pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Submission: On June 30 via api (June 30th 2023, 12:10:39 pm UTC) from TR — Scanned from DE

Summary HTTP 356 Redirects Behaviour Indicators

Summary

This website contacted 50 IPs in 3 countries across 52 domains to perform 356 HTTP transactions. The main IP is 20.60.220.36, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pcloak.blob.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on March 22nd 2023. Valid for: a year.

This is the only time pcloak.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	20.60.220.36 20.60.220.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NIOBEBILI...) (NIOBEBILISIMHIZMETLERI)
2	94.138.206.83 94.138.206.83	49126 (AS49126) (AS49126)
4	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
40	2a02:6ea0:c70... 2a02:6ea0:c700::18	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
2	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	23.206.208.114 23.206.208.114	16625 (AKAMAI-AS) (AKAMAI-AS)
18	185.7.176.221 185.7.176.221	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
16	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
44	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
3	13.224.192.181 13.224.192.181	16509 (AMAZON-02) (AMAZON-02)
21	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
2	185.7.176.222 185.7.176.222	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
1	13.32.119.77 13.32.119.77	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
33	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
29	2a00:1450:400... 2a00:1450:4001:813::2006	() ()
5	2a00:1450:400... 2a00:1450:4001:800::2001	() ()
3 9	2a00:1450:400... 2a00:1450:4001:831::2004	() ()
10 30	142.250.185.162 142.250.185.162	() ()
4 8	185.80.39.216 185.80.39.216	() ()
5 7	185.89.210.101 185.89.210.101	() ()
4	35.244.159.8 35.244.159.8	() ()
4	23.52.123.144 23.52.123.144	() ()
1	2a00:1450:400... 2a00:1450:4001:82b::200a	() ()
1	54.194.204.34 54.194.204.34	() ()
1	2600:1901:0:7... 2600:1901:0:76b9::	() ()
4	2606:4700:20:... 2606:4700:20::681a:ad1	() ()
5	142.250.184.226 142.250.184.226	() ()
2	2a00:1450:400... 2a00:1450:4001:80b::2003	() ()
1	2a02:2638:d::4 2a02:2638:d::4	() ()
3	2620:116:800d... 2620:116:800d:21:c5a4:625:6563:a5bb	() ()
2 2	3.122.44.22 3.122.44.22	() ()
1	34.96.105.8 34.96.105.8	() ()
2 2	213.155.156.165 213.155.156.165	() ()
2 2	76.223.111.18 76.223.111.18	() ()
1	3.71.149.231 3.71.149.231	() ()
2 2	20.127.253.7 20.127.253.7	() ()
2	141.95.33.111 141.95.33.111	() ()
1 2	2606:4700::68... 2606:4700::6812:19ad	() ()
1 1	35.186.193.173 35.186.193.173	() ()
6 6	35.156.203.47 35.156.203.47	() ()
2 2	198.47.127.19 198.47.127.19	() ()
2	185.86.138.150 185.86.138.150	() ()
1	178.250.1.9 178.250.1.9	() ()
2	2a02:26f0:480... 2a02:26f0:480:9::210:ee04	() ()
1 1	34.91.62.186 34.91.62.186	() ()
1	52.223.40.198 52.223.40.198	() ()
1 1	51.89.9.254 51.89.9.254	() ()
1	213.202.235.9 213.202.235.9	() ()
2	2a02:2638:3::3 2a02:2638:3::3	() ()
1 1	185.29.134.244 185.29.134.244	() ()
1 1	35.190.0.66 35.190.0.66	() ()
1	35.227.252.103 35.227.252.103	() ()
356	50

4 20.60.220.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pcloak.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NIOBEBILISIMHIZMETLERI, TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 94.138.206.83 (Turkey)

ASN49126 (AS49126, TR)

ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a02:6ea0:c700::18 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

cdn.ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.206.208.114 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-206-208-114.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 185.7.176.221 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

static.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng2.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.192.181 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-192-181.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.7.176.222 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

c1.imgiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.119.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-119-77.fra60.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

feed.pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:813::2006 (None, )

ASN- ()

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:800::2001 (None, )

ASN- ()

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:831::2004 (None, ) 3 redirects

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 142.250.185.162 (None, ) 10 redirects

ASN- ()

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.80.39.216 (None, ) 4 redirects

ASN- ()

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.89.210.101 (None, ) 5 redirects

ASN- ()

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.159.8 (None, )

ASN- ()

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.52.123.144 (None, )

ASN- ()

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (None, )

ASN- ()

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.194.204.34 (None, )

ASN- ()

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:76b9:: (None, )

ASN- ()

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:20::681a:ad1 (None, )

ASN- ()

as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.184.226 (None, )

ASN- ()

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2003 (None, )

ASN- ()

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:d::4 (None, )

ASN- ()

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:c5a4:625:6563:a5bb (None, )

ASN- ()

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.122.44.22 (None, ) 2 redirects

ASN- ()

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (None, )

ASN- ()

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.165 (None, ) 2 redirects

ASN- ()

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (None, ) 2 redirects

ASN- ()

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.71.149.231 (None, )

ASN- ()

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.127.253.7 (None, ) 2 redirects

ASN- ()

sync.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.95.33.111 (None, )

ASN- ()

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:19ad (None, ) 1 redirects

ASN- ()

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (None, ) 1 redirects

ASN- ()

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.156.203.47 (None, ) 6 redirects

ASN- ()

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.19 (None, ) 2 redirects

ASN- ()

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.138.150 (None, )

ASN- ()

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (None, )

ASN- ()

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:480:9::210:ee04 (None, )

ASN- ()

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.91.62.186 (None, ) 1 redirects

ASN- ()

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (None, )

ASN- ()

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.254 (None, ) 1 redirects

ASN- ()

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.202.235.9 (None, )

ASN- ()

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::3 (None, )

ASN- ()

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.244 (None, ) 1 redirects

ASN- ()

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (None, ) 1 redirects

ASN- ()

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (None, )

ASN- ()

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
86	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 135 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 160	780 KB
72	doubleclick.net 10 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 216 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 cm.g.doubleclick.net googleads4.g.doubleclick.net	491 KB
42	ye-mek.net ye-mek.net cdn.ye-mek.net	606 KB
29	2mdn.net s0.2mdn.net	1 MB
18	virgul.com static.virgul.com — Cisco Umbrella Rank: 81866 ng.virgul.com — Cisco Umbrella Rank: 65490 ng2.virgul.com	233 KB
12	google.com 3 redirects adservice.google.com — Cisco Umbrella Rank: 113 www.google.com	930 B
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com	6 KB
8	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 205	448 KB
7	adnxs.com 5 redirects ib.adnxs.com secure.adnxs.com	8 KB
6	bidswitch.net 6 redirects x.bidswitch.net	3 KB
5	openx.net us-u.openx.net rtb.openx.net	791 B
5	ampproject.org cdn.ampproject.org	110 KB
5	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 433 imasdk.googleapis.com — Cisco Umbrella Rank: 500 fonts.googleapis.com	285 KB
4	ad4m.at as.ad4m.at ad4m.at	26 KB
4	teads.tv sync.teads.tv	652 B
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 353 aax.amazon-adsystem.com — Cisco Umbrella Rank: 438	62 KB
4	windows.net pcloak.blob.core.windows.net	3 KB
3	quantserve.com cms.quantserve.com	1 KB
2	criteo.net static.criteo.net	1 KB
2	doubleverify.com cdn.doubleverify.com tps.doubleverify.com Failed	107 KB
2	smartadserver.com ssbsync.smartadserver.com	150 B
2	pubmatic.com 2 redirects image6.pubmatic.com	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	1 KB
2	id5-sync.com id5-sync.com	2 KB
2	inmobi.com 2 redirects sync.inmobi.com	1 KB
2	3lift.com 2 redirects eb2.3lift.com	959 B
2	de17a.com 2 redirects d5p.de17a.com	647 B
2	w55c.net 2 redirects pm.w55c.net	2 KB
2	criteo.com ads.eu.criteo.com dis.criteo.com	7 KB
2	gstatic.com csi.gstatic.com Failed fonts.gstatic.com	31 KB
2	imgiz.com c1.imgiz.com — Cisco Umbrella Rank: 136022	131 KB
2	pghub.io pghub.io — Cisco Umbrella Rank: 2090 feed.pghub.io — Cisco Umbrella Rank: 2360	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 173	89 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 13228	6 KB
2	cloakan.co www.cloakan.co	1 KB
1	travelaudience.com 1 redirects ads.travelaudience.com	553 B
1	mathtag.com 1 redirects sync.mathtag.com	870 B
1	exactag.com m.exactag.com	60 B
1	onetag-sys.com 1 redirects onetag-sys.com	380 B
1	adsrvr.org match.adsrvr.org	265 B
1	simpli.fi 1 redirects um.simpli.fi	747 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com	645 B
1	yahoo.com ups.analytics.yahoo.com	125 B
1	blismedia.com tr.blismedia.com	173 B
1	ad4mat.net prod-rtb.ad4mat.net static-de.ad4mat.net Failed
1	adsafeprotected.com fw.adsafeprotected.com static.adsafeprotected.com Failed dt.adsafeprotected.com Failed	74 KB
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2484	362 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	82 KB
0	o2online.de Failed portal.o2online.de Failed
0	360yield.com Failed match.360yield.com Failed
0	unrulymedia.com Failed sync.targeting.unrulymedia.com Failed
0	scoota.co Failed r.scoota.co Failed
356	52

	Domain	Requested by
44	pagead2.googlesyndication.com	static.virgul.com pagead2.googlesyndication.com 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com ye-mek.net s0.2mdn.net
40	cdn.ye-mek.net	ye-mek.net cdn.ye-mek.net
33	tpc.googlesyndication.com	3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com ye-mek.net pcloak.blob.core.windows.net googleads.g.doubleclick.net tpc.googlesyndication.com
30	cm.g.doubleclick.net	10 redirects googleads.g.doubleclick.net ye-mek.net 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
29	s0.2mdn.net	3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com ye-mek.net pcloak.blob.core.windows.net s0.2mdn.net
21	googleads.g.doubleclick.net	pagead2.googlesyndication.com 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com pcloak.blob.core.windows.net ye-mek.net googleads.g.doubleclick.net
16	securepubads.g.doubleclick.net	static.virgul.com securepubads.g.doubleclick.net 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com pcloak.blob.core.windows.net ye-mek.net s0.2mdn.net
9	www.google.com	3 redirects ye-mek.net 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com googleads.g.doubleclick.net
9	3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
9	ng.virgul.com	static.virgul.com ye-mek.net
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
8	www.googletagservices.com	3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com googleads.g.doubleclick.net
7	static.virgul.com	ye-mek.net static.virgul.com pcloak.blob.core.windows.net
6	x.bidswitch.net	6 redirects
6	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
5	googleads4.g.doubleclick.net	pcloak.blob.core.windows.net
5	cdn.ampproject.org	securepubads.g.doubleclick.net
4	sync.teads.tv	googleads.g.doubleclick.net
4	us-u.openx.net	googleads.g.doubleclick.net
4	pcloak.blob.core.windows.net	pcloak.blob.core.windows.net
3	cms.quantserve.com	3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com googleads.g.doubleclick.net
3	imasdk.googleapis.com	c1.imgiz.com 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
3	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
3	c.amazon-adsystem.com	static.virgul.com c.amazon-adsystem.com
2	static.criteo.net	3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
2	ad4m.at	as.ad4m.at ad4m.at
2	cdn.doubleverify.com	s0.2mdn.net pcloak.blob.core.windows.net
2	ssbsync.smartadserver.com	3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
2	image6.pubmatic.com	2 redirects
2	id5-sync.com	ye-mek.net 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
2	sync.inmobi.com	2 redirects
2	eb2.3lift.com	2 redirects
2	d5p.de17a.com	2 redirects
2	pm.w55c.net	2 redirects
2	fonts.gstatic.com	fonts.googleapis.com
2	as.ad4m.at	googleads.g.doubleclick.net as.ad4m.at
2	ng2.virgul.com	ye-mek.net
2	c1.imgiz.com	static.virgul.com c1.imgiz.com
2	connect.facebook.net	ye-mek.net connect.facebook.net
2	images.dmca.com	ye-mek.net
2	ye-mek.net	www.cloakan.co ye-mek.net
2	www.cloakan.co	pcloak.blob.core.windows.net
1	rtb.openx.net	3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
1	ads.travelaudience.com	1 redirects
1	sync.mathtag.com	1 redirects
1	m.exactag.com	3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
1	onetag-sys.com	1 redirects
1	match.adsrvr.org	3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
1	um.simpli.fi	1 redirects
1	dis.criteo.com	googleads.g.doubleclick.net
1	secure.adnxs.com	1 redirects
1	gcm.ctnsnet.com	1 redirects
1	s.tribalfusion.com	3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
1	a.tribalfusion.com	1 redirects
1	ups.analytics.yahoo.com	3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
1	tr.blismedia.com	3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
1	ads.eu.criteo.com	imasdk.googleapis.com
1	prod-rtb.ad4mat.net	googleads.g.doubleclick.net
1	fw.adsafeprotected.com	pcloak.blob.core.windows.net
1	fonts.googleapis.com	3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
1	feed.pghub.io	pghub.io
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	pghub.io	static.virgul.com
1	s7.addthis.com	ye-mek.net
1	www.googletagmanager.com	ye-mek.net
1	ajax.googleapis.com	ye-mek.net
0	portal.o2online.de Failed	ye-mek.net
0	tps.doubleverify.com Failed	cdn.doubleverify.com
0	static-de.ad4mat.net Failed	as.ad4m.at
0	dt.adsafeprotected.com Failed	3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
0	static.adsafeprotected.com Failed	3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
0	match.360yield.com Failed	3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
0	sync.targeting.unrulymedia.com Failed	3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
0	r.scoota.co Failed	3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
0	csi.gstatic.com Failed	imasdk.googleapis.com
356	75

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2023-03-22` - `2024-03-22`	a year	crt.sh
cpanel.cloakan.co R3	`2023-05-03` - `2023-08-01`	3 months	crt.sh
www.ye-mek.net RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-11-29` - `2023-07-07`	7 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
1099124734.rsc.cdn77.org R3	`2023-06-13` - `2023-09-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
images.dmca.com R3	`2023-05-13` - `2023-08-11`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
*.virgul.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-24` - `2023-09-28`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-04-08` - `2023-07-07`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
*.imgiz.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-27` - `2023-09-09`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
teads.tv R3	`2023-06-26` - `2023-09-24`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
prod-rtb.ad4mat.net GTS CA 1D4	`2023-06-04` - `2023-09-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-07` - `2024-05-06`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-13` - `2023-08-10`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-06-09` - `2023-09-07`	3 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-02-21` - `2023-08-16`	6 months	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-12` - `2023-08-10`	3 months	crt.sh
*.doubleverify.com DigiCert TLS RSA SHA256 2020 CA1	`2023-05-07` - `2024-05-07`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2023-04-03` - `2024-05-03`	a year	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-27` - `2023-08-27`	3 months	crt.sh

This page contains 41 frames:

Primary Page: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Frame ID: 9283457E96457D702CC33F4619E53CD8
Requests: 6 HTTP requests in this frame

Frame: https://ye-mek.net/
Frame ID: 5040DBA9AD2147E434E8A1A1C42C899F
Requests: 89 HTTP requests in this frame

Frame: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Frame ID: 005B66F2575FD8EADA19A3E8A9877472
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230627/r20190131/zrt_lookup.html
Frame ID: AB4F973E5A3DCB83A19C9AFEEF975857
Requests: 1 HTTP requests in this frame

Frame: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 8CF33FB36E0826C1D59E7D76872DAAD3
Requests: 1 HTTP requests in this frame

Frame: https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D
Frame ID: 9E35DF3D297E7ED5C46F4D403FB7B31F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688127034463&bpp=5&bdt=1124&idt=371&shv=r20230627&mjsv=m202306270101&ptt=9&saldr=aa&nras=1&correlator=8693008364856&frm=24&ife=1&pv=2&ga_vid=62461326.1688127035&ga_sid=1688127035&ga_hid=844562977&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759837%2C44759876%2C31075625%2C31075641%2C31075721%2C44785294%2C44788441&oid=2&pvsid=298373143460488&tmod=2057557038&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.6fqzv0byjolx&fsb=1&dtd=397
Frame ID: B881B7B6FEA688330375266FA6F4929C
Requests: 1 HTTP requests in this frame

Frame: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: E45A01B59033594C12331591E10F313C
Requests: 8 HTTP requests in this frame

Frame: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: DEF111A61B13E37F096E320048A340D9
Requests: 13 HTTP requests in this frame

Frame: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 40E75621127C90E1B3DB2247800D7EAF
Requests: 18 HTTP requests in this frame

Frame: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: FDECFBBC9A08443DB24174604C5692A4
Requests: 13 HTTP requests in this frame

Frame: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 47D29552FCCAD55557365CC3E96320C4
Requests: 19 HTTP requests in this frame

Frame: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 1141AD5062E8CAC9719A863F9B4D8AD5
Requests: 23 HTTP requests in this frame

Frame: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 4E14FE0DCC63F30792A699E256E490F7
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNEDENWYWRjThsnuATAB&v=APEucNURDpimLIQeQ48yCn7nHe3j7zdOZ-pYAIjTRlWtMwtQDVeztIOm8WoQ4dZwIGIe6LnA22OMjKn2vtExAh200Xe1HqsVLC2nnwbbipZaKmCZEBPJ3hx4e4MpdDPY42HdFMETq8nuzdH7ykLhA1DIGDfwSY6BKXRGsUejN_LT0kroOUaA4d8
Frame ID: E34D8D695FD745774913FD7514C705E3
Requests: 5 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012306200257000/amp4ads-v0.mjs
Frame ID: 0DD619AED79412331272A0BDCC85FBBF
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 52F416E3CBE422A2B45A0CFAB1E09667
Requests: 2 HTTP requests in this frame

Frame: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: A03DDDAC4D4ADDAD5130B4967C51B529
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjPmbXcATAB&v=APEucNXZMWn2N5VLv7-Iy4F-iER0Y_DGGMelIRXrgY7SALIfEqtt4sp9uP8VEbXzsVzdfq906rF0AAYPsor9fhSy9xmWga-jptQnNSYbg_ah-wLjA3rGtVQwzkpDASF7hviwlzkhgx5J7iIvSVsfVJctVFO44LIxPRPSiJSC0YjmZXGNspsZ15k
Frame ID: 2BFD97BF6F2B97B11AA5075BF846310C
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407250215&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688127035490&bpp=12&bdt=232&idt=377&shv=r20230627&mjsv=m202306260101&ptt=9&saldr=aa&nras=1&correlator=2566870242913&frm=8&ife=1&pv=2&ga_vid=911778691.1688127036&ga_sid=1688127036&ga_hid=160099374&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3443592400&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C31075720%2C44788442&oid=2&pvsid=1287994812962046&tmod=1751827407&uas=0&nvt=1&fsapi=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.pecs66dsbdwa&fsb=1&dtd=395
Frame ID: 7331F9A9E01A93EDFC31783E87D8826F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688127035502&bpp=2&bdt=245&idt=389&shv=r20230627&mjsv=m202306260101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2566870242913&frm=8&ife=1&pv=1&ga_vid=911778691.1688127036&ga_sid=1688127036&ga_hid=160099374&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3443592400&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C31075720%2C44788442&oid=2&pvsid=1287994812962046&tmod=1751827407&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.zcg2ojo1kaed&fsb=1&dtd=394
Frame ID: 9C0BDA8835641F650AE6F9D90646536A
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNW58hM8rIjN7pSf00aoVOEzvaU7fz7fXngFXvxQoRx8g9eWd6qALgvYW1gWhpZh5RSTm1_1RY8isdeyBxtcDqNNZYzZTwcuDiQ299emDMFPDSkE03BL-Yf4AY9DHcp_P99xK6qhfSNIGMIDWJ7Q7MXlPCNP3XLf7EDuL94w9y4_b5DTlwU
Frame ID: 2A170B316F3EB829B07565DFC25623A6
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQt9LfAhjGzOfbATAB&v=APEucNXZ0x6vWtqyrNCUdESkRi5FOaf-UBLoRsqmh48bDvst3vH4ZEHHZZ7ZzLFOynxMfvT-McwxubgYbN9P5kHamQVSotT9sBqwf4PSfEYlfLxFagv4NNA_hg7SK9OxyJhLWFuWXWBQZoTsAeIb8N95m1X3jMvb83S6YpV0950sMFjJ5PLz_5Y
Frame ID: 7931C83BDFED9CA0DC7CE3A90C37E2EE
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 1B93E22E64FE89DD6919B4734E7AABD0
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: EB6085C1811C79567E205928FFF8B333
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2C7633D32859FE1469E334D085DA1667
Requests: 9 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1h3vx89814d5nvxj5wyra1wgr7xdchw4b2sk7cs9zqcyxvqx83gqzf81wc35smzv4d691zrmj2sqbxmhkshq2w4c4yceg7v6ry17pn5dbsnpy8zg3qgc5ac6ajr1rs6qzg0gzzv15sgr2yt9r0vvfbwpyqhzzf0p2tgm4fr3qqk4b1zsghdaw0er4f628j0bm0fakqp2vcy1ty2d0j0ysm0p9f3t3b7je95yjyhmy2ngy245jrd9kr0xks6h7nyz39qwbzhesvm7mqn9t4bq245v1dc7gkrj6vyt65nhykvke6y404q567c6fc0466qcy9qfyh4gez84d3my5n3hhf2dx78pyf4yjsc17pzgqasm3wxsqf2czv6za0q347g4cfr47thx6ewk1459rn3mx8fpe5py8npw2zm8y0x34hsnczyvea7nwpd980nqv2jax1810r44y8&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC9ODyPMaeZOa0Ac7CxtYP4--o8AKQ4YGEXLaoworwAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLYWKRVcTyyPqgDAcgDAqoE1QFP0Ot0RCYltYgsljie_Fdwv-_VC7g2DCffDw7vE7F905Z9txlW0Wq_v_BV7KI3Ka5QKRKiJjPlYyzth8Q1WxTwSaoxo5LjTaMyDXn1il9xtwyXiDZnrzTieyAQNWzC-Yt6vpogVRWFH_qm2lMuVH7WNUBvIiFRYjFGzSah4U-V5Kt7vwF6sd45-aI1V3iYnS4EhfElEVaoyLvvPP7leeGN_AwbEVOwhMRNkA8_dps4JlfY7aj561BsiO9FXC1P6pPM_zi1grcEvlVeewrvAGoKQ0FI0oGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3XP8UCKq_wNwwOSYPYoeErGQC9HQ%26client%3Dca-pub-6593523210010154%26adurl%3D
Frame ID: B1CA0ECAB234B40F7CA46F4565B19C08
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 660F076C9FF133F9DF3B2317DB69F1C1
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B5302D7BFE1E93687100280B8F36754D
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/13340955653470786770/300x250/300x250.html?ev=01_250
Frame ID: 18C97EA7468D9EAE9DAC17E2D85707B8
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D7A18B34B49638C6587893FA42A11721
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=OlEXiEDhbt&t=1&renderingType=2&ev=01_250
Frame ID: F5A5502C807F8028FA69AD3B581E587A
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: CBEBABF805F1822D878E97909A8EDF70
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 93516C248B85D0EC9E21B1EB0C494D62
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=n2IhjHNgof&t=1&renderingType=2&ev=01_250
Frame ID: 3FBB9DE71C6F23060DEAAA8B2E189147
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 90D18BC98562F15BAE1C6977F87F2C85
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 40282F3763D6F660B37FAF404413F871
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/16146537369634422564/index.html?e=69&leftOffset=0&topOffset=0&c=OwPkUHrb46&t=1&renderingType=2&ev=01_250
Frame ID: 308AACE12D0ABD7C8C6F744E9AD1864E
Requests: 3 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements4050.js
Frame ID: EED5FF4D193EB374EA3C553376D9A4C1
Requests: 2 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: F1AA94851F27F8E9207A974870C01A84
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 2AF38BEF0C47DA115B8F43BD6BA69FBE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

356
Requests

83 %
HTTPS

38 %
IPv6

52
Domains

75
Subdomains

50
IPs

3
Countries

4799 kB
Transfer

16174 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 171

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9DkodLim7_1QCPzBWvGCo&google_cver=1

Request Chain 172

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJ7GPBmHD3qSgU4IuiSCowAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9DkodLim7_1QCPzBWvGCo&google_cver=1

Request Chain 173

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEP4QBz4khiPFGeBq1cDva0E&google_cver=1

Request Chain 174

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk4MTg0ODM3ODcyNjk1NTk4Ng%3D%3D

Request Chain 175

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9DkodLim7_1QCPzBWvGCo&google_cver=1

Request Chain 176

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJ7GPBmHD3qSgU4IuiSCowAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9DkodLim7_1QCPzBWvGCo&google_cver=1

Request Chain 177

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEP4QBz4khiPFGeBq1cDva0E&google_cver=1

Request Chain 178

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk4MTg0ODM3ODcyNjk1NTk4Ng%3D%3D

Request Chain 187

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPOrwD7QzWxkQBxFfIWG1Pk&google_cver=1

Request Chain 189

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEG8HztM9M3nWrl9c_d22ckc&google_cver=1

Request Chain 196

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 208

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 209

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPOrwD7QzWxkQBxFfIWG1Pk&google_cver=1

Request Chain 211

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEG8HztM9M3nWrl9c_d22ckc&google_cver=1

Request Chain 258

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEIIs-Q39EOCGViEAdGn0Oao&google_cver=1&google_push=AaAOQGGRTIpUl_Sf-C7hT0MGRnfTA5vDNdPmWXai1WtKXweATpQxTMUzjsTbNTAhshvr9du_DWPHf4JJ39w6TvJL9-Fl1mCajxEbnw HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEIIs-Q39EOCGViEAdGn0Oao&google_cver=1&google_push=AaAOQGGRTIpUl_Sf-C7hT0MGRnfTA5vDNdPmWXai1WtKXweATpQxTMUzjsTbNTAhshvr9du_DWPHf4JJ39w6TvJL9-Fl1mCajxEbnw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=ZGJyZ2lBRUoxUWZjWHI1&google_gid=CAESEIIs-Q39EOCGViEAdGn0Oao&google_cver=1&google_push=AaAOQGGRTIpUl_Sf-C7hT0MGRnfTA5vDNdPmWXai1WtKXweATpQxTMUzjsTbNTAhshvr9du_DWPHf4JJ39w6TvJL9-Fl1mCajxEbnw

Request Chain 260

https://d5p.de17a.com/cookies/google?google_gid=CAESECZbPdYJzIhpQr9jDK_Zojo&google_cver=1&google_push=AaAOQGEsR_Ageii6jJOxILuRYOP0FoPjIvFBfztKPY-LuPa1xGDvt_CkurVc-XNnVlavyKrM2cKehLcM7gbnEqOAd194h3_d7brZ HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESECZbPdYJzIhpQr9jDK_Zojo&google_cver=1&google_push=AaAOQGEsR_Ageii6jJOxILuRYOP0FoPjIvFBfztKPY-LuPa1xGDvt_CkurVc-XNnVlavyKrM2cKehLcM7gbnEqOAd194h3_d7brZ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGEsR_Ageii6jJOxILuRYOP0FoPjIvFBfztKPY-LuPa1xGDvt_CkurVc-XNnVlavyKrM2cKehLcM7gbnEqOAd194h3_d7brZ

Request Chain 261

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEEX9rQjHuaOZGWZT2utvOK8&google_cver=1&google_push=AaAOQGHeC4J5_z22HL_l0UbRndojqDvI3Pkm8sM3lBlZv49LUFXWZQexT0r7TmNG6AY4qmp397YRk049XVyU0cjDKyQShtmfVkE3rg HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AaAOQGHeC4J5_z22HL_l0UbRndojqDvI3Pkm8sM3lBlZv49LUFXWZQexT0r7TmNG6AY4qmp397YRk049XVyU0cjDKyQShtmfVkE3rg&google_gid=CAESEEX9rQjHuaOZGWZT2utvOK8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTQ2MzQ2OTY0NTA3NTU1MDc5OTI2Mg%3D%3D&google_push=AaAOQGHeC4J5_z22HL_l0UbRndojqDvI3Pkm8sM3lBlZv49LUFXWZQexT0r7TmNG6AY4qmp397YRk049XVyU0cjDKyQShtmfVkE3rg

Request Chain 263

https://sync.inmobi.com/gob?google_gid=CAESEGvsnjcex2FNC0UQ2GlnCpA&google_cver=1&google_push=AaAOQGF5fabeIfdZvkn-BfhY40pw8xz781HGV7_RSb4kO5cDYSXSYhEonqG-40bcFQpO91A9zGvA67dFy3ajfMg1VsSK6_mvwBmlaQ HTTP 302
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAaAOQGF5fabeIfdZvkn-BfhY40pw8xz781HGV7_RSb4kO5cDYSXSYhEonqG-40bcFQpO91A9zGvA67dFy3ajfMg1VsSK6_mvwBmlaQ

Request Chain 265

https://a.tribalfusion.com/i.match?p=b6&u=CAESED642ab0Byy85Vjp9q1Vp_k&google_cver=1&google_push=AaAOQGGIpPju4voC2SVRkYUnHeStpbXjlUiOFmrcAVDABGX29hwrVVy8mh54wSWCGAx7zOMceEfBwrBGGFPaFDORBkvM8SK-TagBEHtBymA6V4pnnNzxEZXYckI0XljVduvt13PpmP6hwsaQ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGGIpPju4voC2SVRkYUnHeStpbXjlUiOFmrcAVDABGX29hwrVVy8mh54wSWCGAx7zOMceEfBwrBGGFPaFDORBkvM8SK-TagBEHtBymA6V4pnnNzxEZXYckI0XljVduvt13PpmP6hwsaQ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESED642ab0Byy85Vjp9q1Vp_k&google_cver=1&google_push=AaAOQGGIpPju4voC2SVRkYUnHeStpbXjlUiOFmrcAVDABGX29hwrVVy8mh54wSWCGAx7zOMceEfBwrBGGFPaFDORBkvM8SK-TagBEHtBymA6V4pnnNzxEZXYckI0XljVduvt13PpmP6hwsaQ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGGIpPju4voC2SVRkYUnHeStpbXjlUiOFmrcAVDABGX29hwrVVy8mh54wSWCGAx7zOMceEfBwrBGGFPaFDORBkvM8SK-TagBEHtBymA6V4pnnNzxEZXYckI0XljVduvt13PpmP6hwsaQ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 266

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEJGNYP97BOGrCgg6M1P2cQY&google_cver=1&google_push=AaAOQGF5FO3w5k_3sX-qCYWelfv3GXra8BuaKlYVeEz7KGMBN5GBIDunALKI9uAFUWKFtPm7vtkYAU3X0jZqXVT38bTTw-HRwuadPP-iPYu1w5WAJ-5mAih7Aa5MKDIA8rpEXsEYfanv3q2S HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGF5FO3w5k_3sX-qCYWelfv3GXra8BuaKlYVeEz7KGMBN5GBIDunALKI9uAFUWKFtPm7vtkYAU3X0jZqXVT38bTTw-HRwuadPP-iPYu1w5WAJ-5mAih7Aa5MKDIA8rpEXsEYfanv3q2S&google_hm=A502MBwFRZ6LDJxJsBSo-N4

Request Chain 267

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEJp2wcfcPtaiC4_AZdu2gks&google_cver=1&google_push=AaAOQGF9L88Sr4P8zJ1vKONg5QhM7tviq8O-HTNjugFj-dEQuWPmMb_qslczAQTM8nNzx0dKBmgV22E6eZ01j6050Xm321anZTSQAJdnOfz-nLHUrCnKWF5P5draudWFGmyGYgzi8hb1hUY HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEJp2wcfcPtaiC4_AZdu2gks&google_cver=1&google_push=AaAOQGF9L88Sr4P8zJ1vKONg5QhM7tviq8O-HTNjugFj-dEQuWPmMb_qslczAQTM8nNzx0dKBmgV22E6eZ01j6050Xm321anZTSQAJdnOfz-nLHUrCnKWF5P5draudWFGmyGYgzi8hb1hUY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGF9L88Sr4P8zJ1vKONg5QhM7tviq8O-HTNjugFj-dEQuWPmMb_qslczAQTM8nNzx0dKBmgV22E6eZ01j6050Xm321anZTSQAJdnOfz-nLHUrCnKWF5P5draudWFGmyGYgzi8hb1hUY&google_hm=zDcjveppQQWqTapLF1Y7eg==

Request Chain 268

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJW9p-GEDInhaABurwZJ0gw&google_cver=1&google_push=AaAOQGEeWNHrTNUeCGaRkm0IK3mRH0psEBzY0dqGDfbx7R8uvPIDT1mfwGZIRaJhORm-mpMmOAL36mIKUhI57vI8mZS_auKfxaxKw7dVsJaQ3PjyuVtj1WP_oggaR_DjJ95VtjXyUzz2Rj8p HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJW9p-GEDInhaABurwZJ0gw&google_cver=1&google_push=AaAOQGEeWNHrTNUeCGaRkm0IK3mRH0psEBzY0dqGDfbx7R8uvPIDT1mfwGZIRaJhORm-mpMmOAL36mIKUhI57vI8mZS_auKfxaxKw7dVsJaQ3PjyuVtj1WP_oggaR_DjJ95VtjXyUzz2Rj8p&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vIavaQFRQYCHSM3zlZNDFA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGEeWNHrTNUeCGaRkm0IK3mRH0psEBzY0dqGDfbx7R8uvPIDT1mfwGZIRaJhORm-mpMmOAL36mIKUhI57vI8mZS_auKfxaxKw7dVsJaQ3PjyuVtj1WP_oggaR_DjJ95VtjXyUzz2Rj8p

Request Chain 270

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEPmLajtErKoBhkWiu9L0_JI&google_cver=1&google_push=AaAOQGGW-5d4zw1Jz2Wu4-lCfZEjkAqpi314j4vt_0sIVIaCW87ZzK3UNafPb1Nh5-TdKJrXmdUgnEa6K_06SCKD5IWBQWaTMWT5pjrbWThyVOEwbZ2xMsSx0Qk97o_aeO6Yx4HUI9Glz-KmLg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTk4MTg0ODM3ODcyNjk1NTk4Ng%3D%3D&google_gid=CAESEPmLajtErKoBhkWiu9L0_JI&google_cver=1&google_push=AaAOQGGW-5d4zw1Jz2Wu4-lCfZEjkAqpi314j4vt_0sIVIaCW87ZzK3UNafPb1Nh5-TdKJrXmdUgnEa6K_06SCKD5IWBQWaTMWT5pjrbWThyVOEwbZ2xMsSx0Qk97o_aeO6Yx4HUI9Glz-KmLg

Request Chain 271

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEMbD0KAJY-2_jfnKZEFAHbQ&google_cver=1&google_push=AaAOQGHcBBVxv1KbiRFmnS39yp-W-26w31yHKUnjJVfPzEIEqh-6gXYM_J-fRHG5g6TcBxHQVnvoWyfr5XLvohaGeXquqDivgk8iPcF70lN2zXshL6hWOW_dvEekHJF--AdZWzfq-FcoPIgyGQ HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEMbD0KAJY-2_jfnKZEFAHbQ&google_cver=1&google_push=AaAOQGHcBBVxv1KbiRFmnS39yp-W-26w31yHKUnjJVfPzEIEqh-6gXYM_J-fRHG5g6TcBxHQVnvoWyfr5XLvohaGeXquqDivgk8iPcF70lN2zXshL6hWOW_dvEekHJF--AdZWzfq-FcoPIgyGQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=cc3723bd-ea69-4105-aa4d-aa4b17563b7a&%%GOOGLE_PUSH_PAIR%%

Request Chain 276

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 288

https://um.simpli.fi/gp_match?google_gid=CAESEAVM3mAZTIJvw4F3ign7Gl8&google_cver=1&google_push=AaAOQGEJOntD5DslwDVfS7IzWrZHp-GYHM-5OoMqpZjpbSx3NG9g6sMMiZJ-mnzQcu7T1KwcdA8IExpXORnsixogIOD2NAinUeUvDRCB8okhBveXTEJmTSk602bseSrP_c8FvagWjhGjI39c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A3826357E20E4A0D977C2585F151A26C&google_push=AaAOQGEJOntD5DslwDVfS7IzWrZHp-GYHM-5OoMqpZjpbSx3NG9g6sMMiZJ-mnzQcu7T1KwcdA8IExpXORnsixogIOD2NAinUeUvDRCB8okhBveXTEJmTSk602bseSrP_c8FvagWjhGjI39c

Request Chain 290

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESECkH3KmIhh5_DPNMU9BubZQ&google_cver=1&google_push=AaAOQGEEqsqGPa3CuTNMD2u_p3ubMt3QKPWR8x_iBMTtgo5I8d9QCorQXm5E30ZCIvcmWG21oM27IigEa6b7mqmRapwWwOh8ikJgCgNS5m975d4oOMwyXUXPswiBzwJbxqdL50Ynq1cB5s8 HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESECkH3KmIhh5_DPNMU9BubZQ&google_cver=1&google_push=AaAOQGEEqsqGPa3CuTNMD2u_p3ubMt3QKPWR8x_iBMTtgo5I8d9QCorQXm5E30ZCIvcmWG21oM27IigEa6b7mqmRapwWwOh8ikJgCgNS5m975d4oOMwyXUXPswiBzwJbxqdL50Ynq1cB5s8 HTTP 302
https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=google

Request Chain 291

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEPjBWnm1Jh3mZq_mkf4Bit0&google_cver=1&google_push=AaAOQGHBAgT6qsu6Ak-lcN87nQBUaFgEyWlKbDi6rBXxLoP14npapX0-TUeLSowgbZGNaV2O94hQatPPMoLrM6lACLEBrRqUUUVrdhW95jDoHh7ScrJOstj-JT46sRUvwXMG-NsKTNnG8waT HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGHBAgT6qsu6Ak-lcN87nQBUaFgEyWlKbDi6rBXxLoP14npapX0-TUeLSowgbZGNaV2O94hQatPPMoLrM6lACLEBrRqUUUVrdhW95jDoHh7ScrJOstj-JT46sRUvwXMG-NsKTNnG8waT

Request Chain 292

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESENENgGv9shzh_t8d76ofp0A&google_cver=1&google_push=AaAOQGHMl6cS0EiOocunaUR_X1DwXadkAE3volQ14RTZ3y1OtwMi0X2H6NfCLXuFPit1-f652H38XbTiS0mMqlMqLEQr9oiHBSMEPrVlyIgdYH7Zm5-GT4lXlUSIRb09oBjdMLKT7O0iwEkl HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AaAOQGHMl6cS0EiOocunaUR_X1DwXadkAE3volQ14RTZ3y1OtwMi0X2H6NfCLXuFPit1-f652H38XbTiS0mMqlMqLEQr9oiHBSMEPrVlyIgdYH7Zm5-GT4lXlUSIRb09oBjdMLKT7O0iwEkl&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1688127037125 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-54312296-e998-4bcc-883d-5ee2bd4340df-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAaAOQGHMl6cS0EiOocunaUR_X1DwXadkAE3volQ14RTZ3y1OtwMi0X2H6NfCLXuFPit1-f652H38XbTiS0mMqlMqLEQr9oiHBSMEPrVlyIgdYH7Zm5-GT4lXlUSIRb09oBjdMLKT7O0iwEkl%26google_hm%3DA1QxIpbpmEvMiD1e4r1DQN8

Request Chain 293

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEBfiT50s6tjBrVzT5-nRb2E&google_cver=1&google_push=AaAOQGEH9TEKvrVcftlpoTO0if-X9lA1v8ALmzi22NzAw_HQBJJr24pUgP1hA6kX-hKxVgrP5-KPtqfuxJBx3KF-GwEPm6HNsHavZfp4Tr_ZwNhiDeVPco7zt2YJAsghklhFvnVOgdnx6tHHPA HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEBfiT50s6tjBrVzT5-nRb2E&google_cver=1&google_push=AaAOQGEH9TEKvrVcftlpoTO0if-X9lA1v8ALmzi22NzAw_HQBJJr24pUgP1hA6kX-hKxVgrP5-KPtqfuxJBx3KF-GwEPm6HNsHavZfp4Tr_ZwNhiDeVPco7zt2YJAsghklhFvnVOgdnx6tHHPA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=cc3723bd-ea69-4105-aa4d-aa4b17563b7a&%%GOOGLE_PUSH_PAIR%%

Request Chain 319

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEBe22rB68Ef9yLhcBLsJyvA&google_cver=1&google_push=AaAOQGEWtmka0HJgx3lm8C2uNYHiEfgony4F-O9GEREpjAK37CbzE4mrGQD6ce1OCkYUmw6I_OKs9p8p5p0Wg4jZYSOa4KGEvQRa HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGEWtmka0HJgx3lm8C2uNYHiEfgony4F-O9GEREpjAK37CbzE4mrGQD6ce1OCkYUmw6I_OKs9p8p5p0Wg4jZYSOa4KGEvQRa

Request Chain 320

https://ads.travelaudience.com/google_pixel?google_gid=CAESECswTxfMVoPnIJQWbfsV324&google_cver=1&google_push=AaAOQGFyOZt9k6QTWuP-Es98O_O9dqKTOnXPqPcY9f6FgyZmM8B347g8sLwm5K_otTIX3nEH0PEV1E7na9lNS3UxybeD0g59NMbE HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=tTov-Bv9S2mApbkEUJBDPw2&google_push=AaAOQGFyOZt9k6QTWuP-Es98O_O9dqKTOnXPqPcY9f6FgyZmM8B347g8sLwm5K_otTIX3nEH0PEV1E7na9lNS3UxybeD0g59NMbE

Request Chain 321

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEFwPeon-EZo3pKHH6ZjFIVI&google_cver=1&google_push=AaAOQGFvZt1DB_lXyCtR9MK_zBbvIOx_PcG06xnsbECIovcl3V22uL1dNUsCDzy-95Fay8NcNC7djY5tih4GZsX82r67ZmHDEYsvxg HTTP 302
https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=google

Request Chain 323

https://match.360yield.com/match/ebda?google_gid=CAESECLgz8Hj6XLJbG7tJqBqviU&google_cver=1&google_push=AaAOQGF3By2hdKZLySQ8pIDw0LZv6tcXbd724wE1-0V_OLFtSRzKxw8Ah3U_BQXub4O1r6QsTOl8Br-BKvBn1GL97EoKDJz5oyUMtA HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESECLgz8Hj6XLJbG7tJqBqviU&google_cver=1&google_push=AaAOQGF3By2hdKZLySQ8pIDw0LZv6tcXbd724wE1-0V_OLFtSRzKxw8Ah3U_BQXub4O1r6QsTOl8Br-BKvBn1GL97EoKDJz5oyUMtA

Request Chain 325

https://sync.inmobi.com/gob?google_gid=CAESELiT2iDw18ywtl1JaQtk-_c&google_cver=1&google_push=AaAOQGEEivgBepOyLCa9aflG1HJCum1bCh-yixYF-p_kT6i-UpfhdDjcWqz5yzsBPXGIrBA6KNXcEU5j9o4aFlWIUBdjVy4V4gg9yiw HTTP 302
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAaAOQGEEivgBepOyLCa9aflG1HJCum1bCh-yixYF-p_kT6i-UpfhdDjcWqz5yzsBPXGIrBA6KNXcEU5j9o4aFlWIUBdjVy4V4gg9yiw

Request Chain 329

https://fw.adsafeprotected.com/rfw/st/1484055/72040524/4.js?ias_dspID=64&adContainerId=brand_safety_PMaeZMacD_-wx_APgZ-usAs&cbFunctionName=goog_wrapCb_PMaeZMacD_-wx_APgZ-usAs&true_pb=&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fpcloak.blob.core.windows.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fye-mek.net%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:782a0298-3d9b-68df-2a03-4718f4f05bfb,c:h1sxK8,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-experiment-primary-98b67cc48-7mvgw,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:6,mot:0,app:0,maw:0,fm:tIFj0IN+111%7C112%7C113%7C114%7C115%7C1161%7C11621%7C11622%7C1171%7C1181%7C1182%7C1183%7C1191%7C1192%7C11a1%7C11a2%7C11a3%7C11a4%7C11b*.1484055-72040524%7C11b1%7C11b2%7C11b3%7C11b4%7C11b5%7C11c1%7C11c2%7C11c3%7C11c4%7C11d%7C11e1,idMap:11b*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:48,oid:1f4a10d3-173f-11ee-be33-ba3d87cf3da5,v:19.8-985507b-SNAPSHOT,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4a.js

