pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Submission: On June 30 via api (June 30th 2023, 10:52:09 pm UTC) from TR — Scanned from DE

Summary HTTP 333 Redirects Behaviour Indicators

Summary

This website contacted 49 IPs in 10 countries across 52 domains to perform 333 HTTP transactions. The main IP is 20.60.220.36, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pcloak.blob.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on March 22nd 2023. Valid for: a year.

This is the only time pcloak.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	20.60.220.36 20.60.220.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NIOBEBILI...) (NIOBEBILISIMHIZMETLERI)
3	94.138.206.83 94.138.206.83	49126 (AS49126) (AS49126)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
40	2a02:6ea0:c70... 2a02:6ea0:c700::10	60068 (CDN77 ^_^) (CDN77 ^_^)
3	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
2	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	104.75.88.126 104.75.88.126	16625 (AKAMAI-AS) (AKAMAI-AS)
21	185.7.176.221 185.7.176.221	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
2	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
29	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
46	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
3	13.224.192.181 13.224.192.181	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	13.32.119.77 13.32.119.77	16509 (AMAZON-02) (AMAZON-02)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
36	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
3 10	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
28	2a00:1450:400... 2a00:1450:4001:830::2006	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
2 2	18.156.187.34 18.156.187.34	16509 (AMAZON-02) (AMAZON-02)
6 45	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1 5	2606:4700::68... 2606:4700::6812:19ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 4	34.91.62.186 34.91.62.186	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
3 3	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	34.241.245.3 34.241.245.3	16509 (AMAZON-02) (AMAZON-02)
3 3	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
3	185.29.134.245 185.29.134.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
5	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
3 5	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
3 4	185.89.210.153 185.89.210.153	29990 (ASN-APPNEX) (ASN-APPNEX)
2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2	104.102.35.84 104.102.35.84	16625 (AKAMAI-AS) (AKAMAI-AS)
4	88.99.219.174 88.99.219.174	24940 (HETZNER-AS) (HETZNER-AS)
1	95.101.148.198 95.101.148.198	16625 (AKAMAI-AS) (AKAMAI-AS)
3	178.63.52.121 178.63.52.121	24940 (HETZNER-AS) (HETZNER-AS)
4 4	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
3 3	2a05:d018:d29... 2a05:d018:d29:3601:40e6:3444:17d5:43eb	16509 (AMAZON-02) (AMAZON-02)
4 4	37.157.3.20 37.157.3.20	198622 (ADFORM) (ADFORM)
5 5	198.47.127.19 198.47.127.19	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
4 4	216.52.2.6 216.52.2.6	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
2	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
1	2a0b:4d07:102::1 2a0b:4d07:102::1	44239 (PROINITY ...) (PROINITY PROINITY)
1 2	2a01:4f8:d0a:... 2a01:4f8:d0a:2321::2	24940 (HETZNER-AS) (HETZNER-AS)
1	167.233.14.134 167.233.14.134	24940 (HETZNER-AS) (HETZNER-AS)
1	18.171.17.177 18.171.17.177	16509 (AMAZON-02) (AMAZON-02)
1 1	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
4	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
2	85.14.248.91 85.14.248.91	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
3	3.71.149.231 3.71.149.231	16509 (AMAZON-02) (AMAZON-02)
2	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
1 1	151.101.194.49 151.101.194.49	54113 (FASTLY) (FASTLY)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
3 3	52.29.37.7 52.29.37.7	16509 (AMAZON-02) (AMAZON-02)
2 2	35.156.251.164 35.156.251.164	16509 (AMAZON-02) (AMAZON-02)
3 3	46.228.174.117 46.228.174.117	56396 (AMOBEE) (AMOBEE)
1 2	51.89.9.251 51.89.9.251	16276 (OVH) (OVH)
1	18.66.147.98 18.66.147.98	16509 (AMAZON-02) (AMAZON-02)
1	99.86.4.36 99.86.4.36	16509 (AMAZON-02) (AMAZON-02)
2	18.168.234.149 18.168.234.149	() ()
333	49

4 20.60.220.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pcloak.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NIOBEBILISIMHIZMETLERI, TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 94.138.206.83 (Turkey)

ASN49126 (AS49126, TR)

ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a02:6ea0:c700::10 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

cdn.ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.75.88.126 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-126.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 185.7.176.221 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

static.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c1.imgiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng2.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

46 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.192.181 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-192-181.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.119.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-119-77.fra60.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

feed.pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.187.34 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-187-34.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

45 142.250.185.66 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:19ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.91.62.186 (Groningen, Netherlands) 4 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.62.91.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.138 (Frankfurt am Main, Germany) 3 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.241.245.3 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-245-3.eu-west-1.compute.amazonaws.com

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 76.223.111.18 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.134.245 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.80.39.216 (Canada) 3 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.89.210.153 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.102.35.84 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-35-84.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 88.99.219.174 (Falkenstein, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.174.219.99.88.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.101.148.198 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-148-198.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.63.52.121 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.121.52.63.178.clients.your-server.de

hal900020.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 85.114.159.93 (Bad Durrheim, Germany) 4 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:d018:d29:3601:40e6:3444:17d5:43eb (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.3.20 (Denmark) 4 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 198.47.127.19 (United States) 5 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.52.2.6 (United States) 4 redirects

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 145.239.193.130 (France)

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:102::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a01:4f8:d0a:2321::2 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)

cdn.retailads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 167.233.14.134 (Hallbergmoos, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: lb-2.futalis.de

futalis.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.171.17.177 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-171-17-177.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.99.218 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.14.248.91 (Mülheim, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.71.149.231 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.29.37.7 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-37-7.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.156.251.164 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-251-164.eu-central-1.compute.amazonaws.com

a.sportradarserving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 46.228.174.117 (United Kingdom) 3 redirects

ASN56396 (AMOBEE, GB)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.89.9.251 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip251.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-98.fra60.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-36.fra6.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.168.234.149 (None, )

ASN- ()

