHQ6MFrOgk7MhQpOaONm_g71zzNKDg7AmKAMDNv7rpKViUUV3GWJG8M9oTx_5RzOpGw6jiaXrtNp2YiaPehiFLatzsSzxhaKOcCy8nQfkcDr81XoZdf8phNHu7szsAUBGhtIN3nozkJQRHQe8GpgwUTzDaM61Mm040OLTz8q0fezt0swlvTFRqlziiGsjHT8DAMvvAZzzjyqRomv3quOdAJaSWNprmarEwgF8yWORQyKQtkIev6oWLIQ1iBnEqgzwX-5Bgp_xWIdWpqI-o3h1L2X757yP7ypMvOwCV5KPBSVhT9QwI0KiGebqgZGc0pkTCapy-hHYKTFIKUKGnAXcGbQLiY3InyjxwilaTC7n6wJUKE8KAW8hOmysQso9lGi54T7OUrLo0L5VopByAVv_8m5XlADp0kejJ-FOvhoL8dzTVZyHVcWCae2eqpCng_TX9sHHY5oy5XKUVAFH1--ciVDDIhsy9g-1IxM0XXGnZGhkhFyQirlLD3wuOlC3yjVkSlXFp0YREmybjL3Sj9IqvB84wBkg3gzSmnmoVS5BC69klGRAGVs6Er8MSsFXmO82P1LzTWQ9eXbD5OLn9p3G1WL_72RbQHC5kJAkPgTYcSZvyCs3XSzQytjoMxgEPV2YyE6TDYoGf50ZECLC3YDzhnI5_eV0eaB0q_q_VXapbP2fjsUtCGpvZcZRBb7vwTH0QsygzBFwjFbfy3I7zoKgRasoTCCTciN53Le_rg0SSVPAm6sMXQoLuwIMkCmIPxT4iixyWis7fmy2vYRKjxmzbKDQThj8DBuPsmB3QGj_g_zHHz1ttjLPWXi5uzwbl4Sm_w_IxN8TFNcyj9L89pfepw7d3puFiAkpKCcuRu2EtlcRdnNHBWBX8gg-yrNLm1IPY9CuTsllTwdmkvb5SM-PRGE7b8eZ9G6i0mJSi4082r96oCrVcknU4yUObxsh94y3QqVCjHMMCHB7arcAQtkMyI3RFtCV8bXhuBLvamo8-Y0SjlDVssx6visjc4NVT6xL00Jh0dlDC_23LYmZHkQKp_70CSvb8Oug8IK64rY9l6u7iBFoJjGN4XWDBL9-zyn9Bivrc1SjSaYISOj1FP_hUpYNFMC_PAJhQD-y2Ho
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame E51B 3 KB
2 KB 89ms
56ms Script
application/x-javascript 185.29.134.245

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWlRVeU1qYzVNamN0TWpFNE9DMHdaV1UxTFRBd01EQXRNREF3TURBd01EQXdNREF3Lzc1ODA2ODcwMjYxMzc4NDY1NjUvNjYyMjMzNS80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1eFViYWdWdGVpMUwxVmpwMWctT2NYby8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC83NTgwNjg3MDI2MTM3ODQ2NTY1L3pyaC8wLzE0Ny81Lzk5OS8xNjIvMmEwMzoxYjIwOjY6Oi8wLjAwMC8xNjg1MTQyOTU5LzE2ODUxNTU1NTkvNC9wdWItNzk4MzY1MTI1NzgzODI4Mi8/tlxwGvTknNL8WKfOHoY5QFnZ3Sw&nodeid=4830&group=zrh&auctionid=7580687026137846565&pbs_auctionid=7580687026137846565&shardkey=7580687026137846565&sid=4562306&cid=6622335&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.39&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCVsgxrz1xZI61D5eSgQfS67PgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBIoCT9ARBgBF19YGg8nKqKnOoNolh35SJ8m6X_cjtXTI7L-_a_C_kXNpro93Tgt4ZMTPxqzcBAaQExHQuXHXGBIuZIvsrQIvU2sAXX1gqx2BrBnZCsnNrNo5V-D-E61fkV8jF5GbJnAqjmjUkl3x4xq0pvLRrCVt9QYi_D_X51O_FrO2RkkCSTWpZSQEMBKPyGMLw1wObPtOzCESwmXAqArHns20eP5E1IOkqCd_pxL6FvBJZmi2p_orMcz2WIVK2Dsxd4n87evZT_FVmpt-7DSN8akRMz1OJML0JstNwrTL3p--WzESuJgDT2tBp87SBBHJ-QJAXEZtU3eZrCx48NbJ4Xa2cKs4OT6gH5bgBAGABoznzbbVuJuN0gGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA8ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2-Lx31OYefb5JndwKCUkF-9gUF_A%26client%3Dca-pub-7983651257838282%26adurl%3D
Requested by: Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 -, , ASN (),
Reverse DNS
Software: MMBD/3.388.2 /
Resource Hash: 472a7be15f54d813e3ddab67c957a2dda6e241e18951593c4d51993505edc5c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:16:00 GMT
x-mm-nodeid: 4830
x-mm-handled-by-owner: true
x-mm-bid-request-time: 1685142959
Last-Modified: Fri, 26 May 2023 23:15:59 GMT
Server: MMBD/3.388.2
Content-Encoding: gzip
x-mm-latency: 29 (0)
Content-Type: application/x-javascript; charset=UTF-8
x-mm-dbg: NotCount
Cache-Control: no-cache
x-mm-host: cdg-router-x86, zrh-bidder-x170
Connection: close
x-mm-lag: 1
Expires: Fri, 26 May 2023 23:15:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230523/r20110914/client/ Frame E51B 3 KB
1 KB 46ms
38ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230523/r20110914/client/window_focus_fy2021.js

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 19:01:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Jun 2023 19:01:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230523/r20110914/client/ Frame E51B 19 KB
8 KB 52ms
44ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230523/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d47e9b04cf995a35fac50d2d39cd0006ef7e7f07f9373cad2fe5a207745f1b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 14:12:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32583
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7987
x-xss-protection: 0
server: cafe
etag: 5788035530912182302
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Jun 2023 14:12:57 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame E51B 0
0 56ms
37ms Image
text/html 2a00:1450:4001:82f::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTJ1rJ9lfoigjRDbf45nGSye4RwQPhrzQT6ruDy75-kNTDHRnXPcX8veMoHdde5QCTJivWRyS9Ar42J9vtqTJD-Ly4b4g
Requested by: Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame E51B 24 KB
6 KB 53ms
45ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30225
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 25 May 2024 14:52:15 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E51B 171 KB
53 KB 54ms
46ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c3e04a3f536b4a6300aeee8ee1dbbfddaacaf29d9f44dadff76b136fab44e38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54244
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1684927996807358"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 26 May 2023 23:16:00 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 1AE0 281 B
554 B 104ms
7ms Document
text/html 23.56.202.187

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Fri, 26 May 2023 23:16:00 GMT
ETag: "40010-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 7470 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 38340d9e2a5d5b115fa206bdcb92711d003855769d3978461b73371f8ea81d51

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK ajk4xlebn4mw Show response
hal9000.redintelligence.net/zone/ Frame C980 10 KB
4 KB 80ms
13ms Script
text/html 138.201.64.38

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/ajk4xlebn4mw?subid=&gdpr=1&gdpr_consent=li&rnd=8733608530744681479&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D1DcNeTzTU7TVou8SBh-S1Q%26exch_seat%3D20035004448%26mt_aid%3D8733608530744681479%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_cid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCAL8Mrz1xZL-6EJmDx_AP8fK0sAvPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMBqgScAk_QNoOH2HvZfl4QUAEnHkjhSw9rdzaZhnQwcXsJ7zIXcX8-YW-9aAtqrJATOJtfrcbii2hPEusgTdw2JlgZ3z6FycSHurYNTFe1y0DZ2kqY-XxZp9xDCIduyWjgG3x-aZDnVHBTCxkuD5SLeUjHveHI12ca10q2a8pAS6ADUDZ3-uysYzdpXQrbw4JDEwqH9Z_f3ETFEgX47RCfF_UyVoMNm9UzLyTdUvCu8EqvlCpAse9GAASAZhjFwjU3qPh23qLIxaGcBBuDA615ZVd5UwHkNdamLJujevTdtYaR2oZ77iRikb5HQQEzlIoigFYYPF8ipu0kDZomNAINPJlS0gz9OycAEiSg33sCP6QEzoCNyLPtk3hfndQBW4-a4AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3ypWE76_gw6C0L5bnTUcTAQWmPUw%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26redirect%3D
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 1ce633488a7b5e0949ecbcc6ab4cd2bd839b02856ac063d537ccb14c59b4ecd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:16:00 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3481
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame C980 49 B
330 B 83ms
33ms Image
image/gif 185.29.134.245

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=8733608530744681479&node_id=4829&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWmpkbE5qUXpPVEF0TUdSbVpDMWpNR016TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg3MzM2MDg1MzA3NDQ2ODE0NzkvNjYyMjMzMi80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1OVIzN2hwdFI4UWp5UTBUbUxBZk9hUS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC84NzMzNjA4NTMwNzQ0NjgxNDc5L3pyaC8wLzE0Ny81Lzk5OS8xNjIvMmEwMzoxYjIwOjY6Oi8wLjAwMC8xNjg1MTQyOTU5LzE2ODUxNTU1NTkvNC9wdWItNzk4MzY1MTI1NzgzODI4Mi8/HyxQJQ8Meaf3EKFhTGVdnZInYfg&nodeid=4829&group=zrh&auctionid=8733608530744681479&pbs_auctionid=8733608530744681479&shardkey=8733608530744681479&sid=4562306&cid=6622332&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.158&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCAL8Mrz1xZL-6EJmDx_AP8fK0sAvPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMBqgScAk_QNoOH2HvZfl4QUAEnHkjhSw9rdzaZhnQwcXsJ7zIXcX8-YW-9aAtqrJATOJtfrcbii2hPEusgTdw2JlgZ3z6FycSHurYNTFe1y0DZ2kqY-XxZp9xDCIduyWjgG3x-aZDnVHBTCxkuD5SLeUjHveHI12ca10q2a8pAS6ADUDZ3-uysYzdpXQrbw4JDEwqH9Z_f3ETFEgX47RCfF_UyVoMNm9UzLyTdUvCu8EqvlCpAse9GAASAZhjFwjU3qPh23qLIxaGcBBuDA615ZVd5UwHkNdamLJujevTdtYaR2oZ77iRikb5HQQEzlIoigFYYPF8ipu0kDZomNAINPJlS0gz9OycAEiSg33sCP6QEzoCNyLPtk3hfndQBW4-a4AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3ypWE76_gw6C0L5bnTUcTAQWmPUw%26client%3Dca-pub-7983651257838282%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 -, , ASN (),
Reverse DNS
Software: MMBD/3.388.2 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:16:00 GMT
Server: MMBD/3.388.2
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x99, zrh-bidder-x169
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Fri, 26 May 2023 23:15:59 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame C980 43 B
416 B 115ms
18ms Image
image/gif 2.18.233.201

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=8733608530744681479&v3=651871&v4=4562306&v5=6622332&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWmpkbE5qUXpPVEF0TUdSbVpDMWpNR016TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg3MzM2MDg1MzA3NDQ2ODE0NzkvNjYyMjMzMi80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1OVIzN2hwdFI4UWp5UTBUbUxBZk9hUS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC84NzMzNjA4NTMwNzQ0NjgxNDc5L3pyaC8wLzE0Ny81Lzk5OS8xNjIvMmEwMzoxYjIwOjY6Oi8wLjAwMC8xNjg1MTQyOTU5LzE2ODUxNTU1NTkvNC9wdWItNzk4MzY1MTI1NzgzODI4Mi8/HyxQJQ8Meaf3EKFhTGVdnZInYfg&nodeid=4829&group=zrh&auctionid=8733608530744681479&pbs_auctionid=8733608530744681479&shardkey=8733608530744681479&sid=4562306&cid=6622332&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.158&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCAL8Mrz1xZL-6EJmDx_AP8fK0sAvPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMBqgScAk_QNoOH2HvZfl4QUAEnHkjhSw9rdzaZhnQwcXsJ7zIXcX8-YW-9aAtqrJATOJtfrcbii2hPEusgTdw2JlgZ3z6FycSHurYNTFe1y0DZ2kqY-XxZp9xDCIduyWjgG3x-aZDnVHBTCxkuD5SLeUjHveHI12ca10q2a8pAS6ADUDZ3-uysYzdpXQrbw4JDEwqH9Z_f3ETFEgX47RCfF_UyVoMNm9UzLyTdUvCu8EqvlCpAse9GAASAZhjFwjU3qPh23qLIxaGcBBuDA615ZVd5UwHkNdamLJujevTdtYaR2oZ77iRikb5HQQEzlIoigFYYPF8ipu0kDZomNAINPJlS0gz9OycAEiSg33sCP6QEzoCNyLPtk3hfndQBW4-a4AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3ypWE76_gw6C0L5bnTUcTAQWmPUw%26client%3Dca-pub-7983651257838282%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 -, , ASN (),
Reverse DNS
Software: MT3 851 9bd98ae master cdg-pixel-x26 config_version:"unknown" /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:16:00 GMT
Server: MT3 851 9bd98ae master cdg-pixel-x26 config_version:"unknown"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Fri, 26 May 2023 23:15:59 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame C980 49 B
330 B 83ms
33ms Image
image/gif 185.29.134.245

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=8733608530744681479&st=4562306&time=1685142960&nodeid=4829
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWmpkbE5qUXpPVEF0TUdSbVpDMWpNR016TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg3MzM2MDg1MzA3NDQ2ODE0NzkvNjYyMjMzMi80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1OVIzN2hwdFI4UWp5UTBUbUxBZk9hUS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC84NzMzNjA4NTMwNzQ0NjgxNDc5L3pyaC8wLzE0Ny81Lzk5OS8xNjIvMmEwMzoxYjIwOjY6Oi8wLjAwMC8xNjg1MTQyOTU5LzE2ODUxNTU1NTkvNC9wdWItNzk4MzY1MTI1NzgzODI4Mi8/HyxQJQ8Meaf3EKFhTGVdnZInYfg&nodeid=4829&group=zrh&auctionid=8733608530744681479&pbs_auctionid=8733608530744681479&shardkey=8733608530744681479&sid=4562306&cid=6622332&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.158&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCAL8Mrz1xZL-6EJmDx_AP8fK0sAvPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMBqgScAk_QNoOH2HvZfl4QUAEnHkjhSw9rdzaZhnQwcXsJ7zIXcX8-YW-9aAtqrJATOJtfrcbii2hPEusgTdw2JlgZ3z6FycSHurYNTFe1y0DZ2kqY-XxZp9xDCIduyWjgG3x-aZDnVHBTCxkuD5SLeUjHveHI12ca10q2a8pAS6ADUDZ3-uysYzdpXQrbw4JDEwqH9Z_f3ETFEgX47RCfF_UyVoMNm9UzLyTdUvCu8EqvlCpAse9GAASAZhjFwjU3qPh23qLIxaGcBBuDA615ZVd5UwHkNdamLJujevTdtYaR2oZ77iRikb5HQQEzlIoigFYYPF8ipu0kDZomNAINPJlS0gz9OycAEiSg33sCP6QEzoCNyLPtk3hfndQBW4-a4AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3ypWE76_gw6C0L5bnTUcTAQWmPUw%26client%3Dca-pub-7983651257838282%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 -, , ASN (),
Reverse DNS
Software: MMBD/3.388.2 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:16:00 GMT
Server: MMBD/3.388.2
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x96, zrh-bidder-x169
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Fri, 26 May 2023 23:15:59 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7470 0
0 192ms
103ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv4RIk2ebqe0LmsmTr3I0vzJc5W1KoyxRJiOsSHAp-Smls798fTVTxrUXbt53ZNgGhHwc5JfyWFTh_tNHbch7lGu1D4LoknimkYDahCAbaKFIaQEzM_DY7vcluvdoV_jaqW3NNfNDTw4WRMPha48l_nadnJx1-6oiEi6E_znvWacipZQ0DLcKo_H33MojPMo5QhN8_lYIZuxtlhoqjdfEe-Ssont_emZKhG4ElJix-ttNpCxxXGmjZvtknyBPucNAKpd4bgn7yuXD21XyVGoqLAhJf2rsKGIZyMR224l-1CWp4UmhbEm1bbAjXE-tYA5kE9d7hHGGh3sdxVa0YdrQ&sai=AMfl-YRPP8Qc_lm5gvX7OEYf3LNM6o1H884bp6Nup7eEmaK8vb5iO6FTKPsl1gJyzYOrc0XYclB4pb9XKDphDSjeK28e9DK7EHHl4yp8a5u3zFdmtTRnYm4ThvgahWQsEg&sig=Cg0ArKJSzNNZHIoTEVa4EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 26 May 2023 23:16:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame AC54 35 B
464 B 321ms
3ms Image
image/gif 2620:116:800d:21:ef75:8280:f209:5ba1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECOoSLgU4WiqHjqMcvTFpv0&google_cver=1&google_push=ATf1kGMEC0LZbt8_RJra8UGvdTLViNoQfrXSU4Z4ygINDRD_X0Y5y9rSy_raic4nl52TovU87tGEtNC3-H2fidCCfzUKWNz2cbtxZQ

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:ef75:8280:f209:5ba1 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:00 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AC54
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESECF-vdfxC9P_0Pg73eJYcuo&google_cver=1&google_push=ATf1kGNtZqz5HVlM0mr-Tz-34BlnvZ2Lh3gPcQRYISStb2O1ILxt98CHz0leRy50p1ovV5yUHBXx9W_P__u_PwdQ...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=PFdkcT2wRQGjHcjM5paMeQ&google_push=ATf1kGNtZqz5HVlM0mr-Tz-34BlnvZ2Lh3gPcQRYISStb2O1ILxt98CHz0leRy50p1ovV5yUHBXx9W_P__u_PwdQNO2ou4qL...

170 B
188 B

76ms
56ms

Image
image/png

172.217.18.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=PFdkcT2wRQGjHcjM5paMeQ&google_push=ATf1kGNtZqz5HVlM0mr-Tz-34BlnvZ2Lh3gPcQRYISStb2O1ILxt98CHz0leRy50p1ovV5yUHBXx9W_P__u_PwdQNO2ou4qLvBWBKg

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 26 May 2023 23:16:00 GMT
Server: MT3 851 9bd98ae master cdg-pixel-x34 config_version:"unknown"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=PFdkcT2wRQGjHcjM5paMeQ&google_push=ATf1kGNtZqz5HVlM0mr-Tz-34BlnvZ2Lh3gPcQRYISStb2O1ILxt98CHz0leRy50p1ovV5yUHBXx9W_P__u_PwdQNO2ou4qLvBWBKg
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 26 May 2023 23:15:59 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame AC54
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEPPu5w3wQdNctklUBGo03bM&google_cver=1&google_push=ATf1kGMSGbVWqXwDPs3FAr5Hyl-cH2hcZFVE7LuTv_NdHlGnPZvK7-o2ncv3wBY-ouxHEwbkECFUPzjCEgc9NoXJC-1FFjH1T1wHR...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPPu5w3wQdNctklUBGo03bM&google_cver=1&google_push=ATf1kGMSGbVWqXwDPs3FAr5Hyl-cH2hcZFVE7LuTv_NdHlGnPZvK7-o2ncv3wBY-ouxHEwbkECFUPzjCEgc9NoXJC-1FFjH1T1w...