356 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 6x69807j0b5.html Show response
pcloak.blob.core.windows.net/web/ 1 KB
2 KB 488ms
120ms Document
text/html 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: d469330093a2cebd898628a339df6abaf5edcb89e85769ff79840371195a7d1f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 1318
Content-MD5: +Dz/d7Mp2GQfilgWrAkqiw==
Content-Type: text/html
Date: Fri, 30 Jun 2023 12:10:31 GMT
ETag: 0x8DB5ED0599CC10C
Last-Modified: Sat, 27 May 2023 16:35:15 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: a02b3147-e01e-0044-774b-abc832000000
x-ms-version: 2009-09-19

GET
H/1.1 404
The specified blob does not exist. jquery.min.js
pcloak.blob.core.windows.net/web/ 0
0 113ms
113ms Script
application/xml 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/jquery.min.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-request-id: a02b31fb-e01e-0044-0b4b-abc832000000
Date: Fri, 30 Jun 2023 12:10:31 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 200
OK cloakan.js Show response
pcloak.blob.core.windows.net/web/ 308 B
717 B 477ms
116ms Script
text/javascript 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 30 Jun 2023 12:10:31 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: zPiKctHo6j8i1UGOFPpInw==
ETag: 0x8DA4D4A263C11C2
Content-Type: text/javascript
x-ms-request-id: 579871ee-301e-000a-1f4b-abe6ba000000
x-ms-version: 2009-09-19
Content-Length: 308

GET
H/1.1 200
OK style.css
pcloak.blob.core.windows.net/web/ 166 B
568 B 539ms
425ms Stylesheet
text/css 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/style.css
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 30 Jun 2023 12:10:31 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 9ruAIrm4XHnQO3/sM8J0AQ==
ETag: 0x8DA4D4A26527CA0
Content-Type: text/css
x-ms-request-id: a02b3282-e01e-0044-0a4b-abc832000000
x-ms-version: 2009-09-19
Content-Length: 166

GET
H2 200 px.php Show response
www.cloakan.co/ 743 B
681 B 322ms
127ms XHR
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/px.php?id=6x69807j0b5
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:31 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 404

GET
H2 200 nv.php Show response
www.cloakan.co/ 232 B
385 B 410ms
232ms Script
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/nv.php?id=6x69807j0b5-m
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:31 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 112

GET
H2 200 / Show response
ye-mek.net/ Frame 5040 76 KB
76 KB 288ms
81ms Document
text/html 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/
Requested by: Host: www.cloakan.co
URL: https://www.cloakan.co/nv.php?id=6x69807j0b5-m
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: f708629593939b0ad37b651e8eab6bd370300201838c33d0129ac447b29398ab

Request headers

Referer: https://pcloak.blob.core.windows.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-length: 77807
content-type: text/html; charset=utf-8
date: Fri, 30 Jun 2023 12:10:32 GMT
expires: -1
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame 5040 90 KB
33 KB 179ms
57ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:06:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 155049
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33018
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 27 Jun 2024 17:06:24 GMT

GET
H2 200 yemeknet.js Show response
ye-mek.net/js/ Frame 5040 10 KB
2 KB 140ms
139ms Script
application/javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/js/yemeknet.js?v=1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Fri, 30 Jun 2023 12:10:32 GMT
content-encoding: gzip
last-modified: Tue, 20 Aug 2019 13:15:54 GMT
server: Microsoft-IIS/10.0
etag: "0a144655957d51:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=691200
accept-ranges: bytes
content-length: 2352

GET
H2 200 maincss.css
cdn.ye-mek.net/ Frame 5040 40 KB
12 KB 205ms
28ms Stylesheet
text/css 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ye-mek.net/maincss.css?v=434
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 6317581
x-accel-date: 1681809452
x-77-nzt: AZySIYudFCn/DWZgAA
x-accel-expires: @1713345452
last-modified: Tue, 24 Nov 2020 00:00:32 GMT
server: CDN77-Turbo
etag: W/"5fbc4d20-9e5b"
x-77-nzt-ray: cf87872722e120df39c69e64f8b5971f
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 5040 233 KB
82 KB 233ms
87ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6B70JBQEWN

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f883162117f97e54d0b80d83f842a9666f590f1f6264f51f10873f89f02c6678

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83393
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 30 Jun 2023 12:10:33 GMT

GET
H2 200 searchButton.png
cdn.ye-mek.net/App_UI/Img/ Frame 5040 542 B
897 B 29ms
28ms Image
image/png 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/searchButton.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317648
x-accel-date: 1681809385
content-length: 542
x-77-nzt: AZySIYvb25P/UGZgAA
x-accel-expires: @1713345385
last-modified: Sat, 22 Oct 2022 20:00:57 GMT
server: CDN77-Turbo
etag: "63544bf9-21e"
x-77-nzt-ray: cf87872722e120df39c69e64eb86c423
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ara.png
cdn.ye-mek.net/App_UI/Img/ Frame 5040 2 KB
2 KB 34ms
29ms Image
image/png 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/ara.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317576
x-accel-date: 1681809457
content-length: 1651
x-77-nzt: AZySIYscYmX/CGZgAA
x-accel-expires: @1713345457
last-modified: Mon, 14 May 2018 22:41:08 GMT
server: CDN77-Turbo
etag: "5afa1084-673"
x-77-nzt-ray: cf87872722e120df39c69e643267bc25
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 soguk-kahve-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 5040 10 KB
10 KB 40ms
34ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/soguk-kahve-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 66f57830eba3793b6d407a90dc0636b5e5e028f466bec6045ebc0813acaf7afa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 52036
x-accel-date: 1688074997
content-length: 9818
x-77-nzt: AZySIYsbBGP/RMsAAA
x-accel-expires: @1719610997
last-modified: Thu, 29 Jun 2023 21:14:19 GMT
server: CDN77-Turbo
etag: "649df42b-265a"
x-77-nzt-ray: cf87872722e120df39c69e64b585c425
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mangal-icin-et-marinesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 5040 14 KB
15 KB 51ms
45ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/mangal-icin-et-marinesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 6501e50ffffdc89ec56c93111f32c70f697610d4af971fb38ae964b5824c7eb1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 136078
x-accel-date: 1687990955
content-length: 14815
x-77-nzt: AZySIYuJCbb/jhMCAA
x-accel-expires: @1719526955
last-modified: Wed, 28 Jun 2023 22:12:14 GMT
server: CDN77-Turbo
etag: "649cb03e-39df"
x-77-nzt-ray: cf87872722e120df39c69e640570c925
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ic-baklali-enginar-salatasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 5040 15 KB
16 KB 65ms
60ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ic-baklali-enginar-salatasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: eab1145c02ae44ca45370dbdb689a98d1756fe3726fde675886a95730fee691d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 224349
x-accel-date: 1687902684
content-length: 15738
x-77-nzt: AZySIYuxcJb/XWwDAA
x-accel-expires: @1719438684
last-modified: Tue, 27 Jun 2023 21:35:10 GMT
server: CDN77-Turbo
etag: "649b560e-3d7a"
x-77-nzt-ray: cf87872722e120df39c69e64ff23ce25
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sucuklu-bezelye-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 5040 13 KB
14 KB 78ms
72ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/sucuklu-bezelye-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 75c5dcb0b1839bbb85275b03f330dd59c04167b59fe68b07cedad9f8292040f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 312416
x-accel-date: 1687814617
content-length: 13665
x-77-nzt: AZySIYukDVL/YMQEAA
x-accel-expires: @1719350617
last-modified: Mon, 26 Jun 2023 15:19:38 GMT
server: CDN77-Turbo
etag: "6499ac8a-3561"
x-77-nzt-ray: cf87872722e120df39c69e647c98d425
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 citir-tavuk-kanatlari-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 5040 15 KB
16 KB 78ms
72ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/citir-tavuk-kanatlari-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3c2fc0614d14f19c7b68d795bbd361ec0baa28f2f72f7fd645cb7967f380af07

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 2471335
x-accel-date: 1685655698
content-length: 15552
x-77-nzt: AZySIYvHMXf/p7UlAA
x-accel-expires: @1717191698
last-modified: Thu, 01 Jun 2023 21:24:53 GMT
server: CDN77-Turbo
etag: "64790ca5-3cc0"
x-77-nzt-ray: cf87872722e120df39c69e64a3dcd725
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 hunkar-begendi-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/03/ Frame 5040 12 KB
13 KB 77ms
72ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/03/hunkar-begendi-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ca52a0eec13c48696bf05cbe5e76a0b67c73967c1f8825cfe4b733e24a775580

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317376
x-accel-date: 1681809657
content-length: 12532
x-77-nzt: AZySIYvN033/QGVgAA
x-accel-expires: @1713345657
last-modified: Wed, 01 May 2019 23:32:05 GMT
server: CDN77-Turbo
etag: "5cca2c75-30f4"
x-77-nzt-ray: cf87872722e120df39c69e64c636da25
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 macar-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/04/ Frame 5040 14 KB
15 KB 77ms
72ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/04/macar-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 68bbcab002cfe978fe70454b240f442046de6170bdef247b98f4819f1e7f2417

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317557
x-accel-date: 1681809476
content-length: 14810
x-77-nzt: AZySIYvIg1n/9WVgAA
x-accel-expires: @1713345476
last-modified: Fri, 24 Apr 2020 23:44:43 GMT
server: CDN77-Turbo
etag: "5ea379eb-39da"
x-77-nzt-ray: cf87872722e120df39c69e648027dc25
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuklu-sehzade-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/04/ Frame 5040 16 KB
16 KB 78ms
73ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/04/tavuklu-sehzade-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7d7862e6fbf2d69229da6a29919581daccb5fda185e6d92171147b42184eb460

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317191
x-accel-date: 1681809842
content-length: 16490
x-77-nzt: AZySIYuA0Lv/h2RgAA
x-accel-expires: @1713345842
last-modified: Thu, 29 Apr 2021 23:52:25 GMT
server: CDN77-Turbo
etag: "608b46b9-406a"
x-77-nzt-ray: cf87872722e120df39c69e6401f1dd25
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 toyga-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/03/ Frame 5040 13 KB
13 KB 78ms
73ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/03/toyga-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 147c0a445950fa29f9fc3784910f112bdc6dc232412915e1162da9e7ea36ad51

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317576
x-accel-date: 1681809457
content-length: 13360
x-77-nzt: AZySIYt3e5//CGZgAA
x-accel-expires: @1713345457
last-modified: Wed, 01 May 2019 23:45:46 GMT
server: CDN77-Turbo
etag: "5cca2faa-3430"
x-77-nzt-ray: cf87872722e120df39c69e64b5fadf25
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 samsira-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/10/ Frame 5040 13 KB
13 KB 78ms
73ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/10/samsira-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8206b7cb4977df1646b35835886cc5ad752365263197f15f0581d41c3751aa0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6315140
x-accel-date: 1681811893
content-length: 13330
x-77-nzt: AZySIYs/pyf/hFxgAA
x-accel-expires: @1713347893
last-modified: Mon, 28 Oct 2019 22:24:00 GMT
server: CDN77-Turbo
etag: "5db76a80-3412"
x-77-nzt-ray: cf87872722e120df39c69e642c617227
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 karmaca-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/11/ Frame 5040 15 KB
16 KB 78ms
73ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/11/karmaca-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2eb2914e0253d3d949c2aad28f6f109c7b3a67ef37696a4496592837c0f9d7a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317295
x-accel-date: 1681809738
content-length: 15740
x-77-nzt: AZySIYuxlNz/72RgAA
x-accel-expires: @1713345738
last-modified: Mon, 15 Nov 2021 22:38:31 GMT
server: CDN77-Turbo
etag: "6192e167-3d7c"
x-77-nzt-ray: cf87872722e120df39c69e6423ed7527
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cerkez-pilavi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/04/ Frame 5040 16 KB
16 KB 78ms
73ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/04/cerkez-pilavi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 298e30cd4e01948d540e8aff796e294da1ae095578b2403f2b97280e3b969a6f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317595
x-accel-date: 1681809438
content-length: 16373
x-77-nzt: AZySIYu1XIv/G2ZgAA
x-accel-expires: @1713345438
last-modified: Tue, 11 Apr 2023 16:32:39 GMT
server: CDN77-Turbo
etag: "64358ba7-3ff5"
x-77-nzt-ray: cf87872722e120df39c69e64920b7827
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-orman-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/05/ Frame 5040 12 KB
12 KB 78ms
74ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/05/firinda-orman-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d5544013c9c882cd032a4ed06f6f8338f6fce934e82311a1267f59b5e717c4c7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6316745
x-accel-date: 1681810288
content-length: 12058
x-77-nzt: AZySIYuKi7r/yWJgAA
x-accel-expires: @1713346288
last-modified: Wed, 01 May 2019 23:34:49 GMT
server: CDN77-Turbo
etag: "5cca2d19-2f1a"
x-77-nzt-ray: cf87872722e120df39c69e64e1cb7927
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 isvec-koftesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/10/ Frame 5040 12 KB
12 KB 78ms
74ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/10/isvec-koftesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 64af7a328ead4e6e3e77587ae81c88a4156eea6f476df565496f8f46d89d255f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6316735
x-accel-date: 1681810298
content-length: 12325
x-77-nzt: AZySIYsdWpT/v2JgAA
x-accel-expires: @1713346298
last-modified: Fri, 09 Oct 2020 23:18:38 GMT
server: CDN77-Turbo
etag: "5f80efce-3025"
x-77-nzt-ray: cf87872722e120df39c69e64db4c7c27
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sultan-kebabi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/08/ Frame 5040 13 KB
14 KB 78ms
74ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/08/sultan-kebabi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 479da794610042c07a692cc82df9f0dcd96e46dd83b103761d7f0387f2ac2f1e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6316830
x-accel-date: 1681810203
content-length: 13608
x-77-nzt: AZySIYsJLlD/HmNgAA
x-accel-expires: @1713346203
last-modified: Wed, 01 May 2019 22:27:29 GMT
server: CDN77-Turbo
etag: "5cca1d51-3528"
x-77-nzt-ray: cf87872722e120df39c69e648e587e27
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kofteli-sehzade-kebabi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/05/ Frame 5040 15 KB
15 KB 78ms
74ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/05/kofteli-sehzade-kebabi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 93877a4648f07d0a209913c6a05dcdc1810fe91fb41c96320aea06de80b708c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317191
x-accel-date: 1681809842
content-length: 15437
x-77-nzt: AZySIYu3xdD/h2RgAA
x-accel-expires: @1713345842
last-modified: Fri, 30 Apr 2021 23:49:24 GMT
server: CDN77-Turbo
etag: "608c9784-3c4d"
x-77-nzt-ray: cf87872722e120df39c69e643ccf8027
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mantar-soslu-tavuk-bonfile-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/12/ Frame 5040 12 KB
13 KB 79ms
74ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/12/mantar-soslu-tavuk-bonfile-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e47fe684eeb5978f6c7437edacdbe8f33a60d89a68403c3e58c0128bfe36a52d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 430302
x-accel-date: 1687696731
content-length: 12780
x-77-nzt: AZySIYuSq6X/3pAGAA
x-accel-expires: @1719232731
last-modified: Mon, 27 Dec 2021 23:35:26 GMT
server: CDN77-Turbo
etag: "61ca4dbe-31ec"
x-77-nzt-ray: cf87872722e120df39c69e6436d98227
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-tavuk-but-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/11/ Frame 5040 17 KB
17 KB 79ms
75ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/11/firinda-tavuk-but-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 96aa3667db041dd0f9351d85ca19b7485bf1dad1832ae2099c65cd5a11841275

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317191
x-accel-date: 1681809842
content-length: 17402
x-77-nzt: AZySIYuJ2V//h2RgAA
x-accel-expires: @1713345842
last-modified: Tue, 09 Nov 2021 21:00:38 GMT
server: CDN77-Turbo
etag: "618ae176-43fa"
x-77-nzt-ray: cf87872722e120df39c69e64b3378527
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuk-fajita-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/04/ Frame 5040 12 KB
12 KB 79ms
75ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/04/tavuk-fajita-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d966ecd46380ed5fdc36aadcd4b5a4bbd65ba852833ce5e834a4e37380ac9535

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6314360
x-accel-date: 1681812673
content-length: 12005
x-77-nzt: AZySIYswR03/eFlgAA
x-accel-expires: @1713348673
last-modified: Wed, 01 May 2019 23:32:42 GMT
server: CDN77-Turbo
etag: "5cca2c9a-2ee5"
x-77-nzt-ray: cf87872722e120df39c69e6400fd8727
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 soya-soslu-tavuk-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/02/ Frame 5040 14 KB
15 KB 79ms
75ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/02/soya-soslu-tavuk-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5061ede8e14dd075136fdcf6a3879f4b42a692eeaa605e2c5aa5f354e753fa61

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6314743
x-accel-date: 1681812290
content-length: 14545
x-77-nzt: AZySIYs524r/91pgAA
x-accel-expires: @1713348290
last-modified: Wed, 16 Feb 2022 22:31:56 GMT
server: CDN77-Turbo
etag: "620d7b5c-38d1"
x-77-nzt-ray: cf87872722e120df39c69e6475368b27
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 zeytinyagli-havuclu-taze-fasulye-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/09/ Frame 5040 14 KB
14 KB 79ms
75ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/09/zeytinyagli-havuclu-taze-fasulye-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 372e646203759b4bf2ddab1f01469d03dd8bc920f187a3a09bb316f4edf6d604

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6314332
x-accel-date: 1681812701
content-length: 14135
x-77-nzt: AZySIYtoj5//XFlgAA
x-accel-expires: @1713348701
last-modified: Sat, 11 Sep 2021 20:22:26 GMT
server: CDN77-Turbo
etag: "613d1002-3737"
x-77-nzt-ray: cf87872722e120df39c69e6480a48e27
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-misir-unlu-patates-kizartmasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/12/ Frame 5040 13 KB
13 KB 79ms
75ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/12/firinda-misir-unlu-patates-kizartmasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3be63679d6ca5fd205bdbc6dc4e6caf8d376a09decaea16226da1bae6d24fad6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6313968
x-accel-date: 1681813065
content-length: 12804
x-77-nzt: AZySIYsTln3/8FdgAA
x-accel-expires: @1713349065
last-modified: Wed, 01 May 2019 23:43:18 GMT
server: CDN77-Turbo
etag: "5cca2f16-3204"
x-77-nzt-ray: cf87872722e120df39c69e6485aa9227
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kasarli-karnabahar-koftesi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/12/ Frame 5040 15 KB
15 KB 79ms
75ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/12/kasarli-karnabahar-koftesi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a9e0c3f2f8aa72179351f0b5edcde6cfcf708285785c4a358331e05da8bff5a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317540
x-accel-date: 1681809493
content-length: 14949
x-77-nzt: AZySIYsSxF7/5GVgAA
x-accel-expires: @1713345493
last-modified: Wed, 09 Dec 2020 00:07:17 GMT
server: CDN77-Turbo
etag: "5fd01535-3a65"
x-77-nzt-ray: cf87872722e120df39c69e64216c9527
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-besamel-soslu-kiymali-karnabahar-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/01/ Frame 5040 13 KB
13 KB 79ms
75ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/01/firinda-besamel-soslu-kiymali-karnabahar-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 385b19d8c7f7bedac5169d996fa57206b3a35b608518dfd0aa4669f7d3a7b7de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317334
x-accel-date: 1681809699
content-length: 12867
x-77-nzt: AZySIYuDTiD/FmVgAA
x-accel-expires: @1713345699
last-modified: Wed, 01 May 2019 22:53:33 GMT
server: CDN77-Turbo
etag: "5cca236d-3243"
x-77-nzt-ray: cf87872722e120df39c69e64ea739827
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 lokanta-usulu-ezogelin-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/05/ Frame 5040 12 KB
12 KB 79ms
76ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/05/lokanta-usulu-ezogelin-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 1a6d6ecc5afe8b370681181e0077b6c838310f74f8473a1f36527577d5a1fab7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317218
x-accel-date: 1681809815
content-length: 11911
x-77-nzt: AZySIYugTFn/omRgAA
x-accel-expires: @1713345815
last-modified: Wed, 01 May 2019 22:58:45 GMT
server: CDN77-Turbo
etag: "5cca24a5-2e87"
x-77-nzt-ray: cf87872722e120df39c69e6456be9a27
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 muradiye-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/04/ Frame 5040 11 KB
11 KB 79ms
76ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/04/muradiye-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 43204d58f6a24cdd36d594f28e4dc0f9ab0f5ad29b4a166bb6d5f3c16756636f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6315334
x-accel-date: 1681811699
content-length: 11241
x-77-nzt: AZySIYvYMNP/Rl1gAA
x-accel-expires: @1713347699
last-modified: Wed, 01 May 2019 23:47:00 GMT
server: CDN77-Turbo
etag: "5cca2ff4-2be9"
x-77-nzt-ray: cf87872722e120df39c69e64239d9c27
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 korili-karnabahar-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/12/ Frame 5040 11 KB
11 KB 79ms
76ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/12/korili-karnabahar-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 51571e6e49d9d1243db244dd3bb1790047c7b566dabc9400564dd7f74432ffc6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6316941
x-accel-date: 1681810092
content-length: 11094
x-77-nzt: AZySIYsrYtH/jWNgAA
x-accel-expires: @1713346092
last-modified: Sun, 19 Dec 2021 23:06:47 GMT
server: CDN77-Turbo
etag: "61bfbb07-2b56"
x-77-nzt-ray: cf87872722e120df39c69e6409f29e27
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 hidiv-corbasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/02/ Frame 5040 11 KB
12 KB 80ms
76ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/02/hidiv-corbasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 842c88bbde71118e56fc313dbe3ad3d9e5dd9b3b9913960838734a29e5982b7e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6315840
x-accel-date: 1681811193
content-length: 11592
x-77-nzt: AZySIYuZUyz/QF9gAA
x-accel-expires: @1713347193
last-modified: Wed, 22 Feb 2023 19:26:52 GMT
server: CDN77-Turbo
etag: "63f66c7c-2d48"
x-77-nzt-ray: cf87872722e120df39c69e64bb13a127
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sade-un-helvasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/02/ Frame 5040 9 KB
10 KB 80ms
76ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/02/sade-un-helvasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: cb70a0b5ac2b1a8d8e5f0e0b91b99d95723392847800eb91f42673794ce38e5f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6316678
x-accel-date: 1681810355
content-length: 9502
x-77-nzt: AZySIYsPrjr/hmJgAA
x-accel-expires: @1713346355
last-modified: Wed, 12 Feb 2020 21:37:39 GMT
server: CDN77-Turbo
etag: "5e447023-251e"
x-77-nzt-ray: cf87872722e120df39c69e64c2c5a327
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ispanakli-kek-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/03/ Frame 5040 14 KB
15 KB 80ms
76ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/03/ispanakli-kek-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: c25e33aaf9d908bb036672ed26b9af74032d7cb464d5e3f3b9b67e868798290a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6315274
x-accel-date: 1681811759
content-length: 14836
x-77-nzt: AZySIYuXk2X/Cl1gAA
x-accel-expires: @1713347759
last-modified: Wed, 01 May 2019 22:56:15 GMT
server: CDN77-Turbo
etag: "5cca240f-39f4"
x-77-nzt-ray: cf87872722e120df39c69e644e40a727
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 soguk-serbetli-irmik-helvasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/01/ Frame 5040 12 KB
12 KB 80ms
77ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/01/soguk-serbetli-irmik-helvasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ec88c9de3a44165db5e410d072fee68874d371d17eeac4ea36c5325d485b3f7b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 55389
x-accel-date: 1688071644
content-length: 12086
x-77-nzt: AZySIYvO0B7/XdgAAA
x-accel-expires: @1719607644
last-modified: Thu, 02 Jan 2020 19:20:42 GMT
server: CDN77-Turbo
etag: "5e0e428a-2f36"
x-77-nzt-ray: cf87872722e120df39c69e649699ad27
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 keskul-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/10/ Frame 5040 14 KB
14 KB 96ms
93ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/10/keskul-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d5907d04f8aa7cc029868fb441fd2a02dce10b72e3a68d6294aa7a2debf90440

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6316554
x-accel-date: 1681810479
content-length: 14166
x-77-nzt: AZySIYtG+GT/CmJgAA
x-accel-expires: @1713346479
last-modified: Sat, 03 Oct 2020 18:58:33 GMT
server: CDN77-Turbo
etag: "5f78c9d9-3756"
x-77-nzt-ray: cf87872722e120df39c69e64ea9fb627
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-somun-ekmek-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/03/ Frame 5040 11 KB
11 KB 96ms
94ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/03/firinda-somun-ekmek-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 58fa8288d109b6525ab6ced54d659e79cc4e2a925f61d6c76da140f0a689ef59

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 143040
x-accel-date: 1687983993
content-length: 11344
x-77-nzt: AZySIYu1vp//wC4CAA
x-accel-expires: @1719519993
last-modified: Mon, 23 Mar 2020 22:17:36 GMT
server: CDN77-Turbo
etag: "5e793580-2c50"
x-77-nzt-ray: cf87872722e120df39c69e645205bd27
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ev-yapimi-seftali-receli-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/06/ Frame 5040 14 KB
14 KB 97ms
94ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/06/ev-yapimi-seftali-receli-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5af02ce6b5997fabe156a5cf9e0dfdf4901a0552a78732b587d1ca38ffc2e4f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6307809
x-accel-date: 1681819224
content-length: 14292
x-77-nzt: AZySIYtz0AT/4T9gAA
x-accel-expires: @1713355224
last-modified: Wed, 01 May 2019 22:44:02 GMT
server: CDN77-Turbo
etag: "5cca2132-37d4"
x-77-nzt-ray: cf87872722e120df39c69e64b3ecc227
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cokelek-salatasi-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/02/ Frame 5040 14 KB
15 KB 97ms
94ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/02/cokelek-salatasi-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 1bd2603da78c0513ae07dff23bf8925d95683b782d9eaabc18e003d3167b8dc9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6316567
x-accel-date: 1681810466
content-length: 14757
x-77-nzt: AZySIYuNe/P/F2JgAA
x-accel-expires: @1713346466
last-modified: Fri, 14 Feb 2020 22:35:21 GMT
server: CDN77-Turbo
etag: "5e4720a9-39a5"
x-77-nzt-ray: cf87872722e120df39c69e646152ca27
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 pizza-pogaca-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/08/ Frame 5040 15 KB
15 KB 97ms
94ms Image
image/jpeg 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/08/pizza-pogaca-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d41d07189295595e39267e87a880138ce04d72fe0ba272a91c07c735db7d2092

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6314113
x-accel-date: 1681812920
content-length: 15270
x-77-nzt: AZySIYutd9H/gVhgAA
x-accel-expires: @1713348920
last-modified: Wed, 01 May 2019 23:21:59 GMT
server: CDN77-Turbo
etag: "5cca2a17-3ba6"
x-77-nzt-ray: cf87872722e120df39c69e646187cd27
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 _dmca_premi_badge_5.png
images.dmca.com/Badges/ Frame 5040 5 KB
6 KB 118ms
35ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_5.png?ID=da1d399b-5fd3-4da3-b5cd-8af692c19999
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:33 GMT
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: Microsoft-IIS/10.0
etag: "8ae3cdbd420cc1:0"
x-powered-by: ASP.NET
x-hw: 1688127033.cds263.am5.hn,1688127033.cds292.am5.c
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/_dmca_premi_badge_5.png>; rel="canonical"
content-length: 5605

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ Frame 5040 56 B
362 B 181ms
62ms Script
text/javascript 23.206.208.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.206.208.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-206-208-114.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 30 Jun 2023 12:10:33 GMT
server: Oracle API Gateway
opc-request-id: /CD9FC3B404AAAEB0BFB378B4D1F1A552/9CEA7D822F8838F0CE3F43FE3D4EE9AC
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H2 200 DMCABadgeHelper.min.js Show response
images.dmca.com/Badges/ Frame 5040 465 B
584 B 119ms
37ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://images.dmca.com/Badges/DMCABadgeHelper.min.js
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:33 GMT
content-encoding: gzip
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
server: Microsoft-IIS/10.0
etag: "26b181f16d28d51:0"
x-powered-by: ASP.NET
x-hw: 1688127033.cds263.am5.hn,1688127033.cds214.am5.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/DMCABadgeHelper.min.js>; rel="canonical"
content-length: 395

GET
H2 200 outside.js Show response
static.virgul.com/theme/mockups/adcode/ Frame 5040 75 KB
26 KB 434ms
74ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:34 GMT
content-encoding: gzip
last-modified: Fri, 23 Jun 2023 06:55:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=43200

GET
H2 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 5040 3 KB
2 KB 94ms
34ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

30dcca04511b7bc89ed4420843ca7e3c739a6281002e63609def4d6658166e3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 30 Jun 2023 12:10:33 GMT
content-md5: 3VYd61jc8kDF89bf+TRyFQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
x-fb-debug: 4u4EVIvLNnkX2xi0yRgeo0lU8xpHAbi6811xolbAGAfubCC3CVMzPYyJlbmK7fjn6fE0PNxaL/evwJpwZvp0kQ==
x-fb-content-md5: b96d87ce5165647fffbaa289e36839a5
cross-origin-opener-policy: same-origin-allow-popups
etag: "90574c2093820150f45c07fae75bd7c8"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:17:28 GMT

GET
H2 200 sprite_3.png
cdn.ye-mek.net/grafik/ Frame 5040 21 KB
21 KB 93ms
92ms Image
image/png 2a02:6ea0:c700::18
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/grafik/sprite_3.png
Requested by: Host: cdn.ye-mek.net
URL: https://cdn.ye-mek.net/maincss.css?v=434
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.ye-mek.net/maincss.css?v=434
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 12:10:33 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6317576
x-accel-date: 1681809457
content-length: 21525
x-77-nzt: AZySIYuS+sz/CGZgAA
x-accel-expires: @1713345457
last-modified: Mon, 14 May 2018 20:55:05 GMT
server: CDN77-Turbo
etag: "5af9f7a9-5415"
x-77-nzt-ray: cf87872722e120df39c69e643b59d527
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H3 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 5040 307 KB
87 KB 60ms
29ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js?hash=6017c778fa221026fad05fea8aa9094c

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/tr_TR/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6aeae4add2f4eac99ed13b72c24866b77edacbae0f6ed89994e54fc165e322aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 30 Jun 2023 12:10:33 GMT
content-md5: nwRALmJA1wWsYXQhPWL1+Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88851
x-fb-debug: BYkeI+IhnGIjA9o7gvjwQXlBnOTMqQO8y1CFMBEodIafiTec9Qep+QainfNsi5OtSPusAVAM7Oe0F0JdTBqDbw==
x-fb-content-md5: b69d7712d4ea8b8e852c6b5a1506b5b1
cross-origin-opener-policy: same-origin-allow-popups
etag: "37fd393b7bb68550362213d7a1c34f16"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 29 Jun 2024 09:06:11 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 5040 76 KB
26 KB 272ms
150ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

15755727f46778e9a116ce83828803efd8854c4935f4448f876b5e8f92915e48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26089
x-xss-protection: 0
server: cafe
etag: 99 / 19538 / m202306270101 / config-hash: 327100832698525116
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:10:34 GMT

GET
H2 200 ads.js Show response
static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ Frame 5040 120 B
306 B 71ms
71ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ads.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:34 GMT
last-modified: Wed, 21 Dec 2022 18:47:42 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 120

GET
H2 200 str.html Show response
static.virgul.com/theme/mockups/outside/ Frame 005B 891 B
1 KB 71ms
70ms Document
text/html 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
content-length: 891
content-type: text/html
date: Fri, 30 Jun 2023 12:10:34 GMT
last-modified: Wed, 28 Sep 2022 10:07:57 GMT
server: openresty/1.15.8.3

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 5040 139 KB
48 KB 230ms
108ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0295e1553c6a6704d9ad66cdb68ef4f79684ed9862491a271b5ff9e22c488f1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48751
x-xss-protection: 0
server: cafe
etag: 1095683070698476128
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:10:34 GMT

GET
H2 200 prebid7.38.0.js Show response
static.virgul.com/theme/mockups/outside/ Frame 5040 489 KB
182 KB 79ms
78ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:34 GMT
content-encoding: gzip
last-modified: Mon, 27 Mar 2023 14:56:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 5040 236 KB
58 KB 121ms
34ms Script
application/javascript 13.224.192.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-181.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 11:26:29 GMT
content-encoding: gzip
via: 1.1 5743d3ff81b625f69ad8b8e32fc9c412.cloudfront.net (CloudFront), 1.1 c379418fd6100691807f32f274ebe9ce.cloudfront.net (CloudFront)
last-modified: Thu, 29 Jun 2023 21:03:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA2-C1
age: 2646
x-amz-server-side-encryption: AES256
etag: W/"9352f20e556bff9fea6fd0461aac850d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: 6VOqL6xc3IDxxT0fpdecozzA1inr1rvtZQ1HNSGhVXGk18jDzFYZcA==

GET
H2 200 pageview Show response
ng.virgul.com/ Frame 5040 38 KB
7 KB 413ms
91ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/pageview?c=site_geneli&mt=1688127034138&v=https%3A%2F%2Fye-mek.net%2F&r=yemek_net:site_geneli&userId=&tp=&os=&call=noktaad.ads.vvad&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc0,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.6195651167901226
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: f9b9f94fadc3336365751e2afc49c63d973540f30071066607e1ee9950aad2ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:34 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/fallback/ Frame 5040 12 KB
2 KB 71ms
71ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/fallback/yemek_net.js?dts=19538
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:34 GMT
content-encoding: gzip
last-modified: Tue, 20 Jun 2023 21:45:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 hb Show response
ng.virgul.com/ Frame 5040 50 KB
5 KB 435ms
119ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/hb?call=noktaad.setHbParameters&site=yemek_net&dts=468924
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2c3a365cb6aef1fb55a6c56a182e6943da6f655e91c962fe9c163d67f1f8d48b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:34 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
cache-control: max-age=3600
access-control-allow-credentials: true

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 5040 0
305 B 32ms
31ms XHR
text/plain 13.224.192.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fye-mek.net&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-181.fra2.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 10:58:22 GMT
via: 1.1 c379418fd6100691807f32f274ebe9ce.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
age: 4331
x-cache: Hit from cloudfront
access-control-allow-origin: https://ye-mek.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: 4dA9WtqHEFQzGeZ90lquJ3tJbU0TIjKtofN9C4BF-EgReKg3zQhZiA==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 5040 6 KB
3 KB 88ms
29ms XHR
application/javascript 13.224.192.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-181.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: rBtfgJUMGYsy5fZuQwMAU7hSD.fVdF76
content-encoding: gzip
via: 1.1 2ec3090d74e200e4acdb2780da3c3c44.cloudfront.net (CloudFront)
date: Fri, 30 Jun 2023 06:03:07 GMT
x-amz-cf-pop: FRA2-C1
age: 24083
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sat, 24 Jun 2023 09:19:11 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: wzTesXbCl5j8a635duiUhzTo8jPObU2QTai0DiSWRRaILSlMsrNqOQ==

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306270101/ Frame 5040 344 KB
118 KB 233ms
118ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net&bust=31075721

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8fc79cdfa3fb99df39933b99349ae19b50f0fea602459d1855cf7a06a19e5928

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120855
x-xss-protection: 0
server: cafe
etag: 14484150972571735391
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:10:34 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230627/r20190131/ Frame AB4F 10 KB
5 KB 178ms
56ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230627/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 16576
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4544
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 07:34:18 GMT
etag: 12368291122986407432
expires: Fri, 14 Jul 2023 07:34:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/ Frame 5040 392 KB
125 KB 58ms
56ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6df7c73fa12d8261f09a11faff5c77f91f912362a9fdc15c46c3b949b188717b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 07:44:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15954
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127740
x-xss-protection: 0
server: cafe
etag: 1744020965594933375
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sat, 29 Jun 2024 07:44:40 GMT

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/sites/ Frame 5040 11 KB
5 KB 73ms
72ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/sites/yemek_net.js?dts=468924
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:34 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 09:08:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ Frame 5040 17 KB
5 KB 107ms
30ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 11:17:18 GMT
content-encoding: gzip
age: 3196
x-guploader-uploadid: ADPycduRPoFOYDN9UE4yHfjDe-dOqhxUeBQsaiswHJg0Db2fkKMyVZRIXHS-NCI5QsuID0HvFmghWWpw9Rdg08e45FOZ3p9Zzi9s
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5009
last-modified: Mon, 05 Jun 2023 16:36:50 GMT
server: UploadServer
etag: "47a886353056caf33a998c6041e20896"
vary: Accept-Encoding
x-goog-generation: 1685983010517890
x-goog-hash: crc32c=aHj4lg==, md5=R6iGNTBWyvM6mYxgQeIIlg==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 5009
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 zoneview
ng.virgul.com/ Frame 5040 0
209 B 73ms
73ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1688127034558&v=https%3A%2F%2Fye-mek.net%2F&r=153366@153377@153378@153379@153379@153382@153383:yemek_net&userId=vnet3bc71549-6df8-44a0-a5ac-c4fd13789c73&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.20267295764737536
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 12:10:34 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 empowerwebplayer3.js Show response
static.virgul.com/theme/mockups/outside/ Frame 5040 10 KB
3 KB 74ms
74ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:34 GMT
content-encoding: gzip
last-modified: Tue, 13 Jun 2023 13:36:40 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 zoneview
ng.virgul.com/ Frame 5040 0
209 B 72ms
71ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1688127034640&v=https%3A%2F%2Fye-mek.net%2F&r=153394@153493:yemek_net&userId=vnet3bc71549-6df8-44a0-a5ac-c4fd13789c73&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.39638246224894935
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 12:10:34 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ Frame 5040 7 KB
3 KB 528ms
72ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19538
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Fri, 07 Jul 2023 12:10:35 GMT

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ Frame 5040 23 B
459 B 457ms
357ms XHR
text/javascript 13.32.119.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pr=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pid=Q5E4lZ3Q26rZW&cb=0&ws=1600x1200&v=23.612.1758&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338221728129623web_yemeknet_right_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_right_tower%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338321728129623web_yemeknet_left_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_left_tower%22%7D%5D&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.119.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-119-77.fra60.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 0dec5f752f0f332c449471a83f050dd2.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA60-P1
x-amz-rid: PEFMN21REJTPJY9NXC9B
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: 2qMAZnGRcogi69w9-Xy-Epf2Bb99dv1BVbJuKBCwsTDDwJKTNmelcg==

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 5040 107 B
456 B 195ms
65ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 5040 28 KB
12 KB 426ms
426ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=298373143460488&correlator=989119097405742&eid=31075762&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=2&adks=3733009076&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688127034138%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet3bc71549-6df8-44a0-a5ac-c4fd13789c73%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet3bc715496df844a0a5acc4fd13789c73&sc=1&cdm=ye-mek.net&abxe=1&dt=1688127034722&lmt=1688127034&dlt=1688127033340&idt=1328&adxs=436&adys=2665&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=rlqlx3abjkqk&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=62461326.1688127035&ga_sid=1688127035&ga_hid=844562977&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f091c1d78d8c2ba5d642eb1f87c82d6540b4db85988202fb60d923ca23d1adba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11878
x-xss-protection: 0
google-lineitem-id: 6241543851
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138425219174
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8CF3 6 KB
3 KB 221ms
64ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:34 GMT
expires: Sat, 29 Jun 2024 12:10:34 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 5040 66 KB
16 KB 997ms
996ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=298373143460488&correlator=1681231553201951&eid=31075762&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=3&adks=2338199780&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688127034138%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet3bc71549-6df8-44a0-a5ac-c4fd13789c73%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D%26amznbid%3D1%26amznp%3D1&ppid=vnet3bc715496df844a0a5acc4fd13789c73&sc=1&cdm=ye-mek.net&abxe=1&dt=1688127034754&lmt=1688127034&dlt=1688127033340&idt=1328&adxs=315&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=df49qomf210b&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=62461326.1688127035&ga_sid=1688127035&ga_hid=844562977&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c792ff4f44aaf2dbee5452f216ae55df14e8cd634494e5644e8b9e4d82bbaa9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16115
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 5040 110 KB
40 KB 550ms
549ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=298373143460488&correlator=1681231553201951&eid=31075762&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=4&adks=3864748221&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688127034138%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet3bc71549-6df8-44a0-a5ac-c4fd13789c73%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D%26amznbid%3D1%26amznp%3D1&ppid=vnet3bc715496df844a0a5acc4fd13789c73&sc=1&cdm=ye-mek.net&abxe=1&dt=1688127034760&lmt=1688127034&dlt=1688127033340&idt=1328&adxs=349&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=bztswfdin8rj&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=62461326.1688127035&ga_sid=1688127035&ga_hid=844562977&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d899cadefb9f60296c53fceda0e6a6d3e443c20d0af6f8e29ccbd0ccd03796b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40701
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 5040 21 KB
10 KB 797ms
797ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=298373143460488&correlator=1681231553201951&eid=31075762&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_3&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=5&adks=818013153&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688127034138%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet3bc71549-6df8-44a0-a5ac-c4fd13789c73%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D%26amznbid%3D1%26amznp%3D1&ppid=vnet3bc715496df844a0a5acc4fd13789c73&sc=1&cdm=ye-mek.net&abxe=1&dt=1688127034765&lmt=1688127034&dlt=1688127033340&idt=1328&adxs=985&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=pqph1th5hgyv&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=62461326.1688127035&ga_sid=1688127035&ga_hid=844562977&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f0a5e88aa776ea32844d763848cb8b86d2b6b2e5282db828b2f5dbf28e03c7a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9821
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tag Show response
feed.pghub.io/ Frame 9E35 13 B
257 B 127ms
43ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Fri, 30 Jun 2023 12:10:34 GMT
strict-transport-security: max-age=31536000
via: 1.1 google

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B881 603 B
218 B 199ms
198ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688127034463&bpp=5&bdt=1124&idt=371&shv=r20230627&mjsv=m202306270101&ptt=9&saldr=aa&nras=1&correlator=8693008364856&frm=24&ife=1&pv=2&ga_vid=62461326.1688127035&ga_sid=1688127035&ga_hid=844562977&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759837%2C44759876%2C31075625%2C31075641%2C31075721%2C44785294%2C44788441&oid=2&pvsid=298373143460488&tmod=2057557038&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.6fqzv0byjolx&fsb=1&dtd=397

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net&bust=31075721

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E45A 6 KB
3 KB 58ms
57ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:34 GMT
expires: Sat, 29 Jun 2024 12:10:34 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 5040 107 B
165 B 68ms
67ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 5040 29 KB
13 KB 384ms
384ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=298373143460488&correlator=1728623287246604&eid=31075762&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_left_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=6&adks=3299242717&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688127034138%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet3bc71549-6df8-44a0-a5ac-c4fd13789c73%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet3bc715496df844a0a5acc4fd13789c73&sc=1&cdm=ye-mek.net&abxe=1&dt=1688127035224&lmt=1688127035&dlt=1688127033340&idt=1328&adxs=122&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=jojt7vnc60yj&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&psts=ABnkTfBwb47oGRPhAmW0DP0PQ59lpUsE6tefByq_hVYGhpKMqxmhyuNzzsmc9D7OZ2X8NhX_muAn8wpcu-w5NroUTQ&ga_vid=62461326.1688127035&ga_sid=1688127035&ga_hid=844562977&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2538a38066094576db43ac94da66c5bbaa9332f70e5ddb9d1442196157505496

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13321
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 5040 113 KB
41 KB 350ms
345ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=298373143460488&correlator=3152490215378741&eid=31075762&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=7&adks=345722362&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688127034138%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet3bc71549-6df8-44a0-a5ac-c4fd13789c73%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet3bc715496df844a0a5acc4fd13789c73&sc=1&cdm=ye-mek.net&abxe=1&dt=1688127035229&lmt=1688127035&dlt=1688127033340&idt=1328&adxs=436&adys=1389&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=trly3vkt12np&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&psts=ABnkTfBwb47oGRPhAmW0DP0PQ59lpUsE6tefByq_hVYGhpKMqxmhyuNzzsmc9D7OZ2X8NhX_muAn8wpcu-w5NroUTQ&ga_vid=62461326.1688127035&ga_sid=1688127035&ga_hid=844562977&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

689fcf7231be4a3fa8ac188589557173f644bfa4dcf787476c9c349480792687

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41664
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 5040 65 KB
14 KB 474ms
468ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=298373143460488&correlator=4275122471856717&eid=31075762&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_right_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=8&adks=3203893797&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688127034138%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet3bc71549-6df8-44a0-a5ac-c4fd13789c73%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet3bc715496df844a0a5acc4fd13789c73&sc=1&cdm=ye-mek.net&abxe=1&dt=1688127035236&lmt=1688127035&dlt=1688127033340&idt=1328&adxs=1318&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=qndtaz29phcw&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&psts=ABnkTfBwb47oGRPhAmW0DP0PQ59lpUsE6tefByq_hVYGhpKMqxmhyuNzzsmc9D7OZ2X8NhX_muAn8wpcu-w5NroUTQ&ga_vid=62461326.1688127035&ga_sid=1688127035&ga_hid=844562977&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e64580cd0b667218f84acb806e2d3091d7742d8819afb1dbc0a58030f315b801