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
83	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 135 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 160	715 KB
78	doubleclick.net 6 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 216 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 cm.g.doubleclick.net — Cisco Umbrella Rank: 254 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 346	411 KB
43	ye-mek.net ye-mek.net cdn.ye-mek.net	635 KB
28	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 325	1 MB
19	virgul.com static.virgul.com — Cisco Umbrella Rank: 81866 ng.virgul.com — Cisco Umbrella Rank: 65490 ng2.virgul.com — Cisco Umbrella Rank: 74231	233 KB
13	google.com 3 redirects adservice.google.com — Cisco Umbrella Rank: 113 www.google.com — Cisco Umbrella Rank: 10	1 KB
7	redintelligence.net hal9000.redintelligence.net — Cisco Umbrella Rank: 38273 hal900020.redintelligence.net — Cisco Umbrella Rank: 471244	53 KB
6	yahoo.com 3 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 481 ups.analytics.yahoo.com — Cisco Umbrella Rank: 338	2 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 205	336 KB
5	pubmatic.com 5 redirects image6.pubmatic.com — Cisco Umbrella Rank: 812	2 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 635	4 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 391	110 KB
5	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 893 s.tribalfusion.com — Cisco Umbrella Rank: 1946	3 KB
4	lijit.com 4 redirects ap.lijit.com — Cisco Umbrella Rank: 782	3 KB
4	adform.net 4 redirects c1.adform.net — Cisco Umbrella Rank: 633	3 KB
4	adition.com 4 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1777	2 KB
4	openx.net us-u.openx.net — Cisco Umbrella Rank: 496 rtb.openx.net — Cisco Umbrella Rank: 982	766 B
4	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 257	4 KB
4	mathtag.com tags.mathtag.com — Cisco Umbrella Rank: 4796 pixel.mathtag.com — Cisco Umbrella Rank: 1185	3 KB
4	simpli.fi 4 redirects um.simpli.fi — Cisco Umbrella Rank: 981	2 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 353 aax.amazon-adsystem.com — Cisco Umbrella Rank: 438	62 KB
4	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 433 imasdk.googleapis.com — Cisco Umbrella Rank: 500 fonts.googleapis.com — Cisco Umbrella Rank: 88	156 KB
4	windows.net pcloak.blob.core.windows.net	3 KB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 20510 api.webgains.io	32 KB
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 359	1 KB
3	medialead.de 1 redirects pv.medialead.de — Cisco Umbrella Rank: 49812 medialead.de — Cisco Umbrella Rank: 49477	913 B
3	3lift.com 3 redirects eb2.3lift.com — Cisco Umbrella Rank: 422	1 KB
3	rubiconproject.com 3 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 374	1 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	214 KB
2	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 857	489 B
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 613	2 KB
2	sportradarserving.com 2 redirects a.sportradarserving.com — Cisco Umbrella Rank: 2972	1 KB
2	exactag.com m.exactag.com — Cisco Umbrella Rank: 11731	120 B
2	retailads.net 1 redirects cdn.retailads.net — Cisco Umbrella Rank: 131895	6 KB
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1425	326 B
2	360yield.com 2 redirects match.360yield.com — Cisco Umbrella Rank: 2409	812 B
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 1044	2 KB
2	imgiz.com c1.imgiz.com — Cisco Umbrella Rank: 136022	131 KB
2	pghub.io pghub.io — Cisco Umbrella Rank: 2090 feed.pghub.io — Cisco Umbrella Rank: 2360	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 173	89 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 13228	6 KB
2	cloakan.co www.cloakan.co	1 KB
1	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 59854	3 KB
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1372	576 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 44074	609 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 796	543 B
1	webgains.com track.webgains.com — Cisco Umbrella Rank: 39920	2 KB
1	futalis.de futalis.de — Cisco Umbrella Rank: 175361	401 B
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 208307	931 B
1	gstatic.com fonts.gstatic.com	34 KB
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 8041	553 B
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2484	362 B
333	52