43 B
412 B

213ms
160ms

Image
image/gif

2606:4700::6812:18ad

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPPu5w3wQdNctklUBGo03bM&google_cver=1&google_push=ATf1kGMSGbVWqXwDPs3FAr5Hyl-cH2hcZFVE7LuTv_NdHlGnPZvK7-o2ncv3wBY-ouxHEwbkECFUPzjCEgc9NoXJC-1FFjH1T1wHRg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGMSGbVWqXwDPs3FAr5Hyl-cH2hcZFVE7LuTv_NdHlGnPZvK7-o2ncv3wBY-ouxHEwbkECFUPzjCEgc9NoXJC-1FFjH1T1wHRg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2606:4700::6812:18ad -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:00 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7cd9b930cb9e9229-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:00 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 1017
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPPu5w3wQdNctklUBGo03bM&google_cver=1&google_push=ATf1kGMSGbVWqXwDPs3FAr5Hyl-cH2hcZFVE7LuTv_NdHlGnPZvK7-o2ncv3wBY-ouxHEwbkECFUPzjCEgc9NoXJC-1FFjH1T1wHRg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGMSGbVWqXwDPs3FAr5Hyl-cH2hcZFVE7LuTv_NdHlGnPZvK7-o2ncv3wBY-ouxHEwbkECFUPzjCEgc9NoXJC-1FFjH1T1wHRg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7cd9b92efa6d9229-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame AC54 70 B
265 B 147ms
25ms Image
image/gif 15.197.193.217

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEI1beokceVzmvgxVgS9iulU&google_cver=1&google_push=ATf1kGNH1OSKYU_GRHZwogT7-0Kwsry34XLTKFR7xuPfH7pk7dAmPL4V-ftB6Ffhok6AEDSrYxyk5iqUS8aKspkjntJd_pD_pRtQqw
Requested by: Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 26 May 2023 23:16:00 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame AC54 0
174 B 128ms
17ms Image
text/plain 34.96.105.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESECILUBnUDLrXqizbUHO052s&google_cver=1&google_push=ATf1kGO73L2viPtwW7eUKV5cdNhYarsVhz1ZwgsAApK_bqFytMHMzK_m_dm812DcSnFxz5UNJB4PS4NcweCq-4q34hrS3fIbODGROQ
Requested by: Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:00 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AC54
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEMk_NkyIcKUwTEzZqGDvtKk&google_cver=1&google_push=ATf1kGMA3srE_Y7QAoI7lU99xKS6dv0dUl-78vAVa8SxXPlgSmmT8d-bPudOWLucfNfg7ermW0pC4yll...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODI5MzQwMzk2MzY3NDg4ODI0Ng&google_push=ATf1kGMA3srE_Y7QAoI7lU99xKS6dv0dUl-78vAVa8SxXPlgSmmT8d-bPudOWLucfNfg7ermW0pC4y...

170 B
188 B

76ms
56ms

Image
image/png

172.217.18.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODI5MzQwMzk2MzY3NDg4ODI0Ng&google_push=ATf1kGMA3srE_Y7QAoI7lU99xKS6dv0dUl-78vAVa8SxXPlgSmmT8d-bPudOWLucfNfg7ermW0pC4yllCDkYpCPI9jtA2Wk1vkgxlg

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

172.217.18.2 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODI5MzQwMzk2MzY3NDg4ODI0Ng&google_push=ATf1kGMA3srE_Y7QAoI7lU99xKS6dv0dUl-78vAVa8SxXPlgSmmT8d-bPudOWLucfNfg7ermW0pC4yllCDkYpCPI9jtA2Wk1vkgxlg
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 dds
rtb.openx.net/sync/ Frame AC54 43 B
245 B 128ms
17ms Image
image/gif 35.227.252.103

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEG30uhFXEVczR1MAwC9XiCw&google_cver=1&google_push=ATf1kGMWq3cWYnfwp2NvosPCPZ9Zn-lHs3w68pTKoOPzgaTLQBi0PsVMBvo29i_Kd_p_-pcUxhu_-P2ri3mVSS2qjbHAoqJ6xHFf
Requested by: Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:00 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame AC54 0
59 B 60ms
41ms Image
text/html 172.217.18.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KTrDBi2_rQiJit9mbPFULiGc_m_C3cpzu9YBS0ju1Yyoi_ZP8pHBKtPivDi3dMecOK2RZm

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:00 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 html_inpage_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame 197C 170 KB
59 KB 172ms
13ms Script
text/javascript 2a00:1450:4001:803::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 07:18:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57434
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 27 May 2023 07:18:46 GMT

GET
H3 200 omrhp.js
pagead2.googlesyndication.com/pagead/js/r20230523/r20110914/elements/html/ Frame 197C 11 KB
4 KB 62ms
52ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230523/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ANn8UMAEi2sgWUuxxFh7Ruq06xwtK29xw3PEe_e-SztVur2Ka67sc1C88EGFp_kTGguBMQ11k-xTkhh_v3r9GTR-qblTlG7o86W5RNUaC-d_nK1LxBQHEqlxUoZ5-5oiiM1TqAc5W6_sxy7GOHf1eiGRIKjA_QDZe70w_L-3G-Wl_wQD0&dbm_d=AKAmf-A8F3lKTEwZJSND1tXYto4qycNGBe4IvcrsyDst0izYFuEEnMkv1Tdp1WM8uaxia62dyetiHhHH79w8ycc8dZpQyKSZuMiLgShXSQ9wsJ894k1GDFflNhVqD9DIk_qvVQopoCIkQyJytzyquInVshliFqpLylAwE3LBi2gIufqe2G943upruCTJ0Qezgng8B4FpxaLkmvJ6GxYW0owssl-I7IHY0vOXjfw_BOeA4VXYTumpCs2BFC20JAuE9MslB91Z5PWvhcoV3iKgPi_PBcb3NP4LW7NagFrK2kKBrUP06TDckc4-PpaDQCeA9RhahSqMJK8L843RRA_U6Qa8JpwRfDjOoibUJLXmkGJ9qCj8PI2hCepSsV04AR8EclXHDMuxuhX7VdGUQj6oJDJTqEcEmXG4xKDSFfJEFp8WXJ5bLwnWA6fP2STDT5J-cJQ7o5XKtJawlFgrGD0Yxll3p6DHCjN2rPnvd4ylTp6IXK1oVlygEkaeRzj92sjz2U6oiKMDPRk0MB0LVU5qkEUsmaoS6GOfmFbtT9ZNiPWVsoITvcOZ5D5h2hSB1X1z5DpyM6wFQf2aNkbm_c3pHoboVYYR_-rRKn2DCDQaZAdJycgk2SsLvFjxbAkngoDeT4WXKarPbO59kc3XhvOCbyn0lymz2r5zyYKxZ31LI3wG90SJWZlRZzSCCE18i7rc1qo_kGQFfUr7_jxX4L8lrv0aVwlJM6x2whF9p9Y1ZsAIqHOU3rBfErKxj8S3TmPsjXQizH-vZuB-djDTz17COoi18Nga3t91OJt4VP-5yvteJXJmULeRzGEF9RGCSQ1G2rAgaolCSkjlOzGgZ-UudrOF9wf_BbEmfZIiTlGmMaWIoVsVXhLBfuGaac35Z07bSxqAoMQUEdQx7dq4EWu4FT-yUPjUXBFFPMQ-G61Zhnjyce6ULk4Na36ij-O732A_CP2NdsOXwnA1hOCwAklfPnOHeRzIIp-ZTfZ-trlZwEST2nNIgHiOb0ZDZpPBl5Jij4A1kUaFyutdS4hQxdio8KF0RRz0Knze94kGlpx1_gnreuB30eh3jMb8EvzNUvlKzwihfClGdTqOTOjSQ53kulKbv0aCcUD9e5zgy08PGys0K808Ge0dmntBhr_E3GdwGG5348bD3Uss6i_drAHF1lNUa9j4RATamY25RmySuXWCS--xNrwLke0Bq5yTrN3uHYc-a6xZt3xUFUGqKKdekVTXcFj6rL0Xdpo1i2BTL7_ovJLEOP3LFhiZfp0yNQXC5ya4AyZKhhUXoYNDwI2zRNOXISTp0J_NWTZDS4uEuxmGw0bpQ9wSqhCjgsCigWlbOwkAxoxPE8TxNXYdxVI3am3OO8TD2oqCzsJFPTFK43Znf2RjJrfGPR7pSl4H9mQ4ebPcy9cj7ILvtSipCI_IRFBvg92zVvkX1-iDM3a6ApcU9o-_y3lD3IgkWnh6_5n9vNJg4KTbeyWkxaAhwLhfIHTf8x4hYLO0T-V2K-CZU5mncak_B5xaQ6NrkBsEPGXvdzO5_R6JgtHYbh5I8WLyHb24i67W6tmLHtGt2z2tljfnbGHTVO2s-hhUeB5SkRJHv2B3UHFRnVUadr72pMAESWxkYIGGqCZ-Y0caFLAbODXzZpFTY2bA4i9Wp5s0oTdQdzIoxoSt--howx5NZFY6tfMYF6FKb1LtdfBHr6nXlsWpR4kMeSOgjyaCRlNNaXvSaFLNkbuOSVhfHjDwvSkn-kdv0x_v6ugBTyPbdE-1qH3H1uxGNSsVsCsxUEK4iPgOD_ErXON9-OQ0BOHnrVlA_mpg0RPBlTNGXcPgc90nmGLNlejjf-TEZ5DMRj8u4-vxWf5VHtncy8fxUhghDCVgvSVSxEX5NP_KQZM204JQ3CY7N9Y_4GLGhyVM0cHvOwBLwOzwoVmqpstB54DnqwDS3BcDCobmN7vYyPoXhTyUPlkrnrlRdJ1njmxBCa6fNXmstRS_8YRNiXsF0ezUUYDayNqFZoumjiflGYLc-zDbvd6NYqOXfcuCagVgp49dydRPtdoopZECN24TmGoQCvDaKsR4iJis8R5L0IcchXs1NDMKasR9-DXkwNZ1OQjmpWJxDLl8fMZzepjLwN4QEVDdvrRqNb49aloD_PwCV5KKRnhvqE6S5VF75OBq8kGt7sTxAyXFYTYElCltgazUIZNnr1vhlPmXraiTOt3RTNx8ty4rqYser57QEpViq2n7GpZOG4PsU23FUXC239MQCV6HnqUybpfJkKgVBWvCQQlrdHVerZJWZx9w8IjO1tx1819t_T39mU0CrWcCvR_ZN4aMrWXgsefygZID0BRMgJpdxvDjreFJpSpyIp0MsDsdmbcHj78q4GZUr1d-q_vUSJMDOzP82Luz4ssR1kTjwbMyUQTmMUk7KGcq-oQaKUDqJDJYuSS7OjrjaOQoPs9b15D92tsH6pl5aGu9_OcOA5v5Z4MqacOChcC-rQvYtv5-Bu6hhs00mjRJMonKqqWN84s1xYyI8lekwu2VuiEBsE7yABA7YLU_mT1eU4y3-Ll1efOyTQKO4FkDHRAiX4rijAHfXxDzKganjNhRzokmaBZra3635CrnSjH8scr52VPBPUH7lz8I15m9qERz3yQgHXYOR00ZZEj0UpVq0CXZ-ZVzo9uB4DmvXNp_xAh9wwy-JO9IQ9fWG2n5IWdxC5Vc9MasIenJb8EdHaiLA9DpE6lzOAmRibXvhPpvrP5mwW4cFQt8lVoqircIE5dpCSb7V0PpWcEJF7cD-ZeyU2Ithike24xxGIkib6bf8i46SAU2o2TGdb-uqMcynArMcDhyxuD-ffbMhTqwnme22zr98XnHSZvaJaApGVgwhJj8sZ8ZM0G7c3RGL6_a62BlFCp2DA66o74k7-8BzRE14l7ts34wRtMJdYruFoi2Ky4EE2A5pNfoyWuyYgoBtOwYlVDWi7MvJ1DD-OHpNMo4iaXILSm7O4HIasUDYW4fNZLEe2cFxX4p-oC81CTnrHiLdgnT8ruH9OihsI_ZQrMAmjGxzgQpeMzgdxi4GUMk-Y86oqyNMW375YYqdzylSiJQQRUI6h5c83sm-xhapJAiNTKxjKirbKinOmhkpVZQxaStGvMqqrj6kyKAdRrI5YvCHH9IdMcCiv2WWXi6KRkYEkkp42gJTQQhMtMEEqgbcaGDmYsw0rfW7DWMf7B9bysHrOAeCHozIsBF8R1UWtLFhda4K9-JhLNX7-q4DBNLIaKmz1LVHhjtNIM18LLUsez3jrp9WmW9qilssw2bP3DmK1-iR5N_eKqh_ULCTACj_Vi8ffBR0V6vo2G6aUHxOUUlVKcqAF7WHdHRd0GGZxXFkQbKlu5ylv-xwSq0k3zWow9uZGSFlnKCMvbsScEFhs3fxC-OKLNTic6X0SjR3g6-Nwz_KXjBNe5cw1spu9S3HkuurZsRff87oFNRUetVKLhaVZDqG2_a0TA8f6JHts-O_A&pr=8%3A57B13E26F19F9F52&cid=CAQSMgBygQiDg7j2IDfbnIb3kHp2GuAWa7Dclh5j3Li_fDESX1EXc8KkAPqqh0-HTG09r3stGAE&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ds=l&xdt=1&iif=1&cor=7921769331533317000&adk=288972495&idt=60&cac=0&dtd=85

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 14:18:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32245
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4122
x-xss-protection: 0
server: cafe
etag: 11429739870029468282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Jun 2023 14:18:35 GMT

GET
H3 200 abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20230523/r20110914/ Frame 197C 29 KB
11 KB 64ms
58ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230523/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 16:58:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22651
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11027
x-xss-protection: 0
server: cafe
etag: 5492578185836041520
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Jun 2023 16:58:29 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 1AE0 34 KB
10 KB 16ms
10ms Script
text/html 23.56.202.187

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: e9a83c407934c3ccb3f2c664afaa35b5f7e86788415e58c8ec300d5d6f49c51b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:16:00 GMT
Content-Encoding: gzip
Last-Modified: Fri, 26 May 2023 14:04:28 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=53371
Connection: keep-alive
Content-Length: 10085
Expires: Sat, 27 May 2023 14:05:31 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame F8C5 7 KB
4 KB 73ms
18ms Script
text/javascript 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=60438886;rtbwp=K6MT8i251AN5IeUJzzRRF6zboUFQG3yp0;rtbdata=JZ80VHNWRdQXdeZXhKB_lMhmuiHo3AG-TA76CFq4OhsKM5YG4JyY-ezQlxN84uJ6SJXmhnn2GM_DxtJMuHT_ev28e48nnUhLdh1-0cCC3WWagLfcoAY8jW3MU5R_9CbfRyF8AUZcZD-PU39zjExzCnuH8KSjkBUKyeuGl_f7SXZDp5Wjm3oV3luVzOneeMIRL6pLH5Z2-gdtdKB08LHtcfag7eQU4_cLSyNdq_WLD5sVZAKg3IsGKfteVNGVfJS7tDi0uEszGOIEMoXZIHySlvuVj4K9C0gIp7SDrVOpsB9CydiJ-dQ6ctnyCfbK0xoHZPSVCRcBPzE1;csid=81917;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=Y3pzq6lakRIWcRYtgUbgFLZ_YNfPuvzUJpKVb6pS6aOWjYTNV3_sR9ol5kSYxyp8a-WKcMFZWlaADjMRxcq0PPn9nYWv3IZgXV1-8MlA_iFAxXdTKHgqhEpyVlHMEISopS7YClASUixq-zcwZEr1tE3wpmCc8byYRSYI4uWV-ymg9RRgtMED4-9r5mjjYXtGebwH7-C6fvXt-qFCxi8X-JKnIACB__HK0;pui=2ShljixBLrbi0hXl08juHHFAHCKQ7jOEBbcyLuqp61lpmtbmslqMbVBGhpFBz2sMBaXjqN_aHzNjCQ33kTitPt6vWmW1dlSa0;;js=1;adfxid=1x;7288;set=en-US|en-US|1600X1200|0|750|100|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fpcloak.blob.core.windows.net

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

33a87e230c9f0008604daf7144a6e8632b7b12150ac9f22891285ae3b95037b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:00 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 3494
expires: -1

GET
H3 200 window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230523/r20110914/client/ Frame D5E2 3 KB
1 KB 89ms
55ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230523/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685142959452&bpp=4&bdt=259&idt=460&shv=r20230523&mjsv=m202305230101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=4147856985454&frm=8&ife=1&pv=1&ga_vid=372334874.1685142960&ga_sid=1685142960&ga_hid=1691016324&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1257201828&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759842%2C44759927%2C44788442%2C44789779&oid=2&pvsid=2476697498375493&tmod=1504218110&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.cxiv9ygyii7p&fsb=1&dtd=480

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 19:01:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Jun 2023 19:01:43 GMT

GET
H3 200 qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230523/r20110914/client/ Frame D5E2 19 KB
8 KB 89ms
55ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230523/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 14:12:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32583
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7987
x-xss-protection: 0
server: cafe
etag: 5788035530912182302
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Jun 2023 14:12:57 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame D5E2 0
0 106ms
65ms Image
text/html 2a00:1450:4001:82f::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTXpnJfgNFL8opLnLuoLpVene1Jqy6xOIS02O87eWLIdHPniPUQA27qQY6fF2GEBjixMfkAvOExrCM2YYVPKprUA7UKkQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685142959452&bpp=4&bdt=259&idt=460&shv=r20230523&mjsv=m202305230101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=4147856985454&frm=8&ife=1&pv=1&ga_vid=372334874.1685142960&ga_sid=1685142960&ga_hid=1691016324&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1257201828&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759842%2C44759927%2C44788442%2C44789779&oid=2&pvsid=2476697498375493&tmod=1504218110&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.cxiv9ygyii7p&fsb=1&dtd=480
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame D5E2 171 KB
53 KB 118ms
77ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54244
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1684927996807358"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 26 May 2023 23:16:00 GMT

GET
H2 200 5ed76f76e4b07a92411bc03a
ng2.virgul.com/tck/imp/ Frame 6C31 0
209 B 93ms
40ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed76f76e4b07a92411bc03a?g=1&t=gb&r=153377@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1685142958007&userId=vnet55bff539-6bd9-463f-ad04-3c780b66c4bb
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 26 May 2023 23:16:00 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
DATA 200
OK truncated
/ Frame 3941 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 77f7026842f2096973ddc66919aa58afb90afcd5edeeed9e2ae1daa42bc803d0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK s2gk7r78n0fa
hal9000.redintelligence.net/zone/ Frame E51B 10 KB
4 KB 81ms
14ms Script
text/html 138.201.64.38

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/s2gk7r78n0fa?subid=&gdpr=1&gdpr_consent=li&rnd=7580687026137846565&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DJP4Z2Ple_TxQQIMX738sBw%26exch_seat%3D20035004448%26mt_aid%3D7580687026137846565%26mt_id%3D6622335%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_cid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCVsgxrz1xZI61D5eSgQfS67PgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBIoCT9ARBgBF19YGg8nKqKnOoNolh35SJ8m6X_cjtXTI7L-_a_C_kXNpro93Tgt4ZMTPxqzcBAaQExHQuXHXGBIuZIvsrQIvU2sAXX1gqx2BrBnZCsnNrNo5V-D-E61fkV8jF5GbJnAqjmjUkl3x4xq0pvLRrCVt9QYi_D_X51O_FrO2RkkCSTWpZSQEMBKPyGMLw1wObPtOzCESwmXAqArHns20eP5E1IOkqCd_pxL6FvBJZmi2p_orMcz2WIVK2Dsxd4n87evZT_FVmpt-7DSN8akRMz1OJML0JstNwrTL3p--WzESuJgDT2tBp87SBBHJ-QJAXEZtU3eZrCx48NbJ4Xa2cKs4OT6gH5bgBAGABoznzbbVuJuN0gGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA8ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2-Lx31OYefb5JndwKCUkF-9gUF_A%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26redirect%3D
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:16:00 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3460
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame E51B 43 B
416 B 39ms
18ms Image
image/gif 2.18.233.201