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14659
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 5040 23 KB
11 KB 439ms
437ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=298373143460488&correlator=1979208005194534&eid=31075762&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_ust_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=9&adks=456810305&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688127034138%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet3bc71549-6df8-44a0-a5ac-c4fd13789c73%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet3bc715496df844a0a5acc4fd13789c73&sc=1&cdm=ye-mek.net&abxe=1&dt=1688127035240&lmt=1688127035&dlt=1688127033340&idt=1328&adxs=436&adys=751&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=rwo2rlmjozyq&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&psts=ABnkTfBwb47oGRPhAmW0DP0PQ59lpUsE6tefByq_hVYGhpKMqxmhyuNzzsmc9D7OZ2X8NhX_muAn8wpcu-w5NroUTQ&ga_vid=62461326.1688127035&ga_sid=1688127035&ga_hid=844562977&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af407dbc514c18e7112d85d4d50186d6547e7bdfb48e7c7cf2f400c42aafce71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10902
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 5040 24 KB
11 KB 397ms
396ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=298373143460488&correlator=2283711425563583&eid=31075762&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=10&adks=2157304621&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688127034138%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet3bc71549-6df8-44a0-a5ac-c4fd13789c73%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet3bc715496df844a0a5acc4fd13789c73&sc=1&cdm=ye-mek.net&abxe=1&dt=1688127035246&lmt=1688127035&dlt=1688127033340&idt=1328&adxs=436&adys=2027&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=8qts24yp5yiw&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&psts=ABnkTfBwb47oGRPhAmW0DP0PQ59lpUsE6tefByq_hVYGhpKMqxmhyuNzzsmc9D7OZ2X8NhX_muAn8wpcu-w5NroUTQ&ga_vid=62461326.1688127035&ga_sid=1688127035&ga_hid=844562977&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ff4e01de0d01a0fec916208e6dda4b0d8780803a1e07da81d27962223d809194

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11371
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame E45A 24 KB
7 KB 187ms
58ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 173264
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 27 Jun 2024 12:02:51 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame E45A 138 KB
48 KB 112ms
109ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1da93787a81aa7658f87fa610f3dd06ac6e4c6173921538ed5004cc89aa57a58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Origin: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48729
x-xss-protection: 0
server: cafe
etag: 9479542964266619159
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:10:35 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E45A 179 KB
57 KB 207ms
69ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:10:35 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 5040 361 KB
121 KB 87ms
72ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19538

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123120
x-xss-protection: 0
expires: Fri, 30 Jun 2023 12:10:35 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ Frame 5040 398 KB
128 KB 76ms
76ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=6/30/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: gzip
last-modified: Mon, 29 May 2023 18:51:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Fri, 07 Jul 2023 12:10:35 GMT

GET
H3 200 container.html Show response
3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame DEF1 6 KB
3 KB 57ms
57ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:34 GMT
expires: Sat, 29 Jun 2024 12:10:34 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame DEF1 34 KB
14 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7f3232e16c5af1b4d3192ed6be46c39b4902ecef8717b7a1dc69da6b8fe34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 20:55:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54932
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13672
x-xss-protection: 0
server: cafe
etag: 2805512053162071780
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 20:55:03 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame DEF1 24 KB
6 KB 70ms
69ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 173264
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 27 Jun 2024 12:02:51 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DEF1 179 KB
56 KB 229ms
228ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:10:35 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame DEF1 23 KB
9 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite_fy2021.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 18:04:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65172
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9104
x-xss-protection: 0
server: cafe
etag: 12939045362079141464
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 18:04:23 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame DEF1 3 KB
1 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 07:44:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15953
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 07:44:42 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame DEF1 20 KB
8 KB 186ms
185ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66008
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:27 GMT

GET
H2 200 6363a944e4b0125bde9e6739
ng.virgul.com/tck/imp/ Frame 5040 0
209 B 144ms
144ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/imp/6363a944e4b0125bde9e6739?g=1&t=cpc_annotation&r=153366@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688127034138&userId=vnet3bc71549-6df8-44a0-a5ac-c4fd13789c73
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 12:10:35 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame E45A 0
0 95ms
94ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvcqWGrGuuCezqKBcly7Tfd0xRFggn6YmIT4zOqTCHaUdxeAqa7VK5jWjZBiNb-28ymcRszlAJ5ElIpkNzTaG8B-zlRDQO1XjUf8ynvowMrxFCB2jZ-uxoYwXPWKUFNV3vZCBnWnh7DyaRaXSmtBo0Pap0GxhQ0J0BUc67DfAK5lGAJEuuPUOlJhxOPT5-KSgyDh4ip-vGtHM4kab0jwCcBpanv0HX3xiLMavji92ezV2MxAeh8SHGdQABV1q7yJhQjYlQr1Zu-LyIqsT_MHDzKiM-V_C9TiVToMzFSiRmIGHFBMt72Rm7IE4FoqNpuutlwHQbRmWFTSPTLUrHe8cBzE2ES_BjBhtXk5q-L8ZRTFOiqc5yk5ZOFOg&sai=AMfl-YS7qCzbbr_vzBoAh5ZkYsu1ZGj-5R6xoErBLMamHWBu75WXCZqbo2njBvNnLXpGwt6WexMb8vBWS96fUtytcoNRj_kKbGugR1n3yLuDejw&sig=Cg0ArKJSzFHA3GJD_YHEEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 30 Jun 2023 12:10:35 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306260101/ Frame E45A 344 KB
118 KB 137ms
137ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306260101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com&bust=31075720

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5bfc1fb9c150261e57f3b81a33f456f5979cb6f73fe6d6ddea5d7e35ae9dbf1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121155
x-xss-protection: 0
server: cafe
etag: 16570861383236117822
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:10:35 GMT

GET
H3 200 container.html Show response
3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 40E7 6 KB
3 KB 59ms
57ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:34 GMT
expires: Sat, 29 Jun 2024 12:10:34 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame E45A 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 16b8908a3e4a0002f3a8a1325c2e1560d112b03c1118faa418ba635383e86ff2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame FDEC 6 KB
3 KB 140ms
136ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:34 GMT
expires: Sat, 29 Jun 2024 12:10:34 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 47D2 6 KB
3 KB 64ms
63ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:34 GMT
expires: Sat, 29 Jun 2024 12:10:34 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1141 6 KB
3 KB 59ms
58ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:34 GMT
expires: Sat, 29 Jun 2024 12:10:34 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 10261972549777223277
s0.2mdn.net/simgad/ Frame DEF1 44 KB
44 KB 317ms
106ms Image
image/jpeg 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/10261972549777223277

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

25b451f3cad26104f57800c79546bf5a40295d0cecf5623e623f4479b94d0ddd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:53:57 GMT
x-content-type-options: nosniff
age: 152198
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44765
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 13:36:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 17:53:57 GMT

GET
H2 200 7352296608196688721
s0.2mdn.net/simgad/ Frame DEF1 10 KB
10 KB 278ms
67ms Image
image/png 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7352296608196688721

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:54:10 GMT
x-content-type-options: nosniff
age: 152185
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 13:36:48 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 17:54:10 GMT

GET
H3 200 container.html Show response
3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4E14 6 KB
3 KB 243ms
59ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:34 GMT
expires: Sat, 29 Jun 2024 12:10:34 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame E34D 624 B
245 B 127ms
101ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNEDENWYWRjThsnuATAB&v=APEucNURDpimLIQeQ48yCn7nHe3j7zdOZ-pYAIjTRlWtMwtQDVeztIOm8WoQ4dZwIGIe6LnA22OMjKn2vtExAh200Xe1HqsVLC2nnwbbipZaKmCZEBPJ3hx4e4MpdDPY42HdFMETq8nuzdH7ykLhA1DIGDfwSY6BKXRGsUejN_LT0kroOUaA4d8

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:35 GMT
expires: Fri, 30 Jun 2023 12:10:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 40E7 78 KB
27 KB 148ms
147ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:10:35 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 40E7 42 B
63 B 92ms
90ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BWyCJwSRm0_AL2Tfa5_6rNNz1OzHxcxDh7Biu4a5lMqy5oV5_k82z8C3WJuwIrtLr29lJzaqso-SiJ2Ov_yBSDrJqGklV61ntIHeic9pPNQPf55uM

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 40E7 0
20 B 93ms
90ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=5507169739825276124&x=1&ct=76

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 40E7 3 KB
1 KB 60ms
58ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 07:44:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15953
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 07:44:42 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 40E7 20 KB
8 KB 61ms
58ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66008
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:27 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 40E7 179 KB
56 KB 87ms
84ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:10:35 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame DEF1 42 B
63 B 78ms
77ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CnRVA6WDcGwZx8FO5DY3MtPGoSs6GbdF1OB6RP84wKfiQz0l4iogWr53GuyWs6ZlUce6DIuYk4YICYOcjvRxhXjJqKTQDx8rIDQFONou_MpjtCIB8Y0KUkdmwyfmJZV-bzMA7XYBP3I_YtZfHzlfJrkE419A&dbm_d=AKAmf-DCMVAhJ5Lt4QzX1Ont-ms2t_sjYfxuJnOhk7vyLSlM4Vpix7ppMUCjEmk-RwBAQ32vaU14TS3kAAfLtFCL8h38XP333wb3cYYSbv4uI7t19FtiyryCpU5Zn2lwB4Y_Vr6AoQA6nwwocGD17xsfgFqKxlDXHRmdWT06T1klm2y9azlh7JZhoUrKxEXQI_gdvnjESHIjgVHoGVp1408DGEyc8LU0ZBe_sGCX4m41v_ezMHefqvXNISyf4U_dX024vdegVeztJYoqyqMziPtdbmkC5lNpZ7da6svBDuJqa6wOLD9N3rq8fx1Qv2EmzPity6sdbQ4dDvGrNysin8i6DwCkzQCt2O1PvJqCHEgYADqUb9asZ1JIP1uGluIXWxQ2zUpT_15_QwVC5ap1z78hEPzxT7nKNN4LazWOee5gqXkXQwYt_CjJm1P58-ZZ5_fZT8CrKiqkF-d2Dm-9NeOajugIJ1J0cIeVoe5og8-QWonN4XTc9ZInS9dv03A-GMWZ8Ld9D-SoDJJCGBT7c8TH15zk0FwccDcFgzYmOAqD37mjkDsPg9MQEMxRGUR0kSj4QIJSpqxovvNnECyyMysTeLNNuVe1zwnEusC3lEJYGCaYx4CCDoOP-PuUApXZkYPbMJFBTd-j5Wki0R5EVX853lPpaDvKbkG0YG-hOYtYoQfpQhcbTND6rO35TvkLp_NN-O41hCcmBowiQLxlRgsPbe6x_3wgcql9KhL6B0yPaLQNeYq_kHcvI8XjBDAUw4YhKA_7gVbDElPAynGu8ZEEuWq_W9dsHjEXoGSdv7lq2F9FLHKgdHFVRO1J9RYvAWBn2HDGPPot9DNctIgyk2nJ8AXDhG5NQACroXFpxaykaZq7Egudlz--aX08fpg4kzDDcWqZ7ALxmYnzGGJNW22gjYmP5fPVpqMm9IPWTmYi5R97oyFdnGATGGop5PI46o7_CBdkkqhPkcI319bInlqyswFF_8J3n6RqrlcQ95KgjuixHSB8dlfeoQS51y8wERHTKkEK39XTAE2tOVleOngvYPgjlyxYnAbQl7OoeLnvHdYLV-pCgQrnYgyHHZxr8aIOh-Gq5Jt9HHT6SmfXdz-4B1jPGLGIWldqO1dL5pnehu1nZl3BOHpHycvkLxPuNLCwJ8Szdy08FSOzIrETOA7ff0BDB3Guqf_IhDEUV0qs87eohoCJNZ6QqhnCDPTk46f0YQLsajT9dn5wrobGaPf5sCA2_zZ-qysC4UsCr826YnqBpb2ntY7MLH3ZaXZYULde-eMQDlutJg4qTzdTH7niojPqKkAzqZhfkQ9gpouKxqGV9fvsP0F8Z1eZPYLA4ABpE-iw45ZE4w5efMWkQ1Qcg46RT8j4fbBkfHrXzR-FpXMmNrnBkzB8O8BQdVswl-OYfa5wQNIYEYnHAlDhN5V7dudUwzLuEGpbCQ7JKJ66sjJTslIuqdnpjc_CDa7imqgKP-JalLx2sUcm3XBY74ULpNtMsmzoyC5WtVO68767uC5Fj2SejYCLf-KJTRog4-hJr8wAcyey5AL5JYTGBQlhyAt2dAS1ocJttzhjhpZEOchQSSR-HoglTGl16ajQXiiO9beypSrOvsB0AIhvN5fKOgqc0McHqysSBGdDvvvjtYH6ovPJDIr6V7MealUyoovVeQ2mXnDw1qq8chPMsvnH5t1iNdegYSM1MhBmCzRWxkKqonlDIep2gDDlGo_imJTgAecGaB76VVmu66V0R5wXfvRhTeThmmm3dTMq60OPfLtZkfVEBajobUMrULErwM4yA87mfy0GIhuNISxW4FiSdxPzVnDXI-bVazzhKeuaYP1MsJKr3EGAC3nImCPGAKXDkDJi6vgYhlISAUvupomvVTRQ6VlrkyJmAB9CfvzpwFNH7KIpNgrO6lCFMP0xGhaRjKvlP02j9d_AxuJImCB6ZlKwjEKCMAP-I4TlFFtE1qb6_80m5hMaA3WuLRs4dw8vtudNYiOsIB_3fF2LGGeutmKzhcj7AEjcfZOcUnbn2X2a9ZRr0otcVSwUhRiJo5y06dDWKEtth2xnIFxQ6-50YGBvoJ9e76w6sOC0NTnYT5uj2qGic9Lu36nXZL3TeeF_IJOxgqnFUqskInkQzld-3yliCjjHddA3zMVMyYQs5hnnMUeWowJXBvWZ_3eAp3Fd9_L3puByg5whsFCVh8RQtHGX26y4lNQdCiSeO5ikBNNg_z7yJ_ZUGv-9NnzIFiIzyxH8LeonOEe0D9mdRaNsG6Du67KzHr79gzscauvrS1iznDAXtoLZEyIdtJ2TbOYEz33h0ilZulZRIZQ2Pzwg6DcbUikL5eRZS5yWcsqqV-zc6XFX7HNn_bv9GJjVNiI32P8hcW3LE0yKx3j-7m7amaGo9dbGnT_htxAMyjhoZy8rI1SABE4VVuoSXHYAjBXzXkB4WZrevi8EZ2YDj5gZVQN3a_bxTmeOCWiHdqh1lZfqiVkMdbc4m9mR7AP8rKEDLz6usDiv8ZPvmx3c51SmX0IIcOM0OI6IulBDc28VGyEOWB_XE-_DaMoabvPrE0GUBeOuRiGC5GHeCZj59hihPTOF5QVe8kF7Mmtu4Kwhv_1B2Tac_8r3AwaQw-fBpIeGaVKWs8Xo6NrSJx0KcO9XxW5Td0OYgecgeEY0bfBJbP488_k6W19Lo-S_6xIOO36cej144ZrsXesR2K-jGfzhPzrpbUcwHSwVhPl8oRdYfcMd6iKupIWDPCdsfEe435V690ZYPdr_hGjwBViWkQKCcE0f0gey8srllhX3jLuMggfX_CHCVmX200UAEGgaG7eSTHZMRlwU3s2bfr_EeyMJxH9Y8FqlHhNJHw_4Ck7xVLPomIXSP4s3GIa5ToUldGeyWpNWgHiAoGTvK1qzmUiBwfO_xI9rkIQqApT2yu5gXAkWRHDgay5OqzlR6c1A-a4J3IsDPhgUwXgxnjS4Wy1eyjN16aS_X8pw6eS3dS0tpGs-UJq-f9W9AUbGxwlSiaFciiKtmpYsWQ3QauBP78StKJdnvZuBCQ3IEVxEmlTfmmx9v-NhX3vyhMZTc7lWFXf0cYSoeSqLhwh2Pm5xuIEMx3sPUb8srf3VnSIfVqh2npYc-FUZoR-VljfKH_XP78pN-32rEhTgtkQBWgYmiehQWNfZPQq03ZPeZTzHHNnEwb8DTUUN7XucdQajUHZyG1Qaetu6dLK53N8vV1LDRb7SsX1t8dd_chs8rqnsq-Z-pTyEkJwwlBzX37HdMjhcScAugUm_1L2_vh6Jn-Ac1q5XhfZXLCHURxm6SP1KMW_BmVS7G1TQA6n9q-f5ed0Dq6UMY-tT_w4AOBJ5NVmChH059dV2HJ3ORmC_ArK6fI-FRq39ahgmHqLUj2V2w3wBk-3iL9yhdXt2XjA7zZARKrtUBk9CHEJbDI_ool6ZgXKVV5ndpVauBrvrkH768V4bish7fEXUOejDEL4jPT9Bu-dijcQjt5IRZkHumLNr7M-hJOD1TkNZDFu_7Yw-sPQ8UC4BUvBxCD8EjHM1pNr47_0DoqIfqYKAr57JKW0LZ4mwpKCwnCm13-gGbpkbaqHe3wpuvdEKhyaU&cid=CAQSbQBygQiD8FTdgde4HFJzOrpdvRJr4pTPTnAvI-uCxs1E2EkH23JOFfOd8Ee3dPYuwagpLujH-Bj8qZ2TD0cmA2A5LtZ51NeFBpKvMgtcB3DI7vZaqCi9y01VstOr3AUE02_lk9WpgHJ06w-b3jwYAQ&dc_exteid=31140447383449657422761577302310605&dc_pubid=4

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame DEF1 0
0 95ms
95ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CLYeHOsaeZKXWM9CW9fgPia-CINqxuf5wlO_CufkRjqq9n9k8EAEgwLKCa2CV-vCBjAegAdOp3fkCyAEGqQLYWKRVcTyyPqgDAaoE1wFP0CrNR-CK6uE1qFf04OYJqpaYVoWM0R5GN3fzoVGOGwVARaQwdUcBtBTr9Vo1D6r_DF6FTUvTATE9Oh-w6XDomPkl4hL6tuz64Z-__2deUheqpECkdnmF01AdqE6czVZLOQ1TqPc3kSo4Tkvq-xc0oOT3VKvHUXhaWbNHfmHxFxaM8g-1n48MYd2C9ulwg592T864UubaDxlHOrrPtolGb0IET7cPh3MQtK84EJ2D7Rsfot8x9UXu445M34oQp7uBXAReCJY-iThHyFJZYonO5Pu_GzK4tMAElJuD_sEE4AQDiAX42de5S5IFBggDEAIYAZIFBggbEAIYAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGN4AHldaihgGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHChCt_wMYpfXv7AHSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoDyAsBsBPSy-MTyBOXuoXjA9ATANgTDYgUBNgUAdAVAYAXAbIXHgocCAASFHB1Yi02NTkzNTIzMjEwMDEwMTU0GOrBbQ&sigh=gM3kcDyGL5g&uach_m=[UACH]&cid=CAQSbQBygQiD8FTdgde4HFJzOrpdvRJr4pTPTnAvI-uCxs1E2EkH23JOFfOd8Ee3dPYuwagpLujH-Bj8qZ2TD0cmA2A5LtZ51NeFBpKvMgtcB3DI7vZaqCi9y01VstOr3AUE02_lk9WpgHJ06w-b3jwYAQ&template_id=509&vt=10
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012306200257000/ Frame 0DD6 222 KB
61 KB 205ms
59ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306200257000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

20f091e39a994eac247abb2db8c48d424cb5f3ea8280cea2194168c2bf5f437e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Jun 2023 17:13:26 GMT
age: 327429
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61862
x-xss-protection: 0
server: sffe
etag: "bf95dc6813023782"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 25 Jun 2024 17:13:26 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012306200257000/v0/ Frame 0DD6 15 KB
5 KB 319ms
173ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306200257000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

db6c8330efd6e6bfd20dbed90de2e76fe0bac473c76abe90aaa91fac7bb067c6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Jun 2023 17:13:26 GMT
age: 327429
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5232
x-xss-protection: 0
server: sffe
etag: "b6c1e0819a00bf67"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 25 Jun 2024 17:13:26 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012306200257000/v0/ Frame 0DD6 94 KB
28 KB 324ms
179ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306200257000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

8169070527736f2296d9d72e169101428b2f9821205614dc54cd16d3130c70f8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Jun 2023 17:13:26 GMT
age: 327429
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28873
x-xss-protection: 0
server: sffe
etag: "75041cf86819093a"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 25 Jun 2024 17:13:26 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012306200257000/v0/ Frame 0DD6 5 KB
2 KB 345ms
200ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306200257000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1e5a28a902c7f1edfc9c082269da365300b36ceb1eed186bf26523d6867ed986

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Jun 2023 17:13:26 GMT
age: 327429
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1911
x-xss-protection: 0
server: sffe
etag: "5f86339daf79d63d"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 25 Jun 2024 17:13:26 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012306200257000/v0/ Frame 0DD6 40 KB
13 KB 347ms
202ms Script
text/javascript 2a00:1450:4001:800::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306200257000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d660119d70fde473f7720a43fb960d95c8ff46768e67d762f9557179709b8942

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Jun 2023 17:13:26 GMT
age: 327429
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12958
x-xss-protection: 0
server: sffe
etag: "bf1167c9eaa58b59"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 25 Jun 2024 17:13:26 GMT

GET
DATA 200
OK truncated
/ Frame 0DD6 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7724bb8f9e43a568347c7812886428d804b4cfc5084508ce0f6e3a8b7392ac61

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 5648818383791576392
s0.2mdn.net/simgad/ Frame 0DD6 532 KB
532 KB 304ms
163ms Image
image/jpeg 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/5648818383791576392

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

187574c8a3cf0026b633b356842e03d60450be911027b697e9542a650d1049c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 23:35:48 GMT
x-content-type-options: nosniff
age: 477287
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 544482
x-xss-protection: 0
last-modified: Fri, 31 Mar 2023 09:51:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 23:35:48 GMT

GET
H2 200 14952963386359035714
s0.2mdn.net/simgad/ Frame 0DD6 10 KB
10 KB 199ms
58ms Image
image/png 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14952963386359035714

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 14:13:04 GMT
x-content-type-options: nosniff
age: 511051
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Fri, 31 Mar 2023 09:51:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 14:13:04 GMT

GET
H3 200 ad
googleads.g.doubleclick.net/dbm/ Frame 0DD6 42 B
63 B 92ms
91ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D09kcj-DjzH7cU46iMfzaOx6atoXLiORJXThjpzWTPUgCQfEHJChDqRi4rYS7cjPUtc6Yoz_9xGmmJGDRHToiMEnP3Q2HF8vC8XuchOOSL4v291hYRFNMrP1nCAkGT3l17oXEcrfY3ATzCT7Mh8vSSuaXgGg&dbm_d=AKAmf-BtB_Kxe4ts332KDm0gHdgIuZaWnB-mrapico0wG1RVWsikXS4kW1gLRuCLexmFWTPDqavJ4cd4Dilz8mE0-ngNHyDyqJ1wEliqyS3sWvjDqW583HrKsM50QcKxWXM2Lhb4Rcdi9sEIrjws8k4Ewn6xwtxxJDwvRfukM7K-MrIwO_EETi_zS135CKk0DWlSFduGGVJBU4JJKPq57GS_lDtFfkGln7b1spW7LwPfN1f7tMqteWqQV__FYCKmMllqWxVxAcaTYadpqiUVHgudMNT1yzbvQFp7__DypQ796FAVGJbRJSATic9j-oXRzNVMoWhfw1X30flt-i4gIpOeaDHrUG0SkgC4T5r2D1_GHOU7qVnnmLMoa6dEFdu0zEV4AFtGutagpBUW4QFBznKWkSn3n1vx-d2p55hf_8w3KsxH_mEGtXzJIfaCOp7x8RpZoIzvpodNijCtXghF_hmomqNyV8jOSNNvYHqklyM3CT2eOXK2lBtUoFB-H7rHxZZJVR8fsoW5uRl666jLplO5-vftg42-obkiDbP_mun0liv0jI75az7p1j_Au-jndPLG7lD3agmoW2paLwbNqkPlYrajAhgGAFCoqSn44SXkh7i4k8rWMec2w7tNSBMUm3CTp12L0fytCpWsrVbwgIsh1SlpJYbS0ErZuqXkZVacE_RnnUX_ivpi1Offgx120rfnlCBTqQC3aeaZjKOdy8BNlJObrbTjBx4fr7lglhB86IPL5dqHWzfVln4SguXfsWKCfmIWmtDQTm1im2b6iToWkxyT_kl0u8SYLu-zOYy7dhqEOf7Vqb7i4q5jY94LIdJgoq1pNDkVVcvLVvJF79WBvLI1C99HI6ejrqDi6jy8zgkiHEljH7bi9eOhzkIisnFA7u4ca_gGRv9bm2YmJjqNnR5wVDsebdcVAVaounUS7_YjN_CG5tLqW_irZ5agBCFCX8_drpMwopQkkANwc4fxoPGeGxH8PMZ6929LVAAuk3r-_UGtAWJ5BYyBvl_0GJ9BPv3DmXY21Rlq_3ikTO7jp_tDqg6dH4EiVP6sOcV0lOiBFcwMs2TlIDaK5p--suUTxJYpUIcp1yGegFjAIDbO4_dyaqjObg3OL655TosGG_yNF0hAj7HM7X1ONG0lZUk1ZWLDcKL4elAl1eL6RlwyTG8jCy3sDrGCZidIq7W3Ir7vKK3ClCe2gEE-yS_tpGdNhEWeHSR9caWcgFRNngbIvNojWKYKv_3ImeyYGTXIhNSohrBjlB2is5ttxStoGpbF-mrZhR2GvGSpMQ4Ww6KXkASCup1v9PMrS64dl8jPRBNbbAoGe9QmL7siw2lqTgcUqsKf2xYHjly_HcSek885-7ZfF3NLdM-W0PFgSLh7MU1tybs2v2EbWs-1CAVf5XjBqaE7IAcnS9fwsHo_J2HR3ogc1dalMTArpdbWSpDLnAGfAEEdJi_enbUSAjMJLzh6tRlm81FjJf4JiWUFb4ywcQ6ybv8gLCY_SYvhZe4CqE2cUDg6iA77Cedz4RpBRO4JwyNyTayXu95MV1ONY8-c-y0jJX5nCO7r8vyDCzx4DxhFDVGCxvOzgAksFZK_7_SILuzzXsAfGE46fGPFVwQ6A4BsE1aWeYABIcdr5Kd_pJMm5Yqmfnah9sEJG1qmlTZJsbP99ZwaSbj4IJ-VXJkvca6mPInu4tezYIFN9-zF7g3QPiQxVd5ubGibwb-OkM-_FOStYVyYG6NvdkSstZPKmt1RdjY9gzAm-YJPv5FnNmN658cQl-5xnT-VhYrRzvXsRKZE_8BQOoywgNJ6eMqjdBSK38q24p5ntU37T5S35-mH1Z9DU97TPS8FAwK-PYx5WkHTQPORPr4QmLFQ6PS0XuOQwvM9-ovivkn4YuvGa33tTXXbCEFvDKwRnDYbc1wUPaPj_ru3frRukAxp0Kz-RmggwudAOEoabk9HQ92fLCwy2mSlrJHRdsYQ67LmxeemS2iR1zl4FvajXhpJw64QWJC0Vlr_koN1fJtvjGUHJDDeKzqJFkHGP0LDsa0zUPmrBrVZF27tDG-t1NKdDJJNQX6F9avFCDgsKmqtyFo_tpEF3S8ZLQJ45z37px1X8FzBKR_1Kgl-VhG6M8NCojKbGD6ZNQ8u3TqPVvl1oN5BH2GC11XDkW92_ZFXhOrK8vX8ijnDDcAa07e_CwiNkNa5hXfzYnj8HThUgflvK6IfKqmO4uAmvNof_nnzotjHaRvbo_KiloVkQ35zpv6_6vyf3TkMHIXf5GD1sjNgpmm6bBwr5tqDP079uDW7KyT6U4zT0sQMp7B2d7V8-FjSRwmcX-P7Rr3Sp_2StE4wyqyegTAWT73J-HOH1U4SNgpYzIcBuBKDDLKG2uVarZPpngDp_c-9zFUh-Rvh3Nt3kATKykSXgElAv8xE8qc2edv_AHeasoo-475U2H5sqw8OhT58usZt3M-67j7Qslb33YMDNA8qTJidJNA7tq80SOtLqhEKKC5WcswcTC3bI0srm4_Gm06BS5n8omEuG5fnYPfQd1Os4sKkm356U71H4iaxTdkbHzG9Z8YMZy8ArRHox5TxKf8JFSlV0AWraNq-wYiH4r1X8KeP2c4VfcB6tExN1SnDPyFIDY9BoNOrguFUEAItZcyB9RiWagqqlsxVHJQr9FPbFb26vIHPvjtA2aC2ftFKLXdV1YRbgRBNoaptXvgT5Fqx6ixzHQbZ5jfqUlnkDlIZH06KsAcjFBUFF8tHchOlHQiyjYACxONlwKu4j4gs3iVxfHHFxyQxkqs_Bj-rc_3lp9SuyFXss_oTGxJ1TwdYnu3ZDUnif6N7xYd_dvoe5b8Y--Mmr-1SffE-fgArCmJhHXjjw6QRm3NaGjl3fcMmuvZM26NTyfmUmFwuEZD8f5RXyCzuGCV_z81XWYIgED4fjx_dJy_aObhEWobOrMnZGP3cTpChrIvTXKU067Epc1oNdR6wfv4fsE_HMSIzL_iYhQ8ZoqTt-4FX7L63GNPzmwf9dDvp0BObYxAQZtqK_XGS7UPfhMaLwMlIx1NqJKRB8BJ9ZoFfC9NOtzPDStcyDltkhtF0bgltYxoQF8kaNg1_HBASwRFOLltwXeg-Y76no3gDB4aGo50QKXCT-LugHVL7staE3R-QnG7Bn8lgCGaXWfYloHMiKYdf-j74JN7_T1irZzYufPoao0eb9dTvLXvtoMc5OlZS-zpvB9U8mQTLB9aDFCDxaHlkF6nL82s5N4UGLhNxozr4hP7pBSJCO-scNMTyvzM237-GBDAOare69PsZtnlUSCGc9RuLpRyDp9Eq0YT2Jpe08_wzL2WdEqX73Q1QKSG247anuFi0XO1ABFBp1f0Dgafvb35g3kyLaQ4vxaeQs0FiyhOGuoYVbQjOpaH7cpUoUtYksCRg6H9JkO5AmFsk5kDufbqTJ8F2ZWdoQdhoq9uhaYKO05faHl9RbFrcESQRnNnow1qx0gEs6K2SD4EqX0WcRuoja_uZTIipqdDSoByaM-EOTOvY1-EoMPiiBeIPXnlsYui9F0HoHKAmgQ&cid=CAQSOwBygQiDup59sH8pM2O1Yb9enYL4gDO4hJG0-JCzRyoSVRR6ZRZMGAQc2IAe4y0E-dCm2H5-ziOYE6SZGAE&dc_exteid=31140447390938998623206171447353972&dc_pubid=4

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0DD6 0
0 96ms
95ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CMtSsO8aeZNGIFa2K9fgPw9ugiAKX9tbmb7ebyK2NEd_Gor3AARABIMCygmtglfrwgYwHoAHTqd35AsgBBqkC2FikVXE8sj6oAwGqBNUBT9ApzyoWljE4i3V8BMr4CGv1Djri1NomaMAaulqntvHHwPrP6Uve77F3pOF15tcg3AyNzpS4t5RCrm_iY-zX2Kx9V8zusq9eys2sgS-nEmtqtNDj9CQi3BOfxadjH1EQeO4XdU_eUCGyQT1-qGCxE_WCBH4iCcgc68nWr01ObHThRaXa9wW0CnwSEImH5ooSZOqosGZX48WdfOSTnvWN3OiLNLYykbx_SgHcSU1PWjBt_48ncsjRXV8GSvtJlvlfRq3_5skVyRF-OHGHX9XwFaInO_CXwATw97ucrwTgBAOIBc75m5VKkgUGCBsQAhgBkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAY3gAeV1qKGAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcKEPmwChi0kcDlAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgPICwGwE8O84xPIE5vtjuID0BMA2BMNiBQC2BQB0BUBgBcBshceChwIABIUcHViLTY1OTM1MjMyMTAwMTAxNTQY6sFt&sigh=ktx9dXzm2HQ&uach_m=[UACH]&cid=CAQSOwBygQiDup59sH8pM2O1Yb9enYL4gDO4hJG0-JCzRyoSVRR6ZRZMGAQc2IAe4y0E-dCm2H5-ziOYE6SZGAE&template_id=509&vt=10
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 204 l
www.google.com/ads/measurement/ Frame 0DD6 0
0 205ms
65ms Image
text/html 2a00:1450:4001:831::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTFOU4NbphE8NS904GD0TuMUOgNYW2OSbwuQXePSKZFC43dGv7QNpqNzw2U8XptYVZWC2Alo92YYJfER2clClTybH4k2g
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 tr.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 0DD6 3 KB
3 KB 59ms
57ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:49:55 GMT
x-content-type-options: nosniff
server: cafe
age: 58840
etag: 9957912877679239782
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3057
x-xss-protection: 0
expires: Fri, 30 Jun 2023 19:49:55 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 0DD6 344 B
368 B 57ms
56ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:03:49 GMT
x-content-type-options: nosniff
server: cafe
age: 61606
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Fri, 30 Jun 2023 19:03:49 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 52F4 143 B
166 B 79ms
61ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3243
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 11:16:32 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame DEF1 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a24c939715061c83ab3838c45b1ecda42b41ac335f65bb010cc2a26676be5c88

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A03D 6 KB
3 KB 77ms
60ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:34 GMT
expires: Sat, 29 Jun 2024 12:10:34 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2BFD 624 B
245 B 118ms
101ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjPmbXcATAB&v=APEucNXZMWn2N5VLv7-Iy4F-iER0Y_DGGMelIRXrgY7SALIfEqtt4sp9uP8VEbXzsVzdfq906rF0AAYPsor9fhSy9xmWga-jptQnNSYbg_ah-wLjA3rGtVQwzkpDASF7hviwlzkhgx5J7iIvSVsfVJctVFO44LIxPRPSiJSC0YjmZXGNspsZ15k

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:35 GMT
expires: Fri, 30 Jun 2023 12:10:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 47D2 78 KB
27 KB 109ms
108ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:10:35 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 47D2 42 B
63 B 91ms
90ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DN2yBJ0H04xlNFVjByAmaJ-UEEw6Oeu8_0015CNyWju9Ia2VVU_7kuf-6_i7RR600Me6Q6P04K0JK_6XOIWg9wYD-dPr2gqncP0YXayZX5uDkJIS8

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 47D2 0
20 B 93ms
92ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=10768503760324860831&x=1&ct=76

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 47D2 3 KB
1 KB 66ms
65ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 07:44:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15953
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 07:44:42 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 47D2 20 KB
8 KB 67ms
66ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66008
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:27 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 47D2 0
0 133ms
65ms Image
text/html 2a00:1450:4001:831::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRGHcvZWKu1HjgxdheBlJIyh9RgJncR0zAPiLYsThlqroi6nYtOzI5uWvLNTyB999pzDI1kXcTHmF42_35B1iJRm0t0CQ
Requested by: Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 47D2 179 KB
56 KB 88ms
87ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:10:35 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame E45A 107 B
122 B 73ms
73ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306260101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com&bust=31075720

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7331 0
16 B 329ms
313ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3407250215&plat=1%3A520%2C2%3A520%2C3%3A2163200%2C4%3A2163200%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fye-mek.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688127035490&bpp=12&bdt=232&idt=377&shv=r20230627&mjsv=m202306260101&ptt=9&saldr=aa&nras=1&correlator=2566870242913&frm=8&ife=1&pv=2&ga_vid=911778691.1688127036&ga_sid=1688127036&ga_hid=160099374&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3443592400&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C31075720%2C44788442&oid=2&pvsid=1287994812962046&tmod=1751827407&uas=0&nvt=1&fsapi=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.pecs66dsbdwa&fsb=1&dtd=395

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9C0B 31 KB
13 KB 467ms
452ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688127035502&bpp=2&bdt=245&idt=389&shv=r20230627&mjsv=m202306260101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2566870242913&frm=8&ife=1&pv=1&ga_vid=911778691.1688127036&ga_sid=1688127036&ga_hid=160099374&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3443592400&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C31075720%2C44788442&oid=2&pvsid=1287994812962046&tmod=1751827407&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.zcg2ojo1kaed&fsb=1&dtd=394

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84f77159f10d923d03c56bf48589f2a7af35d4788898876470aa17e21e455ea6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 13028
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:36 GMT
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2A17 640 B
265 B 100ms
98ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNW58hM8rIjN7pSf00aoVOEzvaU7fz7fXngFXvxQoRx8g9eWd6qALgvYW1gWhpZh5RSTm1_1RY8isdeyBxtcDqNNZYzZTwcuDiQ299emDMFPDSkE03BL-Yf4AY9DHcp_P99xK6qhfSNIGMIDWJ7Q7MXlPCNP3XLf7EDuL94w9y4_b5DTlwU

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:35 GMT
expires: Fri, 30 Jun 2023 12:10:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 1141 78 KB
27 KB 189ms
189ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:36 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:10:36 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1141 42 B
63 B 92ms
91ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D-SYXZ-75rNs1if6VnN201xjtJmz03HMaIXP2di-OQmnGnaEtzFlN-YEsj6YjiRvUaFr6sHu50WSw67k4tynauWXJYEZdAnek4ys3iSLM5dMwOo6E

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1141 0
20 B 92ms
90ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=10810114366761892602&x=1&ct=76

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 1141 3 KB
1 KB 59ms
57ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 07:44:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15953
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 07:44:42 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 1141 20 KB
8 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66008
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:27 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 1141 0
0 66ms
64ms Image
text/html 2a00:1450:4001:831::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQT3NYKJBYFUT-xku7TDaxwAOecTo2P1fllK-wRnXr4_ETFlSrzZLsi_okvlNFYaNLmbGMZnwQ2DdAlZlGCSwOyTWLdbg
Requested by: Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1141 179 KB
56 KB 77ms
76ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:10:35 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 40E7 0
20 B 91ms
90ms Ping
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6800020919221&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 40E7 0
20 B 93ms
92ms Ping
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6800020919221&version=m202301230201&ct=76&x=1&cor=5507169739825276000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 40E7 88 KB
36 KB 99ms
99ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CNuCzgp3g01xBD1kCcwIH4ksZZmRKM-c8adOxVrAkPLUug1vmjl51UwwT8l094sAh8LYAe9X9vTktzT_HQc9K0Jt4uEA&cry=1&dbm_d=AKAmf-C1f8JmgAGdbjvnO837W8gJpENDyhA3qJITZJzoSo01qN1DqTFRDvrrv4O12oxvM4Bbt3vCU7H5IZ7f6NXStq30-UKpF-6_OBEFnKzFD7nKy5ZKHEMBkitKEfWMG5yqAh18L4cUe4M4ALud-G6iU3tzBPEM0VVuvVxNj3pARnKA7K2hflZQuWSwM0-6Vhe5nTFu8D3TolmnITvh8kjvS4etQgWja2sgy0CrG_jxWnBlZTNEqIAPU51ifL9vYc-yqxRJuCDos9IlSDcFrBW-t8tkE4_RpAAnK7hkyTtKXaTzN9i_Q0O7bfvRO5IpAZANlRAWg-YnEYW2BjWu6uyfL0cLpbwRiInldBdnxhn9ZD0wj43FvXYoJrABDEBwJp7ZRBm0aDmfMAgtu3KY67_ixDgDaYndY26_cdbkeSAoDVLfGxRLX6eUUkcyhuYuDkXHJCu8qhxbTzgX0IYRpqfLAMA_xeo6NDkra_5NahoqLjMBUUEFgHmI6IF2BO3y5fNRsu1Hh2Nymr5WxN9wGEgo3xawnSKU83QE0Y8_tudcojaPoWuIU4AyOfgyvaFOX-ST_nZ0Zd1Qq4j7hno_6eO3UQ5laESHNyLN5dIIdnkzVnZa5HOCH3RVKm6Z_vqZLNrwkutJnaoXUQzKjwrzwi049xY_Nj-N_iQmUnu-zc_rXRchiuMm2H0EdKk8yiXhJrq_MWNB8g_LgTr5cGmF4fkLSb3wbDApVQLP9DNRoZuz-sXlgZegruCCg_WTTkZxEV5TCt2_XGqZqg2v7FE9N_gmnFe0X1FofXem_1SfuVwnq7quqHVP5OM0EBwgeSIEeCy435O5tSbtWseUjyFNNueBdefXbe0xRZwAooOml5hulQxge8b6LtliX8wGr0TscHpmKaMgPrF0tGTCsOe7dYKER3bNuq_GRfPoWGuX-wXVk3DppwVkGnAxt0g6iHsPh55KDvKe9ARTPQYdQA6WMD9tOB1F4GrlgdNVZb3o7hGWYKqC6MQyRYhriE0kTUNTwu-Rec-jDOkX-RCbaYe3U4eMfSoS6VqdstoGD984cGtIQpI5RIicaxzDyidWDHutl1w8m6hyzcMwP2bhSR7suSz1lW6fJbfLQz4HzdoKjpXgjF-GEhfmFx_UnXNKmiYz5ta-tH8shiclt181r764-6XcCqAcCBaHlFn9KjhGD6uVKhII2fVTvnHOy52N1SK3aehZp-PGJykEWOwuUlWg4f0sOQ9HvakPYpG_Qd6LXS8JPd3cV9xbobMw3sVIdI6I111TjoQnDwQocxy7gURHgL0ZfRUdAkwNjH7na8DiClQK-vXUx3AuwSd-hgfmuB6WB6kj5qBVOZR6QXomyifhqkb3zvdJOtUmGRW2Nuq6sTX9VifJXZTpuWX_59eniMvxAyrQ4XZ5Cp4qqAhQkGM5cwaaGKjWA3ozZ5YjejQ7eMQ33PiUCEujBO9vQVWpbmlO4LlOMFt4O7yK1h3jk3DF79TcmdWiKgSbkj1vikztl2aVW1BpgHt0HFryByW_sbwhtPvrb0WmqrFoxXqhdqAhtChoxxr2hxBaYse0VbS_HM-aE5cNca1I-x-jQhLq8GZLeyJSIU2vMnhEQQ1du-rt0moWeLzePqYMtV9tO7d_smBF7PjoN1yxcXMR7T_RfkP9KR_L7Q2lbjl6CrKKtEG490yr2FxqunCTFo9K8nQyRp2KvISaE3Nebc_AaDhOXG-wtxpgmkjd5i-vtSqS4dmw4xM9PN6AONxmyGltmSzXekFAPQhguap_QzEcmwqM5mzMbHg5zqbYS1czheLGAe-6HHmpD2IGZA2ABEXhWAD9tynY8JXMBxJYR1LFJmjPsnd9EaGxB3HJoWjv6n8a-CLL5wpFMFBw8ExocpecbBJtAt2QUG1Ec7xX5t54OOiookW-cND7PR9r2fRw14qFr1IRAmRrHwtPub1cVrpW-y4axiYBz6bJ3OfIvtMS-9ciAE25UXnXBZp-xKKm0VelhSVGwv3Ilnm9Ki0vf-L1P132Bua2QvzIe8emnOnM3m9Kc_mrBOjQCM2xubT5jmXqCRucH6-32NucKYYKDqfB-dSgdGhOoT-QZ82wM_ZcRM6n7kdF3sHy0WbV3BZHXJgSYhJaXtfrVkBOjTjlq2cJafAu6XJZMDZQcR1IHqQE_Mamm4H7-NkmoDiMlu--N81mvoflaeyLi6JA6W9pWjp3RAQTLJXoBzKp6aX7gqfmhKVsWgOq8D8jqO69x-7wQOxiYwnUgPa324hQSoW0F-rEFp0TGKeKJjotvNB8Qs1IEH1_Tmh6-N2OM3F0FLW5NR4R7nj19ReaP5-uOxhVcYzUNtfdECmWdFekfR1uoM092JD9F6fp3idyTaP0fH7a27r1eMkVQoBx8n0bCmccKb9HzYrl2khTuSEhq-moYpV6Tul96ictEogFeVn2zUfzCjdf_iB-xIJ0dbXHtMlXLClIpjCWq7oxbPx-SFil3jXG-qF77WI8OtJCPSGwgMeLeWkM0qPF5-FNgB7fntHMJz7epek_R9i_92JW-rYEunEvwLawEi9DbydMT1kOf2pQRpWNmwHZGT-gPwF3-XSL1fuNqGkd96HBli2jOok4k1-6ji-oKso2pt5v5w6zWOpyWUeeGL40jEtjpu67j8vm9w49LbKUma3TLwdkaQsmqGMmEmfUrBWu4vrMC7D24gfeb7ffWbBHmPQJ85DBF4sNICI03GYSkdwbY09ZU8AU7fO6pc9x4c_P4OfnqJRq1x0sqMHGD-XYny1KTl7U6sfDKxiJePWxPpG0wpQVNqbTxnI06pfDXsbjM3RvYPLr2Ye5Y2xxneAj_mN2GaHRZKesmvmwijPKP9VXtN57fEdZ9uVAB8XK6l6k8bqcVqBZjmqoIl1g-YoC7ywIpYlIJ6o3kvLoMkNf_JwwIxPascqZ6pSPQyZLTZaKVdpR6ScJFpqaf8pd8t5OmHeVp8NpDjYOm3cUGvH3ACcJAAsNtnZmj_Joe4p_Jej5FH87kmgOT8H_17UNGi4YoGzF8IGjRM1xf4vOquNwi-N_WADUgxu5gzgQEpWgxKHX1UZ4UEO_87aNLYIMKyh-hDiNdbuLKsmn-7oMCVGfob-9Zz9CMm0u-GLOGgmWWWlJrIwc5UvonrC8RN6aq0_nnS1m-oktqvzWc4bQeX9e0-eWheC38D5sgdW1c8ieTkjLRXT3nmLfqJqBZu0bqVRW37Z2YhUDDYyxDHfnxrtApvLG9VGOxyc36oP-qFjkEhK5y8wA3Kd2F79GltldIjE72HKGM3LzAOhr94yyVx-VrF2Gp-vtoyDmVXiJIAjR24AvxiRMcA_il8Ibin1j4EoYM5l0LewB-ssw6QwTjIePtQlQEanGzPm4UCL19Pr1WkpkL9iF-iBdNJU7E_AB-KRS1hPEOq2UQuYNOdmG2kAyRpX4lGp2D-AShqW85qZLtzklCAdNUyhxMrBg5TyLJBP9JMsH-mG7CVTHSosypVuK5-BzINWDhmIuBhvMFb0e123F1R9jVMVSQcAy83cmzs1JRP3FD7Jno4yrN2oZhNDc4dHVXhK3a5rXY5c23XXwaclOyh7tey0cYGlj&cid=CAQSbQBygQiDLhWFTLsLTw3u17VFDzsE3rFAqeV0F6xWLZS--kYy7NkdC0RsjYxMllDhFobwS_16poFTviyxE5adoMZ5NRYOSq7ll2kpo6moyGulxS47yrS_FDvbotu-71fdk-ZOtPtyAdi5tW-YYNYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=5507169739825276000&adk=1599433117&idt=157&cac=0&dtd=43