	Domain	Requested by
45	cm.g.doubleclick.net	6 redirects ye-mek.net 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com googleads.g.doubleclick.net
40	pagead2.googlesyndication.com	static.virgul.com pagead2.googlesyndication.com 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net www.googletagservices.com
40	cdn.ye-mek.net	ye-mek.net cdn.ye-mek.net
36	tpc.googlesyndication.com	6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com ye-mek.net cdn.ampproject.org pcloak.blob.core.windows.net tpc.googlesyndication.com s0.2mdn.net pagead2.googlesyndication.com
28	s0.2mdn.net	6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com pcloak.blob.core.windows.net s0.2mdn.net
15	googleads.g.doubleclick.net	pagead2.googlesyndication.com pcloak.blob.core.windows.net 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
14	securepubads.g.doubleclick.net	static.virgul.com securepubads.g.doubleclick.net pcloak.blob.core.windows.net ye-mek.net
10	www.google.com	3 redirects 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com ye-mek.net tpc.googlesyndication.com
8	ng.virgul.com	static.virgul.com ye-mek.net
7	6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
7	static.virgul.com	ye-mek.net static.virgul.com pcloak.blob.core.windows.net
6	www.googletagservices.com	6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
5	image6.pubmatic.com	5 redirects
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	cdn.ampproject.org	securepubads.g.doubleclick.net
4	googleads4.g.doubleclick.net	pcloak.blob.core.windows.net
4	ap.lijit.com	4 redirects
4	c1.adform.net	4 redirects
4	dsp.adfarm1.adition.com	4 redirects
4	ng2.virgul.com	ye-mek.net
4	hal9000.redintelligence.net	pcloak.blob.core.windows.net hal900020.redintelligence.net
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	um.simpli.fi	4 redirects
4	a.tribalfusion.com	1 redirects 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
4	pcloak.blob.core.windows.net	pcloak.blob.core.windows.net
3	x.bidswitch.net	3 redirects
3	ups.analytics.yahoo.com	6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
3	pr-bh.ybp.yahoo.com	3 redirects
3	hal900020.redintelligence.net	hal9000.redintelligence.net hal900020.redintelligence.net
3	tags.mathtag.com	6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com tags.mathtag.com
3	eb2.3lift.com	3 redirects
3	pixel.rubiconproject.com	3 redirects
3	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
3	c.amazon-adsystem.com	static.virgul.com c.amazon-adsystem.com
3	www.googletagmanager.com	ye-mek.net adv.office-partner.de www.googletagmanager.com
3	ye-mek.net	www.cloakan.co ye-mek.net
2	api.webgains.io	analytics.webgains.io
2	onetag-sys.com	1 redirects 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
2	sync.1rx.io	2 redirects
2	a.sportradarserving.com	2 redirects
2	rtb.openx.net	6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
2	m.exactag.com	6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com pcloak.blob.core.windows.net
2	cdn.retailads.net	1 redirects futalis.de
2	pv.medialead.de	hal900020.redintelligence.net 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
2	sync.teads.tv	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	fonts.googleapis.com	securepubads.g.doubleclick.net hal900020.redintelligence.net
2	match.360yield.com	2 redirects
2	pm.w55c.net	2 redirects
2	c1.imgiz.com	static.virgul.com c1.imgiz.com
2	connect.facebook.net	ye-mek.net connect.facebook.net
2	images.dmca.com	ye-mek.net
2	www.cloakan.co	pcloak.blob.core.windows.net
1	cdn.track.production.webgains.team	6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
1	analytics.webgains.io	track.webgains.com
1	sync.targeting.unrulymedia.com	1 redirects
1	gcm.ctnsnet.com	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	medialead.de	1 redirects
1	track.webgains.com	pcloak.blob.core.windows.net
1	futalis.de	hal900020.redintelligence.net
1	adv.office-partner.de	hal900020.redintelligence.net
1	pixel.mathtag.com	tags.mathtag.com
1	fonts.gstatic.com	fonts.googleapis.com
1	ads.travelaudience.com	1 redirects
1	s.tribalfusion.com	ye-mek.net
1	imasdk.googleapis.com	c1.imgiz.com
1	feed.pghub.io	pghub.io
1	pghub.io	static.virgul.com
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	s7.addthis.com	ye-mek.net
1	ajax.googleapis.com	ye-mek.net
333	72

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2023-03-22` - `2024-03-22`	a year	crt.sh
cpanel.cloakan.co R3	`2023-05-03` - `2023-08-01`	3 months	crt.sh
www.ye-mek.net RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-11-29` - `2023-07-07`	7 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
1099124734.rsc.cdn77.org R3	`2023-06-13` - `2023-09-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
images.dmca.com R3	`2023-05-13` - `2023-08-11`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
*.virgul.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-24` - `2023-09-28`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-04-09` - `2023-07-08`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
*.imgiz.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-27` - `2023-09-09`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.mathtag.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-30` - `2024-04-29`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
teads.tv R3	`2023-06-26` - `2023-09-24`	3 months	crt.sh
redintelligence.net R3	`2023-06-09` - `2023-09-07`	3 months	crt.sh
pixel.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2023-05-07` - `2024-05-07`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-07` - `2024-05-06`	a year	crt.sh
pv.medialead.de R3	`2023-06-14` - `2023-09-12`	3 months	crt.sh
adv.office-partner.de R3	`2023-06-30` - `2023-09-28`	3 months	crt.sh
*.futalis.de R3	`2023-06-16` - `2023-09-14`	3 months	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2023-04-03` - `2024-05-03`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-02-21` - `2023-08-16`	6 months	crt.sh
cdn.retailads.net Encryption Everywhere DV TLS CA - G2	`2023-05-18` - `2024-05-17`	a year	crt.sh
*.webgains.io Amazon RSA 2048 M02	`2023-03-02` - `2023-09-21`	7 months	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M01	`2023-02-28` - `2023-10-28`	8 months	crt.sh

This page contains 37 frames:

Primary Page: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Frame ID: 0EDB2465C4E8C61ABA84FBA27F6B353F
Requests: 6 HTTP requests in this frame

Frame: https://ye-mek.net/
Frame ID: 0E33288E42CFC25F965C0859CD3FAAFC
Requests: 93 HTTP requests in this frame

Frame: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Frame ID: 4D46F4CD65342D1D1225A9ED206C97A5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230627/r20190131/zrt_lookup.html
Frame ID: 4F14957EC6102B46936993529C8432A1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688165524989&bpp=3&bdt=721&idt=104&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&nras=1&correlator=4295001838546&frm=24&ife=1&pv=2&ga_vid=238289290.1688165525&ga_sid=1688165525&ga_hid=1950052761&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C31075625%2C31075758%2C44788442&oid=2&pvsid=1720949175410743&tmod=31284352&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.qgwghgjghm67&fsb=1&dtd=117
Frame ID: 541D6B5E41A9D14002F12B76C31AE9E0
Requests: 1 HTTP requests in this frame

Frame: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 3BEBB8B0A1AA6921A69F8FD27F416280
Requests: 1 HTTP requests in this frame

Frame: https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D
Frame ID: 237A6F262A67517F3FFAE46E8CD715AA
Requests: 1 HTTP requests in this frame

Frame: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 714F4C6B63A3DC05D09BD60E7F4C6F89
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 744AFFEC764B0A368852FB69969D8563
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9194260CB8E8ECFFEE0F4D8B7CA354A0
Requests: 9 HTTP requests in this frame

Frame: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 11C88C763D078265F24A6C7E1657EA6C
Requests: 19 HTTP requests in this frame

Frame: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 8B53FDD9B5C1541A67637312FE13C44A
Requests: 21 HTTP requests in this frame

Frame: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: BD791D9B294D10AA47BC5E79BFC8F1A6
Requests: 20 HTTP requests in this frame