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=7580687026137846565&v3=651871&v4=4562306&v5=6622335&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWlRVeU1qYzVNamN0TWpFNE9DMHdaV1UxTFRBd01EQXRNREF3TURBd01EQXdNREF3Lzc1ODA2ODcwMjYxMzc4NDY1NjUvNjYyMjMzNS80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1eFViYWdWdGVpMUwxVmpwMWctT2NYby8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC83NTgwNjg3MDI2MTM3ODQ2NTY1L3pyaC8wLzE0Ny81Lzk5OS8xNjIvMmEwMzoxYjIwOjY6Oi8wLjAwMC8xNjg1MTQyOTU5LzE2ODUxNTU1NTkvNC9wdWItNzk4MzY1MTI1NzgzODI4Mi8/tlxwGvTknNL8WKfOHoY5QFnZ3Sw&nodeid=4830&group=zrh&auctionid=7580687026137846565&pbs_auctionid=7580687026137846565&shardkey=7580687026137846565&sid=4562306&cid=6622335&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.39&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCVsgxrz1xZI61D5eSgQfS67PgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBIoCT9ARBgBF19YGg8nKqKnOoNolh35SJ8m6X_cjtXTI7L-_a_C_kXNpro93Tgt4ZMTPxqzcBAaQExHQuXHXGBIuZIvsrQIvU2sAXX1gqx2BrBnZCsnNrNo5V-D-E61fkV8jF5GbJnAqjmjUkl3x4xq0pvLRrCVt9QYi_D_X51O_FrO2RkkCSTWpZSQEMBKPyGMLw1wObPtOzCESwmXAqArHns20eP5E1IOkqCd_pxL6FvBJZmi2p_orMcz2WIVK2Dsxd4n87evZT_FVmpt-7DSN8akRMz1OJML0JstNwrTL3p--WzESuJgDT2tBp87SBBHJ-QJAXEZtU3eZrCx48NbJ4Xa2cKs4OT6gH5bgBAGABoznzbbVuJuN0gGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA8ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2-Lx31OYefb5JndwKCUkF-9gUF_A%26client%3Dca-pub-7983651257838282%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 -, , ASN (),
Reverse DNS
Software: MT3 851 9bd98ae master zrh-pixel-x24 config_version:"unknown" /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:16:00 GMT
Server: MT3 851 9bd98ae master zrh-pixel-x24 config_version:"unknown"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Fri, 26 May 2023 23:15:59 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame E51B 49 B
330 B 59ms
38ms Image
image/gif 185.29.134.245

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=7580687026137846565&st=4562306&time=1685142960&nodeid=4830
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWlRVeU1qYzVNamN0TWpFNE9DMHdaV1UxTFRBd01EQXRNREF3TURBd01EQXdNREF3Lzc1ODA2ODcwMjYxMzc4NDY1NjUvNjYyMjMzNS80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1eFViYWdWdGVpMUwxVmpwMWctT2NYby8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC83NTgwNjg3MDI2MTM3ODQ2NTY1L3pyaC8wLzE0Ny81Lzk5OS8xNjIvMmEwMzoxYjIwOjY6Oi8wLjAwMC8xNjg1MTQyOTU5LzE2ODUxNTU1NTkvNC9wdWItNzk4MzY1MTI1NzgzODI4Mi8/tlxwGvTknNL8WKfOHoY5QFnZ3Sw&nodeid=4830&group=zrh&auctionid=7580687026137846565&pbs_auctionid=7580687026137846565&shardkey=7580687026137846565&sid=4562306&cid=6622335&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.39&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCVsgxrz1xZI61D5eSgQfS67PgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBIoCT9ARBgBF19YGg8nKqKnOoNolh35SJ8m6X_cjtXTI7L-_a_C_kXNpro93Tgt4ZMTPxqzcBAaQExHQuXHXGBIuZIvsrQIvU2sAXX1gqx2BrBnZCsnNrNo5V-D-E61fkV8jF5GbJnAqjmjUkl3x4xq0pvLRrCVt9QYi_D_X51O_FrO2RkkCSTWpZSQEMBKPyGMLw1wObPtOzCESwmXAqArHns20eP5E1IOkqCd_pxL6FvBJZmi2p_orMcz2WIVK2Dsxd4n87evZT_FVmpt-7DSN8akRMz1OJML0JstNwrTL3p--WzESuJgDT2tBp87SBBHJ-QJAXEZtU3eZrCx48NbJ4Xa2cKs4OT6gH5bgBAGABoznzbbVuJuN0gGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA8ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2-Lx31OYefb5JndwKCUkF-9gUF_A%26client%3Dca-pub-7983651257838282%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 -, , ASN (),
Reverse DNS
Software: MMBD/3.388.2 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:16:00 GMT
Server: MMBD/3.388.2
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x53, zrh-bidder-x170
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Fri, 26 May 2023 23:15:59 GMT

GET
H/1.1 200
OK js
sync.mathtag.com/sync/ Frame E51B 1 KB
1 KB 40ms
19ms Script
text/javascript 185.29.134.248

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.mathtag.com/sync/js?sync=auto&source=bidder&mt_lim=1&type=1&synclist=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvWlRVeU1qYzVNamN0TWpFNE9DMHdaV1UxTFRBd01EQXRNREF3TURBd01EQXdNREF3Lzc1ODA2ODcwMjYxMzc4NDY1NjUvNjYyMjMzNS80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1eFViYWdWdGVpMUwxVmpwMWctT2NYby8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC83NTgwNjg3MDI2MTM3ODQ2NTY1L3pyaC8wLzE0Ny81Lzk5OS8xNjIvMmEwMzoxYjIwOjY6Oi8wLjAwMC8xNjg1MTQyOTU5LzE2ODUxNTU1NTkvNC9wdWItNzk4MzY1MTI1NzgzODI4Mi8/tlxwGvTknNL8WKfOHoY5QFnZ3Sw&nodeid=4830&group=zrh&auctionid=7580687026137846565&pbs_auctionid=7580687026137846565&shardkey=7580687026137846565&sid=4562306&cid=6622335&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.39&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCVsgxrz1xZI61D5eSgQfS67PgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBIoCT9ARBgBF19YGg8nKqKnOoNolh35SJ8m6X_cjtXTI7L-_a_C_kXNpro93Tgt4ZMTPxqzcBAaQExHQuXHXGBIuZIvsrQIvU2sAXX1gqx2BrBnZCsnNrNo5V-D-E61fkV8jF5GbJnAqjmjUkl3x4xq0pvLRrCVt9QYi_D_X51O_FrO2RkkCSTWpZSQEMBKPyGMLw1wObPtOzCESwmXAqArHns20eP5E1IOkqCd_pxL6FvBJZmi2p_orMcz2WIVK2Dsxd4n87evZT_FVmpt-7DSN8akRMz1OJML0JstNwrTL3p--WzESuJgDT2tBp87SBBHJ-QJAXEZtU3eZrCx48NbJ4Xa2cKs4OT6gH5bgBAGABoznzbbVuJuN0gGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA8ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2-Lx31OYefb5JndwKCUkF-9gUF_A%26client%3Dca-pub-7983651257838282%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.248 -, , ASN (),
Reverse DNS
Software: MT3 851 9bd98ae master cdg-pixel-x33 config_version:"unknown" /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:16:00 GMT
Content-Encoding: gzip
Server: MT3 851 9bd98ae master cdg-pixel-x33 config_version:"unknown"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: text/javascript
Cache-Control: no-cache
Connection: close
Expires: Fri, 26 May 2023 23:15:59 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame D5E2 0
0 137ms
95ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CH6O-sD1xZLK5B4i0ZfaolqAJkOGBhFy2qMKK8ALAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNjU5MzUyMzIxMDAxMDE1NMgBCakCd_a4o5r-sT6oAwGqBNIBT9BMnBQEHL-EinYrZrSSLiiDP34GuCovotDbQR84WaS7pLIHZC9_QtenFd9tSVbPGqiHw_JG4_qeMuvuUEqigeUlWdggk9muJFMOgiqmGlnxbupxIuumvfWrqGw8EG0O2xojgVrO397fBaASimTg5F5ULnnm0PFnQJGxEtB-OF4n1OazsGp4ms0ypbmBA4lWbUtIJhRv6pJl2UVeh9jLAnZQqQIHEWgyHlc8WqHbJ3XDfsoE--p_KHj9WjD2dJOGwwzpswMuL-rgK7CUrgeMJzdDgAaCho6y_LDZlvoBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQIAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi02NTkzNTIzMjEwMDEwMTU0GAA&sigh=jjsgrWc6OS4&uach_m=[UACH]&cid=CAQSKQBygQiDz6gYvJSjiA-JirR476WbhQbQZWt_bJfVNY4Wa-QUaYVrci2_GAE

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685142959452&bpp=4&bdt=259&idt=460&shv=r20230523&mjsv=m202305230101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=4147856985454&frm=8&ife=1&pv=1&ga_vid=372334874.1685142960&ga_sid=1685142960&ga_hid=1691016324&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1257201828&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759842%2C44759927%2C44788442%2C44789779&oid=2&pvsid=2476697498375493&tmod=1504218110&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.cxiv9ygyii7p&fsb=1&dtd=480
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 26 May 2023 23:16:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame D5E2 0
0 83ms
14ms Fetch
image/gif 2600:1901:0:76b9::

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1hy8kn58egndeparegfjg9kdfhysexzehx2pdat28k63dwags5m14xsrtkhp90btaq3teq6pypznkjv0jybmzs0hpb3p6w806ht2w672760jw081pwxz32ke09n4rz79vw36j7ehq3vhj1433s517hw1vf1pa1hsbd68n2dqy8yt1kat13zj9dwr297bycepd6352bnphpz9zhc0892e8550ns58htea0y9xgnqh8bzrewda0f9kqp7wqpvt87nb3ye6zq742ssb1dx2nnw3cj7qbrwzhcy0z36tj7fg240ypxs3wfwj1epstsmd1hwyh3bceng3kgqysfkb9a8vngcjkt4c8xccqv2b45x0pmnq7m6cqnp0dbhnsze7vs0fzmnbzqyzwm&b=ZHE9sAAB3LIKGVoIAAWUdi8Npu0PbWaEv1gt1w
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685142959452&bpp=4&bdt=259&idt=460&shv=r20230523&mjsv=m202305230101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=4147856985454&frm=8&ife=1&pv=1&ga_vid=372334874.1685142960&ga_sid=1685142960&ga_hid=1691016324&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1257201828&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759842%2C44759927%2C44788442%2C44789779&oid=2&pvsid=2476697498375493&tmod=1504218110&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.cxiv9ygyii7p&fsb=1&dtd=480
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 26 May 2023 23:16:00 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H3 200 dr
as.ad4m.at/ad/ Frame 92DA 2 KB
2 KB 93ms
50ms Document
text/html 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1hbpc5zx0h9jndag5vkm6baw75apxxwjsvcykhzjppg66mnre8pb1ee36rv636kp1hmfhwxkn40hrpqje0t6n6a8bpfpxjh275536agvqs9zaaak6j0tq9tetbrssr9tbqg4b1aktgtmc00pc62y54b5v82xsgvty4c25915ejx1m7yf5mtdywbrewtq782j0vkt8qvw60afx544akxq2ajh3j90q63g6brh4s2fbrkv9df2e7bwk2tmrqgrjfa66jbrna6p8mg2a8r71d1ejnd6h7dg0qc8f5wa8fz7c13gfm1042f4scskachvckdp5hksfrjkavxe1h8b1kc6wk96nym04yneajyh0xt8jqfkzy2gkn54fyf9zfqa7avt16wry7exn1cwc1h1g0s3rpjrngtn6vszps7mwr34k93818qvmcmg&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC36zbsD1xZLK5B4i0ZfaolqAJkOGBhFy2qMKK8ALAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNjU5MzUyMzIxMDAxMDE1NMgBCakCd_a4o5r-sT6oAwGqBNUBT9BMnBQEHL-EinYrZrSSLiiDP34GuCovotDbQR84WaS7pLIHZC9_QtenFd9tSVbPGqiHw_JG4_qeMuvuUEqigeUlWdggk9muJFMOgiqmGlnxbupxIuumvfWrqGw8EG0O2xojgVrO397fBaASimTg5F5ULnnm0PFnQJGxEtB-OF4n1OazsGp4ms0ypbmBA4lWbUtIJhRv6pJl2UVeh9jLAnZQqQIHEWgyHlc8WuPZBucUh01EM203vqK0yMLPYJkrySLxboPsZngYv664ttJQuHeL_c8-gAaCho6y_LDZlvoBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1ylhGBoPGQ6NQMstrqYvTjh8bEVg%26client%3Dca-pub-6593523210010154%26adurl%3D

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:ad1 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7cd9b92fa8b42c19-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Fri, 26 May 2023 23:16:00 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 8171 1 KB
643 B 104ms
58ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 45744
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 26 May 2023 10:33:36 GMT
etag: 48472445140208031
expires: Sat, 27 May 2023 10:33:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request.php
hal900011.redintelligence.net/ Frame C980 3 KB
2 KB 636ms
518ms Script
application/x-javascript 138.201.64.38

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900011.redintelligence.net/request.php?zone=ajk4xlebn4mw&nw=20&renderingType=javascript&namespace=56923d16de&subid=&uid=23e87f7de0b1ce9f&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D1DcNeTzTU7TVou8SBh-S1Q%26exch_seat%3D20035004448%26mt_aid%3D8733608530744681479%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_cid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCAL8Mrz1xZL-6EJmDx_AP8fK0sAvPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMBqgScAk_QNoOH2HvZfl4QUAEnHkjhSw9rdzaZhnQwcXsJ7zIXcX8-YW-9aAtqrJATOJtfrcbii2hPEusgTdw2JlgZ3z6FycSHurYNTFe1y0DZ2kqY-XxZp9xDCIduyWjgG3x-aZDnVHBTCxkuD5SLeUjHveHI12ca10q2a8pAS6ADUDZ3-uysYzdpXQrbw4JDEwqH9Z_f3ETFEgX47RCfF_UyVoMNm9UzLyTdUvCu8EqvlCpAse9GAASAZhjFwjU3qPh23qLIxaGcBBuDA615ZVd5UwHkNdamLJujevTdtYaR2oZ77iRikb5HQQEzlIoigFYYPF8ipu0kDZomNAINPJlS0gz9OycAEiSg33sCP6QEzoCNyLPtk3hfndQBW4-a4AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3ypWE76_gw6C0L5bnTUcTAQWmPUw%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fc9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=6611146666657&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/ajk4xlebn4mw?subid=&gdpr=1&gdpr_consent=li&rnd=8733608530744681479&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D1DcNeTzTU7TVou8SBh-S1Q%26exch_seat%3D20035004448%26mt_aid%3D8733608530744681479%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_cid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCAL8Mrz1xZL-6EJmDx_AP8fK0sAvPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMBqgScAk_QNoOH2HvZfl4QUAEnHkjhSw9rdzaZhnQwcXsJ7zIXcX8-YW-9aAtqrJATOJtfrcbii2hPEusgTdw2JlgZ3z6FycSHurYNTFe1y0DZ2kqY-XxZp9xDCIduyWjgG3x-aZDnVHBTCxkuD5SLeUjHveHI12ca10q2a8pAS6ADUDZ3-uysYzdpXQrbw4JDEwqH9Z_f3ETFEgX47RCfF_UyVoMNm9UzLyTdUvCu8EqvlCpAse9GAASAZhjFwjU3qPh23qLIxaGcBBuDA615ZVd5UwHkNdamLJujevTdtYaR2oZ77iRikb5HQQEzlIoigFYYPF8ipu0kDZomNAINPJlS0gz9OycAEiSg33sCP6QEzoCNyLPtk3hfndQBW4-a4AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3ypWE76_gw6C0L5bnTUcTAQWmPUw%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26redirect%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 26 May 2023 23:16:00 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 63574300002816900951389012337011
Connection: close
Content-Length: 1151
Expires: Sat, 27 May 2023 00:16:00 +0200

GET
H2 200 publishertag.prebid.js
static.criteo.net/js/ld/ Frame 6C31 93 KB
30 KB 128ms
14ms XHR
text/javascript 2a02:2638:d::2

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.135.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:00 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 19 May 2023 17:15:21 GMT
server: nginx
etag: W/"6467aea9-175c4"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 27 May 2023 23:16:00 GMT

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 905F 3 KB
4 KB 123ms
20ms Image
image/png 2606:4700:20::681a:71b

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.40/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:71b -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2208
x-guploader-uploadid: ADPycdvwP-NwgXqNEbyI2qkcz3h5-Ehsvrbo1BzPr2w5R7YEx4A4494G82MbZGb67-CgTESrTtVZjLf5PX4N9CeItuw
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
vary: Accept-Encoding
x-goog-generation: 1623242114099744
content-type: image/png
x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
cache-control: public, max-age=31536000, immutable
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DbpofcnX%2FnKLBzxpsZlosJaG78GOB0O70c1ox21o62comgFjLHEoyv6eS10G9pNSX10%2BeUzFNXsDhQtJLgrP0gu84t8lAd3RHdlFw361HWDssioIPE6viz3AsuPILmq442tQUVP%2Bd3r%2Bk3ecdBHzqbBj"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 7cd9b93038621d9e-FRA
expires: Fri, 26 May 2023 22:42:23 GMT

GET
DATA 200
OK truncated
/ Frame F8C5 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F8C5 0
0 96ms
78ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsui4wAaJLTYk-WyZzhCoYRBDtzbIOekM0sjz0SnwF5fO-y3-NxtGixYTN_YVFaO4zrTwzegDQD3LszZufW-9Ha7Z3vI4VvJS5Mxj3n9ZEJHc2yYqH6TiXAkvOfoW32gauOUh3DCMhtj_w7VDek9oSRcgbAw3NToh4BhCrInduWCRiO3yBNHU6OIJbidQ-W-1OWHn2ycQoOURryJAy9__FTaNZedFP6CQ2u-5Vf-VzUcAkejFFujo4TLeaIZXbSwMoMoszy69tLKJpYsdqZ8Bijyw5Nv77kAZSQBxaANeJJaaTRGMR8sqCBMf_IbXowIf5tqMNA6SQo1elZgIV6ub435L_l4ZXxqTvzjA9mPS3mA7EY&sai=AMfl-YTrheYYRxoe6Q3X1t3Te4Y_WwzYe-ZSyjXASUtEhp8y2qfYu37hm8B04FZFYfwMVQtC43YFsk0iUr8zgd_UUBxeV0C0UXugj8QnTxv7e4kwLxTtmGw_oUKk920YxQ&sig=Cg0ArKJSzD7bOBkIPCXkEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 26 May 2023 23:16:00 GMT

GET
H3 200 frame.html
ad4m.at/ Frame 55E4 2 KB
1 KB 34ms
23ms Document
text/html 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 107781
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 7cd9b930493b2c19-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Fri, 26 May 2023 23:16:00 GMT
expires: Mon, 08 May 2023 00:16:30 GMT
last-modified: Thu, 25 Aug 2022 14:12:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zTBAvSUqtNlCuCKiqKZLameXCH4jMxbfAx6zDAjbjRTsOSxNirqP8prPfUSTA49jHKHpTMF7pnyFoaV2D4Pvn%2BA%2BXx2GuMv91Pb8dZPKRCiGD8OyEyYmtyEu3DO8JFN0ACi6xHQ%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 197C 41 KB
15 KB 52ms
41ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Sun, 21 May 2023 19:05:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 447045
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 20 May 2024 19:05:15 GMT

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 1CFA 281 B
554 B 21ms
9ms Document
text/html 23.56.202.187