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2d790e63e25af236aeb620f0261e864cbd023c6d8dd9fb37ff084334fb062e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37277
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame FDEC 34 KB
13 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7f3232e16c5af1b4d3192ed6be46c39b4902ecef8717b7a1dc69da6b8fe34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 20:55:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54933
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13672
x-xss-protection: 0
server: cafe
etag: 2805512053162071780
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 20:55:03 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame FDEC 24 KB
6 KB 67ms
67ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 173265
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 27 Jun 2024 12:02:51 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FDEC 179 KB
56 KB 86ms
86ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:10:36 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame FDEC 23 KB
9 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite_fy2021.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 18:04:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65173
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9104
x-xss-protection: 0
server: cafe
etag: 12939045362079141464
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 18:04:23 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame FDEC 3 KB
1 KB 78ms
77ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 07:44:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15954
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 07:44:42 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame FDEC 20 KB
8 KB 69ms
69ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66009
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:27 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame FDEC 0
0 77ms
75ms Image
text/html 2a00:1450:4001:831::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQJmQ6CA82buFP_CjghKBxXC6xhYixBN49N8pToBsN_iyi-P-BNmgvgLYGGp_3-UX1ji0P0HD4jZ2H4E0Catyl5w46KaA
Requested by: Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 47D2 0
20 B 93ms
93ms Ping
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3506292363825&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 47D2 0
20 B 100ms
99ms Ping
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3506292363825&version=m202301230201&ct=76&x=1&cor=10768503760324860000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 47D2 92 KB
37 KB 113ms
109ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Drm0ilZ_tlUNar3XVNmV0msKHkn5su-v66vk4GNQGKEcinkaizKnFqxwQ3sGA7FWqkQbFf6wzPF_UiDd1e79_YEnXBPY03fAR2LQ5N9kHwMNIEkCw&cry=1&dbm_d=AKAmf-DS5C-Q5BxP9GuaAVe7RrELta1ltMmvKPXFOSasFdjg84bvljYtGixEFjFEChdb6tig21jvigiAUBX4gomGtku-fc8Jd9GznEU6rlTBIX19CcZ9EgMGMBsaEQm0GQlh2-25fQ7cnTpHZmGTGJXvuMZXAI8Ts9vXtl6SE3lI1SFPWq63vdCpFmswSjm1CPriaf7DzISi7a7-xnsGYL72r_sJvpifGGWXoDCLcIGj8-BaODCZOKRHjMZrkYKzOkZ4uTaG2DSFUSOkzCDutAytrBqDJqwem1zVyJv5Jf946xKVEmCx56ob-_Zcp6IDRSVXG79RdlpFCee-3_sqngJLh8WlSOGxcTxA48GsoLpsracI7gMc7fjdEoLHDeQC_ZJKKgzBkqXu6x9WGH4aISA70Viabd6yApcNz_8zmVeYuu6odepQBlaz0tPhQIp6Uw68NAvTcPE-yXNTbZ1--_zgR1HgHa5GaTGierL4SYmeHufOEZ606AuG8Db2DlkvdwbNy6k6bOOouvUPs0zwNykpdizuNmwLmNGIxPViHxdFFboYha1y4VVhvX_a2pSkzcmdpuBEaNmWIH77YENbSwFFgwiOUpn3DHbNF2JDVttEcqvlguqkPCsr3xnSETt9kdoh3ffabsfB9vuMJYMMbzyX_ZvXu01EvqDaDtr2gZTLskpttLvPShDmZoDO5XqprXzJGicdS-M92rq3qdFjx9Cn650CLXbD4HrjHMyGfK_6luoWkUK-rjUoTLRHUx1mkZz5l1Z1dv2cJDwYLTQm24Cnz42JwyMUYMQZG9PgHuGRwsAr6_0xB1-Sp39bapph6vgiDmyiCpwmzspa5AJ8-9WbZqs3mF2Xy_mrUAsdNsXoNEQPKifzg3Kkuuvv5yopeb3ZFQ-onwMoldFLWf00Vgz-O_OdA_XMpM1ty7gYM3Lp9RWT3otfCrQTMCVryP_oOLvWRChx4XIny3GZOakYRdZcQK74cCfLNt43GN3lD6OpCJ2oBBXiK8zdo9NQmHRvsifa24Oh-G4ECeFsOUWnaILMxnlWWfT3VZ0aRcWyIcouuptCnq6wmP37Qzvf1lzTcXCHWsJ2d0uPCuOENjahzHKbmrSbdslTLsee4z-TsDgYdEdGOdMfYetdKHtTyYcB6L1LLj-YEhlFsGAL3zdTWsFaaIcXSSSILXQNjOcF0k1yF2Y7lGCJOPWGSCZgOo6YBD9bZjPvHSRPTa0GC0BL3TAW1CAbcOzHPbP9LW_T2cm9iyTl3khkO3Ht5akfW6McSfxqqWqDIQJgYIgp4eHNihiyc-kDhVJWEM1xyWTHMbmmCj4hD7Q--wmHjbhtz09ibmxZE0tqEjI4EMJm54lleJginC_8ADeurhUWQNSMjUL7xpc2Uhsfy7ZPwtgJmX3JHj_4NxLIYDd5EAKc9UH7zP4EP6oRXdp4Rz9wiKl8_ae_y9Y0UypvlzjfJyCxNcMginK4q4z-nv1FAM94WS_KLQ6qzmceyZ0sMGz6H2aXuVaH5iW-htK1i3aFVDeOrnEoF4JiGseMlmTjiHaO_q-yeM_T1wf1LwSNPIroRaSV5yxnKRS-mhURtR6ceWttc0I6gyBKUOVkDUtf4aagWt2yG_9a7z7tvdqHqy6VK0SoR7RwTl55LPBXuDU-b88DYml4GWM3jesXcc5kFVwjqsS2paV1InYjT90vEUDuAHI9C5TrXNk-RdzXxcy10GtuEsUbuMJeW2JkUErCWY4mjLqzG-qWeGAoI9UOiOujcl1OLieJCRBf_uhgg-mmGSdDI1zoAFi-cdnKkk4_6rMnoQakI1Q13_t3jtbrknkiHiicFu6SjbJO7Sfo_ZteSIVC17hWw42wXBRHQLuf1jlsIBpTegoWJydIw6uMHWSbhafMSSHI3X2vpnTvGVm2uT_Yrq4nKRDmWgDDRkYrj0Pd89HvcEHiWjY7g_DgfNiWlCzY3gQGFFLVNA2tpKjMTLXcIgCpTpWa4LRZg_4PUoybW9Bgfw3-o4OY-qWTnkD4Ad64QkebltwZmrxc5jVFxFpIlGrSMIN3LP54g307-oWxcS5Rjsvghig0yTJWXtH0jpjzuohAXfYKNz4Fui9pW3BEbHANMh2hJXK5ATEfmdzOT79t5BUR3OvA4Ug5hKp5K6x_y2Qd3rC2jcIby_51D_JzDxj268FMLqQSx8P-cKPfZ1yHNy-1FS3GCKMuIoPfYG-ScZS-P08CPrSs8CpnMD1wJURQZFuDlTHgh3qiIEsfBCK310NG5ZjE9oEwFY5-y0LEW--MqUA1tVNHd4KuptX-PZc0NBucawPwlHT5uFV2A0z_6gALiiGMzsC4cgCaZPryY_VXtpGb-WDmeV8RWy8N-TKBX3trISWDg2K2UHo6NS-_c7G5q7q__MJBvzd4zo6malDOeRV8CeZzFqvezV-0zLQ54QnwxL3cuNG4x4-oaYrF1jetu6TbNXER7YIwR10Ayslu5sTcjE6gqbUkOs8KoHSVIMWw4YqdbUv53nttfnOcanP1iSZdQhouR8sKVFv-wZnLYWra7s853K0G8OARHdgzdlYoTQh44jqA7gcm7nItLwq_7t1FSjXurQ9jeHDY8jeWuRTYEb4cwZiwyLX7CdWSs33cA2G1rX8QLbp78Lzw_6PXyzfUX09PZxwuGcJ1RcV3UONNAO72yT6I3aKF2TqFs4MpW5pZ_2g-W3sQtO_DGAoL3xFDhu2wK-ZFezFbITOBautZ-g8voNYghsvcAhlZeze-wlzPpofrjpDfED7-xouqS9MQdj0ghtInFre-f7e9_oGhJa66nCqgU2iQ8lzYlrwV2dVIF6EUkgCsqy8xLWa4ffdcXXE-TD8jyYH5YHOrgwE9VNddpGJdNRdzGoQ2RR2Jy2nIMNwgBW6b6JRExA49ORNRY6ngynNHbnGzVzCitgMIT4I7o_FTFnL_cSuAGacNHWNgrX6OXqaS5JYlu495VxrGmX-VtbvEQ_0GS1qcxsPtDELUBgvUE5MxBoZVJZsGU9t5O1aSQm4u8RZryrT9nJc6L2bRjuKrXi-RaK25uIDfO06aGuQIo8oWbe3LcJLhF3tLVZrxsheGh2cGKsJ9wU2bCTkp2MHyJtRb6j0WI25Zym9PxKvMHSNaNKzbvA9O0G4O3S9fwhxUrBOcEK_YsEyYpDzf7ecZ1gI6_rifArjnYE6yQNWabFStPtkpw6kBWyJyhofOXeuUPQ-XcdZmHYpOlrDq8P7hJGARmcoMUAUOOxCf8mfLriQlS3d1Qo-FRnbI2Oe-6xOaMx5llFJQ1UuJUWfnSGps4eu2GaT_m4WlkKmH72F2DIh5TPEwMTExPmVEX0O6v6848l_OTqM7oCynrHy1V8_kAsLCxR0EqOowTp3oT2QXcWYFesjyOTSwsRZT1jJZ0j2KBO4jq8PV-MeKnYNxeuiQviBC4U-CGpZs80zvXgsi_ajokW4yffCDarQxYdQxzdmM92qw6qsoIZ4pmqU-oOxvUsioYFVXA5_QIAxAW6oDBOTvC3oeY_yw8SGpa8t9A_yS_PFCwlfHr-g2b9BASg&cid=CAQSOwBygQiDGnunTYqWosTGs00oes5X1fhoBuhArfnxwlgzJs0BVs1AcPGaA2jBlUY_ODC7KKuHqOpV8KojGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=10768503760324860000&adk=212707235&idt=117&cac=0&dtd=6

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d8fd654063a038cad06c08e22627ec311d3fdfb53c6a8ff083eb2ce7515eddcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37910
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E34D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9DkodLim7_1QCPzBWvGCo&google_cver=1

43 B
632 B

32ms
32ms

Image
image/gif

185.80.39.216

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9DkodLim7_1QCPzBWvGCo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNEDENWYWRjThsnuATAB&v=APEucNURDpimLIQeQ48yCn7nHe3j7zdOZ-pYAIjTRlWtMwtQDVeztIOm8WoQ4dZwIGIe6LnA22OMjKn2vtExAh200Xe1HqsVLC2nnwbbipZaKmCZEBPJ3hx4e4MpdDPY42HdFMETq8nuzdH7ykLhA1DIGDfwSY6BKXRGsUejN_LT0kroOUaA4d8
Protocol: HTTP/1.1
Server: 185.80.39.216 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 12:10:36 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9DkodLim7_1QCPzBWvGCo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E34D
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJ7GPBmHD3qSgU4IuiSCowAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9DkodLim7_1QCPzBWvGCo&google_cver=1

43 B
632 B

40ms
32ms

Image
image/gif

185.80.39.216

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9DkodLim7_1QCPzBWvGCo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNEDENWYWRjThsnuATAB&v=APEucNURDpimLIQeQ48yCn7nHe3j7zdOZ-pYAIjTRlWtMwtQDVeztIOm8WoQ4dZwIGIe6LnA22OMjKn2vtExAh200Xe1HqsVLC2nnwbbipZaKmCZEBPJ3hx4e4MpdDPY42HdFMETq8nuzdH7ykLhA1DIGDfwSY6BKXRGsUejN_LT0kroOUaA4d8
Protocol: HTTP/1.1
Server: 185.80.39.216 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 12:10:36 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=495
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9DkodLim7_1QCPzBWvGCo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame E34D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEP4QBz4khiPFGeBq1cDva0E&google_cver=1

43 B
1 KB

207ms
142ms

Image
image/gif

185.89.210.101

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEP4QBz4khiPFGeBq1cDva0E&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNEDENWYWRjThsnuATAB&v=APEucNURDpimLIQeQ48yCn7nHe3j7zdOZ-pYAIjTRlWtMwtQDVeztIOm8WoQ4dZwIGIe6LnA22OMjKn2vtExAh200Xe1HqsVLC2nnwbbipZaKmCZEBPJ3hx4e4MpdDPY42HdFMETq8nuzdH7ykLhA1DIGDfwSY6BKXRGsUejN_LT0kroOUaA4d8

Protocol

HTTP/1.1

Server

185.89.210.101 -, , ASN (),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 12:10:36 GMT
AN-X-Request-Uuid: 273a8a4f-3689-496c-bca0-4e6b6f04e9bd
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 193.32.248.222; 193.32.248.222; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEP4QBz4khiPFGeBq1cDva0E&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E34D
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk4MTg0ODM3ODcyNjk1NTk4Ng%3D%3D

170 B
188 B

69ms
67ms

Image
image/png

142.250.185.162

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk4MTg0ODM3ODcyNjk1NTk4Ng%3D%3D

Requested by

Protocol

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 30 Jun 2023 12:10:36 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 193.32.248.222; 193.32.248.222; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 7fe6886c-8aaa-46cc-91ca-fc671842f9f4
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk4MTg0ODM3ODcyNjk1NTk4Ng%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2BFD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9DkodLim7_1QCPzBWvGCo&google_cver=1

43 B
632 B

66ms
32ms

Image
image/gif

185.80.39.216

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9DkodLim7_1QCPzBWvGCo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjPmbXcATAB&v=APEucNXZMWn2N5VLv7-Iy4F-iER0Y_DGGMelIRXrgY7SALIfEqtt4sp9uP8VEbXzsVzdfq906rF0AAYPsor9fhSy9xmWga-jptQnNSYbg_ah-wLjA3rGtVQwzkpDASF7hviwlzkhgx5J7iIvSVsfVJctVFO44LIxPRPSiJSC0YjmZXGNspsZ15k
Protocol: HTTP/1.1
Server: 185.80.39.216 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 12:10:36 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9DkodLim7_1QCPzBWvGCo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2BFD
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJ7GPBmHD3qSgU4IuiSCowAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9DkodLim7_1QCPzBWvGCo&google_cver=1

43 B
632 B

32ms
32ms

Image
image/gif

185.80.39.216

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9DkodLim7_1QCPzBWvGCo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjPmbXcATAB&v=APEucNXZMWn2N5VLv7-Iy4F-iER0Y_DGGMelIRXrgY7SALIfEqtt4sp9uP8VEbXzsVzdfq906rF0AAYPsor9fhSy9xmWga-jptQnNSYbg_ah-wLjA3rGtVQwzkpDASF7hviwlzkhgx5J7iIvSVsfVJctVFO44LIxPRPSiJSC0YjmZXGNspsZ15k
Protocol: HTTP/1.1
Server: 185.80.39.216 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 12:10:36 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO9DkodLim7_1QCPzBWvGCo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 2BFD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEP4QBz4khiPFGeBq1cDva0E&google_cver=1

43 B
1 KB

99ms
33ms

Image
image/gif

185.89.210.101

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEP4QBz4khiPFGeBq1cDva0E&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjPmbXcATAB&v=APEucNXZMWn2N5VLv7-Iy4F-iER0Y_DGGMelIRXrgY7SALIfEqtt4sp9uP8VEbXzsVzdfq906rF0AAYPsor9fhSy9xmWga-jptQnNSYbg_ah-wLjA3rGtVQwzkpDASF7hviwlzkhgx5J7iIvSVsfVJctVFO44LIxPRPSiJSC0YjmZXGNspsZ15k

Protocol

HTTP/1.1

Server

185.89.210.101 -, , ASN (),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 12:10:36 GMT
AN-X-Request-Uuid: 4cbd7466-dc67-4b45-9e54-9b144262e753
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 193.32.248.222; 193.32.248.222; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEP4QBz4khiPFGeBq1cDva0E&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2BFD
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk4MTg0ODM3ODcyNjk1NTk4Ng%3D%3D

170 B
188 B

69ms
68ms

Image
image/png

142.250.185.162

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk4MTg0ODM3ODcyNjk1NTk4Ng%3D%3D

Requested by

Protocol

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 30 Jun 2023 12:10:36 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 193.32.248.222; 193.32.248.222; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 9796c685-c289-4144-9ac2-01eb5e9cca87
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTk4MTg0ODM3ODcyNjk1NTk4Ng%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7931 640 B
262 B 104ms
101ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQt9LfAhjGzOfbATAB&v=APEucNXZ0x6vWtqyrNCUdESkRi5FOaf-UBLoRsqmh48bDvst3vH4ZEHHZZ7ZzLFOynxMfvT-McwxubgYbN9P5kHamQVSotT9sBqwf4PSfEYlfLxFagv4NNA_hg7SK9OxyJhLWFuWXWBQZoTsAeIb8N95m1X3jMvb83S6YpV0950sMFjJ5PLz_5Y

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 4E14 78 KB
27 KB 122ms
121ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:36 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:10:36 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4E14 42 B
63 B 94ms
92ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BABfinsAQmtdDWSL25rnQIY7VcaPWrA9ol6l1GcdrrRfJ1Pg5RjbL9tTuSm5d2A4NcVTtrERzmt9b2SxrN0rdER9UmZyhBT3dLl4HYFNxVA_-Ycqg

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4E14 0
20 B 93ms
91ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=4488787201681465253&x=1&ct=76

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 4E14 3 KB
1 KB 59ms
57ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 07:44:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15954
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 07:44:42 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 4E14 20 KB
8 KB 60ms
58ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66009
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:27 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 4E14 0
0 67ms
64ms Image
text/html 2a00:1450:4001:831::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS1nhG58Ke_XGOmLshQ-nGMt7Ej1ZbH_jmW1LO0KFavjw-qGbmaTLSjArrjQNzWCHG6sJOMkxbPTguXktYgskulXbuTZA
Requested by: Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4E14 179 KB
56 KB 72ms
70ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:10:36 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 2A17
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPOrwD7QzWxkQBxFfIWG1Pk&google_cver=1

43 B
61 B

36ms
36ms

Image
image/gif

35.244.159.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPOrwD7QzWxkQBxFfIWG1Pk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNW58hM8rIjN7pSf00aoVOEzvaU7fz7fXngFXvxQoRx8g9eWd6qALgvYW1gWhpZh5RSTm1_1RY8isdeyBxtcDqNNZYzZTwcuDiQ299emDMFPDSkE03BL-Yf4AY9DHcp_P99xK6qhfSNIGMIDWJ7Q7MXlPCNP3XLf7EDuL94w9y4_b5DTlwU
Protocol: H3
Server: 35.244.159.8 -, , ASN (),
Reverse DNS
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPOrwD7QzWxkQBxFfIWG1Pk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 2A17 43 B
304 B 118ms
45ms Image
image/gif 35.244.159.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNW58hM8rIjN7pSf00aoVOEzvaU7fz7fXngFXvxQoRx8g9eWd6qALgvYW1gWhpZh5RSTm1_1RY8isdeyBxtcDqNNZYzZTwcuDiQ299emDMFPDSkE03BL-Yf4AY9DHcp_P99xK6qhfSNIGMIDWJ7Q7MXlPCNP3XLf7EDuL94w9y4_b5DTlwU
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 -, , ASN (),
Reverse DNS
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 2A17
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEG8HztM9M3nWrl9c_d22ckc&google_cver=1

23 B
163 B

59ms
59ms

Image
image/gif

23.52.123.144

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEG8HztM9M3nWrl9c_d22ckc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNW58hM8rIjN7pSf00aoVOEzvaU7fz7fXngFXvxQoRx8g9eWd6qALgvYW1gWhpZh5RSTm1_1RY8isdeyBxtcDqNNZYzZTwcuDiQ299emDMFPDSkE03BL-Yf4AY9DHcp_P99xK6qhfSNIGMIDWJ7Q7MXlPCNP3XLf7EDuL94w9y4_b5DTlwU
Protocol: H2
Server: 23.52.123.144 -, , ASN (),
Reverse DNS
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Fri, 30 Jun 2023 12:10:36 GMT
pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEG8HztM9M3nWrl9c_d22ckc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 2A17 23 B
163 B 248ms
99ms Image
image/gif 23.52.123.144

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARjihLbrATAB&v=APEucNW58hM8rIjN7pSf00aoVOEzvaU7fz7fXngFXvxQoRx8g9eWd6qALgvYW1gWhpZh5RSTm1_1RY8isdeyBxtcDqNNZYzZTwcuDiQ299emDMFPDSkE03BL-Yf4AY9DHcp_P99xK6qhfSNIGMIDWJ7Q7MXlPCNP3XLf7EDuL94w9y4_b5DTlwU
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.52.123.144 -, , ASN (),
Reverse DNS
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Fri, 30 Jun 2023 12:10:36 GMT
pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H2 200 css
fonts.googleapis.com/ Frame A03D 8 KB
1 KB 234ms
96ms Stylesheet
text/css 2a00:1450:4001:82b::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 30 Jun 2023 12:10:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 10:51:43 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 30 Jun 2023 12:10:36 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/ Frame A03D 15 KB
3 KB 59ms
55ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.css

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d4095ea226f3f80d6d4fc62e3737dd5107fd9d4aa4a443cac11378b102f64b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 05:06:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 284670
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2883
x-xss-protection: 0
last-modified: Wed, 17 May 2023 00:43:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 05:06:06 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/ Frame A03D 371 KB
127 KB 61ms
57ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

464be521d749b2ba1c7e8c1f87223b56a03ee0bd05484baa0e9067ce9eb9d2be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 16:50:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 242434
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 130330
x-xss-protection: 0
last-modified: Wed, 17 May 2023 00:43:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 16:50:02 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame A03D 20 KB
8 KB 59ms
57ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66009
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:27 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame A03D 24 KB
6 KB 65ms
62ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 173265
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 27 Jun 2024 12:02:51 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 52F4
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

74ms
70ms

Document
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:36 GMT
expires: Fri, 30 Jun 2023 12:10:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:36 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 10261972549777223277
s0.2mdn.net/simgad/ Frame FDEC 44 KB
44 KB 88ms
87ms Image
image/jpeg 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/10261972549777223277

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

25b451f3cad26104f57800c79546bf5a40295d0cecf5623e623f4479b94d0ddd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:53:57 GMT
x-content-type-options: nosniff
age: 152199
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44765
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 13:36:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 17:53:57 GMT

GET
H2 200 7352296608196688721
s0.2mdn.net/simgad/ Frame FDEC 10 KB
10 KB 89ms
88ms Image
image/png 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7352296608196688721

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:54:10 GMT
x-content-type-options: nosniff
age: 152186
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 13:36:48 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 17:54:10 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame FDEC 42 B
63 B 83ms
83ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D8ox7t0L5UHHNh0ZfezYHbrOgBcn0NLaE7LuFz8XvqgtoLt6xFASQjLaSWn9X7TtAtMBtaorfd0m9EFrtJnABQyOAbd5iIfj9hA3w6TaLQzYPAGPDC87aSwClc9-Xi7ZVxWY6_bRbxoz190SVjBcju9cCmuA&dbm_d=AKAmf-DLPN470WVX1uHf_BRXck86x49YZIKxBMphzMdZXuw0P3MJQW-QzgahGiAkTrX6h_3veQuEJGKdQ-s9mGPz4MDbnrkvBCd1we987-JY9EiaC7UO3juu6MNlgQEHMNdDJE_z9gmzlLHjMWPL7y3xw17wcS-mWBSvc0jJfGRhMQ1HqaEJQ3uKkkKrCdzSQJBTjOWDo25s4MJ6QizrH6byX-HEUOKppcpXXAWCjMKHXiDu_-PRPiDDJQDL-BckqpojJMNtQfQFb-SxqUG53PDhkjs-r895efmJXxp-ovqo7hOE1R5mgIpPfF52Q8gOhJYeH1oRF4kWvjZ7NLuqpaB7XWjbiMkJzY1RVwiXsSOxFOEVqM3YP4xS3Fm9Lq9BKzubi2HIyoC6GzqA5XQFx5lRMC3wchdtiwxI6JUePDqF77rslgYDaSagK9R_ZtT5Ybllkio_bC1uVPF6wjq9n99pURstLQwBNNkqBQoHyUOGPCJDOJDthXzDOVDO-FMkjfJeRtEG4O8eLSScI-cURS3d4iczxQYzHxrwi6pDSMMoi8OKvBr5rggRXifsrn0vT3wwS6sVdE7umLRqvRYLqogzfFEqMhqrZtlYKI7eEBoMYYBkI9a76SqawnK0pfFUQZCY4Z8YWhV958Q2qTqVRR4LcCdFPn576Zcs-wLBctSc5UvAGlCJr0KO06MO7rxk1oHah328ej9E_adAUXGhromMs2f-R07OEie-47ufKAhs8r_aR8dSoWLt45DSKcGqD_RlwGS1kN2iMZjnafsXUigLSpEgZNW9gZFEjMKFs5L7Nzcv4MFb00fyjm4kZN24udTIR863NyEi4u7_zsxtPJhCiWmrtrLIK4JhVl4nxsbmqDd-oDUw1v4Qp6LKmGL_cOuG5XlHjcNNG5FUxYaixX4_GoVYnJVbZvE5vRVI3qFPyQtDycU-EOsTft0DwCkSA8gLrQdPEwQ9afLSQjkISC9B5-mCcBla_NlkVgV195qc8p7TEUVk2BtSScwM5PBvyXDyL56KElw3ppdLJOtQLfyu3O2-afIDevopDXCQYioUZXXpItud7UeiLWa-WyKXox5c8zSJQ191FR8_y-rVrd7jVuvrPHcYCaglqX8hArMAwRtP-zs4ok--pIfFb4hlZtSFD3Z933L3g4CUt1ZjUEXMraHJrVdssqCZSUP4N8N-HxoH1mWRQBZ4iMePT_AIlAghnJw9zMP5KOr8UGFdWKT3PKGlMgUsO2L78AtQRGzDB-ZAfR-4YLs1mqNJ9TZte30YLqug7AX52Au7hX9DUsjcC4FcCWg2XPllLyirCAAOWWUUDTz86C7ErbWqCgB9MjXme4X3bpFXue7-s7CGLFPyBAPLj5YfszOn5DYKyGl6t5SOfuxFUqxYPp5KP3hzOFyrWeBEQSSYkzpLpOZVOwryjcPTp5Ktj0joMTFDiPNiksdYx0YEw0qM3UYOM8rrplDHGyOLBsB1OBovKcz9quV4t1APMFrPQF530YoCeUE6deehe4T1HUNfnqhPbx6zSZTqaPZQLr0Yv_6l1ckIzF3WBsGydI5NhYrTToee67kPv5ABHvOQpd1oZHgAE4J1HgDkcM0hNYxq_ViW6XomIYlPNP7_Ev-n2SKxGDwPd8QCEcXR9UvY6-cWj8QLa6Wdx0SChAplpklg-uk2Rdx_bFLaPhVFx_p5wen_YXPl6w5r0FUWchv7PUa0wlsNFCfvWc0AXc1cDrARG1br5-F-tO2_ca5KtXibhqh6rQsfHrPDHCnKuqK8FsLKO9lUv0ClU-DPPXLZVsje1ikF4pYraGdql4_A6rknfzv2RI2-ocbde3GF4ewCLSJbWMAmhFdleXiFskMmRtbrEQciYiu0oZ0WP0gth27N0XkxrLMyhT109sdWte7g4tAkEcsCXMLQaSbsrC9IljYIvz0WkLWaeN8ILC7KVzsqmGST9NqGd0U_PCHsLbh9GosP7v0uZ8tVoDWEiebSeI3K8sxOPOIxhBwmOANrFQzvdg1A-Ko4s7lPhlcjKrpGmaerPG3GibkMAaMuGGieznhhJf_gCL6gGYP2cyV7KV8g-NRKLqai6oOh2clr5E7NV0WAfJcd_2FjTpn-XMVxE1iAb8UO571lZLmwJhN9dxNNduxmBQOSmSqroaIW5tZjIVHMeqK6AxXq0e_JKkJQPUZjCjUM3MLUeLclGsZU52h_yWT33_ug0IKnd70d0LmlJE4zRzLY7LeVePOY7v3RENZAz6x25vYChS9xtfpQwqS0TgaUrywplggF4kQdGM9PrrDLn5lmsTi7kPJGo4jmTIsuRbG3vyurdReE0ML0ZkBTeFmPJPTfE8R52knYozVETNcLuarpcMw_NViad_DsCZtVdQSxEfACoI0dMxWC-ynG5hdYcVxE5Tx1ebXNrrINmNlgU8p280WMQ9YIQJtTIaTVoI5IoRqo_7VKdOdpqnSo2cZKwlDziLsEvTK9VjBTAFacvFRMwQPAj2nEgzHQ8dUvHOoyUyfNjuxsP58B2u-2tgo8bZpd3bwBbAJe9RzR1c7dUg6cRHxw8T7BVak1i2tTQb0RtdAWg4L0M58r2U_VWYmRXX8tv61TGOhQXUiCnR8v8MQiA8bmeRzWSF2eT0KSmMYoE3K5SbxtaBRSnir5-ZiOnxAEXOgtkxSKhbWVwauMxb7tfeYihLY6-lFPhWZSKGlQzLaDks8-pFJgggtCQsK_b1a7YWmhpWVZFNrDkqQuUXpp3fb7ncfYXdrN4hQbI2yEsAn19_cAbWa9PEETlCEMcYOaoWUgnMl2Oy3GfWyN3YFyzk4geAT2Wi_r-j1orP2xnbz-ElAlzKa9fVW3i1blLfc941EsPR7e17WZfaay87DTeaKGZaGUHHYEOW_JtJhRAyZzHblWky7Hakt_YvHr8wCDwuGR6A5XbnzkK7XC_xRhnNZkA3Z5xhHUohPSlNffkC3-YKC2ltoXZcrmDHNTa_c7F3CsEdM_AQ5adk6aeGRVDqj9o3WhWeiWi_YS-xMdRlX_PuUdrFlfImCtYXy4pjWaFnXAFkEw2b7f6IYPmH6a7wTmyvoBbNvxdNfmAAFvHpFhatLdsh9Y1KcNfTv1etO5_vMovX56Eo4H5w7d70fugeiMiVZ84P-fATf6F2vvbdOxn0VK1dq6kqNmVHjVgP9KRip75ZHAYLmYeFZ4Kh2qPKXDTU1ekBryLn3tclpivAb36_cspasDuR9bmcU5GA7n1RC1i-Q-AwwH_PBGESkJU1f8Zq59XZT89d0BK_JsDyktbgUibW91mSn8P3egDhZIrtWbNEH0zpwyULj_wyCRsx0CyTK_100lkXIoHElNkP2SpVPgJ9cSGqroSVLkniG44DYXPNn1PmmPvCGTi14M7-B_xHuZb0I1VT54seDdWb5Pqwwee0LRuNEEY2iaBG3bF0YR7VU_F04j45vDu4UlftQzploqZqpX_LC7&cid=CAQSOwBygQiDexhlasO4E34mZr1Nt2_a0YesVvf8Ir3yppiUCagu790H4r5AsWX-U8NmECUZcZEZlm6gNv0TGAE&dc_exteid=31140447388622253588244504946700138&dc_pubid=4

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame FDEC 0
0 195ms
193ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CNqo9O8aeZJ2hFYSZ9fgPt8yVyAzpwMP-cLCUx6zpEdflor3AARABIMCygmtglfrwgYwHoAHTqd35AsgBBqkC2FikVXE8sj6oAwGqBNMBT9C34N5oBtvPUgtTuG-z9tVVM6Oys_7UJ4K4arFeyRHV08F2TMu2NwRoLRriekbl0bRWQf5Bag65PDdnZpUsO-E475NrkwO00fu6iOqCgL3K2YY7JqKrI_7w82wCHn-w4WnUOtTAfa6Gw_ONaKQEDQsdNqvawndVohfytRULtuTITYQlEDPAKtBk0SLpZj5q98GnLrHHYU8rgZzE1GEDJuL5sptRRzYnhML_D3upAXUUS2WWEj35zd56Lxl1lqjcFJEn2PmbPtaP3pN9T-ajvUs1MsAEtdOqkK0E4AQDiAWu2te5S5IFBggDEAIYAZIFBggbEAIYAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGN4AHldaihgGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHChD_9AMYpfXv7AHSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoDyAsBsBPSy-MTyBOXuoXjA9ATANgTDYgUBNgUAdAVAYAXAbIXHgocCAASFHB1Yi02NTkzNTIzMjEwMDEwMTU0GOrBbQ&sigh=uXdoYe_tS4A&uach_m=[UACH]&cid=CAQSOwBygQiDexhlasO4E34mZr1Nt2_a0YesVvf8Ir3yppiUCagu790H4r5AsWX-U8NmECUZcZEZlm6gNv0TGAE&template_id=509&vt=10
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 40E7 111 KB
39 KB 185ms
59ms Script
text/javascript 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Origin: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 10:17:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6810
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 01 Jul 2023 10:17:06 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame 40E7 11 KB
4 KB 67ms
67ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CNuCzgp3g01xBD1kCcwIH4ksZZmRKM-c8adOxVrAkPLUug1vmjl51UwwT8l094sAh8LYAe9X9vTktzT_HQc9K0Jt4uEA&cry=1&dbm_d=AKAmf-C1f8JmgAGdbjvnO837W8gJpENDyhA3qJITZJzoSo01qN1DqTFRDvrrv4O12oxvM4Bbt3vCU7H5IZ7f6NXStq30-UKpF-6_OBEFnKzFD7nKy5ZKHEMBkitKEfWMG5yqAh18L4cUe4M4ALud-G6iU3tzBPEM0VVuvVxNj3pARnKA7K2hflZQuWSwM0-6Vhe5nTFu8D3TolmnITvh8kjvS4etQgWja2sgy0CrG_jxWnBlZTNEqIAPU51ifL9vYc-yqxRJuCDos9IlSDcFrBW-t8tkE4_RpAAnK7hkyTtKXaTzN9i_Q0O7bfvRO5IpAZANlRAWg-YnEYW2BjWu6uyfL0cLpbwRiInldBdnxhn9ZD0wj43FvXYoJrABDEBwJp7ZRBm0aDmfMAgtu3KY67_ixDgDaYndY26_cdbkeSAoDVLfGxRLX6eUUkcyhuYuDkXHJCu8qhxbTzgX0IYRpqfLAMA_xeo6NDkra_5NahoqLjMBUUEFgHmI6IF2BO3y5fNRsu1Hh2Nymr5WxN9wGEgo3xawnSKU83QE0Y8_tudcojaPoWuIU4AyOfgyvaFOX-ST_nZ0Zd1Qq4j7hno_6eO3UQ5laESHNyLN5dIIdnkzVnZa5HOCH3RVKm6Z_vqZLNrwkutJnaoXUQzKjwrzwi049xY_Nj-N_iQmUnu-zc_rXRchiuMm2H0EdKk8yiXhJrq_MWNB8g_LgTr5cGmF4fkLSb3wbDApVQLP9DNRoZuz-sXlgZegruCCg_WTTkZxEV5TCt2_XGqZqg2v7FE9N_gmnFe0X1FofXem_1SfuVwnq7quqHVP5OM0EBwgeSIEeCy435O5tSbtWseUjyFNNueBdefXbe0xRZwAooOml5hulQxge8b6LtliX8wGr0TscHpmKaMgPrF0tGTCsOe7dYKER3bNuq_GRfPoWGuX-wXVk3DppwVkGnAxt0g6iHsPh55KDvKe9ARTPQYdQA6WMD9tOB1F4GrlgdNVZb3o7hGWYKqC6MQyRYhriE0kTUNTwu-Rec-jDOkX-RCbaYe3U4eMfSoS6VqdstoGD984cGtIQpI5RIicaxzDyidWDHutl1w8m6hyzcMwP2bhSR7suSz1lW6fJbfLQz4HzdoKjpXgjF-GEhfmFx_UnXNKmiYz5ta-tH8shiclt181r764-6XcCqAcCBaHlFn9KjhGD6uVKhII2fVTvnHOy52N1SK3aehZp-PGJykEWOwuUlWg4f0sOQ9HvakPYpG_Qd6LXS8JPd3cV9xbobMw3sVIdI6I111TjoQnDwQocxy7gURHgL0ZfRUdAkwNjH7na8DiClQK-vXUx3AuwSd-hgfmuB6WB6kj5qBVOZR6QXomyifhqkb3zvdJOtUmGRW2Nuq6sTX9VifJXZTpuWX_59eniMvxAyrQ4XZ5Cp4qqAhQkGM5cwaaGKjWA3ozZ5YjejQ7eMQ33PiUCEujBO9vQVWpbmlO4LlOMFt4O7yK1h3jk3DF79TcmdWiKgSbkj1vikztl2aVW1BpgHt0HFryByW_sbwhtPvrb0WmqrFoxXqhdqAhtChoxxr2hxBaYse0VbS_HM-aE5cNca1I-x-jQhLq8GZLeyJSIU2vMnhEQQ1du-rt0moWeLzePqYMtV9tO7d_smBF7PjoN1yxcXMR7T_RfkP9KR_L7Q2lbjl6CrKKtEG490yr2FxqunCTFo9K8nQyRp2KvISaE3Nebc_AaDhOXG-wtxpgmkjd5i-vtSqS4dmw4xM9PN6AONxmyGltmSzXekFAPQhguap_QzEcmwqM5mzMbHg5zqbYS1czheLGAe-6HHmpD2IGZA2ABEXhWAD9tynY8JXMBxJYR1LFJmjPsnd9EaGxB3HJoWjv6n8a-CLL5wpFMFBw8ExocpecbBJtAt2QUG1Ec7xX5t54OOiookW-cND7PR9r2fRw14qFr1IRAmRrHwtPub1cVrpW-y4axiYBz6bJ3OfIvtMS-9ciAE25UXnXBZp-xKKm0VelhSVGwv3Ilnm9Ki0vf-L1P132Bua2QvzIe8emnOnM3m9Kc_mrBOjQCM2xubT5jmXqCRucH6-32NucKYYKDqfB-dSgdGhOoT-QZ82wM_ZcRM6n7kdF3sHy0WbV3BZHXJgSYhJaXtfrVkBOjTjlq2cJafAu6XJZMDZQcR1IHqQE_Mamm4H7-NkmoDiMlu--N81mvoflaeyLi6JA6W9pWjp3RAQTLJXoBzKp6aX7gqfmhKVsWgOq8D8jqO69x-7wQOxiYwnUgPa324hQSoW0F-rEFp0TGKeKJjotvNB8Qs1IEH1_Tmh6-N2OM3F0FLW5NR4R7nj19ReaP5-uOxhVcYzUNtfdECmWdFekfR1uoM092JD9F6fp3idyTaP0fH7a27r1eMkVQoBx8n0bCmccKb9HzYrl2khTuSEhq-moYpV6Tul96ictEogFeVn2zUfzCjdf_iB-xIJ0dbXHtMlXLClIpjCWq7oxbPx-SFil3jXG-qF77WI8OtJCPSGwgMeLeWkM0qPF5-FNgB7fntHMJz7epek_R9i_92JW-rYEunEvwLawEi9DbydMT1kOf2pQRpWNmwHZGT-gPwF3-XSL1fuNqGkd96HBli2jOok4k1-6ji-oKso2pt5v5w6zWOpyWUeeGL40jEtjpu67j8vm9w49LbKUma3TLwdkaQsmqGMmEmfUrBWu4vrMC7D24gfeb7ffWbBHmPQJ85DBF4sNICI03GYSkdwbY09ZU8AU7fO6pc9x4c_P4OfnqJRq1x0sqMHGD-XYny1KTl7U6sfDKxiJePWxPpG0wpQVNqbTxnI06pfDXsbjM3RvYPLr2Ye5Y2xxneAj_mN2GaHRZKesmvmwijPKP9VXtN57fEdZ9uVAB8XK6l6k8bqcVqBZjmqoIl1g-YoC7ywIpYlIJ6o3kvLoMkNf_JwwIxPascqZ6pSPQyZLTZaKVdpR6ScJFpqaf8pd8t5OmHeVp8NpDjYOm3cUGvH3ACcJAAsNtnZmj_Joe4p_Jej5FH87kmgOT8H_17UNGi4YoGzF8IGjRM1xf4vOquNwi-N_WADUgxu5gzgQEpWgxKHX1UZ4UEO_87aNLYIMKyh-hDiNdbuLKsmn-7oMCVGfob-9Zz9CMm0u-GLOGgmWWWlJrIwc5UvonrC8RN6aq0_nnS1m-oktqvzWc4bQeX9e0-eWheC38D5sgdW1c8ieTkjLRXT3nmLfqJqBZu0bqVRW37Z2YhUDDYyxDHfnxrtApvLG9VGOxyc36oP-qFjkEhK5y8wA3Kd2F79GltldIjE72HKGM3LzAOhr94yyVx-VrF2Gp-vtoyDmVXiJIAjR24AvxiRMcA_il8Ibin1j4EoYM5l0LewB-ssw6QwTjIePtQlQEanGzPm4UCL19Pr1WkpkL9iF-iBdNJU7E_AB-KRS1hPEOq2UQuYNOdmG2kAyRpX4lGp2D-AShqW85qZLtzklCAdNUyhxMrBg5TyLJBP9JMsH-mG7CVTHSosypVuK5-BzINWDhmIuBhvMFb0e123F1R9jVMVSQcAy83cmzs1JRP3FD7Jno4yrN2oZhNDc4dHVXhK3a5rXY5c23XXwaclOyh7tey0cYGlj&cid=CAQSbQBygQiDLhWFTLsLTw3u17VFDzsE3rFAqeV0F6xWLZS--kYy7NkdC0RsjYxMllDhFobwS_16poFTviyxE5adoMZ5NRYOSq7ll2kpo6moyGulxS47yrS_FDvbotu-71fdk-ZOtPtyAdi5tW-YYNYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=5507169739825276000&adk=1599433117&idt=157&cac=0&dtd=43