Frame: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 291FFD738815EE7CD21D8353447BAD3E
Requests: 14 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012306200257000/amp4ads-v0.mjs
Frame ID: 11562DF6DF286F6F0C345320D253D968
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4Lo4gEwAQ&v=APEucNWe8iD4aVMb-u5Zgzm6rvBbcQFZ91EFUjfUpC-_bRHzuQzj4NF1GsYUdAro0koVtPej4mpFyxg3TE5M-cSaBZinyS8VGgJtse2fnuTi4WRjjsOue23KJw1EKsRQQ6qAyC0VQbz5MdgbLOqWvcqRcoIBaTZ2mxn6xby9xcULAaOhMvKWLlc
Frame ID: F8789320AECE9365D7A43526B100E6D6
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4Lo4gEwAQ&v=APEucNU_aCh5hDI1jkpJ-WJsqu4J_sUFPl_bHY_Fl8Xq1Ol-nEOOeTw43Ln8Y3W1GHtRHmwdAfyG7BhqRilPAfVxtS1xQ3BuHLM-c0UhURRHtdrReqVFNj5ATGcUA3-8vBUR_f8P9pvKX_66IiSzARWe-QYv-EtWTNo2bT_9iRuycGT8Sldxoew
Frame ID: 2120AE1D2625BCB6C6174DFDFB6EB78B
Requests: 5 HTTP requests in this frame

Frame: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 0DA2E93789F35401AC4149DBE1BF9A82
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 5BC631860022717C819E805B130401F5
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: CE1CBC296742F96BBFB472890FBEC245
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 2C60E3DC4FD218208F586CBEB582A22A
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 141C5CE8F40A585EF92471FCE71954EB
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: F62D6C216C4746B9F792E2FB2FD01556
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 64E0161D66432EEEFA0151C11984843E
Requests: 9 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=49013000003019200951389012372020&t=htlp&gdpr=1&consent=1&gdpr_consent=li
Frame ID: 1CF54647A42DE1728363F61C463ECFC0
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: F31DE3B9AD9F9B258D0D558E37822D01
Requests: 3 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2835770517
Frame ID: 95B1C8A37D2A47724867E80091AF6714
Requests: 2 HTTP requests in this frame

Frame: https://hal900020.redintelligence.net/request_content.php?s=49013000003019200951389012372020&a=a54aa62f
Frame ID: 9E9C680C9D636CBA7206F0FAFDE30736
Requests: 6 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=pg1Uh1dWX8&t=1&renderingType=2&ev=01_250
Frame ID: 8CD7C4DDD7B9EFAA44825289D5D9B1B9
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4A1D111CC93A61EF9E7BFC8A88595737
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C345DF0956FECBB9C47B2533D1FBCA10
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=nMWscgejZt&t=1&renderingType=2&ev=01_250
Frame ID: 1999E69DE2A633F9A261E1EB09C6132E
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 72C6D8F08C8124BF12254DAFFCD99EB6
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js
Frame ID: 204A6C4AF7D450D95072E8DBACFE62C8
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js
Frame ID: 5F0ABFAEAC09AEEE891F43DD0CF51ED5
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 63E515D902F21246346A1BFF5AD189E7
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9C47196C88B4646236FCF9FC4E4E7B89
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

333
Requests

88 %
HTTPS

29 %
IPv6

52
Domains

72
Subdomains

49
IPs

10
Countries

4460 kB
Transfer

9761 kB
Size

42
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 107

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEIqcwNUgZOMEhfasuKufz9M&google_cver=1&google_push=AaAOQGHcDAAUO9LsdSg1ZfxonOJapvFlfARpuxivx-DL3Zr29wXMEtsc-h5JOyY67DsjfyGEYpZRhXv4WWlz0R58WQh2WrNY973Y HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEIqcwNUgZOMEhfasuKufz9M&google_cver=1&google_push=AaAOQGHcDAAUO9LsdSg1ZfxonOJapvFlfARpuxivx-DL3Zr29wXMEtsc-h5JOyY67DsjfyGEYpZRhXv4WWlz0R58WQh2WrNY973Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MXNjejdOMWMxUWZtWWQ1&google_gid=CAESEIqcwNUgZOMEhfasuKufz9M&google_cver=1&google_push=AaAOQGHcDAAUO9LsdSg1ZfxonOJapvFlfARpuxivx-DL3Zr29wXMEtsc-h5JOyY67DsjfyGEYpZRhXv4WWlz0R58WQh2WrNY973Y

Request Chain 108

https://a.tribalfusion.com/i.match?p=b6&u=CAESEPmAg2_rcpuNJKgaRiw3xKU&google_cver=1&google_push=AaAOQGHh1iSbHyhO1DPIZ80Vaa9THdWtEbW_dh9FebnYc7Zwgl-2hBDOm03h8SFg82GY7E8KmgNRZHAPh-nziDrQMkbjmRmiWD4_&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGHh1iSbHyhO1DPIZ80Vaa9THdWtEbW_dh9FebnYc7Zwgl-2hBDOm03h8SFg82GY7E8KmgNRZHAPh-nziDrQMkbjmRmiWD4_%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPmAg2_rcpuNJKgaRiw3xKU&google_cver=1&google_push=AaAOQGHh1iSbHyhO1DPIZ80Vaa9THdWtEbW_dh9FebnYc7Zwgl-2hBDOm03h8SFg82GY7E8KmgNRZHAPh-nziDrQMkbjmRmiWD4_&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGHh1iSbHyhO1DPIZ80Vaa9THdWtEbW_dh9FebnYc7Zwgl-2hBDOm03h8SFg82GY7E8KmgNRZHAPh-nziDrQMkbjmRmiWD4_%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 109

https://um.simpli.fi/gp_match?google_gid=CAESEDigz6oZXeZucXY5EdOQ8TQ&google_cver=1&google_push=AaAOQGGtc0Oda8UyrwUIUVWHrRDCiMkpFDAuzyF5iYnuku3D60GcXXIxFENcwJAYVj2ei9HTzIPmB77Zp_je7YcO4ixB4_fii92S HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=38F3C3DB873A4D0BA09CE1B8DE868BD8&google_push=AaAOQGGtc0Oda8UyrwUIUVWHrRDCiMkpFDAuzyF5iYnuku3D60GcXXIxFENcwJAYVj2ei9HTzIPmB77Zp_je7YcO4ixB4_fii92S