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Fri, 26 May 2023 23:16:00 GMT
ETag: "40010-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 197C 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.40/one-ad/ Frame 92DA 103 KB
13 KB 35ms
23ms Stylesheet
text/css 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.40/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1hbpc5zx0h9jndag5vkm6baw75apxxwjsvcykhzjppg66mnre8pb1ee36rv636kp1hmfhwxkn40hrpqje0t6n6a8bpfpxjh275536agvqs9zaaak6j0tq9tetbrssr9tbqg4b1aktgtmc00pc62y54b5v82xsgvty4c25915ejx1m7yf5mtdywbrewtq782j0vkt8qvw60afx544akxq2ajh3j90q63g6brh4s2fbrkv9df2e7bwk2tmrqgrjfa66jbrna6p8mg2a8r71d1ejnd6h7dg0qc8f5wa8fz7c13gfm1042f4scskachvckdp5hksfrjkavxe1h8b1kc6wk96nym04yneajyh0xt8jqfkzy2gkn54fyf9zfqa7avt16wry7exn1cwc1h1g0s3rpjrngtn6vszps7mwr34k93818qvmcmg&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC36zbsD1xZLK5B4i0ZfaolqAJkOGBhFy2qMKK8ALAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNjU5MzUyMzIxMDAxMDE1NMgBCakCd_a4o5r-sT6oAwGqBNUBT9BMnBQEHL-EinYrZrSSLiiDP34GuCovotDbQR84WaS7pLIHZC9_QtenFd9tSVbPGqiHw_JG4_qeMuvuUEqigeUlWdggk9muJFMOgiqmGlnxbupxIuumvfWrqGw8EG0O2xojgVrO397fBaASimTg5F5ULnnm0PFnQJGxEtB-OF4n1OazsGp4ms0ypbmBA4lWbUtIJhRv6pJl2UVeh9jLAnZQqQIHEWgyHlc8WuPZBucUh01EM203vqK0yMLPYJkrySLxboPsZngYv664ttJQuHeL_c8-gAaCho6y_LDZlvoBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1ylhGBoPGQ6NQMstrqYvTjh8bEVg%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1hbpc5zx0h9jndag5vkm6baw75apxxwjsvcykhzjppg66mnre8pb1ee36rv636kp1hmfhwxkn40hrpqje0t6n6a8bpfpxjh275536agvqs9zaaak6j0tq9tetbrssr9tbqg4b1aktgtmc00pc62y54b5v82xsgvty4c25915ejx1m7yf5mtdywbrewtq782j0vkt8qvw60afx544akxq2ajh3j90q63g6brh4s2fbrkv9df2e7bwk2tmrqgrjfa66jbrna6p8mg2a8r71d1ejnd6h7dg0qc8f5wa8fz7c13gfm1042f4scskachvckdp5hksfrjkavxe1h8b1kc6wk96nym04yneajyh0xt8jqfkzy2gkn54fyf9zfqa7avt16wry7exn1cwc1h1g0s3rpjrngtn6vszps7mwr34k93818qvmcmg&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC36zbsD1xZLK5B4i0ZfaolqAJkOGBhFy2qMKK8ALAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNjU5MzUyMzIxMDAxMDE1NMgBCakCd_a4o5r-sT6oAwGqBNUBT9BMnBQEHL-EinYrZrSSLiiDP34GuCovotDbQR84WaS7pLIHZC9_QtenFd9tSVbPGqiHw_JG4_qeMuvuUEqigeUlWdggk9muJFMOgiqmGlnxbupxIuumvfWrqGw8EG0O2xojgVrO397fBaASimTg5F5ULnnm0PFnQJGxEtB-OF4n1OazsGp4ms0ypbmBA4lWbUtIJhRv6pJl2UVeh9jLAnZQqQIHEWgyHlc8WuPZBucUh01EM203vqK0yMLPYJkrySLxboPsZngYv664ttJQuHeL_c8-gAaCho6y_LDZlvoBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1ylhGBoPGQ6NQMstrqYvTjh8bEVg%26client%3Dca-pub-6593523210010154%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1683559916
age: 364904
cf-polished: origSize=105839
x-guploader-uploadid: ADPycdv9IJsM9Nda_T-YCF8tGjLSR9_5GyrPWBCiXo7o_2KPFa29jeIDurPOQJdzBat54FnfGmUqvpjJPo5BCE2ydDX2ig
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 08 May 2023 15:32:28 GMT
server: cloudflare
etag: W/"44fa96b813e145cb8b915ae1fb6a3b7a"
vary: Accept-Encoding
x-goog-generation: 1683559948253618
content-type: text/css
x-goog-hash: crc32c=FELYSw==, md5=RPqWuBPhRcuLkVrh+2o7eg==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eWeTYi2fPmgZS%2FFEP9CyTF9wXbbU4lGN%2Fp8WzjazFRVClN6SAFVIKV0Q%2BPsYRWKpSiuon7WvTZukpti67IMUReO4CjRQ41OydnUgkGtDlhxKYqpJK4CTqwf72CLEtly3PoE0Vctd0do%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 105839
cf-ray: 7cd9b930896a2c19-FRA
expires: Sat, 27 May 2023 00:16:00 GMT

GET
H3 200 r62eglto.js
ad4m.at/ Frame 92DA 25 KB
10 KB 43ms
31ms Script
application/javascript 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1hbpc5zx0h9jndag5vkm6baw75apxxwjsvcykhzjppg66mnre8pb1ee36rv636kp1hmfhwxkn40hrpqje0t6n6a8bpfpxjh275536agvqs9zaaak6j0tq9tetbrssr9tbqg4b1aktgtmc00pc62y54b5v82xsgvty4c25915ejx1m7yf5mtdywbrewtq782j0vkt8qvw60afx544akxq2ajh3j90q63g6brh4s2fbrkv9df2e7bwk2tmrqgrjfa66jbrna6p8mg2a8r71d1ejnd6h7dg0qc8f5wa8fz7c13gfm1042f4scskachvckdp5hksfrjkavxe1h8b1kc6wk96nym04yneajyh0xt8jqfkzy2gkn54fyf9zfqa7avt16wry7exn1cwc1h1g0s3rpjrngtn6vszps7mwr34k93818qvmcmg&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC36zbsD1xZLK5B4i0ZfaolqAJkOGBhFy2qMKK8ALAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNjU5MzUyMzIxMDAxMDE1NMgBCakCd_a4o5r-sT6oAwGqBNUBT9BMnBQEHL-EinYrZrSSLiiDP34GuCovotDbQR84WaS7pLIHZC9_QtenFd9tSVbPGqiHw_JG4_qeMuvuUEqigeUlWdggk9muJFMOgiqmGlnxbupxIuumvfWrqGw8EG0O2xojgVrO397fBaASimTg5F5ULnnm0PFnQJGxEtB-OF4n1OazsGp4ms0ypbmBA4lWbUtIJhRv6pJl2UVeh9jLAnZQqQIHEWgyHlc8WuPZBucUh01EM203vqK0yMLPYJkrySLxboPsZngYv664ttJQuHeL_c8-gAaCho6y_LDZlvoBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1ylhGBoPGQ6NQMstrqYvTjh8bEVg%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Mar 2023 13:45:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 105031
etag: W/"fcb2a26b07bd76d9a925cae661d6d94d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rcmLPEkdjPjyRGDAgOxZ5luAVYZxupTkuHchA3wRZJ9YwWCT%2FofjxDtXADBkM8X%2BVTvpKsXNSke2xdUfhzH7AtO5yszzUJz7BHdqpEXTrpLhyrRIF793gFpAZFKcb7skR0EMW8A%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 7cd9b930896b2c19-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 23 May 2023 13:46:09 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 1AE0
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=oE0Y336SQP2OuYk5xEiwAw&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=oE0Y336SQP2OuYk5xEiwAw

43 B
479 B

116ms
115ms

Image
image/gif

52.46.155.104

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=oE0Y336SQP2OuYk5xEiwAw

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

HTTP/1.1

Server

52.46.155.104 -, , ASN (),

Reverse DNS

Software

Server /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 26 May 2023 23:16:01 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 2XRS24SMXV1YKXFE5FZ8
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=oE0Y336SQP2OuYk5xEiwAw
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame 1AE0
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=annRYCwiQJ-qHI1uliGSDQ&rk=usync-other
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=annRYCwiQJ-qHI1uliGSDQ

43 B
479 B

34ms
34ms

Image
image/gif

52.95.125.22

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=annRYCwiQJ-qHI1uliGSDQ

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

HTTP/1.1

Server

52.95.125.22 -, , ASN (),

Reverse DNS

Software

Server /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 26 May 2023 23:16:01 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 9J3XJ22FVCX4QZNHW2ZH
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=annRYCwiQJ-qHI1uliGSDQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 1AE0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMqh3iTIAdlNgM2c2jEZvzM&google_cver=1

0
239 B

74ms
8ms

Image
image/gif

69.173.144.165

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMqh3iTIAdlNgM2c2jEZvzM&google_cver=1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: HTTP/1.1
Server: 69.173.144.165 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:00 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMqh3iTIAdlNgM2c2jEZvzM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1AE0
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TEk1NkxXTFctWS1FVEpZ
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEC67DTpfhxVV-v-rg-d4dts&google_cver=1
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEk1NkxXTFctWS1FVEpZ&google_push=

170 B
188 B

60ms
59ms

Image
image/png

172.217.18.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEk1NkxXTFctWS1FVEpZ&google_push=

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

172.217.18.2 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEk1NkxXTFctWS1FVEpZ&google_push=
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 1AE0
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/nfY9Dur2lwM6Rc76vZIPNQ?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-5rxJDNhE2oJlhtb1vkkq79Os6t4vhDihVRStgQ--~A

0
239 B

26ms
24ms

Image
image/gif

69.173.144.165

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-5rxJDNhE2oJlhtb1vkkq79Os6t4vhDihVRStgQ--~A
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: HTTP/1.1
Server: 69.173.144.165 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Fri, 26 May 2023 23:16:01 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-5rxJDNhE2oJlhtb1vkkq79Os6t4vhDihVRStgQ--~A
content-length: 0

GET
H2

200

setuid
px.ads.linkedin.com/ Frame 1AE0
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LI56LWLW-Y-ETJY

0
645 B

195ms
153ms

Image
text/plain

2620:1ec:21::14

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LI56LWLW-Y-ETJY
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Server: 2620:1ec:21::14 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:00 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 8CB501249D094E2C847BA3676307C552 Ref B: FRAEDGE2017 Ref C: 2023-05-26T23:16:00Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX8oOuWy1Le5EsPt+1h7w==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LI56LWLW-Y-ETJY
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1AE0
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ODlmOWM4MGI3ODVkY2E1NTkyZDQ4ZGNjNWFhYmQxYzgyOGFmYmFkZA

170 B
188 B

56ms
51ms

Image
image/png

172.217.18.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ODlmOWM4MGI3ODVkY2E1NTkyZDQ4ZGNjNWFhYmQxYzgyOGFmYmFkZA

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

172.217.18.2 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ODlmOWM4MGI3ODVkY2E1NTkyZDQ4ZGNjNWFhYmQxYzgyOGFmYmFkZA
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 1AE0 70 B
264 B 61ms
33ms Image
image/gif 15.197.193.217

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 26 May 2023 23:16:00 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 197C 0
0 97ms
79ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst_IqguuFe54Ryig3p78RuRuVw1CWSh-G31sr75bmTftKyTTTy3toOqVwNU5EPobJRJkP9aJcSSdqQsidOgdnlloDaU_nDwcSkXAGchllHfW5hEYCtv4qyWxKvzb38J_KkFr00mmWuSlsOdYFPBb9oC8AGtd3mff20d5ix24wYma6eJWKvLWb_Jasmi_qiUBHSIyD2_1fbwJFUuurCv9iMhluHspQjYiXzVj5Le5VQbzxjs7YMqFjemOZGnST_quRp8Z1CkEz1L_rvBEeIhjGRfu3AsA-5r1nsUbaTv9j8axl2NSJjKleanWAXfM9a0CXgY2WystFKMxaircntCZQ&sai=AMfl-YQA537f5Un9bTMXdk4p8aUwb2e1J3-01jBtCosdD7YOKSRFr7xZx2_zMT9otXTkoOZGz9NHek522OqoE-Cx3wOqTVmsyoWxixMqtxzAVFb44RNSI9jVFeu-AOJdEA&sig=Cg0ArKJSzFUNFpYfs-SrEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 26 May 2023 23:16:00 GMT

GET
H2 200 Standard
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.229/e/2gSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/ImageTag:types/ Frame F8C5 85 KB
36 KB 57ms
25ms Script
text/javascript 37.157.2.247

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.229/e/2gSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/ImageTag:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.247 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:52 GMT
content-encoding: gzip
last-modified: Mon, 22 May 2023 15:24:09 GMT
server: nginx
x-cache-status: STALE
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 24 May 2023 10:46:06 GMT

GET
H/1.1 200
OK request.php
hal90006.redintelligence.net/ Frame E51B 3 KB
2 KB 211ms
140ms Script
application/x-javascript 138.201.63.164

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90006.redintelligence.net/request.php?zone=s2gk7r78n0fa&nw=20&renderingType=javascript&namespace=0c3c1f7ea3&subid=&uid=2c60ada42e423bb0&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DJP4Z2Ple_TxQQIMX738sBw%26exch_seat%3D20035004448%26mt_aid%3D7580687026137846565%26mt_id%3D6622335%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_cid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCVsgxrz1xZI61D5eSgQfS67PgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBIoCT9ARBgBF19YGg8nKqKnOoNolh35SJ8m6X_cjtXTI7L-_a_C_kXNpro93Tgt4ZMTPxqzcBAaQExHQuXHXGBIuZIvsrQIvU2sAXX1gqx2BrBnZCsnNrNo5V-D-E61fkV8jF5GbJnAqjmjUkl3x4xq0pvLRrCVt9QYi_D_X51O_FrO2RkkCSTWpZSQEMBKPyGMLw1wObPtOzCESwmXAqArHns20eP5E1IOkqCd_pxL6FvBJZmi2p_orMcz2WIVK2Dsxd4n87evZT_FVmpt-7DSN8akRMz1OJML0JstNwrTL3p--WzESuJgDT2tBp87SBBHJ-QJAXEZtU3eZrCx48NbJ4Xa2cKs4OT6gH5bgBAGABoznzbbVuJuN0gGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA8ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2-Lx31OYefb5JndwKCUkF-9gUF_A%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fc9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=4731892055078&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/s2gk7r78n0fa?subid=&gdpr=1&gdpr_consent=li&rnd=7580687026137846565&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DJP4Z2Ple_TxQQIMX738sBw%26exch_seat%3D20035004448%26mt_aid%3D7580687026137846565%26mt_id%3D6622335%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_cid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCVsgxrz1xZI61D5eSgQfS67PgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBIoCT9ARBgBF19YGg8nKqKnOoNolh35SJ8m6X_cjtXTI7L-_a_C_kXNpro93Tgt4ZMTPxqzcBAaQExHQuXHXGBIuZIvsrQIvU2sAXX1gqx2BrBnZCsnNrNo5V-D-E61fkV8jF5GbJnAqjmjUkl3x4xq0pvLRrCVt9QYi_D_X51O_FrO2RkkCSTWpZSQEMBKPyGMLw1wObPtOzCESwmXAqArHns20eP5E1IOkqCd_pxL6FvBJZmi2p_orMcz2WIVK2Dsxd4n87evZT_FVmpt-7DSN8akRMz1OJML0JstNwrTL3p--WzESuJgDT2tBp87SBBHJ-QJAXEZtU3eZrCx48NbJ4Xa2cKs4OT6gH5bgBAGABoznzbbVuJuN0gGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA8ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2-Lx31OYefb5JndwKCUkF-9gUF_A%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26redirect%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 26 May 2023 23:16:00 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 17458800004130100951403012337006
Connection: close
Content-Length: 1228
Expires: Sat, 27 May 2023 00:16:00 +0200

GET
H/1.1 200
OK usync.js
eus.rubiconproject.com/ Frame 1CFA 34 KB
10 KB 43ms
26ms Script
text/html 23.56.202.187

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:16:00 GMT
Content-Encoding: gzip
Last-Modified: Fri, 26 May 2023 14:04:28 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=53371
Connection: keep-alive
Content-Length: 10085
Expires: Sat, 27 May 2023 14:05:31 GMT

GET
DATA 200
OK truncated
/ Frame D5E2 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 197C 171 KB
53 KB 66ms
58ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54244
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1684927996807358"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 26 May 2023 23:16:00 GMT

GET
H3 200 index.html
s0.2mdn.net/sadbundle/4323423352959208367/ Frame EC0F 15 KB
2 KB 141ms
48ms Document
text/html 2a00:1450:4001:803::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=F8hviuhgl8&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2272
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 26 May 2023 23:16:01 GMT
expires: Sat, 25 May 2024 23:16:01 GMT
last-modified: Thu, 16 Feb 2023 15:59:28 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 197C 0
0 211ms
88ms Fetch
image/gif 142.250.186.34

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvyzUtUspKcL_uI5UqVip6gqB6Afw5hrKoqBdawV4lmmaMGlki1SY6aHnUFx9dX5H52szGzInqt_SGomFe4YQAelqiBetXfAzFcz3r1LP8DaJp_7ACd3nH3dv8KzIfoMy3miFUvwSaB2ooyfQvFbvBjbdJI6XNX-5V32jxYfy9r3PmAsmvxCZo_UaKmh0qfnHbhdmolvx87rXXWbek_jcv_A_2wl_n9NrIp7dH08Cfywf3PoDLnk9Z-FRcXfey4opQzrEjiOFymyyEo8pJ35-WAv9v5zQEEgq7fZEWPuWrl_4IasOYqeaw7HWlX-Vitrrerb9_a6ZWpPNCyhSdkOIGyCOjzewtV170PNIrE4o0wUpKQOu2fGqX94R5LngXBk-QdlN2_Lts1S9DaVZvAzbXQN-SarWH21Ux-eJTdo8erWTcva8Ta1gsleSN0ANFAqsNgZzNPqEGkNZiQ3LXu8eN0EwUYgakaiitFwZdUYGV6vaUY33Z9ydR56DKaS1Fz7usJHIZsRn17LV44ojnOKG57C1QQq8_zWp1dcTSS3pXDtTJICEFlftdFew42zEjhKcAncaV-Ev6CC5cCRoZdV0y0V80nZt3vQYHCx_PdxXKCE7u64nQb68qU0T9HURphpEK2Qb1QikeAdC-MIHBvDpPBBS84-TzegVzatYwfthFEPkedEUolCy5M-s1iFyFHqxFeWXp0pdNmYR3gp-8k-4ry2eTkrL4N6zSoPAPRNrt3TMav6WNbjdLtxnJh6LdVi2jURHtSqPYzvYx-Hgq3kiLKSkDKSzWgQwQJ5G8_aX1ZkA4uRVC7ekB5QFaqrdNL8-smj0wgk-rmDrmwkYN0c6AKEeDjFVa17DpH549yazrD0yOg-2YxfpcrfiqunMrL0jIoMIHt70wpcI2-ONrap20Etg1YM78tkFhq59g2aDiKLcQCxx3xr13-VmMvR7u4ZfP2hK4PW7zbHGMd8UBRyXgNXD0x1L7iWlustO9wmiwyqK7QtIfuQaKRGwhEjaiqTrCTl6llPyf5JAkdJIpsPX1uRV7g9eHCv29qzS9UcDVDFuY9T6khinC3oMD63cVDmOYy0ltouEiEjgiwVO3x7v3lmo6SMGiuU2eYin-OxsQxrjp0QsXCtx8NDYZSKAm9TGsWsG_Hp2y1zai_0j646fivfwOmboz3TMid4uULtg9okCeGm6WpXfuwxlC5L8u87uVStvbMMBhYxlWj2LumpZtMNKq2WS8&sai=AMfl-YSqy4cE_ZbZETEmj_Xr2npAwSmL4YQhqiHkiFhpNCnTwh3ldCsxuD01VMe5CjMNxZFhsvSt-C5gT7BlX0ShHaz9yTg_lgeShPplM4_S2Mt_9cDX8wRv4QWw3zmBZde2CXDsltTrCLqMwrZMXiAo9N8PWlmlsZ0YBfbiNqwXqNNZoZvc89Izo5wWnTKlGsCJi24JcTugUrxrUgBU8Vwibs3xCssPQpF1xtPyijDwHyxxAcQUDW65zQpVBtU&sig=Cg0ArKJSzEgQr1lVACH4EAE&uach_m=[UACH]&pr=8:57B13E26F19F9F52&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=490&cbvp=1&cstd=474&cisv=r20230523.32132&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 26 May 2023 23:16:01 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 26 May 2023 23:16:01 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8171
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEBVaZon4vrEhR6pi1MM9WFI&google_cver=1&google_push=ATf1kGOzFwzuPcWOHR6DsIun98HD_TG6AQr8XQyGnz79pjTGmccn8qlSBD...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGOzFwzuPcWOHR6DsIun98HD_TG6AQr8XQyGnz79pjTGmccn8qlSBD5ifxXjMPqEBUO7R_6xPMBZ89KiiRguS8UIcjeyGe4lyw&google_hm=zMn3J4GD1y...