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:55:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65710
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:55:26 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 40E7 30 KB
11 KB 62ms
61ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:57:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65584
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:57:32 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 40E7 41 KB
13 KB 63ms
63ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 253081
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1141 0
20 B 91ms
90ms Ping
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1526771393754&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1141 0
20 B 90ms
90ms Ping
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1526771393754&version=m202301230201&ct=76&x=1&cor=10810114366761892000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 1141 103 KB
39 KB 116ms
114ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CSCpZZKn0Y3mM6tVB46DuddvBLNtCzO50OAo8aY5O3TYj3CLN02elMYG5055qSQ1ZmNU1B0RFUtKsVdxQ2ZuqCAoFXI_1BkqsRQaskkgF0eln4pHliLSRSq_kmfanH1DR_lUyXgW_FKTpmaeeeKeKd5I3AS-Tr47U874__MfC1oG4eBfU&dbm_d=AKAmf-B0RLZ4UzQzys5s09rQmpvu_OvQb9lXumrh7DfvNaeAjygezHlqofZx-p2sUQBOwY9wd4bxclPMgp8D3Jr2T_Ew4DWXaXg9dzuGynYr-gkFVRyru48Lth_wHXeY9dL2BF8d_eLVaz_lhchynKApb0Tf6r4hwjUlOiA6hRjOWCTOLXN0fa-_92kIxjVqO8xEpDm6WDOLpIPjiiw5ACaJR0SdsulY4afcSMmTrOLux04qDZF6A_UTlReYjAnm6HqF_5gcH18-ALa_r7gAp-VSVMmLL8--UN7daJBIfG2zAYq3zDgEmGNdkj3HZITa8TMSfWfJ6O7x_n2rI8xB5M-AEMHhETfgl6MPa_cdsjqrdMOCVkRUOfsJrZDdCQN4xLEBT8ktjA4fZuVBx56-NxNIM_BzID33QNk1u4uproUdSAATVL8U_U16VzIa7RuY4eX3H0Lt7HQyfKhzst3IjoTJxKJrNB3GIzhJvaGuDucjv_-JtIus6F4ffLUOWBfOO0gWAn_uj8vRI5WEaupzfmaI1ZPgVQry3BQL7fKklbOSfZCwzXE2nIckYmrkrY7omk34lbNZZiwPjGXPixyFhmPGVO8jNumKo3s6Bbvh-_JgT71OHSXYk2LvMxsJayqKVVRIIDabEUMfLv9Uv5STgAPcsrjH2_U0R6He6d4h4jpWchVB3x3icQJeHuvayXwaIofvUWcd7A1ZoL1Qu2VcbZCn_BolWsrlv2xE6ZETCYJ2z3P88tqIHuA4WAO4u4nrnNxHNxKrOS-bTJ2B84UUV-xZowis7p53ZyCW1h6Hwh5Vno3pUsiZoPO9Anpn5WWY3KzKha2eKZNxJE0LOQ4yfoy-snjbACcWKgjn5sZtX-3vs6kERQOKQ7b0_3JqZzdKSxYxLjxKAQdGk4HgfW6aMSvxVmmkuSgxVdLLzjC62wX5OtOOJWis1IojhDQ8UWrmm2rr4fdzhj6ArqP4Verm6iaHFa3wOHA44xa_9dpv3w-AIig093WMeObvWtqxGA6HAtHea_u5adL_f6o-hCakelem622OaqE7PYSMHRopw6OzAICTECQrsTQjEs802B43bc5x-4eCo_aMYd1U1_iQ2Bkwm1R4UMDma5u83rSvsAWXJlp4fMdkH8vG4DFR2m0E_vS_usQu_fW66PJTpLIqoLmMo-nBPr4CSX-iXBt2w5DLbE_W5Su0q1DpkXuhAOVGUX9E-b9cewjtVAONQp4TQ4YhQkaOO5a_j0u-jhvvbVifCVeUpmrYuqxELFR4nj4zeEvk9_nslBy68R-e4bdDLTi8hJn2Ey3wBqgTH-DoweFpZzIzzgSHSgUcDoHk0SSdq7VmABEM7t5U1XVsmNgt4FXEkhylkbLws8aYcSCfaZkn1XrEvsTvYqlDZQcikI6YL1XNBVGPGLO61gJP95RKiYlOOZPZPqviR_mL8gXgJChaZFJfvQSdl8se4loXZncfGq65Y42p5EJjA8G-7lnXlp_bLqDlnLlvBiVsQXADwrYrTvF-Hufke_y8m1PPZgWcjgLIAfBPeRKLgzu5leQuEix0IhWyyarAWxXvHcjJjsTwnoM-LI1e_iQWKBUnHYY2AkOuISHZGnvip75jSHSDj-HLm0oWIkf0sDr-MOHeKx3ABFkhLI4kQmkVDfUqc4vwFjSXfiUxN0ZcssdSVAEe08YrUZyLjAXYwO8guF5ri4owLrB4x_Lgixy5skMNmUVCs2VnSWETrD9gQ7zmU2muyNH001xZOjsNC6nYW_RYoxpa6zkb6zHw802JIUystpdkq47JYHkmj_Pw0FdgZ7L7L6qibQ9zcM9lklfwi0lYqWn_9z0ticZmMnda6FL_7R9g3dPLqSFK2bk6ftr6dpIzCne4KAM3j11luXjm_LblmwQQ7uOZPrijMVlqF1KUOOcCY7ozk-PKTN2ugA4bjLgD6Zb-Lmq0-9MbFhP0wA3ivpCc0meqPYZqqXyNdH7BdF4HYYJ4BGO9XT-kvbJo0ws6m0hZlOt97VrRu9m1otk1dwPUyrYzBJQMq6MlqEQnC2yEo_gHjBRy3Is-I5lhtizyO2j5ob7QkEwY-bQ1PhuKw7rt9MWe5PxFtZux4rjOi_AmwZjIHsmF8lgzVK9PalHFYpedPaGttm4PyzMlVXJjuGIPBqwhdS4aFHyv5J9LtNkCALP_zcwQkTgYt8xaK1QQm7L0niPNbPloBNpazIqYWP_H76eccSbuacw4guPDzLK_oHuvM7TX4SeoTVc7x3v17LOm-sdfrQ42odjHnZh5BAX36s3qjVR2AawDed5zIOTc8kFcjwFn3QbiKzfrknhlJ6FdZm49GrOKjsjcBn9y2FKHCQ2hcJlgRVWhAdDvNeXrlNA06318WxEgZOnr4q7YbaA3hkC1Re0clRSAfnDY1q3PNjlbmomzAp5Lc1nBTJpjcig58bFP0TbJw5Kix_Mo3cZVF3uQMBbH7LH22-IauDAAbSR0i4O_ceJlWWEie0UHMpx82HE8kbLHDV7f9PdlovfEAMBJYuf_LJWJWk-KQK0scQxGjtECQgYH3BTLDaepau6uuh3y0TM0n5v6QlHkOb9PwCZbX7wP2SmDitxfVzdyMXK7YscD1u50jBkWfzVswBlObkZAMAYMs2OjWhajNeK13CRaRkC54KDPoV9i32W8PyBtATgEp19uj2acEg3KuPSePGk2bIJD9FT8ddCxuJ0Go0AJi7llCUAejNPq-M301N9YsTR3hrGMegWjKjUAmZk6b3Kf71Upye6vR5bTIvrmttQ4Ng1mS9TWsB5y4mN7QpM9zbwGvRHOrrQXlTaAmqWbICfxWWRG9ZuR665LOcZ1JUNa76OPhHzl9_EIasQRMJLIegn0cMlYXDcKsMwf_g_-ZVn2GyNj4uQZzKTkr5xfjyFo9o__OfmaN1ss_XGYHS5rUAAeXiHZFLZf4x-Ex5Ncrn8Y4-W-YdI6QVgd2jXo2-qjH7SDWF4EHp8ejxKupO2Vg1TOCSKH1V6Q9p6a9Uy96AzwDf168Sx35VzsORjHijnE6r9zXIW5PyNwnKRUR5twyuvlFU0EZA9VVUyQbY9RYmmge1O7IXgVDKxjcarB3sYKLJKcN1Kf30aCPaTAD0sB6e0EfWwq9JNphxsgLttsWby_RYB6kt14wVIDVz4waxUE-nUyGsxN_JkIXCCItS5j8jhS2CSWJSbjiwbH03B7FVb1NRVtQiYs7jmouzkg6Gg-V-MxUsGmseQPvzMJeLUP1C4S2OvnFz0-D-U6sL_Sd1mslx8vXbp-_KUOCBuQk3dYtkK7ljf8RbDv14IMK1D1fqgg31N3BU3RgeGwqn_UI6UhV755vDnyTZB_Wd4Gbpe6jPVlGdU4oh4dROczNd1t2QwoDvQ&cid=CAQSOwBygQiDMyPdoTpUMtGHVYBQKnyz2hxFm7-I15-5LwRnrlpVibD7md43Qxnul6o820bYDlRV1A7YrYbJGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=10810114366761892000&adk=3587751834&idt=224&cac=0&dtd=9

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0dfbfecbd8350abf669bb48c1b585103c923ee1ce0eabca195c86db08c0cccad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40093
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 0DD6
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

69ms
68ms

Image
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Redirect headers

date: Fri, 30 Jun 2023 12:10:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 7931
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPOrwD7QzWxkQBxFfIWG1Pk&google_cver=1

43 B
61 B

42ms
42ms

Image
image/gif

35.244.159.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPOrwD7QzWxkQBxFfIWG1Pk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQt9LfAhjGzOfbATAB&v=APEucNXZ0x6vWtqyrNCUdESkRi5FOaf-UBLoRsqmh48bDvst3vH4ZEHHZZ7ZzLFOynxMfvT-McwxubgYbN9P5kHamQVSotT9sBqwf4PSfEYlfLxFagv4NNA_hg7SK9OxyJhLWFuWXWBQZoTsAeIb8N95m1X3jMvb83S6YpV0950sMFjJ5PLz_5Y
Protocol: H3
Server: 35.244.159.8 -, , ASN (),
Reverse DNS
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPOrwD7QzWxkQBxFfIWG1Pk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 7931 43 B
120 B 52ms
51ms Image
image/gif 35.244.159.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQt9LfAhjGzOfbATAB&v=APEucNXZ0x6vWtqyrNCUdESkRi5FOaf-UBLoRsqmh48bDvst3vH4ZEHHZZ7ZzLFOynxMfvT-McwxubgYbN9P5kHamQVSotT9sBqwf4PSfEYlfLxFagv4NNA_hg7SK9OxyJhLWFuWXWBQZoTsAeIb8N95m1X3jMvb83S6YpV0950sMFjJ5PLz_5Y
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 -, , ASN (),
Reverse DNS
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 7931
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEG8HztM9M3nWrl9c_d22ckc&google_cver=1

23 B
163 B

61ms
61ms

Image
image/gif

23.52.123.144

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEG8HztM9M3nWrl9c_d22ckc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQt9LfAhjGzOfbATAB&v=APEucNXZ0x6vWtqyrNCUdESkRi5FOaf-UBLoRsqmh48bDvst3vH4ZEHHZZ7ZzLFOynxMfvT-McwxubgYbN9P5kHamQVSotT9sBqwf4PSfEYlfLxFagv4NNA_hg7SK9OxyJhLWFuWXWBQZoTsAeIb8N95m1X3jMvb83S6YpV0950sMFjJ5PLz_5Y
Protocol: H2
Server: 23.52.123.144 -, , ASN (),
Reverse DNS
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Fri, 30 Jun 2023 12:10:36 GMT
pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEG8HztM9M3nWrl9c_d22ckc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 7931 23 B
163 B 60ms
59ms Image
image/gif 23.52.123.144

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQt9LfAhjGzOfbATAB&v=APEucNXZ0x6vWtqyrNCUdESkRi5FOaf-UBLoRsqmh48bDvst3vH4ZEHHZZ7ZzLFOynxMfvT-McwxubgYbN9P5kHamQVSotT9sBqwf4PSfEYlfLxFagv4NNA_hg7SK9OxyJhLWFuWXWBQZoTsAeIb8N95m1X3jMvb83S6YpV0950sMFjJ5PLz_5Y
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.52.123.144 -, , ASN (),
Reverse DNS
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Fri, 30 Jun 2023 12:10:36 GMT
pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
DATA 200
OK truncated
/ Frame 40E7 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60e0532adefd738d2fd3647536d34deebd8ccab256c0ecacb6bfa4d1471f0881

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 47D2 172 KB
60 KB 70ms
66ms Script
text/javascript 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Origin: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6792
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 01 Jul 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame 47D2 11 KB
4 KB 61ms
58ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Drm0ilZ_tlUNar3XVNmV0msKHkn5su-v66vk4GNQGKEcinkaizKnFqxwQ3sGA7FWqkQbFf6wzPF_UiDd1e79_YEnXBPY03fAR2LQ5N9kHwMNIEkCw&cry=1&dbm_d=AKAmf-DS5C-Q5BxP9GuaAVe7RrELta1ltMmvKPXFOSasFdjg84bvljYtGixEFjFEChdb6tig21jvigiAUBX4gomGtku-fc8Jd9GznEU6rlTBIX19CcZ9EgMGMBsaEQm0GQlh2-25fQ7cnTpHZmGTGJXvuMZXAI8Ts9vXtl6SE3lI1SFPWq63vdCpFmswSjm1CPriaf7DzISi7a7-xnsGYL72r_sJvpifGGWXoDCLcIGj8-BaODCZOKRHjMZrkYKzOkZ4uTaG2DSFUSOkzCDutAytrBqDJqwem1zVyJv5Jf946xKVEmCx56ob-_Zcp6IDRSVXG79RdlpFCee-3_sqngJLh8WlSOGxcTxA48GsoLpsracI7gMc7fjdEoLHDeQC_ZJKKgzBkqXu6x9WGH4aISA70Viabd6yApcNz_8zmVeYuu6odepQBlaz0tPhQIp6Uw68NAvTcPE-yXNTbZ1--_zgR1HgHa5GaTGierL4SYmeHufOEZ606AuG8Db2DlkvdwbNy6k6bOOouvUPs0zwNykpdizuNmwLmNGIxPViHxdFFboYha1y4VVhvX_a2pSkzcmdpuBEaNmWIH77YENbSwFFgwiOUpn3DHbNF2JDVttEcqvlguqkPCsr3xnSETt9kdoh3ffabsfB9vuMJYMMbzyX_ZvXu01EvqDaDtr2gZTLskpttLvPShDmZoDO5XqprXzJGicdS-M92rq3qdFjx9Cn650CLXbD4HrjHMyGfK_6luoWkUK-rjUoTLRHUx1mkZz5l1Z1dv2cJDwYLTQm24Cnz42JwyMUYMQZG9PgHuGRwsAr6_0xB1-Sp39bapph6vgiDmyiCpwmzspa5AJ8-9WbZqs3mF2Xy_mrUAsdNsXoNEQPKifzg3Kkuuvv5yopeb3ZFQ-onwMoldFLWf00Vgz-O_OdA_XMpM1ty7gYM3Lp9RWT3otfCrQTMCVryP_oOLvWRChx4XIny3GZOakYRdZcQK74cCfLNt43GN3lD6OpCJ2oBBXiK8zdo9NQmHRvsifa24Oh-G4ECeFsOUWnaILMxnlWWfT3VZ0aRcWyIcouuptCnq6wmP37Qzvf1lzTcXCHWsJ2d0uPCuOENjahzHKbmrSbdslTLsee4z-TsDgYdEdGOdMfYetdKHtTyYcB6L1LLj-YEhlFsGAL3zdTWsFaaIcXSSSILXQNjOcF0k1yF2Y7lGCJOPWGSCZgOo6YBD9bZjPvHSRPTa0GC0BL3TAW1CAbcOzHPbP9LW_T2cm9iyTl3khkO3Ht5akfW6McSfxqqWqDIQJgYIgp4eHNihiyc-kDhVJWEM1xyWTHMbmmCj4hD7Q--wmHjbhtz09ibmxZE0tqEjI4EMJm54lleJginC_8ADeurhUWQNSMjUL7xpc2Uhsfy7ZPwtgJmX3JHj_4NxLIYDd5EAKc9UH7zP4EP6oRXdp4Rz9wiKl8_ae_y9Y0UypvlzjfJyCxNcMginK4q4z-nv1FAM94WS_KLQ6qzmceyZ0sMGz6H2aXuVaH5iW-htK1i3aFVDeOrnEoF4JiGseMlmTjiHaO_q-yeM_T1wf1LwSNPIroRaSV5yxnKRS-mhURtR6ceWttc0I6gyBKUOVkDUtf4aagWt2yG_9a7z7tvdqHqy6VK0SoR7RwTl55LPBXuDU-b88DYml4GWM3jesXcc5kFVwjqsS2paV1InYjT90vEUDuAHI9C5TrXNk-RdzXxcy10GtuEsUbuMJeW2JkUErCWY4mjLqzG-qWeGAoI9UOiOujcl1OLieJCRBf_uhgg-mmGSdDI1zoAFi-cdnKkk4_6rMnoQakI1Q13_t3jtbrknkiHiicFu6SjbJO7Sfo_ZteSIVC17hWw42wXBRHQLuf1jlsIBpTegoWJydIw6uMHWSbhafMSSHI3X2vpnTvGVm2uT_Yrq4nKRDmWgDDRkYrj0Pd89HvcEHiWjY7g_DgfNiWlCzY3gQGFFLVNA2tpKjMTLXcIgCpTpWa4LRZg_4PUoybW9Bgfw3-o4OY-qWTnkD4Ad64QkebltwZmrxc5jVFxFpIlGrSMIN3LP54g307-oWxcS5Rjsvghig0yTJWXtH0jpjzuohAXfYKNz4Fui9pW3BEbHANMh2hJXK5ATEfmdzOT79t5BUR3OvA4Ug5hKp5K6x_y2Qd3rC2jcIby_51D_JzDxj268FMLqQSx8P-cKPfZ1yHNy-1FS3GCKMuIoPfYG-ScZS-P08CPrSs8CpnMD1wJURQZFuDlTHgh3qiIEsfBCK310NG5ZjE9oEwFY5-y0LEW--MqUA1tVNHd4KuptX-PZc0NBucawPwlHT5uFV2A0z_6gALiiGMzsC4cgCaZPryY_VXtpGb-WDmeV8RWy8N-TKBX3trISWDg2K2UHo6NS-_c7G5q7q__MJBvzd4zo6malDOeRV8CeZzFqvezV-0zLQ54QnwxL3cuNG4x4-oaYrF1jetu6TbNXER7YIwR10Ayslu5sTcjE6gqbUkOs8KoHSVIMWw4YqdbUv53nttfnOcanP1iSZdQhouR8sKVFv-wZnLYWra7s853K0G8OARHdgzdlYoTQh44jqA7gcm7nItLwq_7t1FSjXurQ9jeHDY8jeWuRTYEb4cwZiwyLX7CdWSs33cA2G1rX8QLbp78Lzw_6PXyzfUX09PZxwuGcJ1RcV3UONNAO72yT6I3aKF2TqFs4MpW5pZ_2g-W3sQtO_DGAoL3xFDhu2wK-ZFezFbITOBautZ-g8voNYghsvcAhlZeze-wlzPpofrjpDfED7-xouqS9MQdj0ghtInFre-f7e9_oGhJa66nCqgU2iQ8lzYlrwV2dVIF6EUkgCsqy8xLWa4ffdcXXE-TD8jyYH5YHOrgwE9VNddpGJdNRdzGoQ2RR2Jy2nIMNwgBW6b6JRExA49ORNRY6ngynNHbnGzVzCitgMIT4I7o_FTFnL_cSuAGacNHWNgrX6OXqaS5JYlu495VxrGmX-VtbvEQ_0GS1qcxsPtDELUBgvUE5MxBoZVJZsGU9t5O1aSQm4u8RZryrT9nJc6L2bRjuKrXi-RaK25uIDfO06aGuQIo8oWbe3LcJLhF3tLVZrxsheGh2cGKsJ9wU2bCTkp2MHyJtRb6j0WI25Zym9PxKvMHSNaNKzbvA9O0G4O3S9fwhxUrBOcEK_YsEyYpDzf7ecZ1gI6_rifArjnYE6yQNWabFStPtkpw6kBWyJyhofOXeuUPQ-XcdZmHYpOlrDq8P7hJGARmcoMUAUOOxCf8mfLriQlS3d1Qo-FRnbI2Oe-6xOaMx5llFJQ1UuJUWfnSGps4eu2GaT_m4WlkKmH72F2DIh5TPEwMTExPmVEX0O6v6848l_OTqM7oCynrHy1V8_kAsLCxR0EqOowTp3oT2QXcWYFesjyOTSwsRZT1jJZ0j2KBO4jq8PV-MeKnYNxeuiQviBC4U-CGpZs80zvXgsi_ajokW4yffCDarQxYdQxzdmM92qw6qsoIZ4pmqU-oOxvUsioYFVXA5_QIAxAW6oDBOTvC3oeY_yw8SGpa8t9A_yS_PFCwlfHr-g2b9BASg&cid=CAQSOwBygQiDGnunTYqWosTGs00oes5X1fhoBuhArfnxwlgzJs0BVs1AcPGaA2jBlUY_ODC7KKuHqOpV8KojGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=10768503760324860000&adk=212707235&idt=117&cac=0&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:55:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65710
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:55:26 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 47D2 30 KB
11 KB 57ms
56ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:57:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65584
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:57:32 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 47D2 41 KB
13 KB 63ms
62ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 253081
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1B93 143 B
166 B 58ms
57ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3244
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 11:16:32 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame EB60 1 KB
643 B 62ms
59ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 16464
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 07:36:12 GMT
etag: 48472445140208031
expires: Sat, 01 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame FDEC 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 36323a70b585b59557dcfba1ec028f5cb75a48b7b3b32a5324b4e40585bda4e1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4E14 0
20 B 100ms
99ms Ping
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1723850228483&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4E14 0
20 B 99ms
98ms Ping
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1723850228483&version=m202301230201&ct=76&x=1&cor=4488787201681465300

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 4E14 96 KB
38 KB 95ms
94ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CjfzEz4x11DUSQ241cjNQztrcdYNNHkAO2zn-biqPzylnjqOB5y8Lil-LL1pvvCesnH4XJAzloZoco783ykw-LqIM9lRlwLUHcneuXpTAat_dmHwc&cry=1&dbm_d=AKAmf-AJz3NhGeXAJZ_cQNUJXR8nk3YyDCWsMunr2HgF54enhytXth2vJQ1MFOr3aPcYeiwj5xdub3oHjEMgS5caJAJYwu7CgnpFtj90tZZbZ-_QI58hk2anGhyv4Scn9D_z6s6UogWZFVGtmFkjTnIJO2vbqKeqfhbWkGnHw5vPaV8OD7Hvb5umb_wdutkzfMiTAWMA6JiUvyj8rkIpyA9GB68dxKQI8392O-Q5p-SHjgddged5-ERk9Y_Dzy5I6bX5A0OwpQOrAVaTQQRcPRr314E0_3W7fd0Vi6ZRsDr5zedGwT6w2Ngx_-0qBjV-RinpWkDDz2Nd_YLLeMG7UHXqy2KkgMbmRZQLWhODXffBVJBbU5laC0_4r9bxoIGpuDF2cU2r9jlrVYJvh9HAjHtOAfs6OzWMvwNdhhLMO7sOOOIpM8xwpe9RRlmYL_Mc81izg8cegNMPUeYg38Dta4gmke6y1324szsZKb4uAMzOQi7glfbgSQ60an92rnoB_CJmPrvkRrnTKlnmZPHr1NER6Q6Ml3DMg0karGilGCt6-Q5UwV5GBbpQuSIAxgyiurEM2bT5euxEqqW2gh5cNZ4iLVEsygpLqVfC9aBGSrwVGhI11_KMKNQWFDWVUkFs-YKu7L46YtZdnpSf1hngr_UEZGwAL8TIO9mcLq1tM79S0eWxnkSnxubWDHtov5Eglf3KFSigwPlMvBkNeZsOfNIWw7RJw44-1AZ5ipnN-xURB_oiEjTWA1MN0BZJrOSFdrS_ctTVa12TkX_HJ0LCQ5YBkHE19ocZlDlJs_O44_gVEppXhRYSbfgQUGmIkRlMTKE6tGOSY5TNKtSN-61ec3eYiURE6oaRIniBvewNqn9fYny8e2MzV1ubKe9Xyar-WG47CDDweMWfWKytCcBt26PpMTOwAdvMir-8s5vARXs9Up1mIamfB4BzNdxcb9hIXbRiWWn7Pl8CriCJU174udXlr2LLdXqIXBXTHETw1ETEMIbvTSdIVCC6k9TolU7L6S3_XtXzXnjU8VCUK4oHSywd2X8h17ptTTiyz-m8WMNlvtt-ADX9N0kCVuHWvjU4FJ8Gx5i67ba2cYLggvVsb_uoWskRWI-_JQeWETSMJpAN-sMA7J_KJqsUJIN2wMhwhGcZ5503Q6kLKWf6YO7MCb60aOY7NvvS7DZXWduWFM1UE-mz25IhDWZ_eJe2TdU__nfbu1X7ieGheASvvreecRye1V4n8aDCvZZfJnzOhGLgKCq1f8_tRqqoEqhAcPKdAvsfyxLPW0HFjKoJ4hLqZjny9G6jXKlHvq374D2Wa6DhXC3nyUva2aCnI2DX_W-iNJgsyAlOiPdZh7MBgYz-YcszrJIttgZHv5_IEQfm4BHiwX5B0F-Z-ozlPwUyFTHz0gTua_yo4EDp-Uilayvsrj7lemhBc-1uLsHoNpRtHuJpurFQe2Xfay0uAia7_blJzA5E_iJjBgLsVYSSrTx4qVlJmDcIl-K99S_9VLLmyCc8K2bIXz3aZXqNTfbpJyPDp3-hvUZq-h-nGGoCvR4OyaLDxdXDAwzMrc9yr6om-S2Khu0YDv5cDcq8x0K16VmOfxFs76m2iUpJAerjxH_uVFiMF3Dd8oENNOgJ3V7YO_-H_ds0TvbsWNp0UKd3GT74StER4nv-zWFfI8tSQW0VWcDASp78JApm9rdOMmskxgWV89KAcM9p_0ZAlYRttSu52pIi-ZV7gT3wM-1j33Mu07n4HzD-SgHfFozTgz9g2Gf_nnM7qBL4uxTHyiOUdwk01I7COL9S7qU5DFs7tzd983L5ByTc4slUHGGBqOhEuom7-ODGm61JPoii3R79GwbtvhSb2eqp9npwmkC2aeiQnzGDWrK6vGM-hMlATxZrOwQWLcBZVuCotxRaTM0MMRF4pJSCN3HJWUzoytSZ8zNsHpxG_5tg2Em0vr3HBbpEXMCDX1QLIRyXs-lbX-_9ygwITWWoZRduB0Ag3X8agk8ybCfDVRWYORkNNQa0JSxHT2BClbrrj3MIzeJyR5H97g9VS6TmTcD_ftUsS8gMIwbpFHASJJ5bOxODqC-yaBZClzTyBidDYdCQjZB8zTuF-uMA_fojGIstA1d9wEYAT3MNHXYa5espi0KkfpxV-JJymZU92wdHYAcQmf_GAIQjY39-wzri2QnJhRpaK2b15U6ABlQ4ZUytqXQiogUTuh2OQH_bLRCLggyY4ni7ye7_K4kDo11IQEZuwFkyz1SuIkdn13fiWdNEGj1JgGiLdUymKDb5Nli8cdoLumMhAAufy9AW3NGOQ0_fqgNnHIwt_8_ZecuIEDBLZo0supIwxNbFMvlRFgUt_qHWhdSvHjUI4zCC_Ii3XAaB-wURUUGTdu3VOE35WE2oUDzf1gi7QBDONz3W0aGMHRDfBxHS52xy2XnVwM9XVeId8ATSIY7FiPWKC4ZtZCTBFRk5D-159Q78mRAoflPZppwQ9rM4jhSK41_2onRzUPPEKMCAs_xrBP8fYJDcM5iW7F8fAkPYLJNVRX7KtNUzzQuEauDKe-uKVhwBTTKyO-WJqBkeAozfgoFh0Ms7mqTlEfjKCjteqqqz9L5d5aclPN-zK4-fIii6ks_7DVECYsBpZ4jghtfQe5AvLIS8NyYAmg4P5FAN2M6CszF8tEtQfN5T8WeQx9nsjA7cwiBrmBxHyrxM5QDXtvwey-jQGvOdvhY38N_JebC-ZGhsAjX5yajV5s3e4JJY9PUjCZGyVFlmgEYNKB7kMJpm18R10Z1yzlbyg_4JFIUQRzRSXNTRTdSxz3Dgl5QoXqdqtSqxNWWxNW7dfawNmS6Mtfusiq0YffdwgBla0s7oTs2wT72P4IlI87jlXZV5i1IHmY_eRe9vArZ79FaQ9eEl89tyoQypHBE0MHNWc4el3D7QZ3JxYJp405kDUWvUR6IoSmaN0mNjq2be0sJaPQYwSzix7AmTr48iX5spgbmzL0NDcTIJwdnACw0KaNAtn5QVTG2-7Xyx7waj4L9FMLa_SkcZS_lPlDxA5_uFcdCfnibtj3WbwhaYttfEutd4HgAYBAKtR3trHZviNth4PJnYRs7xw_tiFgSejl_1tCFebO9Te1doIwrq96FZQRvyizFMQbyBAqfCiA95jaRjjs0aJeSJVQSUoU-rTF3aKH0H_WQjP39VwX1qpJixNQ7LcQR4IT89ulmQJxClqUYE5vjMNGBmzmm9C6KyjBgVQKH8lY0bvlppW85IHJ8_2dy8-RvxGT-HgTRviYfa6L5gMiJUePEODuLUoag2vV0VjlbWW8Dc5weZfOSPl-e_Lniidtmimc-uz9_sUoW1fOeKblU5-zaJrfCIxWcLevk-2OU_SUJIYUdl5SO-6he5goQ-7tSY9pAOyyYzkCMl&cid=CAQSOwBygQiDti6jFirliWpOCw86wzgSqIvxQtoaXLULlTjJUpIG0HRjKLWQhm03xrWoEf6RFzSdjlNkqnC8GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=4488787201681465300&adk=578009112&idt=131&cac=0&dtd=16

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1aece8feed2d27429735ac4aaa2bb72d7e3da277aa870f177f2c761278cf0b9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38609
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2C76 1 KB
643 B 65ms
56ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 16464
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 07:36:12 GMT
etag: 48472445140208031
expires: Sat, 01 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 47D2 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ef1ac6e980067f48dd414c11559b8c872419cb46d67e44fe56402bc482a497b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 5ed76f76e4b07a92411bc03a
ng2.virgul.com/tck/imp/ Frame 5040 0
209 B 163ms
71ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed76f76e4b07a92411bc03a?g=1&t=gb&r=153377@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688127034138&userId=vnet3bc71549-6df8-44a0-a5ac-c4fd13789c73
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 12:10:36 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 9C0B 3 KB
1 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688127035502&bpp=2&bdt=245&idt=389&shv=r20230627&mjsv=m202306260101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2566870242913&frm=8&ife=1&pv=1&ga_vid=911778691.1688127036&ga_sid=1688127036&ga_hid=160099374&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3443592400&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C31075720%2C44788442&oid=2&pvsid=1287994812962046&tmod=1751827407&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.zcg2ojo1kaed&fsb=1&dtd=394

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 07:44:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15954
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 07:44:42 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 9C0B 20 KB
8 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:50:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66009
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:50:27 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 9C0B 0
0 65ms
64ms Image
text/html 2a00:1450:4001:831::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQeZIWxjmeZc-iQ6uT_sVPh71bCobWDshPjj99Xms9_qcRGCK7Lo90Bpudu_GDPTFwXwDY-y1JrzGVOpG29d8vgzrI9WA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688127035502&bpp=2&bdt=245&idt=389&shv=r20230627&mjsv=m202306260101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2566870242913&frm=8&ife=1&pv=1&ga_vid=911778691.1688127036&ga_sid=1688127036&ga_hid=160099374&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3443592400&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C31075720%2C44788442&oid=2&pvsid=1287994812962046&tmod=1751827407&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.zcg2ojo1kaed&fsb=1&dtd=394
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9C0B 179 KB
56 KB 68ms
67ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:10:36 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1484055/72040524/ Frame 1141 247 KB
74 KB 549ms
51ms Script
application/javascript 54.194.204.34

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1484055/72040524/skeleton.js?ias_dspID=64
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.204.34 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d111f7cf82a9e88b2916628b94c8b93c91ee66b08b79859291ff68e33daa55e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 1141 172 KB
60 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Origin: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6792
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 01 Jul 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame 1141 11 KB
4 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CSCpZZKn0Y3mM6tVB46DuddvBLNtCzO50OAo8aY5O3TYj3CLN02elMYG5055qSQ1ZmNU1B0RFUtKsVdxQ2ZuqCAoFXI_1BkqsRQaskkgF0eln4pHliLSRSq_kmfanH1DR_lUyXgW_FKTpmaeeeKeKd5I3AS-Tr47U874__MfC1oG4eBfU&dbm_d=AKAmf-B0RLZ4UzQzys5s09rQmpvu_OvQb9lXumrh7DfvNaeAjygezHlqofZx-p2sUQBOwY9wd4bxclPMgp8D3Jr2T_Ew4DWXaXg9dzuGynYr-gkFVRyru48Lth_wHXeY9dL2BF8d_eLVaz_lhchynKApb0Tf6r4hwjUlOiA6hRjOWCTOLXN0fa-_92kIxjVqO8xEpDm6WDOLpIPjiiw5ACaJR0SdsulY4afcSMmTrOLux04qDZF6A_UTlReYjAnm6HqF_5gcH18-ALa_r7gAp-VSVMmLL8--UN7daJBIfG2zAYq3zDgEmGNdkj3HZITa8TMSfWfJ6O7x_n2rI8xB5M-AEMHhETfgl6MPa_cdsjqrdMOCVkRUOfsJrZDdCQN4xLEBT8ktjA4fZuVBx56-NxNIM_BzID33QNk1u4uproUdSAATVL8U_U16VzIa7RuY4eX3H0Lt7HQyfKhzst3IjoTJxKJrNB3GIzhJvaGuDucjv_-JtIus6F4ffLUOWBfOO0gWAn_uj8vRI5WEaupzfmaI1ZPgVQry3BQL7fKklbOSfZCwzXE2nIckYmrkrY7omk34lbNZZiwPjGXPixyFhmPGVO8jNumKo3s6Bbvh-_JgT71OHSXYk2LvMxsJayqKVVRIIDabEUMfLv9Uv5STgAPcsrjH2_U0R6He6d4h4jpWchVB3x3icQJeHuvayXwaIofvUWcd7A1ZoL1Qu2VcbZCn_BolWsrlv2xE6ZETCYJ2z3P88tqIHuA4WAO4u4nrnNxHNxKrOS-bTJ2B84UUV-xZowis7p53ZyCW1h6Hwh5Vno3pUsiZoPO9Anpn5WWY3KzKha2eKZNxJE0LOQ4yfoy-snjbACcWKgjn5sZtX-3vs6kERQOKQ7b0_3JqZzdKSxYxLjxKAQdGk4HgfW6aMSvxVmmkuSgxVdLLzjC62wX5OtOOJWis1IojhDQ8UWrmm2rr4fdzhj6ArqP4Verm6iaHFa3wOHA44xa_9dpv3w-AIig093WMeObvWtqxGA6HAtHea_u5adL_f6o-hCakelem622OaqE7PYSMHRopw6OzAICTECQrsTQjEs802B43bc5x-4eCo_aMYd1U1_iQ2Bkwm1R4UMDma5u83rSvsAWXJlp4fMdkH8vG4DFR2m0E_vS_usQu_fW66PJTpLIqoLmMo-nBPr4CSX-iXBt2w5DLbE_W5Su0q1DpkXuhAOVGUX9E-b9cewjtVAONQp4TQ4YhQkaOO5a_j0u-jhvvbVifCVeUpmrYuqxELFR4nj4zeEvk9_nslBy68R-e4bdDLTi8hJn2Ey3wBqgTH-DoweFpZzIzzgSHSgUcDoHk0SSdq7VmABEM7t5U1XVsmNgt4FXEkhylkbLws8aYcSCfaZkn1XrEvsTvYqlDZQcikI6YL1XNBVGPGLO61gJP95RKiYlOOZPZPqviR_mL8gXgJChaZFJfvQSdl8se4loXZncfGq65Y42p5EJjA8G-7lnXlp_bLqDlnLlvBiVsQXADwrYrTvF-Hufke_y8m1PPZgWcjgLIAfBPeRKLgzu5leQuEix0IhWyyarAWxXvHcjJjsTwnoM-LI1e_iQWKBUnHYY2AkOuISHZGnvip75jSHSDj-HLm0oWIkf0sDr-MOHeKx3ABFkhLI4kQmkVDfUqc4vwFjSXfiUxN0ZcssdSVAEe08YrUZyLjAXYwO8guF5ri4owLrB4x_Lgixy5skMNmUVCs2VnSWETrD9gQ7zmU2muyNH001xZOjsNC6nYW_RYoxpa6zkb6zHw802JIUystpdkq47JYHkmj_Pw0FdgZ7L7L6qibQ9zcM9lklfwi0lYqWn_9z0ticZmMnda6FL_7R9g3dPLqSFK2bk6ftr6dpIzCne4KAM3j11luXjm_LblmwQQ7uOZPrijMVlqF1KUOOcCY7ozk-PKTN2ugA4bjLgD6Zb-Lmq0-9MbFhP0wA3ivpCc0meqPYZqqXyNdH7BdF4HYYJ4BGO9XT-kvbJo0ws6m0hZlOt97VrRu9m1otk1dwPUyrYzBJQMq6MlqEQnC2yEo_gHjBRy3Is-I5lhtizyO2j5ob7QkEwY-bQ1PhuKw7rt9MWe5PxFtZux4rjOi_AmwZjIHsmF8lgzVK9PalHFYpedPaGttm4PyzMlVXJjuGIPBqwhdS4aFHyv5J9LtNkCALP_zcwQkTgYt8xaK1QQm7L0niPNbPloBNpazIqYWP_H76eccSbuacw4guPDzLK_oHuvM7TX4SeoTVc7x3v17LOm-sdfrQ42odjHnZh5BAX36s3qjVR2AawDed5zIOTc8kFcjwFn3QbiKzfrknhlJ6FdZm49GrOKjsjcBn9y2FKHCQ2hcJlgRVWhAdDvNeXrlNA06318WxEgZOnr4q7YbaA3hkC1Re0clRSAfnDY1q3PNjlbmomzAp5Lc1nBTJpjcig58bFP0TbJw5Kix_Mo3cZVF3uQMBbH7LH22-IauDAAbSR0i4O_ceJlWWEie0UHMpx82HE8kbLHDV7f9PdlovfEAMBJYuf_LJWJWk-KQK0scQxGjtECQgYH3BTLDaepau6uuh3y0TM0n5v6QlHkOb9PwCZbX7wP2SmDitxfVzdyMXK7YscD1u50jBkWfzVswBlObkZAMAYMs2OjWhajNeK13CRaRkC54KDPoV9i32W8PyBtATgEp19uj2acEg3KuPSePGk2bIJD9FT8ddCxuJ0Go0AJi7llCUAejNPq-M301N9YsTR3hrGMegWjKjUAmZk6b3Kf71Upye6vR5bTIvrmttQ4Ng1mS9TWsB5y4mN7QpM9zbwGvRHOrrQXlTaAmqWbICfxWWRG9ZuR665LOcZ1JUNa76OPhHzl9_EIasQRMJLIegn0cMlYXDcKsMwf_g_-ZVn2GyNj4uQZzKTkr5xfjyFo9o__OfmaN1ss_XGYHS5rUAAeXiHZFLZf4x-Ex5Ncrn8Y4-W-YdI6QVgd2jXo2-qjH7SDWF4EHp8ejxKupO2Vg1TOCSKH1V6Q9p6a9Uy96AzwDf168Sx35VzsORjHijnE6r9zXIW5PyNwnKRUR5twyuvlFU0EZA9VVUyQbY9RYmmge1O7IXgVDKxjcarB3sYKLJKcN1Kf30aCPaTAD0sB6e0EfWwq9JNphxsgLttsWby_RYB6kt14wVIDVz4waxUE-nUyGsxN_JkIXCCItS5j8jhS2CSWJSbjiwbH03B7FVb1NRVtQiYs7jmouzkg6Gg-V-MxUsGmseQPvzMJeLUP1C4S2OvnFz0-D-U6sL_Sd1mslx8vXbp-_KUOCBuQk3dYtkK7ljf8RbDv14IMK1D1fqgg31N3BU3RgeGwqn_UI6UhV755vDnyTZB_Wd4Gbpe6jPVlGdU4oh4dROczNd1t2QwoDvQ&cid=CAQSOwBygQiDMyPdoTpUMtGHVYBQKnyz2hxFm7-I15-5LwRnrlpVibD7md43Qxnul6o820bYDlRV1A7YrYbJGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=10810114366761892000&adk=3587751834&idt=224&cac=0&dtd=9

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:55:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65710
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:55:26 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 1141 30 KB
11 KB 61ms
59ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:57:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65584
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:57:32 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1141 41 KB
13 KB 61ms
59ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 253081
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9C0B 0
0 101ms
100ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CCTypPMaeZOa0Ac7CxtYP4--o8AKQ4YGEXLaoworwAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLYWKRVcTyyPqgDAcgDAqoE0gFP0Ot0RCYltYgsljie_Fdwv-_VC7g2DCffDw7vE7F905Z9txlW0Wq_v_BV7KI3Ka5QKRKiJjPlYyzth8Q1WxTwSaoxo5LjTaMyDXn1il9xtwyXiDZnrzTieyAQNWzC-Yt6vpogVRWFH_qm2lMuVH7WNUBvIiFRYjFGzSah4U-V5Kt7vwF6sd45-aI1V3iYnS4EhfElEVaoyLvvPP7leeGN_AwbEVOwhMRNkA8_NJkZtIAhaugxbBj6UqbXrhRb4D7G0SBoAnVNLK3KZSb31baVA4mABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTqACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNjU5MzUyMzIxMDAxMDE1NBgA&sigh=0QwGrU7-q8A&uach_m=[UACH]&cid=CAQSKQBygQiDF0X0WKhTXdLxPUSwVb06JtfO332CqIXIe7lgP-f7nzkTfO2hGAE

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688127035502&bpp=2&bdt=245&idt=389&shv=r20230627&mjsv=m202306260101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2566870242913&frm=8&ife=1&pv=1&ga_vid=911778691.1688127036&ga_sid=1688127036&ga_hid=160099374&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3443592400&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C31075720%2C44788442&oid=2&pvsid=1287994812962046&tmod=1751827407&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.zcg2ojo1kaed&fsb=1&dtd=394
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 30 Jun 2023 12:10:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 9C0B 0
0 496ms
37ms Fetch
image/gif 2600:1901:0:76b9::