Request Chain 110

https://ads.travelaudience.com/google_pixel?google_gid=CAESEEN_1AfyFeCNVFw1ourIhks&google_cver=1&google_push=AaAOQGGuvOw2GrCylv--pTWGEiBiTc1eauZfO9xbktYtgUDiCtRz1XI1A61ZPKGFpuRwUbNoh8f8pyPtZAbvCiFXmUR597znFV2d HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Cc3K5Qi1S8qSPD_8si_fmQ2&google_push=AaAOQGGuvOw2GrCylv--pTWGEiBiTc1eauZfO9xbktYtgUDiCtRz1XI1A61ZPKGFpuRwUbNoh8f8pyPtZAbvCiFXmUR597znFV2d

Request Chain 111

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBRVxvEXb29qRyr9-dv7yRg&google_cver=1&google_push=AaAOQGFdOk0KDlshtIyjl8asAKec4KbTENkTbB4V9vpeM4kDYEvoB8PvtrpfT1n9jApFcbuTd5wdCJTPgelNTFsQ-kMHW1PtZLXU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpKNjYwQ0gtWi1CTzNI&google_push=AaAOQGFdOk0KDlshtIyjl8asAKec4KbTENkTbB4V9vpeM4kDYEvoB8PvtrpfT1n9jApFcbuTd5wdCJTPgelNTFsQ-kMHW1PtZLXU

Request Chain 112

https://match.360yield.com/match/ebda?google_gid=CAESEC3vPUNV4sOs12JZ1LGaGHk&google_cver=1&google_push=AaAOQGF7Fvv7l7YdMPO_BypcJmWaXUMvS_EeI8mYw4zORYP3v8nDFhH3xWU7ESfVdagaXAT0CDxmUxWxbja7s_aARwskEu2t_fzi HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEC3vPUNV4sOs12JZ1LGaGHk&google_cver=1&google_push=AaAOQGF7Fvv7l7YdMPO_BypcJmWaXUMvS_EeI8mYw4zORYP3v8nDFhH3xWU7ESfVdagaXAT0CDxmUxWxbja7s_aARwskEu2t_fzi HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9k7771emT7uyaMWIjPCliw&google_push=AaAOQGF7Fvv7l7YdMPO_BypcJmWaXUMvS_EeI8mYw4zORYP3v8nDFhH3xWU7ESfVdagaXAT0CDxmUxWxbja7s_aARwskEu2t_fzi

Request Chain 113

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEO8Eyl_gbkP3x_mamTLiCRU&google_cver=1&google_push=AaAOQGETNP1WbM20cZB4AElrpi8KbAz1m3rWb2K0GTN6zbzox5UX0QE_dGKihNH5pEeVqnyZjl5hMs7rr4R4EyqPVkiENOosUeTo HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AaAOQGETNP1WbM20cZB4AElrpi8KbAz1m3rWb2K0GTN6zbzox5UX0QE_dGKihNH5pEeVqnyZjl5hMs7rr4R4EyqPVkiENOosUeTo&google_gid=CAESEO8Eyl_gbkP3x_mamTLiCRU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTM1MDQ3OTYxNjIzMTMwNjA1Mzg5&google_push=AaAOQGETNP1WbM20cZB4AElrpi8KbAz1m3rWb2K0GTN6zbzox5UX0QE_dGKihNH5pEeVqnyZjl5hMs7rr4R4EyqPVkiENOosUeTo

Request Chain 115

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 165

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGEgYZPZKA1rPbXPU8C8-_0&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGEgYZPZKA1rPbXPU8C8-_0&google_cver=1&C=1

Request Chain 166

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJ9clnyK0eZzOFLIHqvncQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGEgYZPZKA1rPbXPU8C8-_0&google_cver=1

Request Chain 167

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEKovGhQ8XyIk0bTIbPkpX30&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEKovGhQ8XyIk0bTIbPkpX30%26google_cver%3D1

Request Chain 168

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTUyMTc2ODM3MTg0MDk0MjkyMg%3D%3D

Request Chain 169

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFaLzMY3uyaa1GKA8KX4Ess&google_cver=1

Request Chain 171

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEEq3807gKdHyA8E94-lXxTo&google_cver=1

Request Chain 219

https://um.simpli.fi/gp_match?google_gid=CAESEDigz6oZXeZucXY5EdOQ8TQ&google_cver=1&google_push=AaAOQGHSuC0DJx0cwweq_T595E9pSCYdMdm5BT5D42Kz0zDNrVeKQsPRUKZ8a6Q7u3C2HkZ1MxycqMpyGKyCDG0MY1x8g0UvMfd6 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=38F3C3DB873A4D0BA09CE1B8DE868BD8&google_push=AaAOQGHSuC0DJx0cwweq_T595E9pSCYdMdm5BT5D42Kz0zDNrVeKQsPRUKZ8a6Q7u3C2HkZ1MxycqMpyGKyCDG0MY1x8g0UvMfd6

Request Chain 220

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEIDQyg24a2dooYvR4O8fd8Y&google_cver=1&google_push=AaAOQGHGQnZOMf98kYL_Tz0bjtBZHZzs_ZE_3eqKy3JFwfyWkLTW4isl4ETu3SZX74tH8E0_J5pRHF6Z19oQMls79LWaqF8qcoDC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDYxNTcyNDQxNDU5NzI2Mw%3D%3D&google_push=AaAOQGHGQnZOMf98kYL_Tz0bjtBZHZzs_ZE_3eqKy3JFwfyWkLTW4isl4ETu3SZX74tH8E0_J5pRHF6Z19oQMls79LWaqF8qcoDC

Request Chain 221

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEO9ODDjHBrmFM7eYn-3Ny28&google_cver=1&google_push=AaAOQGH7EHob7UCy25yGjfHV6CVPCg72a2ejdj65UBqUPB9w02M9Ny27eAu6Vu_ybsW0jxHosh2H5VS3jkPXxluZRFgLXoJKCUhv HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGH7EHob7UCy25yGjfHV6CVPCg72a2ejdj65UBqUPB9w02M9Ny27eAu6Vu_ybsW0jxHosh2H5VS3jkPXxluZRFgLXoJKCUhv&google_hm=eS0zejZVRmhsRTJwR3YuMTB6RVg1azZ3V3FIWVM2Qld5aX5B