170 B
188 B

54ms
48ms

Image
image/png

172.217.18.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGOzFwzuPcWOHR6DsIun98HD_TG6AQr8XQyGnz79pjTGmccn8qlSBD5ifxXjMPqEBUO7R_6xPMBZ89KiiRguS8UIcjeyGe4lyw&google_hm=zMn3J4GD1ytU0IlqFqZdbA

Requested by

Protocol

Server

172.217.18.2 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGOzFwzuPcWOHR6DsIun98HD_TG6AQr8XQyGnz79pjTGmccn8qlSBD5ifxXjMPqEBUO7R_6xPMBZ89KiiRguS8UIcjeyGe4lyw&google_hm=zMn3J4GD1ytU0IlqFqZdbA
pragma: no-cache
date: Fri, 26 May 2023 23:16:00 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8171
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEGsEPjf_pCLDjovgoatDcIQ&google_cver=1&google_push=ATf1kGMT6EDi9mRUdSg8CFQEgjRawNsQEzvuwwNDvigdnaxzp6VsABIhh3YJZOERDc_D3rlXPdNktQw7BNJPMF...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIzNzYzMzkwMjMwMjY1NjY2Mg%3D%3D&google_push=ATf1kGMT6EDi9mRUdSg8CFQEgjRawNsQEzvuwwNDvigdnaxzp6VsABIhh3YJZOERDc_D3rlXPdNktQw7BNJPMFJX5v...

170 B
188 B

55ms
46ms

Image
image/png

172.217.18.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIzNzYzMzkwMjMwMjY1NjY2Mg%3D%3D&google_push=ATf1kGMT6EDi9mRUdSg8CFQEgjRawNsQEzvuwwNDvigdnaxzp6VsABIhh3YJZOERDc_D3rlXPdNktQw7BNJPMFJX5vK7j69jqagJ_Q

Requested by

Protocol

Server

172.217.18.2 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIzNzYzMzkwMjMwMjY1NjY2Mg%3D%3D&google_push=ATf1kGMT6EDi9mRUdSg8CFQEgjRawNsQEzvuwwNDvigdnaxzp6VsABIhh3YJZOERDc_D3rlXPdNktQw7BNJPMFJX5vK7j69jqagJ_Q
Date: Fri, 26 May 2023 23:16:00 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8171
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDYcypaQi0FuCPQX4F5on9A&google_cver=1&google_push=ATf1kGMjMuwE4l5G47Z1E_4TmaTO_vKOzUuFRFfhc4b1tIQ-vNyvDjD-2UMU7-JF9C78rvO15YP-64U7...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODI5MzQwMzk2MzY3NDg4ODI0Ng&google_push=ATf1kGMjMuwE4l5G47Z1E_4TmaTO_vKOzUuFRFfhc4b1tIQ-vNyvDjD-2UMU7-JF9C78rvO15YP-64...

170 B
188 B

51ms
49ms

Image
image/png

172.217.18.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODI5MzQwMzk2MzY3NDg4ODI0Ng&google_push=ATf1kGMjMuwE4l5G47Z1E_4TmaTO_vKOzUuFRFfhc4b1tIQ-vNyvDjD-2UMU7-JF9C78rvO15YP-64U7tH2uatwv2SCXJPvIok9evw

Requested by

Protocol

Server

172.217.18.2 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODI5MzQwMzk2MzY3NDg4ODI0Ng&google_push=ATf1kGMjMuwE4l5G47Z1E_4TmaTO_vKOzUuFRFfhc4b1tIQ-vNyvDjD-2UMU7-JF9C78rvO15YP-64U7tH2uatwv2SCXJPvIok9evw
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 8171 0
12 B 62ms
45ms Image
text/html 172.217.18.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lb3KvnOSPLfVmTuzjHEvuszlvr5w_DDbROdgZgwTNpXg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:00 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame F14C 22 KB
8 KB 47ms
39ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 227837
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 24 May 2023 07:58:43 GMT
expires: Thu, 23 May 2024 07:58:43 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 /
track.adform.net/csimpr/ Frame F8C5 35 B
588 B 28ms
17ms Ping
image/gif 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=60438886&csi=W-DwX_XqccrrdcJgxCXInNByCv-WrTxuM9C7Hr2UUiDrygPkIxxfk3fdPPCmHTpc7ggDs_WYyXrds9hooXhlT-LSFeXTyO4ccUAcIpDuM4QFtzIu6qnrWWma1uayWoxtUEaGkUHPawwFpeOo39ofM2MJDfeROK0-RyftabL-CrEbBzPKfOTaMgO8_7rsP1jj0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ye-mek.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://ye-mek.net
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 56816953.gif
s1.adform.net/Banners/56816953/ Frame F8C5 138 KB
138 KB 42ms
27ms Image
image/gif 37.157.2.247

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/56816953/56816953.gif?bv=2
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.247 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:15:52 GMT
last-modified: Wed, 21 Dec 2022 16:44:53 GMT
server: nginx
x-amz-request-id: tx000007c76d8464b085fca-00643d314d-3295d04c-default
etag: "354d800cef015b7264fce444fa9d0c29"
x-cache-status: STALE
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 140959

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 92DA 3 KB
4 KB 33ms
17ms Image
image/png 2606:4700:20::681a:71b

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.40/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:71b -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:01 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2209
x-guploader-uploadid: ADPycdvwP-NwgXqNEbyI2qkcz3h5-Ehsvrbo1BzPr2w5R7YEx4A4494G82MbZGb67-CgTESrTtVZjLf5PX4N9CeItuw
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
vary: Accept-Encoding
x-goog-generation: 1623242114099744
content-type: image/png
x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
cache-control: public, max-age=31536000, immutable
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3o9TZbXBmDZMalWCIPQQxuGy2VbJbEWX0LZ821e8lRInnQJ%2FARQ1g8%2B7fkD8RQyrFjFrUfGhQvMigoRTPHRAjIcYiTeFbZWM13LCv%2FqBrF6Xq%2B%2BjB3VOdrYg2Jd4sHXGkobjHfWA0j7AxiZG1SV4fMcv"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 7cd9b9326a281d9e-FRA
expires: Fri, 26 May 2023 22:42:23 GMT

GET
H3 200 frame.html
ad4m.at/ Frame 6DA1 2 KB
1 KB 24ms
19ms Document
text/html 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 107782
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 7cd9b9326ae42c19-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Fri, 26 May 2023 23:16:01 GMT
expires: Mon, 08 May 2023 00:16:30 GMT
last-modified: Thu, 25 Aug 2022 14:12:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=acUhYVcRdRZTjyXvfeZtJ4uZKiN%2FHGfQgg4mJl18ZXWEo44U09WJl91LauV5nVWNvel2iMvf6%2BXBDhQ4KmMkDbBTrM1%2BnZJeCkui0YosvMzq%2BzOw8qSlpRu7Sng1eWr9lQs%2BIJY%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 1676550659977.css
s0.2mdn.net/sadbundle/4323423352959208367/ Frame EC0F 9 KB
2 KB 49ms
46ms Stylesheet
text/css 2a00:1450:4001:803::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=F8hviuhgl8&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=F8hviuhgl8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Sat, 20 May 2023 02:04:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 594716
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2321
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 15:59:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 19 May 2024 02:04:05 GMT

GET
H3 200 Enabler_01_247.js
s0.2mdn.net/879366/ Frame EC0F 118 KB
40 KB 49ms
47ms Script
text/javascript 2a00:1450:4001:803::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=F8hviuhgl8&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=F8hviuhgl8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 07:18:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57435
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 27 May 2023 07:18:46 GMT

GET
H3 200 1676550659977.js
s0.2mdn.net/sadbundle/4323423352959208367/ Frame EC0F 20 KB
5 KB 54ms
51ms Script
application/x-javascript 2a00:1450:4001:803::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=F8hviuhgl8&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/index.html?e=69&leftOffset=0&topOffset=0&c=F8hviuhgl8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Sat, 20 May 2023 15:53:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 544949
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5491
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 15:59:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 19 May 2024 15:53:32 GMT

GET
H/1.1 200
OK e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/epv/ Frame D991 208 B
575 B 148ms
72ms Document
application/javascript 145.239.193.130

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=17458800004130100951403012337006&gdpr=1&gdpr_consent=li

Requested by

Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request.php?zone=s2gk7r78n0fa&nw=20&renderingType=javascript&namespace=0c3c1f7ea3&subid=&uid=2c60ada42e423bb0&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DJP4Z2Ple_TxQQIMX738sBw%26exch_seat%3D20035004448%26mt_aid%3D7580687026137846565%26mt_id%3D6622335%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_cid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCVsgxrz1xZI61D5eSgQfS67PgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBIoCT9ARBgBF19YGg8nKqKnOoNolh35SJ8m6X_cjtXTI7L-_a_C_kXNpro93Tgt4ZMTPxqzcBAaQExHQuXHXGBIuZIvsrQIvU2sAXX1gqx2BrBnZCsnNrNo5V-D-E61fkV8jF5GbJnAqjmjUkl3x4xq0pvLRrCVt9QYi_D_X51O_FrO2RkkCSTWpZSQEMBKPyGMLw1wObPtOzCESwmXAqArHns20eP5E1IOkqCd_pxL6FvBJZmi2p_orMcz2WIVK2Dsxd4n87evZT_FVmpt-7DSN8akRMz1OJML0JstNwrTL3p--WzESuJgDT2tBp87SBBHJ-QJAXEZtU3eZrCx48NbJ4Xa2cKs4OT6gH5bgBAGABoznzbbVuJuN0gGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA8ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2-Lx31OYefb5JndwKCUkF-9gUF_A%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fc9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=4731892055078&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 -, , ASN (),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 208
Content-Type: application/javascript; charset=utf-8
Date: Fri, 26 May 2023 23:16:01 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40028
X-IPLB-Request-ID: B9D59BA1:D4B4_91EFC182:01BB_64713DB1_ECE6A02:E32F

GET
H2 200 /
adv.office-partner.de/ Frame 858E 930 B
931 B 96ms
3ms Document
text/html 2a0b:4d07:101::1

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request.php?zone=s2gk7r78n0fa&nw=20&renderingType=javascript&namespace=0c3c1f7ea3&subid=&uid=2c60ada42e423bb0&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DJP4Z2Ple_TxQQIMX738sBw%26exch_seat%3D20035004448%26mt_aid%3D7580687026137846565%26mt_id%3D6622335%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_cid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCVsgxrz1xZI61D5eSgQfS67PgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBIoCT9ARBgBF19YGg8nKqKnOoNolh35SJ8m6X_cjtXTI7L-_a_C_kXNpro93Tgt4ZMTPxqzcBAaQExHQuXHXGBIuZIvsrQIvU2sAXX1gqx2BrBnZCsnNrNo5V-D-E61fkV8jF5GbJnAqjmjUkl3x4xq0pvLRrCVt9QYi_D_X51O_FrO2RkkCSTWpZSQEMBKPyGMLw1wObPtOzCESwmXAqArHns20eP5E1IOkqCd_pxL6FvBJZmi2p_orMcz2WIVK2Dsxd4n87evZT_FVmpt-7DSN8akRMz1OJML0JstNwrTL3p--WzESuJgDT2tBp87SBBHJ-QJAXEZtU3eZrCx48NbJ4Xa2cKs4OT6gH5bgBAGABoznzbbVuJuN0gGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA8ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2-Lx31OYefb5JndwKCUkF-9gUF_A%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fc9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=4731892055078&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 -, , ASN (),
Reverse DNS
Software: keycdn-engine /
Resource Hash

Request headers

Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Fri, 26 May 2023 23:16:01 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Fri, 02 Jun 2023 23:16:01 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2 200 link.html
track.webgains.com/ Frame E51B 2 KB
2 KB 155ms
74ms Script
text/html 18.169.125.16

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=17458800004130100951403012337006&nw=1
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.169.125.16 -, , ASN (),
Reverse DNS
Software: nginx / PHP/7.4.26
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:01 GMT
last-modified: Fri, 26 May 2023 23:16:01 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Fri, 26 May 2023 23:17:01 GMT

GET
H/1.1 200
OK request_content.php
hal90006.redintelligence.net/ Frame 3912 7 KB
3 KB 67ms
14ms Document
text/html 138.201.63.164

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90006.redintelligence.net/request_content.php?s=17458800004130100951403012337006&a=2b35cfd5
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request.php?zone=s2gk7r78n0fa&nw=20&renderingType=javascript&namespace=0c3c1f7ea3&subid=&uid=2c60ada42e423bb0&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DJP4Z2Ple_TxQQIMX738sBw%26exch_seat%3D20035004448%26mt_aid%3D7580687026137846565%26mt_id%3D6622335%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_cid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCVsgxrz1xZI61D5eSgQfS67PgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwGqBIoCT9ARBgBF19YGg8nKqKnOoNolh35SJ8m6X_cjtXTI7L-_a_C_kXNpro93Tgt4ZMTPxqzcBAaQExHQuXHXGBIuZIvsrQIvU2sAXX1gqx2BrBnZCsnNrNo5V-D-E61fkV8jF5GbJnAqjmjUkl3x4xq0pvLRrCVt9QYi_D_X51O_FrO2RkkCSTWpZSQEMBKPyGMLw1wObPtOzCESwmXAqArHns20eP5E1IOkqCd_pxL6FvBJZmi2p_orMcz2WIVK2Dsxd4n87evZT_FVmpt-7DSN8akRMz1OJML0JstNwrTL3p--WzESuJgDT2tBp87SBBHJ-QJAXEZtU3eZrCx48NbJ4Xa2cKs4OT6gH5bgBAGABoznzbbVuJuN0gGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA8ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2-Lx31OYefb5JndwKCUkF-9gUF_A%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fc9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=4731892055078&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2213
Content-Type: text/html; charset=utf-8
Date: Fri, 26 May 2023 23:16:01 GMT
Expires: Sat, 27 May 2023 00:16:01 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame E51B
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=17458800004130100951403012337006&gdpr=1&gdpr_consent=li
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=17458800004130100951403012337006&gdpr=1&gdpr_consent=li
https://ad-server.eu/wm/pb/native.png

68 B
312 B

402ms
28ms

Image
image/png

54.76.176.197

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Server: 54.76.176.197 -, , ASN (),
Reverse DNS
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:17:56 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Fri, 26 May 2023 23:16:01 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: B9D59BA1:D4B4_91EFC182:01BB_64713DB1_ECE6A04:E32F
X-IPLB-Instance: 40028
Content-Type: application/go
Location: https://ad-server.eu/wm/pb/native.png
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame E51B 43 B
702 B 102ms
37ms Image
image/gif 104.102.45.165

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2874697&v=22610&q=408799&r=296283&pref1=17458800004130100951403012337006&pv=1

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.102.45.165 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 26 May 2023 23:16:01 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1

200
OK

inv.gif
img.tradedoubler.com/images/ Frame E51B
Redirect Chain

https://impfr.tradedoubler.com/imp?type(inv)g(24495172)a(1565155)epi(17458800004130100951403012337006)443468054
https://img.tradedoubler.com/images/inv.gif

43 B
621 B

490ms
8ms

Image
image/gif

13.224.189.92

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.tradedoubler.com/images/inv.gif

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Server

13.224.189.92 -, , ASN (),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Fri, 26 May 2023 08:15:43 GMT
Via: 1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA2-C1
Age: 149667
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 19 Nov 2004 15:35:04 GMT
Server: Apache
Content-Type: image/gif
Accept-Ranges: bytes
X-Amz-Cf-Id: qYOMaTIER7U9Di_YjOjZQEGKiMfB5Py_OhkN9CZfqeoRU5ezef-jHg==

Redirect headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:00 GMT
via: 1.1 google
referrer-policy: origin
server: TXServerHttp
p3p: policyref="http://tracker.tradedoubler.com/w3c/p3p.xml",CP="NOI DSP COR NID CUR OUR NOR"
location: https://img.tradedoubler.com/images/inv.gif
access-control-allow-origin: *
content-type: text/html; charset=ISO-8859-1
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 248

GET
H/1.1 200
OK iframe
sync.mathtag.com/sync/ Frame D6B3 675 B
793 B 54ms
18ms Document
text/html 185.29.134.248

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.mathtag.com/sync/iframe?mt_uuid=3c576471-3db0-4501-a31d-c8cce6968c79&no_iframe=1&synclist=4&mt_lim=1&type=1&source=bidder
Requested by: Host: sync.mathtag.com
URL: https://sync.mathtag.com/sync/js?sync=auto&source=bidder&mt_lim=1&type=1&synclist=4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.248 -, , ASN (),
Reverse DNS
Software: MT3 851 9bd98ae master cdg-pixel-x28 config_version:"unknown" /
Resource Hash

Request headers

Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: close
Content-Encoding: gzip
Content-Type: text/html
Date: Fri, 26 May 2023 23:16:01 GMT
Expires: Fri, 26 May 2023 23:16:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 851 9bd98ae master cdg-pixel-x28 config_version:"unknown"

GET
H3 200 cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 823F 1 KB
643 B 54ms
42ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 45745
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 26 May 2023 10:33:36 GMT
etag: 48472445140208031
expires: Sat, 27 May 2023 10:33:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 256A 0
0 86ms
75ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsveAoGYEzNQSzxb97r5PuOqOG4M4GdrDaLuHheCQ2G6K8CRyxTcEpYbynArXIn02bM2SfnQwfEcVaGtxFn31fXX0Itp55XrFycGd6NRoYSgUzT72F6HcUzhbM3gBYBksFoISC4AwvPRIa3nhbJQAVAZw8PthQTV_GmzgWL_0_xli4mwqiI-GP3F6FsFmgZXacv5MkmxezQZE-Nqop54W3gzInU54LJ4OmlzsJbcGWv_u7uibdbtLB13eEvjdW_EfMO37SD7I_Ipy1lpDjT0aoZ5wnDCswSL-P7rIoTcFYo6xKwvAqlHNaXCvXeUMjft1wk3UbGtR5VxP1bNkUStiIxpyXSXTzhGyKEYNZXE8TIzrJajUXfEVw&sai=AMfl-YTMgzF_N23bcVNqoeQdnZO7-ykJbiyg4sLnbn3pQyx0ml5MQ6D84YWyXPAgpnPSSAgdV_D8OHWmBwI5WTX71cyYCsmqcvlCiQmQaOTpD44&sig=Cg0ArKJSzNxMdwx9BKOVEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 26 May 2023 23:16:01 GMT

GET
H3 200 sodar
pagead2.googlesyndication.com/getconfig/ Frame 256A 14 KB
11 KB 74ms
62ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230523&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11170
x-xss-protection: 0

GET
H/1.1 200
OK img
sync.mathtag.com/comp/ Frame E51B 0
517 B 63ms
22ms Image
image/gif 185.29.134.248

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=0
Requested by: Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.248 -, , ASN (),
Reverse DNS
Software: MT3 851 9bd98ae master cdg-pixel-x33 config_version:"unknown" /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:16:01 GMT
Server: MT3 851 9bd98ae master cdg-pixel-x33 config_version:"unknown"
Content-Type: image/gif
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 26 May 2023 23:16:00 GMT