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1hsz459cykz8x4yyq8ethqb5fw7pgzw17e4rdsa4rj6tdj0f85nm3gy7yc1vhd42kc3zpw21d59v1ryy0d7z9k4bpgj0agtngprspy52hfbnnb62zhaknxad3638211z4vd16dn6hweztzzscnmpe2b9wwt63g1g46myscykdvy75fr7q8sb4krp1jhjca1p99bwsg4fme8gsepvt0f9warzs1fpqn37bc7pt68ykg0bw37fb2pkq37xqqm4zqpzzb7h9ccr81bjycg4xr186f92d1x26ffhnr9y0mtpbdpk0zf0znzkmam2tteybj7189h8f6qg0q1wrm4wd2rar1jten6q3r3ns6edmg5c5hts7wn8nb8zkg53asnvrzhw9qjwaj4mt8w400t5&b=ZJ7GPAAAWmYE0aFOAAo34zk-URkQJa6soJL3Nw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&h=90&slotname=9586219513&adk=1165138949&adf=4198790052&pi=t.ma~as.9586219513&w=728&format=728x90&url=https%3A%2F%2Fye-mek.net%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688127035502&bpp=2&bdt=245&idt=389&shv=r20230627&mjsv=m202306260101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=2566870242913&frm=8&ife=1&pv=1&ga_vid=911778691.1688127036&ga_sid=1688127036&ga_hid=160099374&ga_fc=0&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=3443592400&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C31075720%2C44788442&oid=2&pvsid=1287994812962046&tmod=1751827407&uas=0&nvt=1&top=https%3A%2F%2Fpcloak.blob.core.windows.net&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=2.zcg2ojo1kaed&fsb=1&dtd=394
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 30 Jun 2023 12:10:37 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame B1CA 2 KB
2 KB 506ms
65ms Document
text/html 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1h3vx89814d5nvxj5wyra1wgr7xdchw4b2sk7cs9zqcyxvqx83gqzf81wc35smzv4d691zrmj2sqbxmhkshq2w4c4yceg7v6ry17pn5dbsnpy8zg3qgc5ac6ajr1rs6qzg0gzzv15sgr2yt9r0vvfbwpyqhzzf0p2tgm4fr3qqk4b1zsghdaw0er4f628j0bm0fakqp2vcy1ty2d0j0ysm0p9f3t3b7je95yjyhmy2ngy245jrd9kr0xks6h7nyz39qwbzhesvm7mqn9t4bq245v1dc7gkrj6vyt65nhykvke6y404q567c6fc0466qcy9qfyh4gez84d3my5n3hhf2dx78pyf4yjsc17pzgqasm3wxsqf2czv6za0q347g4cfr47thx6ewk1459rn3mx8fpe5py8npw2zm8y0x34hsnczyvea7nwpd980nqv2jax1810r44y8&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC9ODyPMaeZOa0Ac7CxtYP4--o8AKQ4YGEXLaoworwAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLYWKRVcTyyPqgDAcgDAqoE1QFP0Ot0RCYltYgsljie_Fdwv-_VC7g2DCffDw7vE7F905Z9txlW0Wq_v_BV7KI3Ka5QKRKiJjPlYyzth8Q1WxTwSaoxo5LjTaMyDXn1il9xtwyXiDZnrzTieyAQNWzC-Yt6vpogVRWFH_qm2lMuVH7WNUBvIiFRYjFGzSah4U-V5Kt7vwF6sd45-aI1V3iYnS4EhfElEVaoyLvvPP7leeGN_AwbEVOwhMRNkA8_dps4JlfY7aj561BsiO9FXC1P6pPM_zi1grcEvlVeewrvAGoKQ0FI0oGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3XP8UCKq_wNwwOSYPYoeErGQC9HQ%26client%3Dca-pub-6593523210010154%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:ad1 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

70cca8e0b8a4914859de4fb44a6ffc0b2a4fefd75256ac57f64690b7255ea458

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7df64e9d58d29b95-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:37 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 660F 1 KB
643 B 59ms
58ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 16464
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 07:36:12 GMT
etag: 48472445140208031
expires: Sat, 01 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B530 1 KB
643 B 57ms
56ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 16464
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 07:36:12 GMT
etag: 48472445140208031
expires: Sat, 01 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 1141 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9dd26981f783b90e9a51f21c8bb1a0668211b0a17f5a055e2aee7f69745928ff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 300x250.html Show response
s0.2mdn.net/sadbundle/13340955653470786770/300x250/ Frame 18C9 7 KB
3 KB 86ms
63ms Document
text/html 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13340955653470786770/300x250/300x250.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

db8f55e504a26cfa06f7b09abff80731c10d87aef1472da40eea50e63119ce94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 417791
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2625
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 25 Jun 2023 16:07:26 GMT
expires: Mon, 24 Jun 2024 16:07:26 GMT
last-modified: Wed, 21 Jun 2023 08:40:44 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 40E7 0
0 467ms
103ms Fetch
image/gif 142.250.184.226

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvuHUQXRYUm3mGKaFZ3_e4uea8iHqO7x4Rn4E3_U9J_KTsqvPx7TXbH_2a_l0eu193SilbYxHYWt3WJ5esC1D27DP-lP2mttZsSYI_8_gK8Lh9CDDbVD9Gn9DmKIhuvCcwdgHnvwPpoHMK47j15MfNRqHDk2z8avSNy53M6WWpBuV4Lgz3BswQ5dsKRtGQtHYFKyL7dEoKrVtX-EceTeT1yBYup_tbOSyvPj8kz-_4ssVoKhAO5gjIZnR8tydNBPZKpI2o-1aqgOf3bGim6I4dB5sMWteo-b3-jomGvk6OaHSiPNHOjRSOcNtD5LPUhuQLB6ZOSkDOhmQ5nKeLRfEnbRgsu90Uvd5i5at5UPOnnerteuEeizW5Id1Cgv71itVQWcA9afuXkICEJGM4-CHNu1inCEpkZN6ihD4VbrkoTh6ZzF1sysiPMghv83XSQ90qjkmzVEtH-ybDgIm-NVoRazYcailtW9aUtw8J2l_60M2fktD_JTxp26yMeajgzqvN2xN9EDJ4CYIh26YM8uU59M9wfjE9FRN9eJfFUDXyyhDAiDEYub12HmH-uK5nNLa7QqmYXglA4lLJubhjO4DlIM-9yqk9V64FskPAFMocrtiVl-4HCMXlmdDdeGNkkC2hCs0KAt12tA5FeJ7Cg6zX3I0Kbvc15LbofE99Yy0kKU6CxAlRSWZZ7pgpTU5l0zNP6C1UQZ7QnDMQ14Flygd1u0807yK-SLkM8NInRSZ4MWGFyCQUS5xF9cMxjlDwCBGPDq7-k6ybG0Y2Sk2ZoF5UCmdl9hvboNP0SF3RArRCwcryvoef3WKeIO7UjAaNudR0LZ4WF71dxhUC33_ohi2KraLRGo7jAC0M093lZVFEmSiHh24I_somnOutIdNoENzSuIgr5DsCXpif4XsBRRaCCiiRdDZ0tfOfsnlsBONyWTnME2QOS014OWxm0WP1NU995-eOMTEdbgTYP6Fpv2yyy2KDFLLltiFmbJMk2-T5JcTB1i_IH56u0tXb6b_7AhX5yuFl9ajKuBSurYaW9vFaobz9p_Bk4eGZ6Idr9Atsej24piAnB8eQjbvW2id2JxPgrVWs7NF2Jd3kAb_SAddx39tfRl3W4SyRozVR0uYNK-Ydwz3-Ph1UsI6ixGyRqfTt0e8d5FWV_OXIE7A84pusufw-zN0crGgAITifx0Ry0v37F8SQ94gjZNCAvJ3MEDe58iCWENbdSJza7z5zD9sfXaUzNezFMasTNx4kLEyq4jon8yVpuVP6_Iv3gXA&sai=AMfl-YQ-RRrf1QZlqOw21fqaAIUrz70iXHYDvbg1-fizgIcmjONrQiXbpoXX3SjwbFwcUgnphIJMpA2uW7V4w3re4tLKcMYCHZt0gL6DUhjf2LrzFHpvEGx9kcqa8psDVKENkTsXlTkJAyJssJb5-Bj8QTVM6GOGuj9DgEdanRGVgluDTNp2xzbn-It3HJaf4hac5HGl22Um810NvwzvJAQKw-BCAnTroq3BHK8iPMwu4onzDghhz772QvPZdewsJGb6wHigGAWIn4z6Iz5jfJ-4uV4m67LJ2HWHZEgk0exVpF9oMIvdPd_yC2Si_KiANRBsylYyAlizYVFRicGgaeY4tjzdPp_9QSCtPjA&sig=Cg0ArKJSzDNjH5FuxUo1EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=468&cbvp=1&cstd=464&cisv=r20230627.25214&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 30 Jun 2023 12:10:37 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:10:37 GMT

POST csi
csi.gstatic.com/ Frame A03D 0
0

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame A03D 15 KB
16 KB 352ms
59ms Font
font/woff2 2a00:1450:4001:80b::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 25 Jun 2023 05:19:29 GMT
x-content-type-options: nosniff
age: 456668
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 24 Jun 2024 05:19:29 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame A03D 15 KB
15 KB 354ms
70ms Font
font/woff2 2a00:1450:4001:80b::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 22:16:07 GMT
x-content-type-options: nosniff
age: 50070
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 28 Jun 2024 22:16:07 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A03D 0
20 B 97ms
96ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CqaXMO8aeZIb_H4S_lgTnuaL4Bcme0rFc1Z2R93DAjbcBEAEgAGCV-vCBjAeCARdjYS1wdWItNzk4MzY1MTI1NzgzODI4MsgBBakC2FikVXE8sj7gAgCoAwHIAwKqBPcBT9CkWmDPqOLLNpCanPwnT_bLBLjxornypr8Vhm_JA9kGbb43fIiS_5uudgekhD27hKcJgYY2UtVXbjSIBxOMp4gPcnXRF5Wt7Q8IE4s_LMDcFqXD0b32S3NnuT9cPQWnLuf0Ts-KArJa_BcCzoAc9nU0wTAXacSkz9p6IwTUFVJEjiMabVwNIwtjKGu87HEHJ_a-61USi6W427RmMwWehpOk3BP3JZrxCc5GryugBe0fsHIoH8xtKXiHsr9W8R3YDK7gGvlVMyMeMIJNkw8kIdfJHnqFaiYLd7PWUqEx_eqzxyDWwoSavJ_sFUHyvZlDCi-jcPz99eAEAYAG5dCu8Jq8u4hQoAYqqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE&eventType=clickstring&clientTime=1688127036722&ai=CqaXMO8aeZIb_H4S_lgTnuaL4Bcme0rFc1Z2R93DAjbcBEAEgAGCV-vCBjAeCARdjYS1wdWItNzk4MzY1MTI1NzgzODI4MsgBBakC2FikVXE8sj7gAgCoAwHIAwKqBPcBT9CkWmDPqOLLNpCanPwnT_bLBLjxornypr8Vhm_JA9kGbb43fIiS_5uudgekhD27hKcJgYY2UtVXbjSIBxOMp4gPcnXRF5Wt7Q8IE4s_LMDcFqXD0b32S3NnuT9cPQWnLuf0Ts-KArJa_BcCzoAc9nU0wTAXacSkz9p6IwTUFVJEjiMabVwNIwtjKGu87HEHJ_a-61USi6W427RmMwWehpOk3BP3JZrxCc5GryugBe0fsHIoH8xtKXiHsr9W8R3YDK7gGvlVMyMeMIJNkw8kIdfJHnqFaiYLd7PWUqEx_eqzxyDWwoSavJ_sFUHyvZlDCi-jcPz99eAEAYAG5dCu8Jq8u4hQoAYqqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST csi
csi.gstatic.com/ Frame A03D 0
0

GET
H2 200 vast.php Show response
ads.eu.criteo.com/delivery/r/0.1/ Frame A03D 12 KB
7 KB 308ms
54ms XHR
text/xml 2a02:2638:d::4

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/0.1/vast.php?z=ZJ7GOwAH_4YKhZ-EAAic516OGmPdRfPAYreAbw&u=%7CDxm1t4FRg8GkD0mRzgxRJH0qHzjzL5Q%2FKxLbOW2eXPQ%3D%7C&c1=s9Ouqadr9PNjmdWEvnIhCeON5eq0Yfy817nyR0B5GwZXgYWXwbmDe9kpYSMilCDwZHTqTSHU28qPS699-x6-pdPmHC8ESfc6jWDFBEINRxVFWXLtQft7xikDu2-fx8kHQYKZa0IgE7ESRR9_UIoeFLSP_FwPSBbEad2MU7v9Jd6o8fUR2F44Bw71TyPLG0k2AFf90wrtdbvLA-XiFU90752-uPe64s1H6V3QfTPqyKwnV5bkQJOZKh3OQyE61itsW6WhkjvzkTFRUy57FmTvbjVjo4Q8edYn4nskI2EDepaWV889gPbX4FdBk7d283mIc2LiSjrBem3I0kc6w1jeXLE0oNPwGMGa2LuuVaSQzs78XzsRe3m1NDtqHe0rvw9VZeH3zlFDk6DUJqq748JpbT_ATXvTq1B2dI1uB0QXd5XUDSBcR9pWTsXc1PMvu4kZvCOIi-eAagv-N47IXZfHIM0VLQ5jiLn7cfJ7u5rSOFCkGJA31sLValBLhv8KqTxV74MDdg0Xhagd5etkfcFWBNAS8w3jumMc7501t42qkmaTvx_znDZZ70CEW0_CK3ItYygYdBzRMFP1KbhIUx7L-Lw1vQ2wWARtaeXdCKkFGkiGrB2Q7M4bdx3pPOrX7Loz&ct0=https://googleads.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqaXMO8aeZIb_H4S_lgTnuaL4Bcme0rFc1Z2R93DAjbcBEAEgAGCV-vCBjAeCARdjYS1wdWItNzk4MzY1MTI1NzgzODI4MsgBBakC2FikVXE8sj7gAgCoAwHIAwKqBPcBT9CkWmDPqOLLNpCanPwnT_bLBLjxornypr8Vhm_JA9kGbb43fIiS_5uudgekhD27hKcJgYY2UtVXbjSIBxOMp4gPcnXRF5Wt7Q8IE4s_LMDcFqXD0b32S3NnuT9cPQWnLuf0Ts-KArJa_BcCzoAc9nU0wTAXacSkz9p6IwTUFVJEjiMabVwNIwtjKGu87HEHJ_a-61USi6W427RmMwWehpOk3BP3JZrxCc5GryugBe0fsHIoH8xtKXiHsr9W8R3YDK7gGvlVMyMeMIJNkw8kIdfJHnqFaiYLd7PWUqEx_eqzxyDWwoSavJ_sFUHyvZlDCi-jcPz99eAEAYAG5dCu8Jq8u4hQoAYqqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1RaElM5TAZ-r_1rbLAKHA0M71YsA%26client%3Dca-pub-7983651257838282%26adurl%3D

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

2938d991d0c6438d1b65e119372da799903cd63d52fbbf81b5281bfd22f011f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:36 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
p3p: CP='CUR ADM OUR NOR STA NID'
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 5408926
pragma: no-cache
server: Kestrel
access-control-max-age: 1000
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/xml
access-control-allow-origin: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D7A1 22 KB
8 KB 79ms
60ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 252776
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 4E14 172 KB
60 KB 60ms
59ms Script
text/javascript 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Origin: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6792
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 01 Jul 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame 4E14 11 KB
4 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CjfzEz4x11DUSQ241cjNQztrcdYNNHkAO2zn-biqPzylnjqOB5y8Lil-LL1pvvCesnH4XJAzloZoco783ykw-LqIM9lRlwLUHcneuXpTAat_dmHwc&cry=1&dbm_d=AKAmf-AJz3NhGeXAJZ_cQNUJXR8nk3YyDCWsMunr2HgF54enhytXth2vJQ1MFOr3aPcYeiwj5xdub3oHjEMgS5caJAJYwu7CgnpFtj90tZZbZ-_QI58hk2anGhyv4Scn9D_z6s6UogWZFVGtmFkjTnIJO2vbqKeqfhbWkGnHw5vPaV8OD7Hvb5umb_wdutkzfMiTAWMA6JiUvyj8rkIpyA9GB68dxKQI8392O-Q5p-SHjgddged5-ERk9Y_Dzy5I6bX5A0OwpQOrAVaTQQRcPRr314E0_3W7fd0Vi6ZRsDr5zedGwT6w2Ngx_-0qBjV-RinpWkDDz2Nd_YLLeMG7UHXqy2KkgMbmRZQLWhODXffBVJBbU5laC0_4r9bxoIGpuDF2cU2r9jlrVYJvh9HAjHtOAfs6OzWMvwNdhhLMO7sOOOIpM8xwpe9RRlmYL_Mc81izg8cegNMPUeYg38Dta4gmke6y1324szsZKb4uAMzOQi7glfbgSQ60an92rnoB_CJmPrvkRrnTKlnmZPHr1NER6Q6Ml3DMg0karGilGCt6-Q5UwV5GBbpQuSIAxgyiurEM2bT5euxEqqW2gh5cNZ4iLVEsygpLqVfC9aBGSrwVGhI11_KMKNQWFDWVUkFs-YKu7L46YtZdnpSf1hngr_UEZGwAL8TIO9mcLq1tM79S0eWxnkSnxubWDHtov5Eglf3KFSigwPlMvBkNeZsOfNIWw7RJw44-1AZ5ipnN-xURB_oiEjTWA1MN0BZJrOSFdrS_ctTVa12TkX_HJ0LCQ5YBkHE19ocZlDlJs_O44_gVEppXhRYSbfgQUGmIkRlMTKE6tGOSY5TNKtSN-61ec3eYiURE6oaRIniBvewNqn9fYny8e2MzV1ubKe9Xyar-WG47CDDweMWfWKytCcBt26PpMTOwAdvMir-8s5vARXs9Up1mIamfB4BzNdxcb9hIXbRiWWn7Pl8CriCJU174udXlr2LLdXqIXBXTHETw1ETEMIbvTSdIVCC6k9TolU7L6S3_XtXzXnjU8VCUK4oHSywd2X8h17ptTTiyz-m8WMNlvtt-ADX9N0kCVuHWvjU4FJ8Gx5i67ba2cYLggvVsb_uoWskRWI-_JQeWETSMJpAN-sMA7J_KJqsUJIN2wMhwhGcZ5503Q6kLKWf6YO7MCb60aOY7NvvS7DZXWduWFM1UE-mz25IhDWZ_eJe2TdU__nfbu1X7ieGheASvvreecRye1V4n8aDCvZZfJnzOhGLgKCq1f8_tRqqoEqhAcPKdAvsfyxLPW0HFjKoJ4hLqZjny9G6jXKlHvq374D2Wa6DhXC3nyUva2aCnI2DX_W-iNJgsyAlOiPdZh7MBgYz-YcszrJIttgZHv5_IEQfm4BHiwX5B0F-Z-ozlPwUyFTHz0gTua_yo4EDp-Uilayvsrj7lemhBc-1uLsHoNpRtHuJpurFQe2Xfay0uAia7_blJzA5E_iJjBgLsVYSSrTx4qVlJmDcIl-K99S_9VLLmyCc8K2bIXz3aZXqNTfbpJyPDp3-hvUZq-h-nGGoCvR4OyaLDxdXDAwzMrc9yr6om-S2Khu0YDv5cDcq8x0K16VmOfxFs76m2iUpJAerjxH_uVFiMF3Dd8oENNOgJ3V7YO_-H_ds0TvbsWNp0UKd3GT74StER4nv-zWFfI8tSQW0VWcDASp78JApm9rdOMmskxgWV89KAcM9p_0ZAlYRttSu52pIi-ZV7gT3wM-1j33Mu07n4HzD-SgHfFozTgz9g2Gf_nnM7qBL4uxTHyiOUdwk01I7COL9S7qU5DFs7tzd983L5ByTc4slUHGGBqOhEuom7-ODGm61JPoii3R79GwbtvhSb2eqp9npwmkC2aeiQnzGDWrK6vGM-hMlATxZrOwQWLcBZVuCotxRaTM0MMRF4pJSCN3HJWUzoytSZ8zNsHpxG_5tg2Em0vr3HBbpEXMCDX1QLIRyXs-lbX-_9ygwITWWoZRduB0Ag3X8agk8ybCfDVRWYORkNNQa0JSxHT2BClbrrj3MIzeJyR5H97g9VS6TmTcD_ftUsS8gMIwbpFHASJJ5bOxODqC-yaBZClzTyBidDYdCQjZB8zTuF-uMA_fojGIstA1d9wEYAT3MNHXYa5espi0KkfpxV-JJymZU92wdHYAcQmf_GAIQjY39-wzri2QnJhRpaK2b15U6ABlQ4ZUytqXQiogUTuh2OQH_bLRCLggyY4ni7ye7_K4kDo11IQEZuwFkyz1SuIkdn13fiWdNEGj1JgGiLdUymKDb5Nli8cdoLumMhAAufy9AW3NGOQ0_fqgNnHIwt_8_ZecuIEDBLZo0supIwxNbFMvlRFgUt_qHWhdSvHjUI4zCC_Ii3XAaB-wURUUGTdu3VOE35WE2oUDzf1gi7QBDONz3W0aGMHRDfBxHS52xy2XnVwM9XVeId8ATSIY7FiPWKC4ZtZCTBFRk5D-159Q78mRAoflPZppwQ9rM4jhSK41_2onRzUPPEKMCAs_xrBP8fYJDcM5iW7F8fAkPYLJNVRX7KtNUzzQuEauDKe-uKVhwBTTKyO-WJqBkeAozfgoFh0Ms7mqTlEfjKCjteqqqz9L5d5aclPN-zK4-fIii6ks_7DVECYsBpZ4jghtfQe5AvLIS8NyYAmg4P5FAN2M6CszF8tEtQfN5T8WeQx9nsjA7cwiBrmBxHyrxM5QDXtvwey-jQGvOdvhY38N_JebC-ZGhsAjX5yajV5s3e4JJY9PUjCZGyVFlmgEYNKB7kMJpm18R10Z1yzlbyg_4JFIUQRzRSXNTRTdSxz3Dgl5QoXqdqtSqxNWWxNW7dfawNmS6Mtfusiq0YffdwgBla0s7oTs2wT72P4IlI87jlXZV5i1IHmY_eRe9vArZ79FaQ9eEl89tyoQypHBE0MHNWc4el3D7QZ3JxYJp405kDUWvUR6IoSmaN0mNjq2be0sJaPQYwSzix7AmTr48iX5spgbmzL0NDcTIJwdnACw0KaNAtn5QVTG2-7Xyx7waj4L9FMLa_SkcZS_lPlDxA5_uFcdCfnibtj3WbwhaYttfEutd4HgAYBAKtR3trHZviNth4PJnYRs7xw_tiFgSejl_1tCFebO9Te1doIwrq96FZQRvyizFMQbyBAqfCiA95jaRjjs0aJeSJVQSUoU-rTF3aKH0H_WQjP39VwX1qpJixNQ7LcQR4IT89ulmQJxClqUYE5vjMNGBmzmm9C6KyjBgVQKH8lY0bvlppW85IHJ8_2dy8-RvxGT-HgTRviYfa6L5gMiJUePEODuLUoag2vV0VjlbWW8Dc5weZfOSPl-e_Lniidtmimc-uz9_sUoW1fOeKblU5-zaJrfCIxWcLevk-2OU_SUJIYUdl5SO-6he5goQ-7tSY9pAOyyYzkCMl&cid=CAQSOwBygQiDti6jFirliWpOCw86wzgSqIvxQtoaXLULlTjJUpIG0HRjKLWQhm03xrWoEf6RFzSdjlNkqnC8GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=4488787201681465300&adk=578009112&idt=131&cac=0&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:55:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65710
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:55:26 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 4E14 30 KB
11 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:57:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65584
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Jul 2023 17:57:32 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 4E14 41 KB
13 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 253081
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H3 200 160x600.html
s0.2mdn.net/sadbundle/5793540040533475328/ Frame F5A5 47 KB
12 KB 89ms
72ms Document
text/html 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=OlEXiEDhbt&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:37 GMT
expires: Sat, 29 Jun 2024 12:10:37 GMT
last-modified: Wed, 15 Feb 2023 15:29:42 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 47D2 0
0 319ms
109ms Fetch
image/gif 142.250.184.226

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsslQXjffhvKL-mQuxVUSwK1XjDXUUmUHCj0_znSRC-XBoTmkMju6eXiT21B63zZ9r6Y3Gjs0JipP6ViZpe8jLCtcV5OhXRbAzvAQhQ66mTOEoujnZLrz7PnMN888YhcYxcf-5URkl10aIxPAM1skWyyDnkfNXa53rCztJ2ndDon8fPQYwfStBUEZR2bRxyfWfJALyVz0eDxX15XN9RkMqKN4iYz4Ade2CsulNclX3TgR1j_WXbp6CIBJau6A-LhrJ_c7Iw7e4p4mqrQw9m3MWmg3620h96i9rOv-m_BYFSfBPHjgHM2h7gJseQcA4sDeRt4l3rWOPnlpODUT2w64X-kEnOoBowP1B4hOj1nME5chajaryumGRUPND_4y-yzCgiKFUuoY0OH_sX4QPoJSdbC6q0-hgGV3oG_rDYpDCFTuSNbA1_nMyseAZ6ZCbAuxBMU7_nGF--CsLJNzCPAzSwkP7pJapCGddxU7xXvhVXydONJKfEzD8V8OSfVURXSQPJSeW_GXscDnVaiRTLstNJX2eD0F8_0PUHz8s6uvPRIX-3Jgq9BLC2nmOvtDBUU3lpaT_zcg0YWdyi-bKqpS_BNzSiUJeVZPWF0mF4L88-umetq90i9sYERTr-8QBmI1IOUfchmgquruM_vSqb0TmpUMKar7sIde_AOYw4cLWod-qOq1v7SzIDv3uG2j_FVYK1kvmLVSsrM0cx8u-k6p2bVaEG5t-f3eY81IpBSluBo2eAP11TOkPt8wfHSF_IB8n_y99Hzfl8bE2WnvjLHjpcG08mqFEN8IDMQCTf5HOkcMDPrLmdUTF9fDbqLD8aOfYFObH_6mdExH6Xz44qWM7awAZvcmDUU3zwtzZVaJn9GpHBnFOmZjm4Q99LPLdIEXOi8pYgPKWC5pRblJx2dw7DXBvKt1NNuQ9jlNFRuTO7HJWF7vylgFvb_cUzwXvYnQllYT0n8op0-0HzGfh4FAJGq2DZ7XDO7LxhL8529G8UPERLfwpQHFHRPgHajlRZKoHRZkFT0wP36V-W07_dKqDQ2Aj_M6wixaUTIHmQL2rvum3_wGcBB7W1r_n55sZ7ZmZqNHqVeTU0OCyPUxFEBqWQFv-7AQqk2CwhyA_ztxovxqEgD9XYcglm8DVZ0QGEpheVoyB6V6v3vfJbv4ZEKKwyBsvJxThoGIVTbNNaSQUJUicG2dLdJIlJgP3Y7GqdXxBqpwRD-Jc0IQiCg4kIZygifNlhaVfFMA1j7-LSYsS6zMBkj1zDkKXkQWckQO1FeNs8LfOl0cxiWal9kT0cFDWIdzho-IonRLqIgtZacpigVUWou2qQUBaaZcegjBBr9lU-S39EqmzEH4w&sai=AMfl-YTpN9oD8rg8s2fxvr0cU6Iv5El9GF6TXWSIVvWR_f63DilRLvpwM1EMy0lJikQTXZH-sWuaxVyNTuDsIBskXtwXGGLy2V2W4DUVv4CWhMRO4HgI80704kA4U0znHz2SXq3ZD71z5QbrNERRaffk6UnII_XzLTOwtIOmK2JpZRnKxGSA9npjWBKxO2jMQt7Pte-qHbj6cefmZeUqffAwL1Bw8HibMc1F3vPF_56Io_jL1Zeb8_7vNtD_OuT-4A8kHLpyDDijT8NE3T0FS5rSUlGW8vwDjg&sig=Cg0ArKJSzAgClybRraPXEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=463&cbvp=1&cstd=450&cisv=r20230627.01183&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 30 Jun 2023 12:10:37 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:10:37 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame EB60 35 B
463 B 235ms
30ms Image
image/gif 2620:116:800d:21:c5a4:625:6563:a5bb

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEC7eVnUhqQVi8vxpS_4XSZU&google_cver=1&google_push=AaAOQGEz52S-W1b8_Twu5_RtYHj1-RyRJ7g8mlk_6Hhae0gYhjL8SN0dcQ1wdI4_cc9gKD-_qdW8mgj76lzqrG22D6q47HUu8wVHsA

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:c5a4:625:6563:a5bb -, , ASN (),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EB60
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEIIs-Q39EOCGViEAdGn0Oao&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEIIs-Q39EOCGViEAdGn0Oao&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=ZGJyZ2lBRUoxUWZjWHI1&google_gid=CAESEIIs-Q39EOCGViEAdGn0Oao&google_cver=1&google_push=AaAOQGGRTIpUl_Sf-C7hT0MGRnfTA5vDNdPmWXai1WtKXwe...

170 B
188 B

109ms
103ms

Image
image/png

142.250.185.162

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=ZGJyZ2lBRUoxUWZjWHI1&google_gid=CAESEIIs-Q39EOCGViEAdGn0Oao&google_cver=1&google_push=AaAOQGGRTIpUl_Sf-C7hT0MGRnfTA5vDNdPmWXai1WtKXweATpQxTMUzjsTbNTAhshvr9du_DWPHf4JJ39w6TvJL9-Fl1mCajxEbnw

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 12:10:36 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-782-g97d928b#rel-ec2-master i-0caa68a19e3c1fdac@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=ZGJyZ2lBRUoxUWZjWHI1&google_gid=CAESEIIs-Q39EOCGViEAdGn0Oao&google_cver=1&google_push=AaAOQGGRTIpUl_Sf-C7hT0MGRnfTA5vDNdPmWXai1WtKXweATpQxTMUzjsTbNTAhshvr9du_DWPHf4JJ39w6TvJL9-Fl1mCajxEbnw
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame EB60 0
173 B 220ms
34ms Image
text/plain 34.96.105.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEMbdjs1v_AtIuoOnxM_aMI8&google_cver=1&google_push=AaAOQGHDpnYs2PGghAq1k3A7559ZDAOn0wOVH-P6QvconlFiJRTskm16lYIPH9NJf7eXCfEBbXdHiaJObQkY-BPP6gCcWHjGAS5a9g
Requested by: Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:37 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EB60
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESECZbPdYJzIhpQr9jDK_Zojo&google_cver=1&google_push=AaAOQGEsR_Ageii6jJOxILuRYOP0FoPjIvFBfztKPY-LuPa1xGDvt_CkurVc-XNnVlavyKrM2cKehLcM7gbnEqOAd194h3_...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESECZbPdYJzIhpQr9jDK_Zojo&google_cver=1&google_push=AaAOQGEsR_Ageii6jJOxILuRYOP0FoPjIvFBfztKPY-LuPa1xGDvt_CkurVc-XNnVlavyKrM2cKehLcM7gbnEqOAd194h...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGEsR_Ageii6jJOxILuRYOP0FoPjIvFBfztKPY-LuPa1xGDvt_CkurVc-XNnVlavyKrM2cKehLcM7gbnEqOAd194h3_d7brZ

170 B
188 B

131ms
121ms

Image
image/png

142.250.185.162

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGEsR_Ageii6jJOxILuRYOP0FoPjIvFBfztKPY-LuPa1xGDvt_CkurVc-XNnVlavyKrM2cKehLcM7gbnEqOAd194h3_d7brZ

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGEsR_Ageii6jJOxILuRYOP0FoPjIvFBfztKPY-LuPa1xGDvt_CkurVc-XNnVlavyKrM2cKehLcM7gbnEqOAd194h3_d7brZ
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EB60
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEEX9rQjHuaOZGWZT2utvOK8&google_cver=1&google_push=AaAOQGHeC4J5_z22HL_l0UbRndojqDvI3Pkm8sM3lBlZv49LUFXWZQexT0r7TmNG6AY4qmp397YRk049XVyU0cjDKyQShtmfVk...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AaAOQGHeC4J5_z22HL_l0UbRndojqDvI3Pkm8sM3lBlZv49LUFXWZQexT0r7TmNG6AY4qmp397YRk049XVyU0cjDKyQShtmfVkE...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTQ2MzQ2OTY0NTA3NTU1MDc5OTI2Mg%3D%3D&google_push=AaAOQGHeC4J5_z22HL_l0UbRndojqDvI3Pkm8sM3lBlZv49LUFXWZQex...

170 B
188 B

110ms
104ms

Image
image/png

142.250.185.162

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTQ2MzQ2OTY0NTA3NTU1MDc5OTI2Mg%3D%3D&google_push=AaAOQGHeC4J5_z22HL_l0UbRndojqDvI3Pkm8sM3lBlZv49LUFXWZQexT0r7TmNG6AY4qmp397YRk049XVyU0cjDKyQShtmfVkE3rg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTQ2MzQ2OTY0NTA3NTU1MDc5OTI2Mg%3D%3D&google_push=AaAOQGHeC4J5_z22HL_l0UbRndojqDvI3Pkm8sM3lBlZv49LUFXWZQexT0r7TmNG6AY4qmp397YRk049XVyU0cjDKyQShtmfVkE3rg
date: Fri, 30 Jun 2023 12:10:37 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58281/ Frame EB60 0
125 B 217ms
32ms Image
text/plain 3.71.149.231

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESED90LqIFTfi6CFBEHrHtBz8&google_cver=1&google_push=AaAOQGHWeQucKbmaZaIMy4NWAG345X7cfvD_jCfPnm1Q-fEFTPrpElPVcvUWAVsj28y6KfCsDpTyZerFizCHW7mlclRpvpA5pXFyRC8

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 -, , ASN (),

Reverse DNS

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:37 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200

0.gif
id5-sync.com/i/495/ Frame EB60
Redirect Chain

https://sync.inmobi.com/gob?google_gid=CAESEGvsnjcex2FNC0UQ2GlnCpA&google_cver=1&google_push=AaAOQGF5fabeIfdZvkn-BfhY40pw8xz781HGV7_RSb4kO5cDYSXSYhEonqG-40bcFQpO91A9zGvA67dFy3ajfMg1VsSK6_mvwBmlaQ
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAaAOQGF5fabeIfdZvkn-BfhY40pw8xz781HGV7_RSb4kO5cD...

43 B
1 KB

165ms
32ms

Image
image/gif

141.95.33.111

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAaAOQGF5fabeIfdZvkn-BfhY40pw8xz781HGV7_RSb4kO5cDYSXSYhEonqG-40bcFQpO91A9zGvA67dFy3ajfMg1VsSK6_mvwBmlaQ

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

HTTP/1.1

Server

141.95.33.111 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Fri, 30 Jun 2023 12:10:37 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

Redirect headers

date: Fri, 30 Jun 2023 12:10:37 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
expect-ct: max-age=0
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=utf-8
location: https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAaAOQGF5fabeIfdZvkn-BfhY40pw8xz781HGV7_RSb4kO5cDYSXSYhEonqG-40bcFQpO91A9zGvA67dFy3ajfMg1VsSK6_mvwBmlaQ
x-download-options: noopen
vary: Accept
content-length: 273
x-xss-protection: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame EB60 0
12 B 66ms
65ms Image
text/html 142.250.185.162

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JsA4Kb1Rbxarui-boTn2Dl2_T6i7RCmDOU4V9Tjll8TB5CuNWBmV6JysWQAs4NwHWDiiz7Eag

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:36 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 2C76
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESED642ab0Byy85Vjp9q1Vp_k&google_cver=1&google_push=AaAOQGGIpPju4voC2SVRkYUnHeStpbXjlUiOFmrcAVDABGX29hwrVVy8mh54wSWCGAx7zOMceEfBwrBGGFPaFDORBkvM8SK-TagBE...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESED642ab0Byy85Vjp9q1Vp_k&google_cver=1&google_push=AaAOQGGIpPju4voC2SVRkYUnHeStpbXjlUiOFmrcAVDABGX29hwrVVy8mh54wSWCGAx7zOMceEfBwrBGGFPaFDORBkvM8SK-Tag...

43 B
412 B

298ms
196ms

Image
image/gif

2606:4700::6812:19ad

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESED642ab0Byy85Vjp9q1Vp_k&google_cver=1&google_push=AaAOQGGIpPju4voC2SVRkYUnHeStpbXjlUiOFmrcAVDABGX29hwrVVy8mh54wSWCGAx7zOMceEfBwrBGGFPaFDORBkvM8SK-TagBEHtBymA6V4pnnNzxEZXYckI0XljVduvt13PpmP6hwsaQ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGGIpPju4voC2SVRkYUnHeStpbXjlUiOFmrcAVDABGX29hwrVVy8mh54wSWCGAx7zOMceEfBwrBGGFPaFDORBkvM8SK-TagBEHtBymA6V4pnnNzxEZXYckI0XljVduvt13PpmP6hwsaQ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2606:4700::6812:19ad -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7df64ea02bdd8fe8-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 1
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESED642ab0Byy85Vjp9q1Vp_k&google_cver=1&google_push=AaAOQGGIpPju4voC2SVRkYUnHeStpbXjlUiOFmrcAVDABGX29hwrVVy8mh54wSWCGAx7zOMceEfBwrBGGFPaFDORBkvM8SK-TagBEHtBymA6V4pnnNzxEZXYckI0XljVduvt13PpmP6hwsaQ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGGIpPju4voC2SVRkYUnHeStpbXjlUiOFmrcAVDABGX29hwrVVy8mh54wSWCGAx7zOMceEfBwrBGGFPaFDORBkvM8SK-TagBEHtBymA6V4pnnNzxEZXYckI0XljVduvt13PpmP6hwsaQ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7df64e9d89068fe8-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2C76
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEJGNYP97BOGrCgg6M1P2cQY&google_cver=1&google_push=AaAOQGF5FO3w5k_3sX-qCYWelfv3GXra8BuaKlYVeEz7KGMBN5GBIDunALKI9uAFUWKFtPm7vtkYAU3X0jZ...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGF5FO3w5k_3sX-qCYWelfv3GXra8BuaKlYVeEz7KGMBN5GBIDunALKI9uAFUWKFtPm7vtkYAU3X0jZqXVT38bTTw-HRwuadPP-iPYu1w5WAJ-5mAih7Aa5MKDIA8rp...

170 B
188 B

99ms
99ms

Image
image/png

142.250.185.162

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGF5FO3w5k_3sX-qCYWelfv3GXra8BuaKlYVeEz7KGMBN5GBIDunALKI9uAFUWKFtPm7vtkYAU3X0jZqXVT38bTTw-HRwuadPP-iPYu1w5WAJ-5mAih7Aa5MKDIA8rpEXsEYfanv3q2S&google_hm=A502MBwFRZ6LDJxJsBSo-N4

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGF5FO3w5k_3sX-qCYWelfv3GXra8BuaKlYVeEz7KGMBN5GBIDunALKI9uAFUWKFtPm7vtkYAU3X0jZqXVT38bTTw-HRwuadPP-iPYu1w5WAJ-5mAih7Aa5MKDIA8rpEXsEYfanv3q2S&google_hm=A502MBwFRZ6LDJxJsBSo-N4
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2C76
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEJp2wcfcPtaiC4_AZdu2gks&google_cver=1&google_push=AaAOQGF9L88Sr4P8zJ1vKONg5QhM7tviq8O-HTNjugFj-dEQuWPmMb_qslczAQTM8nNzx0dKBmgV22E6eZ01j6050Xm3...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEJp2wcfcPtaiC4_AZdu2gks&google_cver=1&google_push=AaAOQGF9L88Sr4P8zJ1vKONg5QhM7tviq8O-HTNjugFj-dEQuWPmMb_qslczAQTM8nNzx0dKBmgV22E6eZ01j6...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGF9L88Sr4P8zJ1vKONg5QhM7tviq8O-HTNjugFj-dEQuWPmMb_qslczAQTM8nNzx0dKBmgV22E6eZ01j6050Xm321anZTSQAJdnOfz-nLHUrCnKWF5P5draudWFGmyGYg...

170 B
188 B

111ms
103ms

Image
image/png

142.250.185.162

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGF9L88Sr4P8zJ1vKONg5QhM7tviq8O-HTNjugFj-dEQuWPmMb_qslczAQTM8nNzx0dKBmgV22E6eZ01j6050Xm321anZTSQAJdnOfz-nLHUrCnKWF5P5draudWFGmyGYgzi8hb1hUY&google_hm=zDcjveppQQWqTapLF1Y7eg==

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGF9L88Sr4P8zJ1vKONg5QhM7tviq8O-HTNjugFj-dEQuWPmMb_qslczAQTM8nNzx0dKBmgV22E6eZ01j6050Xm321anZTSQAJdnOfz-nLHUrCnKWF5P5draudWFGmyGYgzi8hb1hUY&google_hm=zDcjveppQQWqTapLF1Y7eg==
date: Fri, 30 Jun 2023 12:10:37 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2C76
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vIavaQFRQYCHSM3zlZNDFA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

125ms
107ms

Image
image/png

142.250.185.162

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vIavaQFRQYCHSM3zlZNDFA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGEeWNHrTNUeCGaRkm0IK3mRH0psEBzY0dqGDfbx7R8uvPIDT1mfwGZIRaJhORm-mpMmOAL36mIKUhI57vI8mZS_auKfxaxKw7dVsJaQ3PjyuVtj1WP_oggaR_DjJ95VtjXyUzz2Rj8p

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vIavaQFRQYCHSM3zlZNDFA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGEeWNHrTNUeCGaRkm0IK3mRH0psEBzY0dqGDfbx7R8uvPIDT1mfwGZIRaJhORm-mpMmOAL36mIKUhI57vI8mZS_auKfxaxKw7dVsJaQ3PjyuVtj1WP_oggaR_DjJ95VtjXyUzz2Rj8p
date: Fri, 30 Jun 2023 12:10:37 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame 2C76 0
75 B 214ms
38ms Image
text/plain 185.86.138.150

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESENZZN9IQ5FIe6yrvlKoGSyE&google_cver=1&google_push=AaAOQGHshsu4ZE3_4H2BoJ6buIsXAt0-OxfcHVFUfOIJTttlR8H-k29Aezz7VM7y1Z-6K1c35Rkn6W1gtS1zVLnh0du-DAqUPn38CIvuv_THZXdGp3P-xwYLn_GxCiCrj07Rh1jdaCDOEMPn
Requested by: Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.150 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:36 GMT
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2C76
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEPmLajtErKoBhkWiu9L0_JI&google_cver=1&google_push=AaAOQGGW-5d4zw1Jz...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTk4MTg0ODM3ODcyNjk1NTk4Ng%3D%3D&google_gid=CAESEPmLajtErKoBhkWiu9L0_JI&google_cver=1&google_push=AaAOQGGW-5d4zw1Jz2Wu4-lCfZEjkAqpi3...