Request Chain 222

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEJNnSdTdR8LzJLRUTo8Rbyo&google_cver=1&google_push=AaAOQGGPEa69VyCea1wrCE6JHuFsOjiB76RqF5bZlHqC7rTSEYvRB83sAS2Vpb6XPk63wECGQOe2WfuMY2_LcY69oefLXOQThi0m HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEJNnSdTdR8LzJLRUTo8Rbyo&google_cver=1&google_push=AaAOQGGPEa69VyCea1wrCE6JHuFsOjiB76RqF5bZlHqC7rTSEYvRB83sAS2Vpb6XPk63wECGQOe2WfuMY2_LcY69oefLXOQThi0m HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjQ5NzAwMjYzNDQzNDEwODM5Nw&google_push=AaAOQGGPEa69VyCea1wrCE6JHuFsOjiB76RqF5bZlHqC7rTSEYvRB83sAS2Vpb6XPk63wECGQOe2WfuMY2_LcY69oefLXOQThi0m

Request Chain 223

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEE2OghBKzPkf9ytY-XzEDfY&google_cver=1&google_push=AaAOQGHDR6_BOYusvGZXxFZCKKunJCYS53fec8pUPKC20hx3-UZR_NspqGVzTMZbOWTUpBEpyzU6ki-zCGHSjo8Yfns5bDjdld0 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEE2OghBKzPkf9ytY-XzEDfY&google_cver=1&google_push=AaAOQGHDR6_BOYusvGZXxFZCKKunJCYS53fec8pUPKC20hx3-UZR_NspqGVzTMZbOWTUpBEpyzU6ki-zCGHSjo8Yfns5bDjdld0&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=sKkDfLY7TFm_IeUzdPu9Kg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHDR6_BOYusvGZXxFZCKKunJCYS53fec8pUPKC20hx3-UZR_NspqGVzTMZbOWTUpBEpyzU6ki-zCGHSjo8Yfns5bDjdld0

Request Chain 224

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGjMmFUtRbJyjXIBI1a2nrE&google_cver=1&google_push=AaAOQGFDIEOH9S4PrwcKhT8HlbF4r4rCBeuthtMLL-yQhf06vG1SXhG2_n-qJB77_IqJZiJoC-9L7_1cVYtSMTeT95mCYeR_MR3u HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGjMmFUtRbJyjXIBI1a2nrE&google_cver=1&google_push=AaAOQGFDIEOH9S4PrwcKhT8HlbF4r4rCBeuthtMLL-yQhf06vG1SXhG2_n-qJB77_IqJZiJoC-9L7_1cVYtSMTeT95mCYeR_MR3u&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGFDIEOH9S4PrwcKhT8HlbF4r4rCBeuthtMLL-yQhf06vG1SXhG2_n-qJB77_IqJZiJoC-9L7_1cVYtSMTeT95mCYeR_MR3u&google_hm=G55cqGZHzW6HPrBdSDqXggYa

Request Chain 228

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 231

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=49013000003019200951389012372020&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2835770517

Request Chain 234

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=49013000003019200951389012372020&t=htlp&gdpr=1&consent=1&gdpr_consent=li HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=49013000003019200951389012372020&t=htlp&gdpr=1&consent=1&gdpr_consent=li

Request Chain 239

https://um.simpli.fi/gp_match?google_gid=CAESEDigz6oZXeZucXY5EdOQ8TQ&google_cver=1&google_push=AaAOQGHpSqSIrfZyNFDKxFFWAST78_hDTna-v1xTM9Vkwq_HTtv2ic9trkR02OyNAg5Yc5aesbTj6xKN3ZXfqh2fKy_KoCo2ORXD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=38F3C3DB873A4D0BA09CE1B8DE868BD8&google_push=AaAOQGHpSqSIrfZyNFDKxFFWAST78_hDTna-v1xTM9Vkwq_HTtv2ic9trkR02OyNAg5Yc5aesbTj6xKN3ZXfqh2fKy_KoCo2ORXD

Request Chain 240

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEIDQyg24a2dooYvR4O8fd8Y&google_cver=1&google_push=AaAOQGGcRuAH36JQ0YL95qXHJikQzb7BRsNA6n53cG0PL3fl-vMYp0ltv7jhpe9W3bEWKB93yNCQXgPowj3veyCI5kiehlN9yclC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDYxNTcyNDQxNDU5NzI2Mw%3D%3D&google_push=AaAOQGGcRuAH36JQ0YL95qXHJikQzb7BRsNA6n53cG0PL3fl-vMYp0ltv7jhpe9W3bEWKB93yNCQXgPowj3veyCI5kiehlN9yclC

Request Chain 241

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEO9ODDjHBrmFM7eYn-3Ny28&google_cver=1&google_push=AaAOQGGFqL1s4OWF8HQHIGK0kGzkwUCNV8_4Prq59rwejMW0uMx3lPzkK8RigrFH3RrLSxmUELltpshJirYVfcWJE6DQTpoXISRP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGGFqL1s4OWF8HQHIGK0kGzkwUCNV8_4Prq59rwejMW0uMx3lPzkK8RigrFH3RrLSxmUELltpshJirYVfcWJE6DQTpoXISRP&google_hm=eS1TWXguZ1FCRTJwRUhMWU9VUHZRcmUzMTVEa3gya3VTTH5B

Request Chain 242

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEE2OghBKzPkf9ytY-XzEDfY&google_cver=1&google_push=AaAOQGFZzwKajw2LdbpkTnpECwVNH_F_wlIdECFOBc3PKDqbZ_yBgqJ5rKYztx0heox2qGGYJtBu2xq-v7X5g7mqwLeRp35XJusv HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Juyf_i7qSJemZbaGU52dHA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGFZzwKajw2LdbpkTnpECwVNH_F_wlIdECFOBc3PKDqbZ_yBgqJ5rKYztx0heox2qGGYJtBu2xq-v7X5g7mqwLeRp35XJusv