POST
H3 200 rs
ad4m.at/ Frame 905F 2 KB
2 KB 54ms
50ms XHR
text/plain 2606:4700:20::ac43:4a81

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 26 May 2023 23:16:01 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1MGSkhAqE6QENfc%2FI0XS2lMkFl5l%2Bd0j87YahrfiAMkzj70cmmQR2M4zgOrCGI9Jj5QN4dibQM%2F%2Bb1QI%2FxsjNsTQWJcT54%2BGPPnrwVe63ogVwQIBeKE4aMCpYQeKFdoO0Bpinww%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 7cd9b936af083a6d-FRA
x-backend-server: aa-reachservice-group-europe-west1-22mg
alt-svc: h3=":443"; ma=86400

GET
H3 200 cHrP8GR4WD3-4SafWKd0oRFewpEF611yDaZvldToCrs.js
pagead2.googlesyndication.com/bg/ Frame F14C 37 KB
14 KB 44ms
39ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cHrP8GR4WD3-4SafWKd0oRFewpEF611yDaZvldToCrs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 25 May 2023 02:30:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 161160
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14642
x-xss-protection: 0
last-modified: Mon, 15 May 2023 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 24 May 2024 02:30:01 GMT

GET
DATA 200
OK truncated
/ Frame E51B 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 3912 5 KB
1 KB 543ms
32ms Stylesheet
text/css 2a00:1450:4001:82b::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=17458800004130100951403012337006&a=2b35cfd5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 26 May 2023 23:16:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 26 May 2023 21:18:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 26 May 2023 23:16:01 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 3912 62 KB
62 KB 165ms
127ms Image
image/png 138.201.64.38

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=240&height=125&url=https://cdn.contentspread.net/24i/advertiser/23333/creativesup/1200x627_Matthias.jpg
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=17458800004130100951403012337006&a=2b35cfd5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:16:01 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 63448
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 3912 66 KB
66 KB 42ms
16ms Image
image/png 138.201.64.38

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=240&height=125&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=17458800004130100951403012337006&a=2b35cfd5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:16:01 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 3912 56 KB
56 KB 44ms
17ms Image
image/png 138.201.64.38

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=240&height=125&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=17458800004130100951403012337006&a=2b35cfd5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:16:01 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 57465
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 3912 62 KB
63 KB 43ms
17ms Image
image/png 138.201.64.38

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=240&height=125&url=https://cdn.contentspread.net/24i/advertiser/59171/creativesup/vega-1200x627.jpg
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=17458800004130100951403012337006&a=2b35cfd5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:16:01 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 63850
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 5ed7702fe4b07a92411bc03e
ng2.virgul.com/tck/imp/ Frame 6C31 0
209 B 47ms
46ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7702fe4b07a92411bc03e?g=1&t=gb&r=153378@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1685142958007&userId=vnet55bff539-6bd9-463f-ad04-3c780b66c4bb
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 26 May 2023 23:16:01 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H/1.1 200
OK e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/epv/ Frame 1D5F 208 B
0 100ms
100ms Document
application/javascript 145.239.193.130

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=63574300002816900951389012337011&gdpr=1&gdpr_consent=li

Requested by

Host: hal900011.redintelligence.net
URL: https://hal900011.redintelligence.net/request.php?zone=ajk4xlebn4mw&nw=20&renderingType=javascript&namespace=56923d16de&subid=&uid=23e87f7de0b1ce9f&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D1DcNeTzTU7TVou8SBh-S1Q%26exch_seat%3D20035004448%26mt_aid%3D8733608530744681479%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_cid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCAL8Mrz1xZL-6EJmDx_AP8fK0sAvPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMBqgScAk_QNoOH2HvZfl4QUAEnHkjhSw9rdzaZhnQwcXsJ7zIXcX8-YW-9aAtqrJATOJtfrcbii2hPEusgTdw2JlgZ3z6FycSHurYNTFe1y0DZ2kqY-XxZp9xDCIduyWjgG3x-aZDnVHBTCxkuD5SLeUjHveHI12ca10q2a8pAS6ADUDZ3-uysYzdpXQrbw4JDEwqH9Z_f3ETFEgX47RCfF_UyVoMNm9UzLyTdUvCu8EqvlCpAse9GAASAZhjFwjU3qPh23qLIxaGcBBuDA615ZVd5UwHkNdamLJujevTdtYaR2oZ77iRikb5HQQEzlIoigFYYPF8ipu0kDZomNAINPJlS0gz9OycAEiSg33sCP6QEzoCNyLPtk3hfndQBW4-a4AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3ypWE76_gw6C0L5bnTUcTAQWmPUw%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fc9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=6611146666657&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 -, , ASN (),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 208
Content-Type: application/javascript; charset=utf-8
Date: Fri, 26 May 2023 23:16:01 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40028
X-IPLB-Request-ID: B9D59BA1:D4B6_91EFC182:01BB_64713DB1_ECE6A0D:E32F

GET
H2 200 /
adv.office-partner.de/ Frame 39FC 930 B
0 8ms
8ms Document
text/html 2a0b:4d07:101::1

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900011.redintelligence.net
URL: https://hal900011.redintelligence.net/request.php?zone=ajk4xlebn4mw&nw=20&renderingType=javascript&namespace=56923d16de&subid=&uid=23e87f7de0b1ce9f&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D1DcNeTzTU7TVou8SBh-S1Q%26exch_seat%3D20035004448%26mt_aid%3D8733608530744681479%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_cid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCAL8Mrz1xZL-6EJmDx_AP8fK0sAvPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMBqgScAk_QNoOH2HvZfl4QUAEnHkjhSw9rdzaZhnQwcXsJ7zIXcX8-YW-9aAtqrJATOJtfrcbii2hPEusgTdw2JlgZ3z6FycSHurYNTFe1y0DZ2kqY-XxZp9xDCIduyWjgG3x-aZDnVHBTCxkuD5SLeUjHveHI12ca10q2a8pAS6ADUDZ3-uysYzdpXQrbw4JDEwqH9Z_f3ETFEgX47RCfF_UyVoMNm9UzLyTdUvCu8EqvlCpAse9GAASAZhjFwjU3qPh23qLIxaGcBBuDA615ZVd5UwHkNdamLJujevTdtYaR2oZ77iRikb5HQQEzlIoigFYYPF8ipu0kDZomNAINPJlS0gz9OycAEiSg33sCP6QEzoCNyLPtk3hfndQBW4-a4AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3ypWE76_gw6C0L5bnTUcTAQWmPUw%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fc9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=6611146666657&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 -, , ASN (),
Reverse DNS
Software: keycdn-engine /
Resource Hash

Request headers

Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Fri, 26 May 2023 23:16:01 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Fri, 02 Jun 2023 23:16:01 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2 200 link.html
track.webgains.com/ Frame C980 2 KB
2 KB 75ms
72ms Script
text/html 18.169.125.16

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=63574300002816900951389012337011&nw=1
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.169.125.16 -, , ASN (),
Reverse DNS
Software: nginx / PHP/7.4.26
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:01 GMT
last-modified: Fri, 26 May 2023 23:16:01 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Fri, 26 May 2023 23:17:01 GMT

GET
H/1.1 200
OK request_content.php
hal900011.redintelligence.net/ Frame 8625 7 KB
0 51ms
25ms Document
text/html 138.201.64.38

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900011.redintelligence.net/request_content.php?s=63574300002816900951389012337011&a=168bc11c
Requested by: Host: hal900011.redintelligence.net
URL: https://hal900011.redintelligence.net/request.php?zone=ajk4xlebn4mw&nw=20&renderingType=javascript&namespace=56923d16de&subid=&uid=23e87f7de0b1ce9f&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D1DcNeTzTU7TVou8SBh-S1Q%26exch_seat%3D20035004448%26mt_aid%3D8733608530744681479%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_cid%3D3c576471-3db0-4501-a31d-c8cce6968c79%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCAL8Mrz1xZL-6EJmDx_AP8fK0sAvPh46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi03OTgzNjUxMjU3ODM4MjgyyAEJ4AIAqAMBqgScAk_QNoOH2HvZfl4QUAEnHkjhSw9rdzaZhnQwcXsJ7zIXcX8-YW-9aAtqrJATOJtfrcbii2hPEusgTdw2JlgZ3z6FycSHurYNTFe1y0DZ2kqY-XxZp9xDCIduyWjgG3x-aZDnVHBTCxkuD5SLeUjHveHI12ca10q2a8pAS6ADUDZ3-uysYzdpXQrbw4JDEwqH9Z_f3ETFEgX47RCfF_UyVoMNm9UzLyTdUvCu8EqvlCpAse9GAASAZhjFwjU3qPh23qLIxaGcBBuDA615ZVd5UwHkNdamLJujevTdtYaR2oZ77iRikb5HQQEzlIoigFYYPF8ipu0kDZomNAINPJlS0gz9OycAEiSg33sCP6QEzoCNyLPtk3hfndQBW4-a4AQBgAa-1Nb82ZronagBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPIIG2FkeC1zdWJzeW4tNzI3NTUyODQ1MzE2MjMwOfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3ypWE76_gw6C0L5bnTUcTAQWmPUw%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fc9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=6611146666657&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2086
Content-Type: text/html; charset=utf-8
Date: Fri, 26 May 2023 23:16:01 GMT
Expires: Sat, 27 May 2023 00:16:01 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame C980
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=63574300002816900951389012337011&gdpr=1&gdpr_consent=li
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=63574300002816900951389012337011&gdpr=1&gdpr_consent=li
https://ad-server.eu/wm/pb/native.png

68 B
312 B

318ms
30ms

Image
image/png

54.76.176.197

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Server: 54.76.176.197 -, , ASN (),
Reverse DNS
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:17:56 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Fri, 26 May 2023 23:16:01 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: B9D59BA1:D4B6_91EFC182:01BB_64713DB1_ECE6A05:E32F
X-IPLB-Instance: 40028
Content-Type: application/go
Location: https://ad-server.eu/wm/pb/native.png
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1

200
OK

inv.gif
img.tradedoubler.com/images/ Frame C980
Redirect Chain

https://impfr.tradedoubler.com/imp?type(inv)g(24495172)a(1565155)epi(63574300002816900951389012337011)620649888
https://img.tradedoubler.com/images/inv.gif

43 B
621 B

410ms
9ms

Image
image/gif

13.224.189.92

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.tradedoubler.com/images/inv.gif

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Server

13.224.189.92 -, , ASN (),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Fri, 26 May 2023 08:15:43 GMT
Via: 1.1 adb1b226e6965f6206603ba087bd4a0a.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA2-C1
Age: 149667
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 19 Nov 2004 15:35:04 GMT
Server: Apache
Content-Type: image/gif
Accept-Ranges: bytes
X-Amz-Cf-Id: k0F1cUL83r09i0UqQMWOMnJikrhMepJA0EFYbr5OfIkbSRZGq1wrtw==

Redirect headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:00 GMT
via: 1.1 google
referrer-policy: origin
server: TXServerHttp
p3p: policyref="http://tracker.tradedoubler.com/w3c/p3p.xml",CP="NOI DSP COR NID CUR OUR NOR"
location: https://img.tradedoubler.com/images/inv.gif
access-control-allow-origin: *
content-type: text/html; charset=ISO-8859-1
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 248

GET
H3 200 sodar2.js
tpc.googlesyndication.com/sodar/ Frame 256A 17 KB
6 KB 58ms
51ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 26 May 2023 23:16:01 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/4323423352959208367/ Frame EC0F 3 KB
1 KB 51ms
47ms Image
image/svg+xml 2a00:1450:4001:803::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4323423352959208367/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 24 May 2023 19:33:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 186167
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1365
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 15:59:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 May 2024 19:33:14 GMT

GET
H3 200 cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 8090 1 KB
0 93ms
39ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 45745
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 26 May 2023 10:33:36 GMT
etag: 48472445140208031
expires: Sat, 27 May 2023 10:33:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C980 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pvClk.min.js
analytics.webgains.io/ Frame E51B 85 KB
31 KB 376ms
16ms Script
text/javascript 18.66.147.98

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=17458800004130100951403012337006&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.98 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 22:08:06 GMT
content-encoding: gzip
via: 1.1 77517a7f5d9094d359ba5186c3bda1e6.cloudfront.net (CloudFront)
last-modified: Wed, 15 Mar 2023 17:26:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 4076
etag: W/"876c293e6c37046ecb0c11ce2e276942"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: FGK4uh_x3a2j3KPcipYhle1TzMrV6_AzoBZBac7bgWRZgYij5m7_sg==

GET
H2 200 1x1_0.png
cdn.track.production.webgains.team/7121/ Frame E51B 3 KB
3 KB 415ms
0ms Image
image/png 99.86.4.36

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1685143261&Signature=PaPk-sIGUXiW4Rmb9zfaK0vy7s3fuBpey4E614zzCEBHNtRY0ZcjYRCMq11GytCnc2t2o4xOvn3JW20B1CZ2JYks5~BKFhabOQcBafZIN81s~1xVPdc4xzugBPTvLVIXHiHUtrJMt4p7dfgbB9FIgvET6XnJwWZgXFWo1qUMK1fl32RHFApHVtei3ZmglR~koAVuPXrerWdKUsyqfyZ~jgQCEA6ECS6CAMemOu3NmI5Ra17~JvLmWMDxa9TjijZDaoQjspjb2B5~L8zQNX5fyVtiSILGw6AIeP4LFEK9Uta9qI2cMRuXd1vTXHC~ISx11IG2wFyZe7RXJRACm8UNkQ__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.36 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: null
date: Fri, 26 May 2023 05:49:12 GMT
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 62810
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: ndPAhZ1hrxcQiLhJ9TNXsrSzh_0eGVWNtKuz2YuLrAGYNIElG-leAg==

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 197C 0
0 82ms
75ms Fetch
image/gif 142.250.186.34

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvyzUtUspKcL_uI5UqVip6gqB6Afw5hrKoqBdawV4lmmaMGlki1SY6aHnUFx9dX5H52szGzInqt_SGomFe4YQAelqiBetXfAzFcz3r1LP8DaJp_7ACd3nH3dv8KzIfoMy3miFUvwSaB2ooyfQvFbvBjbdJI6XNX-5V32jxYfy9r3PmAsmvxCZo_UaKmh0qfnHbhdmolvx87rXXWbek_jcv_A_2wl_n9NrIp7dH08Cfywf3PoDLnk9Z-FRcXfey4opQzrEjiOFymyyEo8pJ35-WAv9v5zQEEgq7fZEWPuWrl_4IasOYqeaw7HWlX-Vitrrerb9_a6ZWpPNCyhSdkOIGyCOjzewtV170PNIrE4o0wUpKQOu2fGqX94R5LngXBk-QdlN2_Lts1S9DaVZvAzbXQN-SarWH21Ux-eJTdo8erWTcva8Ta1gsleSN0ANFAqsNgZzNPqEGkNZiQ3LXu8eN0EwUYgakaiitFwZdUYGV6vaUY33Z9ydR56DKaS1Fz7usJHIZsRn17LV44ojnOKG57C1QQq8_zWp1dcTSS3pXDtTJICEFlftdFew42zEjhKcAncaV-Ev6CC5cCRoZdV0y0V80nZt3vQYHCx_PdxXKCE7u64nQb68qU0T9HURphpEK2Qb1QikeAdC-MIHBvDpPBBS84-TzegVzatYwfthFEPkedEUolCy5M-s1iFyFHqxFeWXp0pdNmYR3gp-8k-4ry2eTkrL4N6zSoPAPRNrt3TMav6WNbjdLtxnJh6LdVi2jURHtSqPYzvYx-Hgq3kiLKSkDKSzWgQwQJ5G8_aX1ZkA4uRVC7ekB5QFaqrdNL8-smj0wgk-rmDrmwkYN0c6AKEeDjFVa17DpH549yazrD0yOg-2YxfpcrfiqunMrL0jIoMIHt70wpcI2-ONrap20Etg1YM78tkFhq59g2aDiKLcQCxx3xr13-VmMvR7u4ZfP2hK4PW7zbHGMd8UBRyXgNXD0x1L7iWlustO9wmiwyqK7QtIfuQaKRGwhEjaiqTrCTl6llPyf5JAkdJIpsPX1uRV7g9eHCv29qzS9UcDVDFuY9T6khinC3oMD63cVDmOYy0ltouEiEjgiwVO3x7v3lmo6SMGiuU2eYin-OxsQxrjp0QsXCtx8NDYZSKAm9TGsWsG_Hp2y1zai_0j646fivfwOmboz3TMid4uULtg9okCeGm6WpXfuwxlC5L8u87uVStvbMMBhYxlWj2LumpZtMNKq2WS8&sai=AMfl-YSqy4cE_ZbZETEmj_Xr2npAwSmL4YQhqiHkiFhpNCnTwh3ldCsxuD01VMe5CjMNxZFhsvSt-C5gT7BlX0ShHaz9yTg_lgeShPplM4_S2Mt_9cDX8wRv4QWw3zmBZde2CXDsltTrCLqMwrZMXiAo9N8PWlmlsZ0YBfbiNqwXqNNZoZvc89Izo5wWnTKlGsCJi24JcTugUrxrUgBU8Vwibs3xCssPQpF1xtPyijDwHyxxAcQUDW65zQpVBtU&sig=Cg0ArKJSzEgQr1lVACH4EAE&uach_m=[UACH]&pr=8:57B13E26F19F9F52&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=882&vt=11&dtpt=392&dett=3&cstd=474&cisv=r20230523.32132&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 26 May 2023 23:16:01 GMT

POST
H3 200 rs
ad4m.at/ Frame 92DA 1 KB
2 KB 34ms
29ms XHR
text/plain 2606:4700:20::ac43:4a81

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 26 May 2023 23:16:01 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SJ%2BqqZbTmQFQViuCl%2FMdckkHaVOBRrlr%2Fc5IOheUPid4M8r9GkvsXDE8yRxGw7MYgmVPuELRTONP7%2B0vmWtkEFEhZZ4C1GhkkxiYBkhGqMXCwaowN9mkeEAKr12iuSYfSbuTW9I%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 7cd9b936af093a6d-FRA
x-backend-server: aa-reachservice-group-europe-west1-22mg
alt-svc: h3=":443"; ma=86400

GET
H2 200 webfont.js
ajax.googleapis.com/ajax/libs/webfont/1/ Frame EC0F 13 KB
0 40ms
37ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4323423352959208367/1676550659977.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Sat, 20 May 2023 19:03:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 533570
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 May 2024 19:03:11 GMT

GET sodar
pagead2.googlesyndication.com/getconfig/ Frame EC0F 0
0

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 7470 42 B
64 B 76ms
75ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst0VNYdugoGutnsUjw00WiSTlvukUhhnfODzTUr-COSQDZWrUpj1JIDX0NfPYyZOd1PVqDa0UqhTeH5qMK_FKSsg825aZfcDczTBdb5YDmv__8JCyxz&sig=Cg0ArKJSzARSJs1aI4O7EAE&id=lidar2&mcvt=1000&p=0,0,604,300&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&v=20230524&bin=7&avms=nio&bs=0,0&mc=0.53&if=1&vu=1&app=0&itpl=19&adk=3203893797&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1685142959586&rpt=791&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca
choices.trustarc.com/ Frame 7470 6 KB
3 KB 185ms
14ms Script
text/javascript 52.222.214.123

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.trustarc.com/ca?aid=tradedesk01&pid=tradedesk01&cid=46h40h0_ji7q872_21d7ybe9&w=300&h=600&c=tradedesk01cont1&js=pmw1&base=te-clr1-b27934eb-edca-4ca1-b80d-6dd497a8c8d6&sid=0