170 B
188 B

77ms
77ms

Image
image/png

142.250.185.162

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTk4MTg0ODM3ODcyNjk1NTk4Ng%3D%3D&google_gid=CAESEPmLajtErKoBhkWiu9L0_JI&google_cver=1&google_push=AaAOQGGW-5d4zw1Jz2Wu4-lCfZEjkAqpi314j4vt_0sIVIaCW87ZzK3UNafPb1Nh5-TdKJrXmdUgnEa6K_06SCKD5IWBQWaTMWT5pjrbWThyVOEwbZ2xMsSx0Qk97o_aeO6Yx4HUI9Glz-KmLg

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 30 Jun 2023 12:10:37 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 193.32.248.222; 193.32.248.222; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: afa45c6f-f4e9-483c-9b8e-c9102228d423
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTk4MTg0ODM3ODcyNjk1NTk4Ng%3D%3D&google_gid=CAESEPmLajtErKoBhkWiu9L0_JI&google_cver=1&google_push=AaAOQGGW-5d4zw1Jz2Wu4-lCfZEjkAqpi314j4vt_0sIVIaCW87ZzK3UNafPb1Nh5-TdKJrXmdUgnEa6K_06SCKD5IWBQWaTMWT5pjrbWThyVOEwbZ2xMsSx0Qk97o_aeO6Yx4HUI9Glz-KmLg
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2C76
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEMbD0KAJY...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEMb...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=cc3723bd-ea69-4105-aa4d-aa4b17563b7a&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

110ms
104ms

Image
image/png

142.250.185.162

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=cc3723bd-ea69-4105-aa4d-aa4b17563b7a&%%GOOGLE_PUSH_PAIR%%

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=cc3723bd-ea69-4105-aa4d-aa4b17563b7a&%%GOOGLE_PUSH_PAIR%%
date: Fri, 30 Jun 2023 12:10:37 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 2C76 0
12 B 76ms
68ms Image
text/html 142.250.185.162

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KmozLldLo8_AsFCX0mwrQDjjIixOyRMUP3ysFxoMXG1eWhOhUANTSueEpA5CgwjoB58kUtQ6I

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:36 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame A03D 0
0 103ms
96ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CbTkpO8aeZIb_H4S_lgTnuaL4Bcme0rFc1Z2R93DAjbcBEAEgAGCV-vCBjAeCARdjYS1wdWItNzk4MzY1MTI1NzgzODI4MsgBBakC2FikVXE8sj7gAgCoAwGqBPQBT9CkWmDPqOLLNpCanPwnT_bLBLjxornypr8Vhm_JA9kGbb43fIiS_5uudgekhD27hKcJgYY2UtVXbjSIBxOMp4gPcnXRF5Wt7Q8IE4s_LMDcFqXD0b32S3NnuT9cPQWnLuf0Ts-KArJa_BcCzoAc9nU0wTAXacSkz9p6IwTUFVJEjiMabVwNIwtjKGu87HEHJ_a-61USi6W427RmMwWehpOk3BP3JZrxCc5GryugBe0fsHIoH8xtKXiHsr9W8R3YDK7gGvlVMyMeMIJNkw9mI_ZbmfUZeZmXYxAGbwfJ9P65cSr42gYudKJK5_7skYHGoKuwz-AEAYAG5dCu8Jq8u4hQoAYqqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTc5ODM2NTEyNTc4MzgyODIY6sFt&sigh=TfMKcsAu0fM&uach_m=[UACH]&cid=CAQSbQBygQiDVda9kZjD-mtxKOcKyaPDZloQzokuGPa_g0OJQ-YHvZpxygTtknzBb2XLj6YL5v_D_axOYC1my9dejI6UMtQEzwiH9vILAF31MwJA_8RfBzyXf27zBfSj3r7qFoBEYhf0jx3BM7xOEzIYAQ&vt=10
Requested by: Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame CBEB 1 KB
643 B 75ms
59ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 16465
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 07:36:12 GMT
etag: 48472445140208031
expires: Sat, 01 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 4E14 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b503f838c276ee4c70c4d3aa5a08b138266ad18b3088c9b5ceaadd99a76bf748

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 1B93
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

247ms
247ms

Document
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:37 GMT
expires: Fri, 30 Jun 2023 12:10:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:37 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9351 22 KB
8 KB 78ms
63ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 252776
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame A03D 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e1746411f5c5538b3e8c75d5aec333169e9e400913cf58581a89d7921281934f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame 660F 35 B
463 B 167ms
31ms Image
image/gif 2620:116:800d:21:c5a4:625:6563:a5bb

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEI6sdlKxegnswwokIDUIqis&google_cver=1&google_push=AaAOQGGf-OQmhbZ9BiNuzSOFDu3P7OtpvBzyxJfuuqwFmVIM6_aZNqLoUqoQYEG7XaCKbpndh5YbNqeGIPo9Chz7kW_MfrDhHOWLpJz1

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:c5a4:625:6563:a5bb -, , ASN (),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 660F 43 B
363 B 167ms
32ms Image
image/gif 178.250.1.9

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEKsjFF-xi3FXYn61hInZml0&google_cver=1&google_push=AaAOQGEejY_eduSL2Uhh2x2ZEZrmqG_MfEoUq1t0Fyz5_S5spNl14hR5goNYli1o7SC8r2be9HEqN8aaTQv1ISQCG4il8-dTg_E3NuBL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:36 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 176611
expires: Fri, 30 Jun 2023 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 660F 0
12 B 64ms
64ms Image
text/html 142.250.185.162

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J6I26yisbzf-n9Sl2oAj6_7UkhexdnAndg9Bw

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:36 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 1141 8 KB
4 KB 159ms
34ms Script
application/javascript 2a02:26f0:480:9::210:ee04

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=20309721&cmp=29968277&sid=3288807&plc=367565023&num=&adid=&advid=4309118&adsrv=1&btreg=558488166&btadsrv=doubleclick&crt=192207036&gdpr=&gdpr_consent=&tagtype=&dvtagver=6.1.src
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:9::210:ee04 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash: 104fe1d096865fb450f1d921b99ea70d85d935d9c8a2e88e980de371e03ea9e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 12:10:37 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Jun 2023 12:21:21 GMT
Server: UploadServer
ETag: "4c41482e45017a01683eea2db59c11aa"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3373
Expires: Wed, 28 Jun 2023 12:36:53 GMT

GET
H3 200 index.html
s0.2mdn.net/sadbundle/16829948873192997814/ Frame 3FBB 14 KB
3 KB 96ms
82ms Document
text/html 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=n2IhjHNgof&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3050
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:37 GMT
expires: Sat, 29 Jun 2024 12:10:37 GMT
last-modified: Fri, 12 May 2023 09:19:58 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1141 0
0 220ms
104ms Fetch
image/gif 142.250.184.226

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuWP1SwawJIbrwEWHcHuTs2id_Im7mfuXs1CKbKikY-pd4NkZsVAd-dFAGv_7xflCqi8UHdfmMTkcDFSbnpdLIv-0QA3ML1hSQGvSYBDc4hmSKmKfY38JxQtowoMB1unLapidvXrdh_nfgLrf-SdwkY4B6ww4sUXKDhq47I7FwsrX2cLz5kHEgcn3vpOjfRzGYw27Pn1i6ISdjXS2BgUSMhXHo8HB2b-P7fAlRI6apaJ9rEH0Wevi7P4SVBRZNLeUK5akFzU--Y9aH-jA2b5arocfBtJwYojPCIuExVmx_Ps4W64miWNBrjcz6_N1m4YY9MgUN4RSrOMUN17SIdvC6mMtrngA-fPbSY3eA7ZvqAyC4EvrSwPcnByReHbPTjXyTgiN5GUEjjc3aA7yCg5eHAEp6CqrJcbd_Sjeoa2eMyNfDGOPBtQP4yqowTHEF83OHVclGwUuXw92R_0Uref8vLkWyq0D3BgYTw4-yOkgbW-MTQvDiZ5W7l-24jzo6EUXOYglNarzAb9OSzRk6xt1oYgJhOllKoI23jp4GGsl3_b1O2x21CJoskhkLyfFq1sp4VrHP3XQL5ws8KqgSNNNXz1cDBSYGETtPa0cBNreqfkP26vxE08ix9WecwUm2ig-JgVkkSMe5PhN8JUomty9fLFwBiWatn2U7ujIq4OuW9VwDlcGscxZcOuocWs-ezs4zepVKRlkkQxL6CrjzkOJTyAaXMtcKxxwahSTBtAkHOEKgvdGoi5X87hBYrVyYAUSN5YeqYkiHzkbKmEQ3vv3tZsq5xxVou8FgUNEHQR8LpyACFM7ZACqKb7hO0XPLqpqis0NdmH_bUHLHijf2pMnO_njXaJdumDio06-c9ucTDvsl3CqooGM1uzRfCXRmj9YyUf9vGZcwCt3j2giPeEgrHLMjbMTNOhLBUI5RbU22sg0SaR5WGhPNQ4epfj6Bbx-9-ql5u9lsYDQtd_uEyej-EH_4CwBHOvfPDylvhFXkFrRl5ZTxvOGc5i0Vhe1i_Rs3G26tBrQ7Z3JI0kwyUGEDI9dnPAD7PPc6EJ9pNQw_WjbJcJMEHbRvRZjVVfvCkVtpCoPLOPO56QhUfOoW5TUh32le6-vW5SrCusA15aqCjLVbUKeCp53wu19zuzYj5tzjBy5HKEbMFvoXVtndy_UTyn7-6xO3f4CUwAJIZ_OqNlPOUPwQogTTK4fGpQA_JjDgwjtNmXmpHrrJIh-DuLPDu65R65lhQasWWnGLa5GETnVGoaLCERJqQ1_j2jDAIwQFjRSqjQmAbLsBpyVBMEGL62OgO2vzDu50pgJb-_XNDguG7eJlr&sai=AMfl-YRmN-cYhjl71hvSaUPgFwSJbUuNqx6b1jsvr6Nlgp_nlxWr4f4jKNdBEhG8UfW6XX_0Y5ZVhJv4KbJMeBn-7nHQ8bldZn9m9YAZdXBOxZ8BX4d3JMgtxsYjcPV0Mmet2vJb99Vj62oOPpSqA_bfjC5Q7eWrvPoGyhhgzEaBJFRdmtjkS6Y9XGhDf8NqGULXrWGDBW1lS2hxycq5O539RryJTnq_dOXVpQibPVhoep05Xl5tWheNe9VgxpomtC7w16FFndAqyfwSBroOpjyaFcTKr8VVKQ&sig=Cg0ArKJSzFRdscF7dyfPEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=392&cbvp=1&cstd=383&cisv=r20230627.53956&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 30 Jun 2023 12:10:37 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:10:37 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 90D1 22 KB
8 KB 79ms
65ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 252776
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 9C0B 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 768f50f6ab02e6e07cb33a8167aa8fc9c7f8ded8bcb559f450752e6392daa0b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame B530 35 B
462 B 42ms
31ms Image
image/gif 2620:116:800d:21:c5a4:625:6563:a5bb

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJ9kkJP2WQSBZhzwkIV4HD8&google_cver=1&google_push=AaAOQGGXGkcJ-2OosHuphfXSFzIHQ_Lmztg1E_fWPeoajKzMBUPXI1rM3ZEC-xoDflcCEgZ32ikCAiAt-JIRtYjyvapg1Ef4mcbDVsa8hzZrzHDtxh0kKIQphpOo5Ma8hQ-THDteC-POTt5-

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:c5a4:625:6563:a5bb -, , ASN (),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B530
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEAVM3mAZTIJvw4F3ign7Gl8&google_cver=1&google_push=AaAOQGEJOntD5DslwDVfS7IzWrZHp-GYHM-5OoMqpZjpbSx3NG9g6sMMiZJ-mnzQcu7T1KwcdA8IExpXORnsixogIOD2NAinUeUvDR...
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A3826357E20E4A0D977C2585F151A26C&google_push=AaAOQGEJOntD5DslwDVfS7IzWrZHp-GYHM-5OoMqpZjpbSx3NG9g6sMMiZJ-mnzQcu7T1KwcdA8IExpXORnsixo...

170 B
188 B

111ms
109ms

Image
image/png

142.250.185.162

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A3826357E20E4A0D977C2585F151A26C&google_push=AaAOQGEJOntD5DslwDVfS7IzWrZHp-GYHM-5OoMqpZjpbSx3NG9g6sMMiZJ-mnzQcu7T1KwcdA8IExpXORnsixogIOD2NAinUeUvDRCB8okhBveXTEJmTSk602bseSrP_c8FvagWjhGjI39c

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 30 Jun 2023 12:10:37 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A3826357E20E4A0D977C2585F151A26C&google_push=AaAOQGEJOntD5DslwDVfS7IzWrZHp-GYHM-5OoMqpZjpbSx3NG9g6sMMiZJ-mnzQcu7T1KwcdA8IExpXORnsixogIOD2NAinUeUvDRCB8okhBveXTEJmTSk602bseSrP_c8FvagWjhGjI39c
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 29 Jun 2023 12:10:37 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame B530 70 B
265 B 167ms
50ms Image
image/gif 52.223.40.198

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEOLf9yTC_OEA4YkYPK-Ues4&google_cver=1&google_push=AaAOQGEaXZZTWKTkwECGiUZuXycBCiR0QCF_6dBx5GG5QsjTnkhZ4AAPujT_woa9X8nQn3iQ5hND3SXEB2k1PZJc3LUdbRLaOCrzGp4Hz-86VcRpm9fMwNCWfXlPB9PpaSnN9mPBHBBoFmV8
Requested by: Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET

sync
r.scoota.co/ Frame B530
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESECkH3KmIhh5_DPNMU9BubZQ&google_cver=1&google_push=AaAOQGEEqsqGPa3CuTNMD2u_p3ubMt3QKPWR8x_iBMTtgo5I8d9QCorQXm5E30ZCIvcmWG21oM27IigEa6b7mqmRapwW...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESECkH3KmIhh5_DPNMU9BubZQ&google_cver=1&google_push=AaAOQGEEqsqGPa3CuTNMD2u_p3ubMt3QKPWR8x_iBMTtgo5I8d9QCorQXm5E30ZCIvcmWG21oM27IigEa6b7mq...
https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=google

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B530
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEPjBWnm1Jh3mZq_mkf4Bit0&google_cver=1&google_push=AaAOQGHBAgT6qsu6Ak-lcN87nQBUaFgEyWlKbDi6rBXxLoP14npapX0-TUeLSowgbZGNaV2O94hQatPPMoLr...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGHBAgT6qsu6Ak-lcN87nQBUaFgEyWlKbDi6rBXxLoP14npapX0-TUeLSowgbZGNaV2O94hQatPPMoLrM6lACLEBrRqUUUVrdhW95jDoHh7ScrJOstj-...

170 B
188 B

86ms
68ms

Image
image/png

142.250.185.162

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGHBAgT6qsu6Ak-lcN87nQBUaFgEyWlKbDi6rBXxLoP14npapX0-TUeLSowgbZGNaV2O94hQatPPMoLrM6lACLEBrRqUUUVrdhW95jDoHh7ScrJOstj-JT46sRUvwXMG-NsKTNnG8waT

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGHBAgT6qsu6Ak-lcN87nQBUaFgEyWlKbDi6rBXxLoP14npapX0-TUeLSowgbZGNaV2O94hQatPPMoLrM6lACLEBrRqUUUVrdhW95jDoHh7ScrJOstj-JT46sRUvwXMG-NsKTNnG8waT
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET

RX-54312296-e998-4bcc-883d-5ee2bd4340df-003
sync.targeting.unrulymedia.com/csync/ Frame B530
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEN...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AaAOQGHMl6cS0EiOocunaUR_X1DwXadkAE3volQ14RTZ3y1OtwMi0X2H6NfCLXuFPit1-f652H38XbTiS0mMqlMqLEQr9oiHBSMEPrVlyIgdYH7Zm5-GT4lXlUSIRb09oBj...
https://sync.targeting.unrulymedia.com/csync/RX-54312296-e998-4bcc-883d-5ee2bd4340df-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAaAOQGHMl6cS0EiOocunaUR_X...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B530
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEBfiT50s6...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEBf...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=cc3723bd-ea69-4105-aa4d-aa4b17563b7a&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

108ms
102ms

Image
image/png

142.250.185.162

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=cc3723bd-ea69-4105-aa4d-aa4b17563b7a&%%GOOGLE_PUSH_PAIR%%

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=cc3723bd-ea69-4105-aa4d-aa4b17563b7a&%%GOOGLE_PUSH_PAIR%%
date: Fri, 30 Jun 2023 12:10:37 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame B530 0
12 B 71ms
65ms Image
text/html 142.250.185.162

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IMIKFGUThW-uPDXHz31VAVm-zwDkVnWtI_8pfxpwkioXTPZ2UJejVl02ZwP8d_bu_321mKyg

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:37 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 4028 22 KB
8 KB 61ms
60ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 252776
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html
s0.2mdn.net/sadbundle/16146537369634422564/ Frame 308A 1 KB
766 B 67ms
66ms Document
text/html 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16146537369634422564/index.html?e=69&leftOffset=0&topOffset=0&c=OwPkUHrb46&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 738
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 12:10:37 GMT
expires: Sat, 29 Jun 2024 12:10:37 GMT
last-modified: Sun, 23 Oct 2022 18:55:38 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4E14 0
0 113ms
112ms Fetch
image/gif 142.250.184.226

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu4zKXlmzn20YUI_BmUgusp62b8BuPaBh_8FDOEHNKJe9Lm5UHkJCTYaQvauOZe7Q0QeLwlfJrw3-ey4xIJt79Z3WecmWpraypBXoRgG52mDOdIcCwRoLygZxAA3mbDx1tY_MDBGRAxmdIarjnzuA-TheIoQZHJ_Tid28JDT79OJ2Cz_NZDWHQSo3UTikxmNHUQT23qZ07MWJFMYpt61cm6TpP4Zaxiro9qA5N67B-AFcECRggB7hhdbDem3--uBn0obkuuVvgEkttE3JKJcokK7-tDze8n1-Km0ym_iRrYSu4WLYgmLZX15GYTaBMC-ZFG7T2sOREprN9YJIRP51cZAyOQ2K-ghDrT5KvJtMejCa7NZ1zh-vzwPaI8kZNFXS_K0SpTGWyKHHkha3e2E2mIaI16LkZG4mIMt7BHyYy0tn3NsHUUmchTPbeKUBX_n2crSacZ6Bj0EwEnl7IpSXnBY-ZS06hvRUmVmp33UnlsvNouK2NeR8GGPSkdwSWlg5wy7rW2qqOLsqflwYwQLjd_0LmvPQwNeYbIQSrDAkJdl0hKPR1MJ-xDe7rwGgw5EGPXjoA6b_iuyU2ywdKSVm39jRxv_S1rAIjBtGBP2etUZkq8R9prh7Kri-zSlVG8bgkEn6SBLxtnNKi9bIepEBpekok7bRS78E2M6lNBR6SLDxqp7Vp-8hBkD89YhbUvjdgkpu-QV6MYTojF_LOeuiYbt6mVoNdLPKpU9BZSRz2Qd2baycpk07D8DEvvEPPHCjPQVBMEQpcvK19A3ti848mwgtne0318pOylb8OGzoia5Q6w0vDwCyt9iJ9VJsa6nDQoCD5eodLE14LVUn6Ok_9ILBxtfHvknlFv774shrsALfU1lT3UIZmTb9oAcdZzWLm14wsSPPPn-htvlkXC0Dam_UgXqSBfrhJHA1NF0HRPVIkoJFWbpnoFGpPdcmcw3IbwyenOeWaL1Wl5iMzT2Ls7IdsqD7mf4c2WQ2KvdMayUYeJTOXQi0XJU23_WBu1M4Y9_dT_OBgj4xzOx5xDQV0sNduZ2r_94ckNLuypWWHiZ7L_Y4ictVhitw5w__TWpsTxf1stkAh45ct6nN6UmHTIQ3fqhJ5bM4EO_sXBb8oeQG-N3NSWa8UQ3mrP1u7LTb3xxpTHyhGqyFIKscvMQEUEYYh42d2qOoVmgwK9Mw9iO1gSZbtu0yhdZslJ4fg8PW0dODAjbhv_69zNQJMTKcZY2n9ZFXaV6blo3eP6SoxuAj5Ntodfr2BrFYQqIfN9yiafEPhh8YkdDAKxB2w-37yWd54tN3_Ulclx36k&sai=AMfl-YRYOnA_WhBDY-XJsGc_yYUqhQDbLR_HoMSBjNO6A5vqzN3AsuYT7L8zLtlh5uc8MRlejlPjgry14WfBgXH78pAs0-5M7-u1C8zx5wODry2F2uGNqvWH7iADG2l4LtFFx5cJlQUw0v3IVGFjY2EV0xyal6gKNbPQLEt31hNdcvoS-71NR-qJt0c3yvrSSS5RBX63s767IW8kplWYDYpYO7aPTmscmLs_Qond7S562hL1AIfi2_dTs80g4Xf2crWuqFag&sig=Cg0ArKJSzCncBsCDfVrfEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=263&cbvp=1&cstd=252&cisv=r20230627.45576&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 30 Jun 2023 12:10:37 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 30 Jun 2023 12:10:37 GMT

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame 4E14 60 B
60 B 212ms
32ms Image
image/gif 213.202.235.9

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lx-mindshare&extProvApi=lx_de&extLi=29013028&extCr=180885099&extPm=354328383&gdpr_consent=&gdpr=

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.202.235.9 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 12:10:37 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Fr, 30 Jun 2023 12:10:37 GMT
X-ET-Code: 0
Content-Type: image/gif
Cache-Control: max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-ET-Camp: 1894
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 default.css
as.ad4m.at/ad/style/0.1.48/one-ad/ Frame B1CA 114 KB
14 KB 51ms
43ms Stylesheet
text/css 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.48/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1h3vx89814d5nvxj5wyra1wgr7xdchw4b2sk7cs9zqcyxvqx83gqzf81wc35smzv4d691zrmj2sqbxmhkshq2w4c4yceg7v6ry17pn5dbsnpy8zg3qgc5ac6ajr1rs6qzg0gzzv15sgr2yt9r0vvfbwpyqhzzf0p2tgm4fr3qqk4b1zsghdaw0er4f628j0bm0fakqp2vcy1ty2d0j0ysm0p9f3t3b7je95yjyhmy2ngy245jrd9kr0xks6h7nyz39qwbzhesvm7mqn9t4bq245v1dc7gkrj6vyt65nhykvke6y404q567c6fc0466qcy9qfyh4gez84d3my5n3hhf2dx78pyf4yjsc17pzgqasm3wxsqf2czv6za0q347g4cfr47thx6ewk1459rn3mx8fpe5py8npw2zm8y0x34hsnczyvea7nwpd980nqv2jax1810r44y8&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC9ODyPMaeZOa0Ac7CxtYP4--o8AKQ4YGEXLaoworwAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLYWKRVcTyyPqgDAcgDAqoE1QFP0Ot0RCYltYgsljie_Fdwv-_VC7g2DCffDw7vE7F905Z9txlW0Wq_v_BV7KI3Ka5QKRKiJjPlYyzth8Q1WxTwSaoxo5LjTaMyDXn1il9xtwyXiDZnrzTieyAQNWzC-Yt6vpogVRWFH_qm2lMuVH7WNUBvIiFRYjFGzSah4U-V5Kt7vwF6sd45-aI1V3iYnS4EhfElEVaoyLvvPP7leeGN_AwbEVOwhMRNkA8_dps4JlfY7aj561BsiO9FXC1P6pPM_zi1grcEvlVeewrvAGoKQ0FI0oGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3XP8UCKq_wNwwOSYPYoeErGQC9HQ%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1h3vx89814d5nvxj5wyra1wgr7xdchw4b2sk7cs9zqcyxvqx83gqzf81wc35smzv4d691zrmj2sqbxmhkshq2w4c4yceg7v6ry17pn5dbsnpy8zg3qgc5ac6ajr1rs6qzg0gzzv15sgr2yt9r0vvfbwpyqhzzf0p2tgm4fr3qqk4b1zsghdaw0er4f628j0bm0fakqp2vcy1ty2d0j0ysm0p9f3t3b7je95yjyhmy2ngy245jrd9kr0xks6h7nyz39qwbzhesvm7mqn9t4bq245v1dc7gkrj6vyt65nhykvke6y404q567c6fc0466qcy9qfyh4gez84d3my5n3hhf2dx78pyf4yjsc17pzgqasm3wxsqf2czv6za0q347g4cfr47thx6ewk1459rn3mx8fpe5py8npw2zm8y0x34hsnczyvea7nwpd980nqv2jax1810r44y8&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC9ODyPMaeZOa0Ac7CxtYP4--o8AKQ4YGEXLaoworwAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLYWKRVcTyyPqgDAcgDAqoE1QFP0Ot0RCYltYgsljie_Fdwv-_VC7g2DCffDw7vE7F905Z9txlW0Wq_v_BV7KI3Ka5QKRKiJjPlYyzth8Q1WxTwSaoxo5LjTaMyDXn1il9xtwyXiDZnrzTieyAQNWzC-Yt6vpogVRWFH_qm2lMuVH7WNUBvIiFRYjFGzSah4U-V5Kt7vwF6sd45-aI1V3iYnS4EhfElEVaoyLvvPP7leeGN_AwbEVOwhMRNkA8_dps4JlfY7aj561BsiO9FXC1P6pPM_zi1grcEvlVeewrvAGoKQ0FI0oGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3XP8UCKq_wNwwOSYPYoeErGQC9HQ%26client%3Dca-pub-6593523210010154%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1687950287
age: 176251
cf-polished: origSize=117335
x-guploader-uploadid: ADPycdu7Pb84Y6vCPqpUShyJrQGb98f4yuF1LiyC2B7DeEN9kG_1SbpI2iXm6tsp7d5fI22nNzf0l66mXGhEIUVspATbXw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 28 Jun 2023 11:05:15 GMT
server: cloudflare
etag: W/"5d49535c2a84a9762127b3d9e77d7e02"
vary: Accept-Encoding
x-goog-generation: 1687950315098833
content-type: text/css
x-goog-hash: crc32c=aWAnwg==, md5=XUlTXCqEqXYhJ7PZ531+Ag==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nyf59XKYOokLF%2B1myDakyk12ax1eG7VQ0lVivQieynXeRFR3FIAQRM3XgXDQuNBxFA5dRHKYavk4QXL1z8D8P9HWk%2B%2Bte4w9ViHeYm%2B%2F7FzLcVX6cFYo%2BZHJNGJZzC5LAclmoN5CL3A%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 117335
cf-ray: 7df64e9de9749b95-FRA
expires: Fri, 30 Jun 2023 13:10:37 GMT

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame B1CA 25 KB
10 KB 75ms
40ms Script
application/javascript 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1h3vx89814d5nvxj5wyra1wgr7xdchw4b2sk7cs9zqcyxvqx83gqzf81wc35smzv4d691zrmj2sqbxmhkshq2w4c4yceg7v6ry17pn5dbsnpy8zg3qgc5ac6ajr1rs6qzg0gzzv15sgr2yt9r0vvfbwpyqhzzf0p2tgm4fr3qqk4b1zsghdaw0er4f628j0bm0fakqp2vcy1ty2d0j0ysm0p9f3t3b7je95yjyhmy2ngy245jrd9kr0xks6h7nyz39qwbzhesvm7mqn9t4bq245v1dc7gkrj6vyt65nhykvke6y404q567c6fc0466qcy9qfyh4gez84d3my5n3hhf2dx78pyf4yjsc17pzgqasm3wxsqf2czv6za0q347g4cfr47thx6ewk1459rn3mx8fpe5py8npw2zm8y0x34hsnczyvea7nwpd980nqv2jax1810r44y8&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC9ODyPMaeZOa0Ac7CxtYP4--o8AKQ4YGEXLaoworwAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLYWKRVcTyyPqgDAcgDAqoE1QFP0Ot0RCYltYgsljie_Fdwv-_VC7g2DCffDw7vE7F905Z9txlW0Wq_v_BV7KI3Ka5QKRKiJjPlYyzth8Q1WxTwSaoxo5LjTaMyDXn1il9xtwyXiDZnrzTieyAQNWzC-Yt6vpogVRWFH_qm2lMuVH7WNUBvIiFRYjFGzSah4U-V5Kt7vwF6sd45-aI1V3iYnS4EhfElEVaoyLvvPP7leeGN_AwbEVOwhMRNkA8_dps4JlfY7aj561BsiO9FXC1P6pPM_zi1grcEvlVeewrvAGoKQ0FI0oGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3XP8UCKq_wNwwOSYPYoeErGQC9HQ%26client%3Dca-pub-6593523210010154%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:37 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Mar 2023 13:45:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 326818
etag: W/"fcb2a26b07bd76d9a925cae661d6d94d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lETY5jOxVwsFcZaRnrjOmyqfsEfl8M0Tb3YAj6wSTOs9MTjfCw6%2BOOk7JR44TtlAKKEMfETfdgom2r%2F%2BqMQD72fQDlfpWIjnfl%2BJ%2BdLDXdZ32l3R9spL0t0vyERzLrml6U9wUDw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 7df64e9e19a29b95-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 20 Jun 2023 13:46:18 GMT

POST csi
csi.gstatic.com/ Frame A03D 0
0

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame A03D 2 KB
1 KB 263ms
141ms Image
image/svg+xml 2a02:2638:3::3

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:37 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 24 Jun 2024 12:10:37 GMT

POST csi
csi.gstatic.com/ Frame A03D 0
0

GET
H3 200 createjs.min.js
s0.2mdn.net/sadbundle/13340955653470786770/300x250/ Frame 18C9 236 KB
63 KB 93ms
93ms Script
application/x-javascript 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13340955653470786770/300x250/createjs.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13340955653470786770/300x250/300x250.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13340955653470786770/300x250/300x250.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 25 Jun 2023 16:07:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 417790
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64184
x-xss-protection: 0
last-modified: Wed, 21 Jun 2023 08:40:44 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 24 Jun 2024 16:07:27 GMT

GET
H3 200 300x250.js
s0.2mdn.net/sadbundle/13340955653470786770/300x250/ Frame 18C9 79 KB
15 KB 106ms
105ms Script
application/x-javascript 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13340955653470786770/300x250/300x250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13340955653470786770/300x250/300x250.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13340955653470786770/300x250/300x250.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 25 Jun 2023 16:07:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 417790
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15780
x-xss-protection: 0
last-modified: Wed, 21 Jun 2023 08:40:44 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 24 Jun 2024 16:07:27 GMT

GET
H/1.1 200
OK dv-measurements4050.js
cdn.doubleverify.com/ Frame EED5 543 KB
103 KB 102ms
34ms Script
application/javascript 2a02:26f0:480:9::210:ee04

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements4050.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:9::210:ee04 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 12:10:37 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Jun 2023 08:54:41 GMT
Server: UploadServer
ETag: "5a377c6b590ab29192c9d6aaadc2c413"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 105238
Expires: Thu, 27 Jun 2024 08:54:46 GMT

GET
H3 200 Enabler_01_247.js
s0.2mdn.net/879366/ Frame F5A5 118 KB
40 KB 158ms
110ms Script
text/javascript 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=OlEXiEDhbt&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=OlEXiEDhbt&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 10:36:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5656
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 01 Jul 2023 10:36:21 GMT

GET
H3 200 gsap_3.9.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame F5A5 63 KB
25 KB 200ms
152ms Script
text/javascript 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=OlEXiEDhbt&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=OlEXiEDhbt&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 12:10:37 GMT

GET
H3 200 styles.css
s0.2mdn.net/sadbundle/16829948873192997814/css/ Frame 3FBB 6 KB
2 KB 145ms
107ms Stylesheet
text/css 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=n2IhjHNgof&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=n2IhjHNgof&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 19:25:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 319523
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1606
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Jun 2024 19:25:14 GMT

GET
H3 200 Enabler_01_250.js
s0.2mdn.net/879366/ Frame 3FBB 120 KB
41 KB 151ms
113ms Script
text/javascript 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=n2IhjHNgof&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=n2IhjHNgof&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 02:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 36052
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 01 Jul 2023 02:09:45 GMT

GET
H3 200 overlay.png
s0.2mdn.net/sadbundle/16829948873192997814/img/ Frame 3FBB 95 B
122 B 63ms
61ms Image
image/png 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/img/overlay.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=n2IhjHNgof&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=n2IhjHNgof&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 14:54:55 GMT
x-content-type-options: nosniff
age: 162942
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 14:54:55 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/16829948873192997814/img/ Frame 3FBB 5 KB
2 KB 73ms
65ms Image
image/svg+xml 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/img/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=n2IhjHNgof&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=n2IhjHNgof&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 19:25:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 319523
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2339
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Jun 2024 19:25:14 GMT

GET
H3 200 gsap_3.5.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 3FBB 60 KB
0 89ms
67ms Script
text/javascript 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=n2IhjHNgof&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/index.html?e=69&leftOffset=0&topOffset=0&c=n2IhjHNgof&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 12:10:37 GMT

GET
H2 206 71ac63ad570642e987aadc31e4b52f7c_k6_1080x1080_15sec_cta_social_paid_de.mp4
static.criteo.net/design/dt/10758/4758890/ Frame A03D 4 MB
0 91ms
53ms Media
video/mp4 2a02:2638:3::3

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/10758/4758890/71ac63ad570642e987aadc31e4b52f7c_k6_1080x1080_15sec_cta_social_paid_de.mp4

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 30 Jun 2023 12:10:37 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 01 Jun 2023 13:44:43 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6478a0cb-11c7062"
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-18640993/18640994
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
Content-Length: 18640994
expires: Mon, 24 Jun 2024 12:10:37 GMT

GET
H3 200 tweenmax_2.0.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 308A 113 KB
38 KB 178ms
152ms Script
text/javascript 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16146537369634422564/index.html?e=69&leftOffset=0&topOffset=0&c=OwPkUHrb46&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16146537369634422564/index.html?e=69&leftOffset=0&topOffset=0&c=OwPkUHrb46&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 12:10:37 GMT

GET
H3 200 Enabler_01_247.js
s0.2mdn.net/879366/ Frame 308A 118 KB
40 KB 169ms
143ms Script
text/javascript 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16146537369634422564/index.html?e=69&leftOffset=0&topOffset=0&c=OwPkUHrb46&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16146537369634422564/index.html?e=69&leftOffset=0&topOffset=0&c=OwPkUHrb46&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 10:36:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5656
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 01 Jul 2023 10:36:21 GMT

POST csi
csi.gstatic.com/ Frame A03D 0
0

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame DEF1 42 B
64 B 139ms
137ms Fetch
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvj3UopBtyP8LOqRiYNDiljWC0GPP4cUBeDw5z_o72sXhzJrpd_RC85PhQnZhMf8JYMd7qGZq2gijIOu5mLqCzBF5FKzgKJbgm85dPwYxh8_aq-WyUH0pyNvRHBlTJRStO32ZTjeMY6m6Fq&sai=AMfl-YTuezyOb-nv78ybuQarz2TlFO5cCTMFXJFsDwsZhxFZmtFU1nI8CW3NUWyIpyIdxVSc0P7TIp4JiAT8ebEim_55A7YvMSrqfXbYf3_Nc_bMHzzTKCOlSnGezlnPwLE9sN7zP8YnJfrLFl4CzeYyhsIhPpodTqGI36vIrvHaE42kVOjGJ_oSkbnKJAQNEg&sig=Cg0ArKJSzOOU68NH8TukEAE&cid=CAQSbQBygQiD8FTdgde4HFJzOrpdvRJr4pTPTnAvI-uCxs1E2EkH23JOFfOd8Ee3dPYuwagpLujH-Bj8qZ2TD0cmA2A5LtZ51NeFBpKvMgtcB3DI7vZaqCi9y01VstOr3AUE02_lk9WpgHJ06w-b3jwYAQ&id=lidar2&mcvt=1097&p=1,1,213.953125,301&mtos=1097,1097,1097,1097,1097&tos=1097,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=9&adk=3864748221&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688127035363&rpt=762&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CBEB
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEBe22rB68Ef9yLhcBLsJyvA&google_cver=1&google_push=AaAOQGEWtmka0HJgx3lm8C2uNYHiEfgony4F-O9GEREpjAK37CbzE4mrGQD6ce1OCkYUmw6I_OKs9p8p5p0Wg4jZ...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGEWtmka0HJgx3lm8C2uNYHiEfgony4F-O9GEREpjAK37CbzE4mrGQD6ce1OCkYUmw6I_OKs9p8p5p0Wg4jZYSOa4KGEvQRa

170 B
188 B

160ms
158ms

Image
image/png

142.250.185.162

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGEWtmka0HJgx3lm8C2uNYHiEfgony4F-O9GEREpjAK37CbzE4mrGQD6ce1OCkYUmw6I_OKs9p8p5p0Wg4jZYSOa4KGEvQRa

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 30 Jun 2023 12:10:37 GMT
Server: MT3 933 7933424 master cdg-pixel-x32 config_version:"1438"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AaAOQGEWtmka0HJgx3lm8C2uNYHiEfgony4F-O9GEREpjAK37CbzE4mrGQD6ce1OCkYUmw6I_OKs9p8p5p0Wg4jZYSOa4KGEvQRa
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 30 Jun 2023 12:10:36 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CBEB
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESECswTxfMVoPnIJQWbfsV324&google_cver=1&google_push=AaAOQGFyOZt9k6QTWuP-Es98O_O9dqKTOnXPqPcY9f6FgyZmM8B347g8sLwm5K_otTIX3nEH0PEV1E7na9lNS3Ux...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=tTov-Bv9S2mApbkEUJBDPw2&google_push=AaAOQGFyOZt9k6QTWuP-Es98O_O9dqKTOnXPqPcY9f6FgyZmM8B347g8sLwm5K_otTIX3nEH0PEV1E7na9lNS3UxybeD0g59NMbE

170 B
188 B

69ms
67ms

Image
image/png

142.250.185.162

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=tTov-Bv9S2mApbkEUJBDPw2&google_push=AaAOQGFyOZt9k6QTWuP-Es98O_O9dqKTOnXPqPcY9f6FgyZmM8B347g8sLwm5K_otTIX3nEH0PEV1E7na9lNS3UxybeD0g59NMbE

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 30 Jun 2023 12:10:37 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=tTov-Bv9S2mApbkEUJBDPw2&google_push=AaAOQGFyOZt9k6QTWuP-Es98O_O9dqKTOnXPqPcY9f6FgyZmM8B347g8sLwm5K_otTIX3nEH0PEV1E7na9lNS3UxybeD0g59NMbE
x-host: tde-deliveryengine-production-7c97bc8457-kzgl2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET

sync
r.scoota.co/ Frame CBEB
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEFwPeon-EZo3pKHH6ZjFIVI&google_cver=1&google_push=AaAOQGFvZt1DB_lXyCtR9MK_zBbvIOx_PcG06xnsbECIovcl3V22uL1dNUsCDzy-95Fay8NcNC7djY5tih4GZsX82r67...
https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=google

0
0

GET
H2 200 dds
rtb.openx.net/sync/ Frame CBEB 43 B
245 B 215ms
25ms Image
image/gif 35.227.252.103

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEPVoc6yTnuAErVOMDFzu3Ds&google_cver=1&google_push=AaAOQGFGx_XMeclwN7Q61KpVwk73BtFPNXBATBlATfYfYnpZGYd5j0aYStnJepi9lwXcQZtOMTLwgiR4Em0mtxMlc3gpDdrdQtcTzg
Requested by: Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET

ebda
match.360yield.com/ul_cb/match/ Frame CBEB
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESECLgz8Hj6XLJbG7tJqBqviU&google_cver=1&google_push=AaAOQGF3By2hdKZLySQ8pIDw0LZv6tcXbd724wE1-0V_OLFtSRzKxw8Ah3U_BQXub4O1r6QsTOl8Br-BKvBn1GL97EoKDJ...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESECLgz8Hj6XLJbG7tJqBqviU&google_cver=1&google_push=AaAOQGF3By2hdKZLySQ8pIDw0LZv6tcXbd724wE1-0V_OLFtSRzKxw8Ah3U_BQXub4O1r6QsTOl8Br-BKvBn1GL9...

0
0

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame CBEB 0
75 B 45ms
40ms Image
text/plain 185.86.138.150

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEGxv8qJc9w8NmB4Qu7EO5pQ&google_cver=1&google_push=AaAOQGEV_VwS53ps0xNuCK054LYatUBLj47EbmX1EJ9RuYoOw7CNDm6flAkYxQn83mI083I0rr5PDIUjqvOK_P55eAbfxd1ZANWaWw
Requested by: Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.150 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:36 GMT
content-length: 0

GET
H/1.1

200

0.gif
id5-sync.com/i/495/ Frame CBEB
Redirect Chain

https://sync.inmobi.com/gob?google_gid=CAESELiT2iDw18ywtl1JaQtk-_c&google_cver=1&google_push=AaAOQGEEivgBepOyLCa9aflG1HJCum1bCh-yixYF-p_kT6i-UpfhdDjcWqz5yzsBPXGIrBA6KNXcEU5j9o4aFlWIUBdjVy4V4gg9yiw
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAaAOQGEEivgBepOyLCa9aflG1HJCum1bCh-yixYF-p_kT6i-...