Request Chain 243

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGjMmFUtRbJyjXIBI1a2nrE&google_cver=1&google_push=AaAOQGEu4ZqI1IWDDAxUOkpMK18JobuRh4NI7yehSB9oSog_6eLFiHqF4PZV4Udn0A0auWyQKN7eCx7eTy5hiMZMQ-WZOdvrGcAy HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGEu4ZqI1IWDDAxUOkpMK18JobuRh4NI7yehSB9oSog_6eLFiHqF4PZV4Udn0A0auWyQKN7eCx7eTy5hiMZMQ-WZOdvrGcAy&google_hm=G55cqGZHzW6HPrBdSDqXggYa

Request Chain 246

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEIDQyg24a2dooYvR4O8fd8Y&google_cver=1&google_push=AaAOQGGXAbocyJybqDBBaypp7X5CMzX0pbSkaSaDxy7UwnUr22VGxaaKZ1fZ3fmKi11WRDHi7ndckutJ9mLYr3fPoKYWzKqhqtyJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDYxNTcyNDQxNDU5NzI2Mw%3D%3D&google_push=AaAOQGGXAbocyJybqDBBaypp7X5CMzX0pbSkaSaDxy7UwnUr22VGxaaKZ1fZ3fmKi11WRDHi7ndckutJ9mLYr3fPoKYWzKqhqtyJ

Request Chain 247

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEO9ODDjHBrmFM7eYn-3Ny28&google_cver=1&google_push=AaAOQGH-4NrmChWYogvuBlFR66DQnWHmDeKErog1jLaXX8Xzze7ZU9jCrP09trMHfb-0aLjeHD76e4qLkv3fwb55eoQG6IfWRIoc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGH-4NrmChWYogvuBlFR66DQnWHmDeKErog1jLaXX8Xzze7ZU9jCrP09trMHfb-0aLjeHD76e4qLkv3fwb55eoQG6IfWRIoc&google_hm=eS1zdmtldTExRTJwRXNSSzVxSVp4dVEwSGw0dk9Tb3prTH5B

Request Chain 248

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEJNnSdTdR8LzJLRUTo8Rbyo&google_cver=1&google_push=AaAOQGEkCYCDQpo8BnVgL2DlMjDO0pRN14rNIHVseU_KiPrmVmWAliB0msPXWdImCr1Mp_qMKBbKs72_EQ1jV9zC3A1WpJ17mTRR HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEJNnSdTdR8LzJLRUTo8Rbyo&google_cver=1&google_push=AaAOQGEkCYCDQpo8BnVgL2DlMjDO0pRN14rNIHVseU_KiPrmVmWAliB0msPXWdImCr1Mp_qMKBbKs72_EQ1jV9zC3A1WpJ17mTRR HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYzNDg0MDgyNTU0MDUyMDU3MQ&google_push=AaAOQGEkCYCDQpo8BnVgL2DlMjDO0pRN14rNIHVseU_KiPrmVmWAliB0msPXWdImCr1Mp_qMKBbKs72_EQ1jV9zC3A1WpJ17mTRR

Request Chain 250

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEE2OghBKzPkf9ytY-XzEDfY&google_cver=1&google_push=AaAOQGGxct0q71P-txZ2yVZCMLkSv-hxhZysdTMT8KYqa8qjphEAKI3grMyeolI4KdX6YOTDWT8u1ybq9-CmJoBbYPYAV5aKDT4J HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=sKkDfLY7TFm_IeUzdPu9Kg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGGxct0q71P-txZ2yVZCMLkSv-hxhZysdTMT8KYqa8qjphEAKI3grMyeolI4KdX6YOTDWT8u1ybq9-CmJoBbYPYAV5aKDT4J

Request Chain 251

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGjMmFUtRbJyjXIBI1a2nrE&google_cver=1&google_push=AaAOQGHKj9ADN60jXyp-Q9vKizid_V-NgMY_emUuV3wPvxNEph3mpObQVydQtE6j5wnO9CnTaJJQ_nAyiQ2Mxxvsy0fJIAEir0sE HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGHKj9ADN60jXyp-Q9vKizid_V-NgMY_emUuV3wPvxNEph3mpObQVydQtE6j5wnO9CnTaJJQ_nAyiQ2Mxxvsy0fJIAEir0sE&google_hm=G55cqGZHzW6HPrBdSDqXggYa

Request Chain 257

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 268

https://um.simpli.fi/gp_match?google_gid=CAESEDigz6oZXeZucXY5EdOQ8TQ&google_cver=1&google_push=AaAOQGGaA8hQ0EMy8XUnpubxEoPQ5S52_xPagHFO_QQsuspF6m_CxJmXFc0RqT6aZ1R0aCVyo8UEnniKlAMfRexLGLoY0uFPKHAv HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=38F3C3DB873A4D0BA09CE1B8DE868BD8&google_push=AaAOQGGaA8hQ0EMy8XUnpubxEoPQ5S52_xPagHFO_QQsuspF6m_CxJmXFc0RqT6aZ1R0aCVyo8UEnniKlAMfRexLGLoY0uFPKHAv

Request Chain 269

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEIDQyg24a2dooYvR4O8fd8Y&google_cver=1&google_push=AaAOQGGYCJ1bPptEGZP6gaKsQY3IU595pPIq5-IfUuRg8vloE2QwUNR1hNEnpucJ7x8CCeC3fSzCRG-MPMcu50XioWairu5MrKbwfw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDYxNTcyNDQxNDU5NzI2Mw%3D%3D&google_push=AaAOQGGYCJ1bPptEGZP6gaKsQY3IU595pPIq5-IfUuRg8vloE2QwUNR1hNEnpucJ7x8CCeC3fSzCRG-MPMcu50XioWairu5MrKbwfw