Requested by

Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=tradedesk01&aid=tradedesk01&cid=46h40h0_ji7q872_21d7ybe9&c=tradedesk01cont1&js=pmw0&w=300&h=600&sid=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.123 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 20:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 63f629236e2f93bf1af732a50e42e586.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
x-amz-cf-pop: FRA56-P3
cross-origin-embedder-policy: unsafe-none
age: 11433
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 2382
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: zq68QZEYV88MgJ4-dWvBbw4Od0OpLV2nklRckCbg4rWO4vwINR920g==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca
choices.trustarc.com/ Frame 7470 38 KB
12 KB 187ms
15ms Script
text/javascript 52.222.214.123

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.trustarc.com/ca?aid=tradedesk01&pid=tradedesk01&cid=46h40h0_ji7q872_21d7ybe9&w=300&h=600&c=tradedesk01cont1&js=pmw2

Requested by

Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=tradedesk01&aid=tradedesk01&cid=46h40h0_ji7q872_21d7ybe9&c=tradedesk01cont1&js=pmw0&w=300&h=600&sid=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.123 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 13:57:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 63f629236e2f93bf1af732a50e42e586.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
x-amz-cf-pop: FRA56-P3
cross-origin-embedder-policy: unsafe-none
age: 33514
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: GFUrO-JbfeIaPADHY2g33eCtfX0DDO-OkyOhjkZFZ2Dcv2Ue7MwRBg==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ Frame 7470 43 B
1021 B 274ms
103ms Image
image/gif 52.222.214.123

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://choices.trustarc.com/cap?aid=tradedesk01&pid=tradedesk01&cid=46h40h0_ji7q872_21d7ybe9&w=300&h=600&c=6cbf

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.123 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
via: 1.1 63f629236e2f93bf1af732a50e42e586.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Origin
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: O-gOYbdlxcopRsgCqZ8aRZTwmoYHzzDiEzwW2rxqOizgOlC8DHUY8Q==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 5ed7638be4b07a92411bbffe
ng.virgul.com/tck/i_vb2/ Frame 6C31 0
209 B 70ms
66ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed7638be4b07a92411bbffe?l=&r=153366@site_geneli@yemek_net:site_geneli&cs=1685142961514&userId=vnet55bff539-6bd9-463f-ad04-3c780b66c4bb
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 26 May 2023 23:16:01 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed76f76e4b07a92411bc03a
ng.virgul.com/tck/i_vb2/ Frame 6C31 0
209 B 69ms
66ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed76f76e4b07a92411bc03a?l=&r=153377@site_geneli@yemek_net:site_geneli&cs=1685142961515&userId=vnet55bff539-6bd9-463f-ad04-3c780b66c4bb
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 26 May 2023 23:16:01 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771bae4b07a92411bc04c
ng.virgul.com/tck/i_vb2/ Frame 6C31 0
209 B 69ms
67ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771bae4b07a92411bc04c?l=&r=153382@site_geneli@yemek_net:site_geneli&cs=1685142961515&userId=vnet55bff539-6bd9-463f-ad04-3c780b66c4bb
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 26 May 2023 23:16:01 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771e3e4b07a92411bc04e
ng.virgul.com/tck/i_vb2/ Frame 6C31 0
209 B 68ms
65ms Image
text/plain 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771e3e4b07a92411bc04e?l=&r=153383@site_geneli@yemek_net:site_geneli&cs=1685142961515&userId=vnet55bff539-6bd9-463f-ad04-3c780b66c4bb
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 26 May 2023 23:16:01 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 501ms
53ms Preflight
text/plain 2606:4700:20::ac43:4a81

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7cd9b9363eb03a6d-FRA
content-length: 24
content-type: text/plain
date: Fri, 26 May 2023 23:16:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OrXK%2BoNX1epGs9T%2Bbh19mBEFqDVZzyIQcAlX3aSiV%2FE93BCTT6a4sKoSd2tgwb%2BwaQHrmnl3m89b%2Bdm1MDV4elaW%2BEdB%2Fs4fVwCjrMMxaq8GVM1QlE0zKfArUN6SgAMHXFkOUBE%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-22mg

GET
H2 200 gtm.js
www.googletagmanager.com/ Frame 858E 110 KB
0 49ms
48ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:01 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43297
x-xss-protection: 0
last-modified: Fri, 26 May 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 26 May 2023 23:16:01 GMT

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 382ms
54ms Preflight
text/plain 2606:4700:20::ac43:4a81

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7cd9b9363eaf3a6d-FRA
content-length: 24
content-type: text/plain
date: Fri, 26 May 2023 23:16:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p%2BlH0QQ%2Fn8Q0KmbOReaEiMUQYRApQsBZfkqGp6NDT0zm3jlWvp1DrBV%2BOEdXBQtx4vaAS0IK036W3y3vOtObkeVF2LsdgDYi2IxhYMV9srN6vO0didvmO4KUKfUvj%2BujDsalVRk%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-22mg

GET
H/1.1 200
OK img
sync.mathtag.com/comp/ Frame D6B3 0
517 B 19ms
18ms Image
image/gif 185.29.134.248

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=0
Requested by: Host: sync.mathtag.com
URL: https://sync.mathtag.com/sync/iframe?mt_uuid=3c576471-3db0-4501-a31d-c8cce6968c79&no_iframe=1&synclist=4&mt_lim=1&type=1&source=bidder
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.248 -, , ASN (),
Reverse DNS
Software: MT3 851 9bd98ae master cdg-pixel-x14 config_version:"unknown" /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.mathtag.com/sync/iframe?mt_uuid=3c576471-3db0-4501-a31d-c8cce6968c79&no_iframe=1&synclist=4&mt_lim=1&type=1&source=bidder
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 26 May 2023 23:16:01 GMT
Server: MT3 851 9bd98ae master cdg-pixel-x14 config_version:"unknown"
Content-Type: image/gif
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 26 May 2023 23:16:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 823F 70 B
264 B 45ms
34ms Image
image/gif 15.197.193.217

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEJDs_9H97shsNWLRQ_VpgzQ&google_cver=1&google_push=ATf1kGPkeEFPXuyl23tGDBzSqOm8Bx2krJr-SRNDPZ_JQlzimnlPidE4xQTMF24Fq0axwr513r4cojH1SQkWl3rTTy7alj5LQus
Requested by: Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 26 May 2023 23:16:01 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET

pixel
cm.g.doubleclick.net/ Frame 823F
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEGsEPjf_pCLDjovgoatDcIQ&google_cver=1&google_push=ATf1kGNX66SIKurYq8PAWSv5N0xecK2PURlHlX1cn_d035H2aWsRlwmMVHa2zF5lmWeVLU_GsGrFLjNQn70oGL...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIzNzYzMzkwMjMwMjY1NjY2Mg%3D%3D&google_push=ATf1kGNX66SIKurYq8PAWSv5N0xecK2PURlHlX1cn_d035H2aWsRlwmMVHa2zF5lmWeVLU_GsGrFLjNQn70oGLsuk9...

0
0

GET

sync
x.bidswitch.net/ul_cb/ Frame 823F
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEGen015pdKFE36mHTNG1vYY&google_cver=1&google_push=ATf1kGNbuDE9E_Wbmz9Ny2TYD9rOhhKm8ULsEscSzEZeNh0xQfcJieE2QN_jtGfnkcl7Yqh2Xz7vUmtxhCW9FHQOzMZ7...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEGen015pdKFE36mHTNG1vYY&google_cver=1&google_push=ATf1kGNbuDE9E_Wbmz9Ny2TYD9rOhhKm8ULsEscSzEZeNh0xQfcJieE2QN_jtGfnkcl7Yqh2Xz7vUmtxhCW9FH...

0
0

GET
H2 200 dds
rtb.openx.net/sync/ Frame 823F 43 B
103 B 39ms
29ms Image
image/gif 35.227.252.103

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEAoGhwN9b-2gfn1QrdBj8rI&google_cver=1&google_push=ATf1kGOMz17oysLfae_aOC7dS5RDlcqMjEuv7nZ8Itk5_sZlDzSAYNZUGXRao8tyWCR70P5w4tYJJIfW3RVIZb45f31lWGih2lM
Requested by: Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 May 2023 23:16:01 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET

pixel
cm.g.doubleclick.net/ Frame 823F
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEHCUPHUuQZjrrDFQ_wCrzt4&google_cver=1&google_push=ATf1kGOQ2TskGb1Sv1spNY-2Nuqm138JcGVSQQxQnKGepLNjP83QfR3IhbmcNI_gFmS6ZhugxTpqvtx3eHx3...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOQ2TskGb1Sv1spNY-2Nuqm138JcGVSQQxQnKGepLNjP83QfR3IhbmcNI_gFmS6ZhugxTpqvtx3eHx3SSIYeURm0lfmANw

0
0

GET

supply
eb2.3lift.com/sync/google/ Frame 823F
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEO_QL9-t2WbQ0vm6uhCueww&google_cver=1&google_push=ATf1kGPtQUuEhykKRCwDHcrEDi78qNx3KMYuwdE43at6AIdD3ruptcXtmip1fEf8rlwgvPimo_7xnNGOIfZbOzAVRgPHXChEP24
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=ATf1kGPtQUuEhykKRCwDHcrEDi78qNx3KMYuwdE43at6AIdD3ruptcXtmip1fEf8rlwgvPimo_7xnNGOIfZbOzAVRgPHXChEP24...

0
0

GET sync
ssbsync.smartadserver.com/api/ Frame 823F 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 823F 0
12 B 59ms
51ms Image
text/html 172.217.18.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KzG7pNhyQjM20LXdB6dLceasqY4HloghRYP4vfyGlzdAavYRwmBeGiTs7uPjYrwjFV9Hvc

Requested by

Host: c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
URL: https://c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 26 May 2023 23:16:01 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET activeview
pagead2.googlesyndication.com/pcs/ Frame F8C5 0
0

GET css
fonts.googleapis.com/ Frame 8625 0
0

GET /
hal9000.redintelligence.net/scale/ Frame 8625 0
0

GET gtm.js
www.googletagmanager.com/ Frame 39FC 0
0

GET rar
as.ad4m.at/ad/ Frame 3B1B 0
0

GET rar
as.ad4m.at/ad/ Frame 4977 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Domain: hb.emxdgt.com
URL: https://hb.emxdgt.com/?t=1500&ts=1685142958611&src=pbjs

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzIzNzYzMzkwMjMwMjY1NjY2Mg%3D%3D&google_push=ATf1kGNX66SIKurYq8PAWSv5N0xecK2PURlHlX1cn_d035H2aWsRlwmMVHa2zF5lmWeVLU_GsGrFLjNQn70oGLsuk98qImBPxog

Domain: x.bidswitch.net
URL: https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEGen015pdKFE36mHTNG1vYY&google_cver=1&google_push=ATf1kGNbuDE9E_Wbmz9Ny2TYD9rOhhKm8ULsEscSzEZeNh0xQfcJieE2QN_jtGfnkcl7Yqh2Xz7vUmtxhCW9FHQOzMZ7PWPqVA

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOQ2TskGb1Sv1spNY-2Nuqm138JcGVSQQxQnKGepLNjP83QfR3IhbmcNI_gFmS6ZhugxTpqvtx3eHx3SSIYeURm0lfmANw

Domain: eb2.3lift.com
URL: https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=ATf1kGPtQUuEhykKRCwDHcrEDi78qNx3KMYuwdE43at6AIdD3ruptcXtmip1fEf8rlwgvPimo_7xnNGOIfZbOzAVRgPHXChEP24&google_gid=CAESEO_QL9-t2WbQ0vm6uhCueww

Domain: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESENsMD1LYMyvcfJUCIdEDlLQ&google_cver=1&google_push=ATf1kGPw4WeglIAKOLDjJFozTj_PT5gZPXttTN_1EBQE9JJcPTkzQNveAAfs8VWPsCpdIcdZ_conGaLyriTsC-Eg4ydiZ2KU5AQ

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvwbih5UXyp4FsCk0ZJEK2Fa_uGvLS5HBUFECrerEnwZTPYb8V2yc9V62Yo0nJmDSDdDoRODh4ggenmIBAhEVdQieCQ1g0rkWUWky6p84G5vb3yZ15Q&sig=Cg0ArKJSzBY2A00cWga9EAE&id=lidar2&mcvt=1077&p=0,0,90,728&mtos=1077,1077,1077,1077,1077&tos=1077,0,0,0,0&v=20230524&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=456810305&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1685142959560&rpt=1096&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0

Domain: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Domain: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/23333/creativesup/WW-Native-1200x627.jpeg

Domain: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg

Domain: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg

Domain: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Domain: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14019%2C23576%2C195017&b=V8Xuwfr7H1zMSVHbHAtRtE9bhkTzT46hQ%2CYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C71gSqfWBsj2ZKtrHXHgtAtVVZCGT1TKqCM&f=m8ruefe8CweqsmHZHZtQCJGjTDTwT6rHA%2CqDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CEbGSDfqQSE1QkCzHAHjt6C44bfqTVT1dc7&c=728&d=90&e=&g=71f4e760a01b4d270fcb3df73c1b5c1c%2F17295789925511898489&i=21596%2C20774%2C20773&j=16%2C14%2C14&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1685142961690&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jxky6q7e997zqqnbyv4ny06rm3r98ekgyhkm064bhzd7t4vcky7rrg77dcmbfta1z6gs9945jmgmk6bgnqhxe0rk3zpwjby1xbacyk6w0s165a9cqyva84kz1k50jrbjmxveqzyk60nb9tf141z6qgckv9nhj4veyrahteysrgn2stcp30k10e93pfb9j3p8579x8g7an54hqa86h5erkdpav7079cwjxtsj2433b2zf7ze08svn5n7t07p4zyb4yvrxaqx1667c125fvng%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC36zbsD1xZLK5B4i0ZfaolqAJkOGBhFy2qMKK8ALAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNjU5MzUyMzIxMDAxMDE1NMgBCakCd_a4o5r-sT6oAwGqBNUBT9BMnBQEHL-EinYrZrSSLiiDP34GuCovotDbQR84WaS7pLIHZC9_QtenFd9tSVbPGqiHw_JG4_qeMuvuUEqigeUlWdggk9muJFMOgiqmGlnxbupxIuumvfWrqGw8EG0O2xojgVrO397fBaASimTg5F5ULnnm0PFnQJGxEtB-OF4n1OazsGp4ms0ypbmBA4lWbUtIJhRv6pJl2UVeh9jLAnZQqQIHEWgyHlc8WuPZBucUh01EM203vqK0yMLPYJkrySLxboPsZngYv664ttJQuHeL_c8-gAaCho6y_LDZlvoBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1ylhGBoPGQ6NQMstrqYvTjh8bEVg%2526client%253Dca-pub-6593523210010154%2526adurl%253D&y=1&s=&z=0

Domain: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=117569%2C19877%2C15579&b=JMQTzf5f6Qp9cBH6H7tptMXKcxSgT44JcP3eY%2Cek8a3fVfkbrajHZHet1t445HwSQTKKMsJxEG%2Cbk8aQfZfeDWSYHbHztKt1d8fbSJTMMZHKqQP&f=G1rtBfpf6g8PcKHeHGtBC7qzTZSYTJJkCQV5M%2CD13t3fwfApGU3HmH9twCZZJSxSmTYYQSZMQg%2C3qjcpf4fkY8T7HrHAtXC1E7fPSWTKKMsg2Y3&c=728&d=90&e=&g=915090b5ba1fc39b3691c60bd1dda0e8%2F2756910361821184742&i=29981%2C20774%2C26474&j=16%2C14%2C41&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach121_BESTPERFORMER&r=1685142961692&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j52fyfz7rq78nz755wstrbn98tz0j86m948t7ykwct8g5dee25m4njyfsj5g4btb7bjtfp0d726m47g9cxsjcq1bpzmqdq27wck5acfdvt6jzbshzz03398csvmj9zb0bx2cbaj2bpb0f5zzq7fhx1ebtm0g3t637wf0xm7ngc7pjcbc03krd0jnq902w0ehze36172ydk0gfj22tjf6mwtzrk051derw67dk3sbkah87t7apnatnxf28nhss0g2j6z0fc7w7kamepzjq8d9nck%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCHkPurz1xZNbJEMOi7gPCxI7wA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQmpAnf2uKOa_rE-4AIAqAMByAMCqgSkAk_QnhUfiOv4hrYFZRmSZDbQ9YY56V1VmA5lOB16INHOcFHUpwJlGbpJoWErEMcbtLlbrfo9qRe7xrEPwlf5ugG5IWDWewpGsp2f53pvbpUPRh_VgPujYoZDh5zq8h0xLjy9H_ArNedIPQAVbueaI-V8LdahJCkH9O_sCshHG2WBZZiTm16egMU9VwkDfImsOeQRZN2jBN3-IW8vlIljc2IRtSNi0_u1wfzLU-ajw5NV0HTjv02Bd3jEunp7_fjBNaWROZBDeXbhkFgHXpbq0BPoL9OFsUNEvOxCAAnrwyK-d_7BsWfHp1BsDzUaxpSK5ZjpUGAJnW_dQZIu98r76n3wjXIph8oHkxxEa2xRDqbL5hIAZ6YIYpMZiOS2A6pwr-DQVL7gBAGABrnqssHX0466vgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA8ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2rOzCMougoFrqDlJZntzd_XRSTVA%2526client%253Dca-pub-7983651257838282%2526adurl%253D&y=1&s=&z=0

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.adnxs.com/	1970-01-20 14:15:18	Name: icu Value: ChgI5MdxEAoYASABKAEwrvvEowY4AUABSAEQrvvEowYYAA..
.adnxs.com/	1970-01-20 14:15:18	Name: uuid2 Value: 4561899678684708680
.rubiconproject.com/	1970-01-20 20:51:18	Name: khaos Value: LI56LWLW-Y-ETJY
.rubiconproject.com/	1970-01-20 20:51:18	Name: audit Value: 1\|hLZGFuTafB3cpYQyrPAohD5APvdogVCbaTd6KyMQnau+SmvwaNDOnmmSj5XdM4UYDqDbQAwtYdFN+011ZXQEx2pNjxJ85LHdsqlSNZOaaDQ=
.doubleclick.net/	1970-01-20 21:27:18	Name: IDE Value: AHWqTUnTYEL8kr_XXJtU7fTkzyw0-YUr_jpxP3JczNsebYE8dFCpiUxRE7-WaPQTX34
.adform.net/	1970-01-20 12:50:21	Name: C Value: 1
.mathtag.com/	1970-01-20 20:51:18	Name: uuid Value: 3c576471-3db0-4501-a31d-c8cce6968c79
.adform.net/	1970-01-20 12:15:47	Name: TPC Value: 1685142960505
.mathtag.com/	1970-01-20 12:48:54	Name: mt_mop Value: 4:1685142960
.blismedia.com/	1970-01-20 20:51:22	Name: b Value: 64713DB0E36ED85BF75D0FF5BLIS
.adform.net/	1970-01-20 13:32:06	Name: uid Value: 8293403963674888246
.tribalfusion.com/	1970-01-20 14:15:18	Name: ANON_ID Value: aYnoeUyKalWobWmaZcBWM5P5GrZaVWfbhcRysJAkqR