43 B
1 KB

31ms
31ms

Image
image/gif

141.95.33.111

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAaAOQGEEivgBepOyLCa9aflG1HJCum1bCh-yixYF-p_kT6i-UpfhdDjcWqz5yzsBPXGIrBA6KNXcEU5j9o4aFlWIUBdjVy4V4gg9yiw

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Server

141.95.33.111 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Fri, 30 Jun 2023 12:10:37 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

Redirect headers

date: Fri, 30 Jun 2023 12:10:37 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
expect-ct: max-age=0
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=utf-8
location: https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAaAOQGEEivgBepOyLCa9aflG1HJCum1bCh-yixYF-p_kT6i-UpfhdDjcWqz5yzsBPXGIrBA6KNXcEU5j9o4aFlWIUBdjVy4V4gg9yiw
x-download-options: noopen
vary: Accept
content-length: 274
x-xss-protection: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame CBEB 0
12 B 125ms
119ms Image
text/html 142.250.185.162

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JQrKp6zMywzvz83Gd9Pl1G8jUpoUf7U_awvUbhkhWbbu6MfoIdr1wmvXs8z2V7aZzGo5XqYA

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:37 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 5ed7702fe4b07a92411bc03e
ng2.virgul.com/tck/imp/ Frame 5040 0
209 B 176ms
56ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7702fe4b07a92411bc03e?g=1&t=gb&r=153378@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688127034138&userId=vnet3bc71549-6df8-44a0-a5ac-c4fd13789c73
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 12:10:37 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js
pagead2.googlesyndication.com/bg/ Frame D7A1 38 KB
14 KB 135ms
57ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 09:52:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8287
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14768
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 29 Jun 2024 09:52:30 GMT

GET

4a.js
static.adsafeprotected.com/ Frame 1141
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1484055/72040524/4.js?ias_dspID=64&adContainerId=brand_safety_PMaeZMacD_-wx_APgZ-usAs&cbFunctionName=goog_wrapCb_PMaeZMacD_-wx_APgZ-usAs&true_pb=&adsafe_pb=htt...
https://static.adsafeprotected.com/4a.js

0
0

GET sca.17.6.2.js
static.adsafeprotected.com/ Frame F1AA 0
0

GET
H3 200 AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js
pagead2.googlesyndication.com/bg/ Frame 9351 38 KB
0 79ms
58ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 09:52:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8287
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14768
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 29 Jun 2024 09:52:30 GMT

GET
H3 200 AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js
pagead2.googlesyndication.com/bg/ Frame 90D1 38 KB
0 81ms
58ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 09:52:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8287
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14768
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 29 Jun 2024 09:52:30 GMT

GET
H3 200 AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js
pagead2.googlesyndication.com/bg/ Frame 4028 38 KB
0 84ms
61ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 09:52:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8287
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14768
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 29 Jun 2024 09:52:30 GMT

GET dt
dt.adsafeprotected.com/ Frame 1141 0
0

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 40E7 42 B
64 B 99ms
96ms Fetch
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstV7u5Hn1QdlBQ80yn6RLxPM0X4De28ctHolCChMDIAeDLZBnt0bkZlcL_f915UNpKN1PPN5n5H4xV-_rtyPSSyvaTI4phOwMhD0XBWOfJEK_bUeJLViMftg6O7JdqbuhfKIdwER_ipYRUD&sai=AMfl-YSZX4y9PGzr4gJvlkWpna9Bv8d4SSEvYvGHQ8hI1twTYoADCH4caRO6DivAZLDqDQY3sNtBm9Im9m1HY5Upt3iHiwXrNVOD5d7LBqmAofucjVBfsmEqZGzDQhazDFYPUKOFHdWnYGzPouvonoH0DUqNEQcEoeQm77ZfVesji7PdeM5kOZcNmyzb2ytFqA&sig=Cg0ArKJSzAjDmaAMFFPAEAE&cid=CAQSbQBygQiDLhWFTLsLTw3u17VFDzsE3rFAqeV0F6xWLZS--kYy7NkdC0RsjYxMllDhFobwS_16poFTviyxE5adoMZ5NRYOSq7ll2kpo6moyGulxS47yrS_FDvbotu-71fdk-ZOtPtyAdi5tW-YYNYYAQ&id=lidar2&mcvt=1076&p=0,0,250,300&mtos=1076,1076,1076,1076,1076&tos=1076,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=818013153&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688127035572&rpt=771&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 12:10:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame B1CA 0
0

GET dt
dt.adsafeprotected.com/ Frame 1141 0
0

GET visit.js
tps.doubleverify.com/ Frame EED5 0
0

GET
H3 200 frame.html
ad4m.at/ Frame 2AF3 0
0 44ms
43ms Document
text/html 2606:4700:20::681a:ad1

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 169724
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 7df64ea2ab481ad7-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Fri, 30 Jun 2023 12:10:37 GMT
expires: Thu, 08 Jun 2023 00:41:56 GMT
last-modified: Thu, 25 Aug 2022 14:12:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fw14tpBqg3Y0%2BDqKY62Z8z6BKaEj4wah3gbS%2FAovK0KzlP%2FNbAtUTxThIrZ3YS%2F7dyDMHxBdA408U0kRwTb461iLAEfdzfmqLZ%2BFH2G9G7E6qP3d%2FJq%2Fmoj3GQRx9YZkW20EheU%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 image1.jpg
s0.2mdn.net/sadbundle/13340955653470786770/300x250/images/ Frame 18C9 16 KB
16 KB 83ms
83ms Image
image/jpeg 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13340955653470786770/300x250/images/image1.jpg

Requested by

Host: 3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
URL: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13340955653470786770/300x250/300x250.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 25 Jun 2023 16:07:28 GMT
x-content-type-options: nosniff
age: 417789
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15984
x-xss-protection: 0
last-modified: Wed, 21 Jun 2023 08:40:44 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 24 Jun 2024 16:07:28 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 40E7 0
0 99ms
98ms Fetch
image/gif 142.250.184.226

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvuHUQXRYUm3mGKaFZ3_e4uea8iHqO7x4Rn4E3_U9J_KTsqvPx7TXbH_2a_l0eu193SilbYxHYWt3WJ5esC1D27DP-lP2mttZsSYI_8_gK8Lh9CDDbVD9Gn9DmKIhuvCcwdgHnvwPpoHMK47j15MfNRqHDk2z8avSNy53M6WWpBuV4Lgz3BswQ5dsKRtGQtHYFKyL7dEoKrVtX-EceTeT1yBYup_tbOSyvPj8kz-_4ssVoKhAO5gjIZnR8tydNBPZKpI2o-1aqgOf3bGim6I4dB5sMWteo-b3-jomGvk6OaHSiPNHOjRSOcNtD5LPUhuQLB6ZOSkDOhmQ5nKeLRfEnbRgsu90Uvd5i5at5UPOnnerteuEeizW5Id1Cgv71itVQWcA9afuXkICEJGM4-CHNu1inCEpkZN6ihD4VbrkoTh6ZzF1sysiPMghv83XSQ90qjkmzVEtH-ybDgIm-NVoRazYcailtW9aUtw8J2l_60M2fktD_JTxp26yMeajgzqvN2xN9EDJ4CYIh26YM8uU59M9wfjE9FRN9eJfFUDXyyhDAiDEYub12HmH-uK5nNLa7QqmYXglA4lLJubhjO4DlIM-9yqk9V64FskPAFMocrtiVl-4HCMXlmdDdeGNkkC2hCs0KAt12tA5FeJ7Cg6zX3I0Kbvc15LbofE99Yy0kKU6CxAlRSWZZ7pgpTU5l0zNP6C1UQZ7QnDMQ14Flygd1u0807yK-SLkM8NInRSZ4MWGFyCQUS5xF9cMxjlDwCBGPDq7-k6ybG0Y2Sk2ZoF5UCmdl9hvboNP0SF3RArRCwcryvoef3WKeIO7UjAaNudR0LZ4WF71dxhUC33_ohi2KraLRGo7jAC0M093lZVFEmSiHh24I_somnOutIdNoENzSuIgr5DsCXpif4XsBRRaCCiiRdDZ0tfOfsnlsBONyWTnME2QOS014OWxm0WP1NU995-eOMTEdbgTYP6Fpv2yyy2KDFLLltiFmbJMk2-T5JcTB1i_IH56u0tXb6b_7AhX5yuFl9ajKuBSurYaW9vFaobz9p_Bk4eGZ6Idr9Atsej24piAnB8eQjbvW2id2JxPgrVWs7NF2Jd3kAb_SAddx39tfRl3W4SyRozVR0uYNK-Ydwz3-Ph1UsI6ixGyRqfTt0e8d5FWV_OXIE7A84pusufw-zN0crGgAITifx0Ry0v37F8SQ94gjZNCAvJ3MEDe58iCWENbdSJza7z5zD9sfXaUzNezFMasTNx4kLEyq4jon8yVpuVP6_Iv3gXA&sai=AMfl-YQ-RRrf1QZlqOw21fqaAIUrz70iXHYDvbg1-fizgIcmjONrQiXbpoXX3SjwbFwcUgnphIJMpA2uW7V4w3re4tLKcMYCHZt0gL6DUhjf2LrzFHpvEGx9kcqa8psDVKENkTsXlTkJAyJssJb5-Bj8QTVM6GOGuj9DgEdanRGVgluDTNp2xzbn-It3HJaf4hac5HGl22Um810NvwzvJAQKw-BCAnTroq3BHK8iPMwu4onzDghhz772QvPZdewsJGb6wHigGAWIn4z6Iz5jfJ-4uV4m67LJ2HWHZEgk0exVpF9oMIvdPd_yC2Si_KiANRBsylYyAlizYVFRicGgaeY4tjzdPp_9QSCtPjA&sig=Cg0ArKJSzDNjH5FuxUo1EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1539&vt=11&dtpt=1071&dett=3&cstd=464&cisv=r20230627.25214&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:10:37 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 30 Jun 2023 12:10:37 GMT

GET
H2 200 6363a944e4b0125bde9e6739
ng.virgul.com/tck/i_vb2/ Frame 5040 0
209 B 74ms
72ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/6363a944e4b0125bde9e6739?l=&r=153366@site_geneli@yemek_net:site_geneli&cs=1688127037766&userId=vnet3bc71549-6df8-44a0-a5ac-c4fd13789c73
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 12:10:37 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed76f76e4b07a92411bc03a
ng.virgul.com/tck/i_vb2/ Frame 5040 0
209 B 75ms
74ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed76f76e4b07a92411bc03a?l=&r=153377@site_geneli@yemek_net:site_geneli&cs=1688127037766&userId=vnet3bc71549-6df8-44a0-a5ac-c4fd13789c73
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 12:10:37 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771bae4b07a92411bc04c
ng.virgul.com/tck/i_vb2/ Frame 5040 0
209 B 75ms
74ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771bae4b07a92411bc04c?l=&r=153382@site_geneli@yemek_net:site_geneli&cs=1688127037766&userId=vnet3bc71549-6df8-44a0-a5ac-c4fd13789c73
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 12:10:37 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771e3e4b07a92411bc04e
ng.virgul.com/tck/i_vb2/ Frame 5040 0
209 B 76ms
75ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771e3e4b07a92411bc04e?l=&r=153383@site_geneli@yemek_net:site_geneli&cs=1688127037767&userId=vnet3bc71549-6df8-44a0-a5ac-c4fd13789c73
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 12:10:37 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 FordAntennaCondMedium.subline.woff
s0.2mdn.net/sadbundle/16829948873192997814/fonts/ Frame 3FBB 13 KB
13 KB 61ms
60ms Font
font/woff 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/fonts/FordAntennaCondMedium.subline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 19:25:14 GMT
x-content-type-options: nosniff
age: 319523
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13336
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Jun 2024 19:25:14 GMT

GET
H3 200 FordAntennaBlack.headline.woff
s0.2mdn.net/sadbundle/16829948873192997814/fonts/ Frame 3FBB 12 KB
12 KB 68ms
67ms Font
font/woff 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/fonts/FordAntennaBlack.headline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 19:25:14 GMT
x-content-type-options: nosniff
age: 319523
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11876
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Jun 2024 19:25:14 GMT

GET
H3 200 FordAntennaRegular.legal.woff
s0.2mdn.net/sadbundle/16829948873192997814/fonts/ Frame 3FBB 14 KB
14 KB 61ms
61ms Font
font/woff 2a00:1450:4001:813::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16829948873192997814/fonts/FordAntennaRegular.legal.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16829948873192997814/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 14:54:57 GMT
x-content-type-options: nosniff
age: 162940
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14468
x-xss-protection: 0
last-modified: Fri, 12 May 2023 09:19:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 14:54:57 GMT

GET view
googleads4.g.doubleclick.net/pcs/ Frame 47D2 0
0

GET activeview
pagead2.googlesyndication.com/pcs/ Frame 0DD6 0
0

GET view
googleads4.g.doubleclick.net/pcs/ Frame 4E14 0
0

GET rum.js
securepubads.g.doubleclick.net/pagead/js/ Frame 47D2 0
0

GET rum.js
securepubads.g.doubleclick.net/pagead/js/ Frame F5A5 0
0

GET OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame F5A5 0
0

GET OnAir-Light.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame F5A5 0
0

GET sodar
pagead2.googlesyndication.com/getconfig/ Frame F5A5 0
0

GET 60005582_20210507060843268_Asset_Transparent.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame F5A5 0
0

GET 60005582_20230405055008629_SAM_Galaxy-S23.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame F5A5 0
0

GET 60005582_20230503075344013_160x600_LOOK-01.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame F5A5 0
0

GET 60005582_20230404070248174_160x600_LOOK-02.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame F5A5 0
0

GET postview.gif
portal.o2online.de/nws/img/ Frame F5A5 0
0

GET sodar
pagead2.googlesyndication.com/getconfig/ Frame 3FBB 0
0

GET image2.jpg
s0.2mdn.net/sadbundle/13340955653470786770/300x250/images/ Frame 18C9 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: csi.gstatic.com
URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~ljij91v9&c=2411976575333&slotId=1205988287666.5&qqid=CMaIp6L76v8CFYSfhQod55wIXw&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C44752538%2C44776384%2C75259414%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream

Domain: csi.gstatic.com
URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~ljij91ys&c=2411976575333&slotId=1205988287666.5&qqid=CMaIp6L76v8CFYSfhQod55wIXw&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.1jf&vast_v=4.0&lima_p_ich=0&lima_p_icu=0

Domain: r.scoota.co
URL: https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=google

Domain: sync.targeting.unrulymedia.com
URL: https://sync.targeting.unrulymedia.com/csync/RX-54312296-e998-4bcc-883d-5ee2bd4340df-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAaAOQGHMl6cS0EiOocunaUR_X1DwXadkAE3volQ14RTZ3y1OtwMi0X2H6NfCLXuFPit1-f652H38XbTiS0mMqlMqLEQr9oiHBSMEPrVlyIgdYH7Zm5-GT4lXlUSIRb09oBjdMLKT7O0iwEkl%26google_hm%3DA1QxIpbpmEvMiD1e4r1DQN8

Domain: csi.gstatic.com
URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~ljij91zt&c=2411976575333&slotId=1205988287666.5&qqid=CMaIp6L76v8CFYSfhQod55wIXw&fb=outstream-lima&vast_v=3.0&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=AdChoices&icdi=15x19&vmfc=1&vhc=0

Domain: csi.gstatic.com
URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~ljij928w&c=2411976575333&slotId=1205988287666.5&qqid=CMaIp6L76v8CFYSfhQod55wIXw&fb=outstream-lima&gpm_i=1&gpm_c=1&gpm_a=1&smb=1000&mt=video%2Fmp4&vs=1080x1080&msm=1&aits=0&webm=0&vp9=0&vamt=video%2Fmp4&hvmf=false&vms=1&bit=0&hcn=0&met.4=arp_a_e.1sx~videopreviewvisible.1tk&umsem=0&ape=1

Domain: csi.gstatic.com
URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=5~ljij929n&c=2411976575333&slotId=1205988287666.5&qqid=CMaIp6L76v8CFYSfhQod55wIXw&fb=outstream-lima&gpm_i=1&gpm_c=1&gpm_a=1&smb=1000&mt=video%2Fmp4&vs=1080x1080&ple=1&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fads.eu.criteo.com%252Fdelivery%252Fr%252F0.1%252Fvast.php%253Fz%253DZJ7GOwAH_4YKhZ-EAAic516OGmPdRfPAYreAbw%2526u%253D%25257CDxm1t4FRg8GkD0mRzgxRJH0qHzjzL5Q%25252FKxLbOW2eXPQ%25253D%25257C%2526c1%253Ds9Ouqadr9PNjmdWEvnIhCeON5eq0Yfy817nyR0B5GwZXgYWXwbmDe9kpYSMilCDwZHTqTSHU28qPS699-x6-pdPmHC8ESfc6jWDFBEINRxVFWXLtQft7xikDu2-fx8kHQYKZa0IgE7ESRR9_UIoeFLSP_FwPSBbEad2MU7v9Jd6o8fUR2F44Bw71TyPLG0k2AFf90wrtdbvLA-XiFU90752-uPe64s1H6V3QfTPqyKwnV5bkQJOZKh3OQyE61itsW6WhkjvzkTFRUy57FmTvbjVjo4Q8edYn4nskI2EDepaWV889gPbX4FdBk7d283mIc2LiSjrBem3I0kc6w1jeXLE0oNPwGMGa2LuuVaSQzs78XzsRe3m1NDtqHe0rvw9VZeH3zlFDk6DUJqq748JpbT_ATXvTq1B2dI1uB0QXd5XUDSBcR9pWTsXc1PMvu4kZvCOIi-eAagv-N47IXZfHIM0VLQ5jiLn7cfJ7u5rSOFCkGJA31sLValBLhv8KqTxV74MDdg0Xhagd5etkfcFWBNAS8w3jumMc7501t42qkmaTvx_znDZZ70CEW0_CK3ItYygYdBzRMFP1KbhIUx7L-Lw1vQ2wWARtaeXdCKkFGkiGrB2Q7M4bdx3pPOrX7Loz%2526ct0%253Dhttps%253A%252F%252Fgoogleads.g.doubleclick.net%252Faclk%25253Fsa%25253DL%252526ai%25253DCqaXMO8aeZIb_H4S_lgTnuaL4Bcme0rFc1Z2R93DAjbcBEAEgAGCV-vCBjAeCARdjYS1wdWItNzk4MzY1MTI1NzgzODI4MsgBBakC2FikVXE8sj7gAgCoAwHIAwKqBPcBT9CkWmDPqOLLNpCanPwnT_bLBLjxornypr8Vhm_JA9kGbb43fIiS_5uudgekhD27hKcJgYY2UtVXbjSIBxOMp4gPcnXRF5Wt7Q8IE4s_LMDcFqXD0b32S3NnuT9cPQWnLuf0Ts-KArJa_BcCzoAc9nU0wTAXacSkz9p6IwTUFVJEjiMabVwNIwtjKGu87HEHJ_a-61USi6W427RmMwWehpOk3BP3JZrxCc5GryugBe0fsHIoH8xtKXiHsr9W8R3YDK7gGvlVMyMeMIJNkw8kIdfJHnqFaiYLd7PWUqEx_eqzxyDWwoSavJ_sFUHyvZlDCi-jcPz99eAEAYAG5dCu8Jq8u4hQoAYqqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_1RaElM5TAZ-r_1rbLAKHA0M71YsA%252526client%25253Dca-pub-7983651257838282%252526adurl%25253D&encoded_body_size=0&transfer_size=0

Domain: r.scoota.co
URL: https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=google

Domain: match.360yield.com
URL: https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESECLgz8Hj6XLJbG7tJqBqviU&google_cver=1&google_push=AaAOQGF3By2hdKZLySQ8pIDw0LZv6tcXbd724wE1-0V_OLFtSRzKxw8Ah3U_BQXub4O1r6QsTOl8Br-BKvBn1GL97EoKDJz5oyUMtA

Domain: static.adsafeprotected.com
URL: https://static.adsafeprotected.com/4a.js

Domain: static.adsafeprotected.com
URL: https://static.adsafeprotected.com/sca.17.6.2.js

Domain: dt.adsafeprotected.com
URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=782a0298-3d9b-68df-2a03-4718f4f05bfb&tv=%7Bc:h1sxLr,pingTime:-3,time:128,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:47%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:128,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:47,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B117~0%5D,as:%5B117~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tIFj0IN+111%7C112%7C113%7C114%7C115%7C1161%7C11621%7C11622%7C1171%7C1181%7C1182%7C1183%7C1191%7C1192%7C11a1%7C11a2%7C11a3%7C11a4%7C11b*.1484055-72040524%7C11b1%7C11b2%7C11b3%7C11b4%7C11b5%7C11c1%7C11c2%7C11c3%7C11c4%7C11d%7C11e1,idMap:11b*,rmeas:1,rend:0,renddet:na,siq:49%7D&br=c

Domain: dt.adsafeprotected.com
URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=782a0298-3d9b-68df-2a03-4718f4f05bfb&tv=%7Bc:h1sxLw,pingTime:-6,time:133,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:133,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:47,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B122~0%5D,as:%5B122~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tIFj0IN+111%7C112%7C113%7C114%7C115%7C1161%7C11621%7C11622%7C1171%7C1181%7C1182%7C1183%7C1191%7C1192%7C11a1%7C11a2%7C11a3%7C11a4%7C11b*.1484055-72040524%7C11b1%7C11b2%7C11b3%7C11b4%7C11b5%7C11c1%7C11c2%7C11c3%7C11c4%7C11d%7C11e1,idMap:11b*,rmeas:1,rend:0,renddet:na,siq:49%7D&tpiLookup=ao:pcloak.blob.core.windows.net*%2Cye-mek.net*&br=c

Domain: static-de.ad4mat.net
URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png

Domain: dt.adsafeprotected.com
URL: https://dt.adsafeprotected.com/dt?advEntityId=1484055&asId=782a0298-3d9b-68df-2a03-4718f4f05bfb&tv=%7Bc:h1sxMc,pingTime:-2,time:175,type:a,im:%7Bsf:0,pom:1,prf:%7BmdA:828,mdZ:1537,beA:1641,beZ:1644,mfA:1647,cmA:1649,inA:1649,inZ:1657,prA:1658,prZ:1681,si:1689,poA:1691,poZ:1732,cmZ:1732,mfZ:1732,loA:1773,loZ:1778,ltA:1816,ltZ:1816%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:47%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:175,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:47,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B164~0%5D,as:%5B164~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tIFj0IN+111%7C112%7C113%7C114%7C115%7C1161%7C11621%7C11622%7C1171%7C1181%7C1182%7C1183%7C1191%7C1192%7C11a1%7C11a2%7C11a3%7C11a4%7C11b*.1484055-72040524%7C11b1%7C11b2%7C11b3%7C11b4%7C11b5%7C11c1%7C11c2%7C11c3%7C11c4%7C11d%7C11e1,idMap:11b*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:na,siq:49,sinceFw:125,readyFired:true%7D&br=c

Domain: tps.doubleverify.com
URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=382&ttfrms=45&brid=3&brver=114.0.5735.198&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauJ6%5C%3E6%3C%5D%3F6ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauA4%3D%402%3C%5D3%3D%403%5D4%40C6%5DH%3A%3F5%40HD%5D%3F6ETar9EEADTbpTauTauJ6%5C%3E6%3C%5D%3F6ETar9EEADTbpTauTaub3c335a2cdh3g3ec_4h%602f%60e6%60b4e27c%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&srcurlD=1&aUrlD=0&ssl=https:&dfs=1219&ddur=164&uid=1688127037548249&jsCallback=dvCallback_1688127037548580&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F114.0.5735.198%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=90&winw=728&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=4050&tgjsver=4050&lvvn=28&m1=13&refD=2&referrer=https%3A%2F%2F3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&fcifrms=1&brh=2&sdf=2&dvp_epl=284&noc=4&nav_pltfrm=Win32&ctx=20309721&cmp=29968277&sid=3288807&plc=367565023&crt=192207036&btreg=558488166&btadsrv=doubleclick&adsrv=1&advid=4309118&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=1908729713.6445112&dvp_tukv=10577353379.37206&dvp_strhd=0.5&dvpx_strhd=0.5&dvp_tuid=562567606133&jurtd=2333968600

Domain: googleads4.g.doubleclick.net
URL: https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsslQXjffhvKL-mQuxVUSwK1XjDXUUmUHCj0_znSRC-XBoTmkMju6eXiT21B63zZ9r6Y3Gjs0JipP6ViZpe8jLCtcV5OhXRbAzvAQhQ66mTOEoujnZLrz7PnMN888YhcYxcf-5URkl10aIxPAM1skWyyDnkfNXa53rCztJ2ndDon8fPQYwfStBUEZR2bRxyfWfJALyVz0eDxX15XN9RkMqKN4iYz4Ade2CsulNclX3TgR1j_WXbp6CIBJau6A-LhrJ_c7Iw7e4p4mqrQw9m3MWmg3620h96i9rOv-m_BYFSfBPHjgHM2h7gJseQcA4sDeRt4l3rWOPnlpODUT2w64X-kEnOoBowP1B4hOj1nME5chajaryumGRUPND_4y-yzCgiKFUuoY0OH_sX4QPoJSdbC6q0-hgGV3oG_rDYpDCFTuSNbA1_nMyseAZ6ZCbAuxBMU7_nGF--CsLJNzCPAzSwkP7pJapCGddxU7xXvhVXydONJKfEzD8V8OSfVURXSQPJSeW_GXscDnVaiRTLstNJX2eD0F8_0PUHz8s6uvPRIX-3Jgq9BLC2nmOvtDBUU3lpaT_zcg0YWdyi-bKqpS_BNzSiUJeVZPWF0mF4L88-umetq90i9sYERTr-8QBmI1IOUfchmgquruM_vSqb0TmpUMKar7sIde_AOYw4cLWod-qOq1v7SzIDv3uG2j_FVYK1kvmLVSsrM0cx8u-k6p2bVaEG5t-f3eY81IpBSluBo2eAP11TOkPt8wfHSF_IB8n_y99Hzfl8bE2WnvjLHjpcG08mqFEN8IDMQCTf5HOkcMDPrLmdUTF9fDbqLD8aOfYFObH_6mdExH6Xz44qWM7awAZvcmDUU3zwtzZVaJn9GpHBnFOmZjm4Q99LPLdIEXOi8pYgPKWC5pRblJx2dw7DXBvKt1NNuQ9jlNFRuTO7HJWF7vylgFvb_cUzwXvYnQllYT0n8op0-0HzGfh4FAJGq2DZ7XDO7LxhL8529G8UPERLfwpQHFHRPgHajlRZKoHRZkFT0wP36V-W07_dKqDQ2Aj_M6wixaUTIHmQL2rvum3_wGcBB7W1r_n55sZ7ZmZqNHqVeTU0OCyPUxFEBqWQFv-7AQqk2CwhyA_ztxovxqEgD9XYcglm8DVZ0QGEpheVoyB6V6v3vfJbv4ZEKKwyBsvJxThoGIVTbNNaSQUJUicG2dLdJIlJgP3Y7GqdXxBqpwRD-Jc0IQiCg4kIZygifNlhaVfFMA1j7-LSYsS6zMBkj1zDkKXkQWckQO1FeNs8LfOl0cxiWal9kT0cFDWIdzho-IonRLqIgtZacpigVUWou2qQUBaaZcegjBBr9lU-S39EqmzEH4w&sai=AMfl-YTpN9oD8rg8s2fxvr0cU6Iv5El9GF6TXWSIVvWR_f63DilRLvpwM1EMy0lJikQTXZH-sWuaxVyNTuDsIBskXtwXGGLy2V2W4DUVv4CWhMRO4HgI80704kA4U0znHz2SXq3ZD71z5QbrNERRaffk6UnII_XzLTOwtIOmK2JpZRnKxGSA9npjWBKxO2jMQt7Pte-qHbj6cefmZeUqffAwL1Bw8HibMc1F3vPF_56Io_jL1Zeb8_7vNtD_OuT-4A8kHLpyDDijT8NE3T0FS5rSUlGW8vwDjg&sig=Cg0ArKJSzAgClybRraPXEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1428&vt=11&dtpt=965&dett=3&cstd=450&cisv=r20230627.01183&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstW7ySFgktiRG3Wgo34DrJgKyporZyoBtkd25qevMsB6q1-k4psHJzqWybBcetBXoY2XYBVFkpaQyu18WYDdKuX5rPTspoqMBtpOUWn7hTwTrC3UYA6ACyZ7DdUmFNll4hpyhCcSJ2SPrDo&sai=AMfl-YSnl6ZtLglChzm_0Ln3u5qONsm2qpb1wrcEknB8pMvPjYWuPtzoAb1FOCXB5o8NtkUskHlncpIKKG9Opi7e3Nlx70DXPwCwQMGhYX92nZHwvcMbOAWz0r-Qhyg&sig=Cg0ArKJSzA0N8c3JORhmEAE&cid=CAQSOwBygQiDup59sH8pM2O1Yb9enYL4gDO4hJG0-JCzRyoSVRR6ZRZMGAQc2IAe4y0E-dCm2H5-ziOYE6SZGAE&id=ampim&o=0,229&d=160,228&ss=1600,1200&bs=160,228&mcvt=1179&mtos=0,0,0,1179,1179&tos=0,0,0,1179,0&tfs=814&tls=1993&g=100&h=100&tt=1993&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Domain: googleads4.g.doubleclick.net
URL: https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu4zKXlmzn20YUI_BmUgusp62b8BuPaBh_8FDOEHNKJe9Lm5UHkJCTYaQvauOZe7Q0QeLwlfJrw3-ey4xIJt79Z3WecmWpraypBXoRgG52mDOdIcCwRoLygZxAA3mbDx1tY_MDBGRAxmdIarjnzuA-TheIoQZHJ_Tid28JDT79OJ2Cz_NZDWHQSo3UTikxmNHUQT23qZ07MWJFMYpt61cm6TpP4Zaxiro9qA5N67B-AFcECRggB7hhdbDem3--uBn0obkuuVvgEkttE3JKJcokK7-tDze8n1-Km0ym_iRrYSu4WLYgmLZX15GYTaBMC-ZFG7T2sOREprN9YJIRP51cZAyOQ2K-ghDrT5KvJtMejCa7NZ1zh-vzwPaI8kZNFXS_K0SpTGWyKHHkha3e2E2mIaI16LkZG4mIMt7BHyYy0tn3NsHUUmchTPbeKUBX_n2crSacZ6Bj0EwEnl7IpSXnBY-ZS06hvRUmVmp33UnlsvNouK2NeR8GGPSkdwSWlg5wy7rW2qqOLsqflwYwQLjd_0LmvPQwNeYbIQSrDAkJdl0hKPR1MJ-xDe7rwGgw5EGPXjoA6b_iuyU2ywdKSVm39jRxv_S1rAIjBtGBP2etUZkq8R9prh7Kri-zSlVG8bgkEn6SBLxtnNKi9bIepEBpekok7bRS78E2M6lNBR6SLDxqp7Vp-8hBkD89YhbUvjdgkpu-QV6MYTojF_LOeuiYbt6mVoNdLPKpU9BZSRz2Qd2baycpk07D8DEvvEPPHCjPQVBMEQpcvK19A3ti848mwgtne0318pOylb8OGzoia5Q6w0vDwCyt9iJ9VJsa6nDQoCD5eodLE14LVUn6Ok_9ILBxtfHvknlFv774shrsALfU1lT3UIZmTb9oAcdZzWLm14wsSPPPn-htvlkXC0Dam_UgXqSBfrhJHA1NF0HRPVIkoJFWbpnoFGpPdcmcw3IbwyenOeWaL1Wl5iMzT2Ls7IdsqD7mf4c2WQ2KvdMayUYeJTOXQi0XJU23_WBu1M4Y9_dT_OBgj4xzOx5xDQV0sNduZ2r_94ckNLuypWWHiZ7L_Y4ictVhitw5w__TWpsTxf1stkAh45ct6nN6UmHTIQ3fqhJ5bM4EO_sXBb8oeQG-N3NSWa8UQ3mrP1u7LTb3xxpTHyhGqyFIKscvMQEUEYYh42d2qOoVmgwK9Mw9iO1gSZbtu0yhdZslJ4fg8PW0dODAjbhv_69zNQJMTKcZY2n9ZFXaV6blo3eP6SoxuAj5Ntodfr2BrFYQqIfN9yiafEPhh8YkdDAKxB2w-37yWd54tN3_Ulclx36k&sai=AMfl-YRYOnA_WhBDY-XJsGc_yYUqhQDbLR_HoMSBjNO6A5vqzN3AsuYT7L8zLtlh5uc8MRlejlPjgry14WfBgXH78pAs0-5M7-u1C8zx5wODry2F2uGNqvWH7iADG2l4LtFFx5cJlQUw0v3IVGFjY2EV0xyal6gKNbPQLEt31hNdcvoS-71NR-qJt0c3yvrSSS5RBX63s767IW8kplWYDYpYO7aPTmscmLs_Qond7S562hL1AIfi2_dTs80g4Xf2crWuqFag&sig=Cg0ArKJSzCncBsCDfVrfEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1032&vt=11&dtpt=769&dett=3&cstd=252&cisv=r20230627.45576&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4140742/OnAir-Light.woff2

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20210507060843268_Asset_Transparent.png

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230405055008629_SAM_Galaxy-S23.png

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230503075344013_160x600_LOOK-01.png

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230404070248174_160x600_LOOK-02.png

Domain: portal.o2online.de
URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=29118705_4307561_355026448_145341318_PO2102A20230503&ref=29118705_4307561_355026448_145341318_PO2102A20230503

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13340955653470786770/300x250/images/image2.jpg

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 22:17:03	Name: IDE Value: AHWqTUmXqSBT9uw_MlZB-5ZdZbs9p8BUW-YOF9fSGcKa3qQDqlCzOUJGngzICSc6csc
.casalemedia.com/	1970-01-20 21:41:03	Name: CMID Value: ZJ7GPBmHD3qSgU4IuiSCowAA
.casalemedia.com/	1970-01-20 15:05:03	Name: CMPS Value: 1141
.casalemedia.com/	1970-01-20 15:05:03	Name: CMPRO Value: 1141
.adnxs.com/	1970-01-20 15:05:03	Name: uuid2 Value: 5981848378726955986
.doubleclick.net/	1970-01-20 12:55:30	Name: DSID Value: NO_DATA

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pcloak.blob.core.windows.net/web/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
javascript	error	URL: https://ye-mek.net/(Line 39) Message: Unsafe attempt to initiate navigation for frame with URL 'https://pcloak.blob.core.windows.net/web/6x69807j0b5.html' from frame with URL 'https://ye-mek.net/'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/feature/5851021045661696.
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688127034463&bpp=5&bdt=1124&idt=371&shv=r20230627&mjsv=m202306270101&ptt=9&saldr=aa&nras=1&correlator=8693008364856&frm=24&ife=1&pv=2&ga_vid=62461326.1688127035&ga_sid=1688127035&ga_hid=844562977&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759927%2C44759837%2C44759876%2C31075625%2C31075641%2C31075721%2C44785294%2C44788441&oid=2&pvsid=298373143460488&tmod=2057557038&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.6fqzv0byjolx&fsb=1&dtd=397 Message: Failed to load resource: the server responded with a status of 403 ()
security	error	URL: https://as.ad4m.at/ad/dr?ed=1h3vx89814d5nvxj5wyra1wgr7xdchw4b2sk7cs9zqcyxvqx83gqzf81wc35smzv4d691zrmj2sqbxmhkshq2w4c4yceg7v6ry17pn5dbsnpy8zg3qgc5ac6ajr1rs6qzg0gzzv15sgr2yt9r0vvfbwpyqhzzf0p2tgm4fr3qqk4b1zsghdaw0er4f628j0bm0fakqp2vcy1ty2d0j0ysm0p9f3t3b7je95yjyhmy2ngy245jrd9kr0xks6h7nyz39qwbzhesvm7mqn9t4bq245v1dc7gkrj6vyt65nhykvke6y404q567c6fc0466qcy9qfyh4gez84d3my5n3hhf2dx78pyf4yjsc17pzgqasm3wxsqf2czv6za0q347g4cfr47thx6ewk1459rn3mx8fpe5py8npw2zm8y0x34hsnczyvea7nwpd980nqv2jax1810r44y8&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC9ODyPMaeZOa0Ac7CxtYP4--o8AKQ4YGEXLaoworwAsCNtwEQASAAYJX68IGMB4IBF2NhLXB1Yi02NTkzNTIzMjEwMDEwMTU0yAEJqQLYWKRVcTyyPqgDAcgDAqoE1QFP0Ot0RCYltYgsljie_Fdwv-_VC7g2DCffDw7vE7F905Z9txlW0Wq_v_BV7KI3Ka5QKRKiJjPlYyzth8Q1WxTwSaoxo5LjTaMyDXn1il9xtwyXiDZnrzTieyAQNWzC-Yt6vpogVRWFH_qm2lMuVH7WNUBvIiFRYjFGzSah4U-V5Kt7vwF6sd45-aI1V3iYnS4EhfElEVaoyLvvPP7leeGN_AwbEVOwhMRNkA8_dps4JlfY7aj561BsiO9FXC1P6pPM_zi1grcEvlVeewrvAGoKQ0FI0oGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3XP8UCKq_wNwwOSYPYoeErGQC9HQ%26client%3Dca-pub-6593523210010154%26adurl%3D Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Ignoring duplicate Content-Security-Policy directive 'worker-src'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3b4bbd2a459b8b640c91a716e13c6af4.safeframe.googlesyndication.com
a.tribalfusion.com
aax.amazon-adsystem.com
ad4m.at
ads.eu.criteo.com
ads.travelaudience.com
adservice.google.com
ajax.googleapis.com
as.ad4m.at
c.amazon-adsystem.com
c1.imgiz.com
cdn.ampproject.org
cdn.doubleverify.com
cdn.ye-mek.net
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
csi.gstatic.com
d5p.de17a.com
dis.criteo.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
eb2.3lift.com
feed.pghub.io
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
id5-sync.com
image6.pubmatic.com
images.dmca.com
imasdk.googleapis.com
m.exactag.com
match.360yield.com
match.adsrvr.org
ng.virgul.com
ng2.virgul.com
onetag-sys.com
pagead2.googlesyndication.com
pcloak.blob.core.windows.net
pghub.io
pm.w55c.net
portal.o2online.de
prod-rtb.ad4mat.net
r.scoota.co
rtb.openx.net
s.tribalfusion.com
s0.2mdn.net
s7.addthis.com
secure.adnxs.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
static-de.ad4mat.net
static.adsafeprotected.com
static.criteo.net
static.virgul.com
sync.inmobi.com
sync.mathtag.com
sync.targeting.unrulymedia.com
sync.teads.tv
tpc.googlesyndication.com
tps.doubleverify.com
tr.blismedia.com
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
www.cloakan.co
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
ye-mek.net
csi.gstatic.com
dt.adsafeprotected.com
googleads4.g.doubleclick.net
match.360yield.com
pagead2.googlesyndication.com
portal.o2online.de
r.scoota.co
s0.2mdn.net
securepubads.g.doubleclick.net
static-de.ad4mat.net
static.adsafeprotected.com
sync.targeting.unrulymedia.com
tps.doubleverify.com
13.224.192.181
13.32.119.77
141.95.33.111
142.250.184.226
142.250.185.162
151.139.128.10
178.250.1.9
185.29.134.244
185.7.176.221
185.7.176.222
185.80.39.216
185.86.138.150
185.89.210.101
198.47.127.19
20.127.253.7
20.60.220.36
213.155.156.165
213.202.235.9
23.206.208.114
23.52.123.144
2600:1901:0:76b9::
2606:4700:20::681a:ad1
2606:4700::6812:19ad
2620:116:800d:21:c5a4:625:6563:a5bb
2a00:1450:4001:800::2001
2a00:1450:4001:802::2002
2a00:1450:4001:80b::2003
2a00:1450:4001:80f::2002
2a00:1450:4001:813::2006
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2008
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::200a
2a00:1450:4001:830::2001
2a00:1450:4001:830::2002
2a00:1450:4001:831::2001
2a00:1450:4001:831::2002
2a00:1450:4001:831::2004
2a02:2638:3::3
2a02:2638:d::4
2a02:26f0:480:9::210:ee04
2a02:6ea0:c700::18
2a03:2880:f084:105:face:b00c:0:3
3.122.44.22
3.71.149.231
34.102.243.38
34.91.62.186
34.96.105.8
35.156.203.47
35.186.193.173
35.190.0.66
35.227.252.103
35.241.45.217
35.244.159.8
51.89.9.254
52.223.40.198
54.194.204.34
76.223.111.18
77.245.159.14
94.138.206.83
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2
0295e1553c6a6704d9ad66cdb68ef4f79684ed9862491a271b5ff9e22c488f1a
032aee61923ef53fb2b9efbb5d55f771f780e9c2fce9c076638b809a9607eee3
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0dfbfecbd8350abf669bb48c1b585103c923ee1ce0eabca195c86db08c0cccad
0ef1ac6e980067f48dd414c11559b8c872419cb46d67e44fe56402bc482a497b
104fe1d096865fb450f1d921b99ea70d85d935d9c8a2e88e980de371e03ea9e1
120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
147c0a445950fa29f9fc3784910f112bdc6dc232412915e1162da9e7ea36ad51
15755727f46778e9a116ce83828803efd8854c4935f4448f876b5e8f92915e48
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
16b8908a3e4a0002f3a8a1325c2e1560d112b03c1118faa418ba635383e86ff2
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
187574c8a3cf0026b633b356842e03d60450be911027b697e9542a650d1049c8
18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c
18e7f3232e16c5af1b4d3192ed6be46c39b4902ecef8717b7a1dc69da6b8fe34
1a6d6ecc5afe8b370681181e0077b6c838310f74f8473a1f36527577d5a1fab7
1aece8feed2d27429735ac4aaa2bb72d7e3da277aa870f177f2c761278cf0b9c
1bd2603da78c0513ae07dff23bf8925d95683b782d9eaabc18e003d3167b8dc9
1da93787a81aa7658f87fa610f3dd06ac6e4c6173921538ed5004cc89aa57a58
1e5a28a902c7f1edfc9c082269da365300b36ceb1eed186bf26523d6867ed986
1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc
20f091e39a994eac247abb2db8c48d424cb5f3ea8280cea2194168c2bf5f437e
2538a38066094576db43ac94da66c5bbaa9332f70e5ddb9d1442196157505496
25b451f3cad26104f57800c79546bf5a40295d0cecf5623e623f4479b94d0ddd
27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea
2938d991d0c6438d1b65e119372da799903cd63d52fbbf81b5281bfd22f011f6
298e30cd4e01948d540e8aff796e294da1ae095578b2403f2b97280e3b969a6f
2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f
2c3a365cb6aef1fb55a6c56a182e6943da6f655e91c962fe9c163d67f1f8d48b
2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27
2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4
2eb2914e0253d3d949c2aad28f6f109c7b3a67ef37696a4496592837c0f9d7a4
30dcca04511b7bc89ed4420843ca7e3c739a6281002e63609def4d6658166e3d
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
36323a70b585b59557dcfba1ec028f5cb75a48b7b3b32a5324b4e40585bda4e1
372e646203759b4bf2ddab1f01469d03dd8bc920f187a3a09bb316f4edf6d604
385b19d8c7f7bedac5169d996fa57206b3a35b608518dfd0aa4669f7d3a7b7de
3be63679d6ca5fd205bdbc6dc4e6caf8d376a09decaea16226da1bae6d24fad6
3c2fc0614d14f19c7b68d795bbd361ec0baa28f2f72f7fd645cb7967f380af07
3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96
3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980
43204d58f6a24cdd36d594f28e4dc0f9ab0f5ad29b4a166bb6d5f3c16756636f
464be521d749b2ba1c7e8c1f87223b56a03ee0bd05484baa0e9067ce9eb9d2be
4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
479da794610042c07a692cc82df9f0dcd96e46dd83b103761d7f0387f2ac2f1e
484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5061ede8e14dd075136fdcf6a3879f4b42a692eeaa605e2c5aa5f354e753fa61
5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184
51571e6e49d9d1243db244dd3bb1790047c7b566dabc9400564dd7f74432ffc6
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92
58fa8288d109b6525ab6ced54d659e79cc4e2a925f61d6c76da140f0a689ef59
597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf
5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8
5af02ce6b5997fabe156a5cf9e0dfdf4901a0552a78732b587d1ca38ffc2e4f4
5bfc1fb9c150261e57f3b81a33f456f5979cb6f73fe6d6ddea5d7e35ae9dbf1e
60e0532adefd738d2fd3647536d34deebd8ccab256c0ecacb6bfa4d1471f0881
613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50
64af7a328ead4e6e3e77587ae81c88a4156eea6f476df565496f8f46d89d255f
6501e50ffffdc89ec56c93111f32c70f697610d4af971fb38ae964b5824c7eb1
66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492
66f57830eba3793b6d407a90dc0636b5e5e028f466bec6045ebc0813acaf7afa
689fcf7231be4a3fa8ac188589557173f644bfa4dcf787476c9c349480792687
68bbcab002cfe978fe70454b240f442046de6170bdef247b98f4819f1e7f2417
6aeae4add2f4eac99ed13b72c24866b77edacbae0f6ed89994e54fc165e322aa
6df7c73fa12d8261f09a11faff5c77f91f912362a9fdc15c46c3b949b188717b
70cca8e0b8a4914859de4fb44a6ffc0b2a4fefd75256ac57f64690b7255ea458
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
75c5dcb0b1839bbb85275b03f330dd59c04167b59fe68b07cedad9f8292040f5
768f50f6ab02e6e07cb33a8167aa8fc9c7f8ded8bcb559f450752e6392daa0b4
7724bb8f9e43a568347c7812886428d804b4cfc5084508ce0f6e3a8b7392ac61
7d4095ea226f3f80d6d4fc62e3737dd5107fd9d4aa4a443cac11378b102f64b6
7d7862e6fbf2d69229da6a29919581daccb5fda185e6d92171147b42184eb460
8169070527736f2296d9d72e169101428b2f9821205614dc54cd16d3130c70f8
8206b7cb4977df1646b35835886cc5ad752365263197f15f0581d41c3751aa0a
842c88bbde71118e56fc313dbe3ad3d9e5dd9b3b9913960838734a29e5982b7e
84f77159f10d923d03c56bf48589f2a7af35d4788898876470aa17e21e455ea6
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8fc79cdfa3fb99df39933b99349ae19b50f0fea602459d1855cf7a06a19e5928
93877a4648f07d0a209913c6a05dcdc1810fe91fb41c96320aea06de80b708c5
96aa3667db041dd0f9351d85ca19b7485bf1dad1832ae2099c65cd5a11841275
98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86
9dd26981f783b90e9a51f21c8bb1a0668211b0a17f5a055e2aee7f69745928ff
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a24c939715061c83ab3838c45b1ecda42b41ac335f65bb010cc2a26676be5c88
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1
a9e0c3f2f8aa72179351f0b5edcde6cfcf708285785c4a358331e05da8bff5a3
abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af
ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a
af407dbc514c18e7112d85d4d50186d6547e7bdfb48e7c7cf2f400c42aafce71
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b503f838c276ee4c70c4d3aa5a08b138266ad18b3088c9b5ceaadd99a76bf748
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c25e33aaf9d908bb036672ed26b9af74032d7cb464d5e3f3b9b67e868798290a
c792ff4f44aaf2dbee5452f216ae55df14e8cd634494e5644e8b9e4d82bbaa9a
ca52a0eec13c48696bf05cbe5e76a0b67c73967c1f8825cfe4b733e24a775580
cb70a0b5ac2b1a8d8e5f0e0b91b99d95723392847800eb91f42673794ce38e5f
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5
cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d111f7cf82a9e88b2916628b94c8b93c91ee66b08b79859291ff68e33daa55e1
d41d07189295595e39267e87a880138ce04d72fe0ba272a91c07c735db7d2092
d469330093a2cebd898628a339df6abaf5edcb89e85769ff79840371195a7d1f
d5544013c9c882cd032a4ed06f6f8338f6fce934e82311a1267f59b5e717c4c7
d5907d04f8aa7cc029868fb441fd2a02dce10b72e3a68d6294aa7a2debf90440
d660119d70fde473f7720a43fb960d95c8ff46768e67d762f9557179709b8942
d899cadefb9f60296c53fceda0e6a6d3e443c20d0af6f8e29ccbd0ccd03796b3
d8fd654063a038cad06c08e22627ec311d3fdfb53c6a8ff083eb2ce7515eddcf
d966ecd46380ed5fdc36aadcd4b5a4bbd65ba852833ce5e834a4e37380ac9535
d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60
db6c8330efd6e6bfd20dbed90de2e76fe0bac473c76abe90aaa91fac7bb067c6
db8f55e504a26cfa06f7b09abff80731c10d87aef1472da40eea50e63119ce94
dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc
e1746411f5c5538b3e8c75d5aec333169e9e400913cf58581a89d7921281934f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e47fe684eeb5978f6c7437edacdbe8f33a60d89a68403c3e58c0128bfe36a52d
e64580cd0b667218f84acb806e2d3091d7742d8819afb1dbc0a58030f315b801
e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0
eab1145c02ae44ca45370dbdb689a98d1756fe3726fde675886a95730fee691d
ec88c9de3a44165db5e410d072fee68874d371d17eeac4ea36c5325d485b3f7b
ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f091c1d78d8c2ba5d642eb1f87c82d6540b4db85988202fb60d923ca23d1adba
f0a5e88aa776ea32844d763848cb8b86d2b6b2e5282db828b2f5dbf28e03c7a2
f2d790e63e25af236aeb620f0261e864cbd023c6d8dd9fb37ff084334fb062e0
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39
f708629593939b0ad37b651e8eab6bd370300201838c33d0129ac447b29398ab
f883162117f97e54d0b80d83f842a9666f590f1f6264f51f10873f89f02c6678
f9b9f94fadc3336365751e2afc49c63d973540f30071066607e1ee9950aad2ad
ff4e01de0d01a0fec916208e6dda4b0d8780803a1e07da81d27962223d809194

pcloak.blob.core.windows.net Open in urlscan Pro 20.60.220.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

356 Requests

83 %HTTPS

38 %IPv6

52 Domains

75 Subdomains

50 IPs

3 Countries

4799 kBTransfer

16174 kBSize

6 Cookies

0 Outgoing links

Redirected requests

356 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Screenshot
Live screenshot

Full Image

356
Requests

83 %
HTTPS

38 %
IPv6

52
Domains

75
Subdomains

50
IPs

3
Countries

4799 kB
Transfer

16174 kB
Size

6
Cookies

356 HTTP transactions
10 data transactions