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pcloak.blob.core.windows.net/web/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
javascript	error	URL: https://ye-mek.net/(Line 39) Message: Unsafe attempt to initiate navigation for frame with URL 'https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html' from frame with URL 'https://ye-mek.net/'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/feature/5851021045661696.
network	error	URL: https://s7.addthis.com/js/300/addthis_widget.js#pubid=ra-51c60ec002340f16 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://hb.emxdgt.com/?t=1500&ts=1685142958611&src=pbjs Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1685142958233&bpp=4&bdt=819&idt=396&shv=r20230523&mjsv=m202305240101&ptt=9&saldr=aa&nras=1&correlator=285619391144&frm=24&ife=1&pv=2&ga_vid=1177810583.1685142958&ga_sid=1685142959&ga_hid=1330668805&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759842%2C31074911%2C44788441%2C44792645&oid=2&pvsid=2833400146064414&tmod=612573993&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.vwsz76kq7m00&fsb=1&dtd=419 Message: Failed to load resource: the server responded with a status of 403 ()
security	error	URL: https://as.ad4m.at/ad/dr?ed=1gb5bn62ae8zcm5af7pfvbzhe45mv08fs5e8kt3cwgzf6vrg7bxhjnjykys6fe7m8xynjgnsvfz94xcc1eyh84h1xg641m0jpwhhsk0v5n34dzm75w5rxppqx85j8xmq5qpm22gevtc2nhrgf0ttr4ycgvm3geqgz0ykeftt1a8xtakpdctb4bx5sga52ng87fwk35asbbq12sjkpqx7z1dhrv8dd5pypn9asmx4nc0qb5ntq7cem1sb7qkbz8bb8zw91r3mcqt3fh5agkqvk6awdat00fy7deykrgne86scnvv48793ke5767z5n30yx0a17n7e7yqxvjv3zz5xczqkfvc4jq230gjeessa878hsgswfjz13jn19qp34ghkjjeekk8g2tkywhmxnd0gjyrkk4xfyx91wm2jcsfftfj5fzb1wjzfq3k5sv85k521dsr1xmj8&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCHkPurz1xZNbJEMOi7gPCxI7wA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQmpAnf2uKOa_rE-4AIAqAMByAMCqgSkAk_QnhUfiOv4hrYFZRmSZDbQ9YY56V1VmA5lOB16INHOcFHUpwJlGbpJoWErEMcbtLlbrfo9qRe7xrEPwlf5ugG5IWDWewpGsp2f53pvbpUPRh_VgPujYoZDh5zq8h0xLjy9H_ArNedIPQAVbueaI-V8LdahJCkH9O_sCshHG2WBZZiTm16egMU9VwkDfImsOeQRZN2jBN3-IW8vlIljc2IRtSNi0_u1wfzLU-ajw5NV0HTjv02Bd3jEunp7_fjBNaWROZBDeXbhkFgHXpbq0BPoL9OFsUNEvOxCAAnrwyK-d_7BsWfHp1BsDzUaxpSK5ZjpUGAJnW_dQZIu98r76n3wjXIph8oHkxxEa2xRDqbL5hIAZ6YIYpMZiOS2A6pwr-DQVL7gBAGABrnqssHX0466vgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA8ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2rOzCMougoFrqDlJZntzd_XRSTVA%26client%3Dca-pub-7983651257838282%26adurl%3D Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://as.ad4m.at/ad/dr?ed=1hbpc5zx0h9jndag5vkm6baw75apxxwjsvcykhzjppg66mnre8pb1ee36rv636kp1hmfhwxkn40hrpqje0t6n6a8bpfpxjh275536agvqs9zaaak6j0tq9tetbrssr9tbqg4b1aktgtmc00pc62y54b5v82xsgvty4c25915ejx1m7yf5mtdywbrewtq782j0vkt8qvw60afx544akxq2ajh3j90q63g6brh4s2fbrkv9df2e7bwk2tmrqgrjfa66jbrna6p8mg2a8r71d1ejnd6h7dg0qc8f5wa8fz7c13gfm1042f4scskachvckdp5hksfrjkavxe1h8b1kc6wk96nym04yneajyh0xt8jqfkzy2gkn54fyf9zfqa7avt16wry7exn1cwc1h1g0s3rpjrngtn6vszps7mwr34k93818qvmcmg&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC36zbsD1xZLK5B4i0ZfaolqAJkOGBhFy2qMKK8ALAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNjU5MzUyMzIxMDAxMDE1NMgBCakCd_a4o5r-sT6oAwGqBNUBT9BMnBQEHL-EinYrZrSSLiiDP34GuCovotDbQR84WaS7pLIHZC9_QtenFd9tSVbPGqiHw_JG4_qeMuvuUEqigeUlWdggk9muJFMOgiqmGlnxbupxIuumvfWrqGw8EG0O2xojgVrO397fBaASimTg5F5ULnnm0PFnQJGxEtB-OF4n1OazsGp4ms0ypbmBA4lWbUtIJhRv6pJl2UVeh9jLAnZQqQIHEWgyHlc8WuPZBucUh01EM203vqK0yMLPYJkrySLxboPsZngYv664ttJQuHeL_c8-gAaCho6y_LDZlvoBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1ylhGBoPGQ6NQMstrqYvTjh8bEVg%26client%3Dca-pub-6593523210010154%26adurl%3D Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.teads.tv
a.tribalfusion.com
aax-eu.amazon-adsystem.com
aax.amazon-adsystem.com
ad-server.eu
ad.adsrvr.org
ad.yieldlab.net
ad4m.at
adservice.google.com
adservice.google.de
adv.office-partner.de
adx.adform.net
ajax.googleapis.com
analytics.webgains.io
ap.lijit.com
as.ad4m.at
beacon-fra2.rubiconproject.com
bidder.criteo.com
c.amazon-adsystem.com
c1.adform.net
c1.imgiz.com
c9caeeb9c280c9ebc1cb001c0ab6f182.safeframe.googlesyndication.com
cdn.jsdelivr.net
cdn.track.production.webgains.team
cdn.ye-mek.net
choices.trustarc.com
choices.truste.com
cm.adform.net
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
cpm.programattik.com
de1-bid.adsrvr.org
dsp.adfarm1.adition.com
eb2.3lift.com
eus.rubiconproject.com
fastlane.rubiconproject.com
feed.pghub.io
fonts.googleapis.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900011.redintelligence.net
hal90006.redintelligence.net
hb.emxdgt.com
hbopenbid.pubmatic.com
ib.adnxs.com
images.dmca.com
imasdk.googleapis.com
img.tradedoubler.com
impfr.tradedoubler.com
match.adsrvr.org
medialead.de
mp.4dex.io
ng.virgul.com
ng2.virgul.com
pagead2.googlesyndication.com
pcloak.blob.core.windows.net
pghub.io
pixel.mathtag.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
prebid-server.rubiconproject.com
prebid.adnxs.com
prod-rtb.ad4mat.net
pv.medialead.de
px.ads.linkedin.com
rtb.openx.net
s.amazon-adsystem.com
s.tribalfusion.com
s0.2mdn.net
s1.adform.net
s7.addthis.com
script.4dex.io
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
static-de.ad4mat.net
static.criteo.net
static.virgul.com
sync.mathtag.com
tags.mathtag.com
token.rubiconproject.com
tpc.googlesyndication.com
tr.blismedia.com
track.adform.net
track.webgains.com
www.awin1.com
www.cloakan.co
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
ye-mek.net
as.ad4m.at
cm.g.doubleclick.net
eb2.3lift.com
fonts.googleapis.com
hal9000.redintelligence.net
hb.emxdgt.com
pagead2.googlesyndication.com
s7.addthis.com
ssbsync.smartadserver.com
www.googletagmanager.com
x.bidswitch.net
104.102.45.165
108.138.15.119
13.224.189.92
13.224.192.181
13.32.119.77
13.32.121.66
138.201.63.164
138.201.64.38
142.250.186.34
145.239.193.130
15.197.193.217
151.139.128.10
172.217.18.2
18.169.125.16
18.66.147.98
185.29.134.245
185.29.134.248
185.64.189.112
185.7.176.222
185.89.208.11
185.89.211.116
2.18.233.201
20.60.220.36
216.52.2.30
23.45.237.121
23.56.202.187
2600:1901:0:76b9::
2602:803:c004:200::140
2602:803:c004:200::154
2606:4700:20::681a:71b
2606:4700:20::681a:8a9
2606:4700:20::681a:ad1
2606:4700:20::ac43:4a81
2606:4700::6812:18ad
2606:4700::6812:272
2620:116:800d:21:ef75:8280:f209:5ba1
2620:1ec:21::14
2a00:1450:4001:800::2001
2a00:1450:4001:800::200e
2a00:1450:4001:803::2006
2a00:1450:4001:808::2002
2a00:1450:4001:80b::200a
2a00:1450:4001:80f::2001
2a00:1450:4001:812::2002
2a00:1450:4001:813::200a
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2008
2a00:1450:4001:82b::200a
2a00:1450:4001:82f::2004
2a02:2638:3::7
2a02:2638:d::2
2a02:6ea0:c700::19
2a03:2880:f083:9:face:b00c:0:3
2a04:4e42:400::485
2a05:d018:d29:3605:f945:6b7b:b26d:656c
2a0b:4d07:101::1
3.123.171.139
34.102.243.38
34.96.105.8
35.186.231.97
35.227.252.103
35.241.45.217
37.157.2.247
37.157.4.23
37.157.4.25
37.157.6.233
52.222.214.123
52.46.155.104
52.95.125.22
54.76.176.197
69.173.144.165
76.223.26.175
77.245.159.14
85.111.6.48
85.114.159.93
94.138.206.83
94.23.99.218
95.101.149.35
99.86.4.36
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
02055a2b24ba9ee91dc4b24f82ae82a14a3dc81b6a88087ce148c53c2ba79a7c
03cc2818fd1ff87dc62ced8717528939eab9869ec1fcb63d574ce9165d8c9263
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
09244740f4a5bf8ab1aa815df2f809d370c932e5c5e977221091acbee7b66570
0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a
0b3e6ba89fb5f942cb17ffc33ba608bc55ad030cbf91aed611636fbeaece8f17
0b6a4d5614f62f61ce8c29539ad1ee773077ec787f05e19f90b7eb9064dfb2c5
0f22a6e556e3f27e9f9af61b44cb16deb28105fd54688d68b58e2f23235e131a
120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708
13f31551cbfce1890f6d0a38e0193e6be7198fd083cd7cdf86e7559b26d41500
14a62ec8e7e36404b5e5eb7df3256330238f77442d784cb63366b1ebd051891b
1a3f09c64a229e9f2bd2ad089b6d9e67093339e5a5a21948f30f15be34549c63
1b03fd3fa3f31290953a4de0da547b6f833489691c8f447fa19019095a60c8a6
1ba67b951b293dcfe88496df90c0a46113da710ecd2d570d70b949d9fd3c2498
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1ce633488a7b5e0949ecbcc6ab4cd2bd839b02856ac063d537ccb14c59b4ecd7
20678c305b50c0988193d64cb34f41e2dcb6f2fa48353106436ea301e07ce70a
21c973189fe21f70af633c6a24d179897510b63d2f4b6e32d528b40cd7059e05
2216e20f57afc7e5430a4a51e5bd5a8995763a95bd03d67cd519395fb82e75dd
22fee539734d38c9e84e3982188b21bafc9457236279a136ce1b3b9d55667437
25384b36677ec71b3678443817eb7d4876fdeb68a889bdd6ea15a16864f00308
270780ee9ab262cea703d0c35bb215bc45d2ae223fce2110c1af2b688e49152d
296f1d7fdfd20eada2afea94621798ff10feabb9782f9ba00d13c8986ed01254
2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f
2c3e04a3f536b4a6300aeee8ee1dbbfddaacaf29d9f44dadff76b136fab44e38
2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4
2e167b6fecb4ef543ecd8ee19cb31be92d4129a233ce2cf18bd87bf8af32e6c6
307c9a6fb38fb46cf2c9dd451fe6509a4818f1c23b93749902d078155492a90b
31626b94d662220f87e1079856b62cdb83eb0474e72a9a46839fd186e3e5934f
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
33566729393f70e95f9e326dbc67dedbb3bdc4d6a743ef40141fa1d126f079ad
33a87e230c9f0008604daf7144a6e8632b7b12150ac9f22891285ae3b95037b4
35750254f94abb416e96194d562d1597d871bae550eb0cad6194b3ab4f12b2f2
368a0d06ef4d3fd3ac312d7db81f995157e73f5c895da1150db0090cd74ed25e
372e646203759b4bf2ddab1f01469d03dd8bc920f187a3a09bb316f4edf6d604
38340d9e2a5d5b115fa206bdcb92711d003855769d3978461b73371f8ea81d51
391f0374b07f1b2c4eab58066cdee9bbc7c14507b5be3ea7e34e26c9ec575bb4
3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d
3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
445bc557ce264ffa4dce57989ffb85432b2fea75622836f8bb16a18f7457751f
4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4729a15791a374bfdb0f0fb0e1f19f5fe0657483ad7eab3d56dd849626ae4726
472a7be15f54d813e3ddab67c957a2dda6e241e18951593c4d51993505edc5c9
4c5deb00f38b73c0882d773ade1a2084150544c3129128fc0655f419ef157e93
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e0a07ec787f2e0dbb5b2d9b2fda1a14fc819cdfbede1b6eb8a1a63d05cb8fd3
53bdbeb79f1e8a1976d145aecfe7a7cda0a55d934c879c551739c72c82e10e09
565640b1ddba3be1213824a77dfa12ac064219d6d85c88043e0dc635ab1a3542
5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92
58712a4f1909f78e6b3cb7b01dfbb8e2952037880985e4fc91ccf08d37a7bd84
59641e17cbf2747c31456e5ac08ddd332816ebb6b9fc9273ed4989ef979ca5cc
599bb6748f60ecce39049c7c6feed7bfd65e9ba09ef478ff0661381840117a9f
5b4713513fc71dd25abe93ca3404d7f18cc6477325ba19ba9f71154da56c7169
5cb0fcc6057ab8c61f3702692e8c1ef98e591ca715aee4b893b377fd78e9932f
5d6923869921b3bcfdaf660268b5f13140d47f30b9aa277bf994d5c960e68285
613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50
63b775362d0cbff5e1d08a26f04ed974fe268ef8a7431e605152394d9e1829f9
6463a8285a9c7d54fde4f62d247208584a061d3a0028a516ec3b902164256306
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c
714aed07ce3b4d83d282356e362b5d9cd8696fb54833a1146e2e5c1fb324421d
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
7495abbe1d4000d67dbbc497a9f44bd8a83c209b38cf037182b1b9e77530a921
77af57ca4ce17d7c314af86374beb25f91954ffab631b365e738061c6e7b4bbf
77f7026842f2096973ddc66919aa58afb90afcd5edeeed9e2ae1daa42bc803d0
7f77595ef2e4eb11d9f19fd5858399d25663ea63168d0efdf4042b9d85a7dadf
8106b51011b26cf5f69cf7769a95b3f7faf34e2f26191c4e657e705ad3f4ecb6
810d32051c0846f13bef612415c9c68be7bd6197fb8570d6bfcc2c9cc86c4be1
820d07e8cf270a528baedfcad945b99a8ec0ec5ec581f32cb8397871b782f7d5
8696856d40a33bb1143b9f31c9d507fccab76523f0f3e431bf6e03997017950e
895b747078615b23f6386c387ff4bafdc3a6c17676228fac66485d250ab87584
8c47b44c2eb52f803ff7faa3cc7043d75a2814f83cf9c1dd66a1c669184e68f8
8d47e9b04cf995a35fac50d2d39cd0006ef7e7f07f9373cad2fe5a207745f1b7
8dce6683bb91229302c3dda2f18c96459e6eb39148d27c581e451d88e9fbaad6
8e7c0b0b1c36228ba736e564a00405f72bf3b6bcfe6ac826cde2b6b9c14e55ea
8ed86e2b928c1b3c7035f47e16f70e3e71131b34c86b59e783a0559fcc8de4b6
8ff302bac88a8e2d73c24d1173bac73e58ab2132413c3de165b33d5b5dbce50f
94638653e6f4bc4f9c8f3dc96f8bff773f0b88dd3bde413fb678b43739640099
976a0a8811d8382ae20de2c8145bbe6337a77f2682a7f3dea6a2d9b979adb024
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b339ccfd1220bc6419a539004c50e8fad7070b765cce23439c96c897b56869c
9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86
a0847b5e0373e2fd011803f2dc04baa326f849fe2b2684b4e89cb11122cb5b17
a2bd03a89a32099068ca9ca2a7f6a61ed04029d3f196d8ab9285d32de87a07f7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6cc789aba8ac76bed3b32f93c97b5848d1e04c2866c15a0cbe39d9c25783af9
a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1
a7fe9caf3097b900fe4584c14eac69d82dcf3bccf9f53de5513dacc0b0c7e1d9
aa2de12ba413c088a0297b5f94c377c49393278e408483c1bf08182a69142c9b
ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a
af16e81657491cb65417b6e82ac07aac930c4f7b5efba44ead3814b20978bcb6
b0a9edd9406b9e846d2613b16def49dca3d2307816622cb274acc4d0d2314245
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2cdc6ff1c7cbbea12eb1e9b14734b17c71733eb703b3579d7a092f1271abc6f
b50ffd6561ea35566998d330555e5df43a5d0846cd846909883a47b72b696081
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b6f592ba4dc1ddfac8ff32673d97d7aa580f6ea2ac20e5415d7ad6207d6f99f9
b922302c22aaa52e4ee94cc4e8949e60012dc6625adcff0165ef193caf3a3ee3
be0c8346ffda26948856770034cf143c5aed0530f870ebfddb218f8e895954c8
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c303857b14be04d338c608c7048c6ad6d5b6b7c57f0727ca3120427266b436b4
c823a8dc72da0b43f82b11d1d42668d0fa4c4c622529a5b5cbf7ef6564c0a39b
c95864adde9fe8a23911034d261ca90d154b87611afb584416b2b317c1357813
cc73a3d43fdab9dbad3b924fc3a09755b3f48b8ca0b25cfa51223be70df9cc43
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5
cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101
d5544013c9c882cd032a4ed06f6f8338f6fce934e82311a1267f59b5e717c4c7
d5c32d8a3e3a0b89b8cc18b304886b129bb4f29165927e5155a0a33721e3b730
d5e0fdb2ad865d955935adf33701334ebd02983bd9c18274844cd4a9317717bf
d77b5f2ca03eb8dab2acc515548b7b1ce7eeb4ca2189268552649e0391ee8c21
d82c4906e4b728e92a7fcec80c1f8bcb5b16502d30a9de09a361dc503a70145a
d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60
dfd9a5c0bb1644bc374d77486e9da375da18ac81d1476f25466329c0cb8c437c
dfedc75cfe7b945bb38c0d7c7aa2c2e0cbbb53be3b787c051cb1efc06cb32fb9
e0a95094e940824bf9e575c3cf8e1c07f09fdcf952409476cdcf691d5888fc96
e0bfcf41c566f571ea252620518b4bee4496dba2b1df9a1aa3e436f81592e1b0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e62eac1414d0b723be276b9b4ac2fccc09fef3bcc73599603d2aa6a46a84ceb6
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
e7daac1a70a29c2b63b9f09c9a488fab0c4b0c2bb3661847a2c484a65ec2145c
e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
e9a83c407934c3ccb3f2c664afaa35b5f7e86788415e58c8ec300d5d6f49c51b
eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d
ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361
ed87a83a9df154b61d76e8b9b53bb9d23db3eea194e66bca6b575e3e4f7a57bf
edf7feb7e0931456f4a7df0dd85ebcf3e47909f33d0367accdb3da9dd0a12f06
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0527c432d4ce64f5b432e05bcf6c3139291af3126f666a26746cc4d54f2e055
f066a311829c51cdc4f1128cea54eef78e3095d3e26d973cbc7cc497ad8db6c1
f884d5ce2f9b0c51f6f4dfee4f30c13993afc36463a5902c2f5aa6684db6fce5
f9b00efa272f04561d93ec35d1c255090fa1e77d2b9c7d08b2ed1bea585dbb90

pcloak.blob.core.windows.net Open in urlscan Pro 20.60.220.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

316 Requests

89 %HTTPS

39 %IPv6

57 Domains

94 Subdomains

76 IPs

6 Countries

3857 kBTransfer

8994 kBSize

12 Cookies

0 Outgoing links

Redirected requests

316 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Screenshot
Live screenshot

Full Image

316
Requests

89 %
HTTPS

39 %
IPv6

57
Domains

94
Subdomains

76
IPs

6
Countries

3857 kB
Transfer

8994 kB
Size

12
Cookies

316 HTTP transactions
8 data transactions