Request Chain 271

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEE2OghBKzPkf9ytY-XzEDfY&google_cver=1&google_push=AaAOQGGcoEY3oCxV7lAKeZIdKopnQD_GMQhXNiHhcwdCDreR_6kgg4D_ggluhDzg6K4p0RYJmDUXNmb185xnRvEbod3_ne_bRyjc6w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=sKkDfLY7TFm_IeUzdPu9Kg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGGcoEY3oCxV7lAKeZIdKopnQD_GMQhXNiHhcwdCDreR_6kgg4D_ggluhDzg6K4p0RYJmDUXNmb185xnRvEbod3_ne_bRyjc6w

Request Chain 272

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBRVxvEXb29qRyr9-dv7yRg&google_cver=1&google_push=AaAOQGFGplqXdnzMXtQM3ij4rueqJyTcC1tB6-fnaisNt9jrzisnHCrmyTFI8XE-at5oWUSOCfxa9oGJxHRFU5MEV18pMUbPbVSUYQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpKNjYwWTItMUYtRjgwQQ==&google_push=AaAOQGFGplqXdnzMXtQM3ij4rueqJyTcC1tB6-fnaisNt9jrzisnHCrmyTFI8XE-at5oWUSOCfxa9oGJxHRFU5MEV18pMUbPbVSUYQ

Request Chain 279

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEAvBj4bufCXJawCGbQ4m0OE&google_cver=1&google_push=AaAOQGEr9VPRggNDJoLPX9wPKNderxfs2EY23kzZ_Z8MEg0-7vqm1DMbFCodrulRNGB5XRVQnI5iaIJQZ3kEnK989uyg2Yqcv5Fm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAvBj4bufCXJawCGbQ4m0OE&google_push=AaAOQGEr9VPRggNDJoLPX9wPKNderxfs2EY23kzZ_Z8MEg0-7vqm1DMbFCodrulRNGB5XRVQnI5iaIJQZ3kEnK989uyg2Yqcv5Fm

Request Chain 280

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESECv1iJuqU_LY9hyWPXsETpc&google_cver=1&google_push=AaAOQGHw2H4BQAe3h1xA24tOuSBgsE9VH7j_JamYzkwavApOPEVqsp1jGFhAyT9kC52qb6ud6uQsMjocmu3V_iu0GAPTKOsUrtEE_A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGHw2H4BQAe3h1xA24tOuSBgsE9VH7j_JamYzkwavApOPEVqsp1jGFhAyT9kC52qb6ud6uQsMjocmu3V_iu0GAPTKOsUrtEE_A&google_hm=VxEFfcxyTji2h6lM74k5PEk

Request Chain 281

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESED6OaeOvhPHFXlnCy7Plsz0&google_cver=1&google_push=AaAOQGE3r4H6YKqWAD0Ul49SgukjW7nraec0oTJwoI7d8DkHiu4kMaWd8RrICWcL99YPuouDW6h36dxGk6e3ggLxg3BE0d_W970DJA HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESED6OaeOvhPHFXlnCy7Plsz0&google_cver=1&google_push=AaAOQGE3r4H6YKqWAD0Ul49SgukjW7nraec0oTJwoI7d8DkHiu4kMaWd8RrICWcL99YPuouDW6h36dxGk6e3ggLxg3BE0d_W970DJA HTTP 302
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=google HTTP 302
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google HTTP 302
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=bbe7c7b8-31c8-4b01-9f71-8190ed8e0721&ssp=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGE3r4H6YKqWAD0Ul49SgukjW7nraec0oTJwoI7d8DkHiu4kMaWd8RrICWcL99YPuouDW6h36dxGk6e3ggLxg3BE0d_W970DJA&google_hm=LLgcxovIQ3mfz3V5kAP26Q==

Request Chain 282

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBRVxvEXb29qRyr9-dv7yRg&google_cver=1&google_push=AaAOQGEnQifpVz8Vy6IvHdRiRQj-Mzi4Jw792qSH9MoIAcw3oOG7lGRoNW6pVvJshoLIJL1L_i4BVK8ZYc3M97IX8NLDVVyeKr1d0A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpKNjYwWlEtNS1HVjhH&google_push=AaAOQGEnQifpVz8Vy6IvHdRiRQj-Mzi4Jw792qSH9MoIAcw3oOG7lGRoNW6pVvJshoLIJL1L_i4BVK8ZYc3M97IX8NLDVVyeKr1d0A

Request Chain 283

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEJNCx_1Uqu-s72W2EKTGTCA&google_cver=1&google_push=AaAOQGGQ_s9lH9wtEROMlAYOIXehXsq6skPH-Syh3p5IXmw_JWUTaJi6M2LG8lobJFDM664zprVtENZhuWGwral95p9iTCnaNoa4vg HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AaAOQGGQ_s9lH9wtEROMlAYOIXehXsq6skPH-Syh3p5IXmw_JWUTaJi6M2LG8lobJFDM664zprVtENZhuWGwral95p9iTCnaNoa4vg&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1688165526705 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-0072ec52-ae03-4b82-964b-44d53e52249a-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAaAOQGGQ_s9lH9wtEROMlAYOIXehXsq6skPH-Syh3p5IXmw_JWUTaJi6M2LG8lobJFDM664zprVtENZhuWGwral95p9iTCnaNoa4vg%26google_hm%3DAwBy7FKuA0uClktE1T5SJJo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGGQ_s9lH9wtEROMlAYOIXehXsq6skPH-Syh3p5IXmw_JWUTaJi6M2LG8lobJFDM664zprVtENZhuWGwral95p9iTCnaNoa4vg&google_hm=AwBy7FKuA0uClktE1T5SJJo

Request Chain 284

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEO8Eyl_gbkP3x_mamTLiCRU&google_cver=1&google_push=AaAOQGFrZtgZBgcjp1oN2ypJX6EM33GxTFb9cdRM2-ycEpKA0XatiLVfnR3A9el-v8pjm9iviq6Rd5Mo31GjaFwvdzDZLLekEv72 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTM1MDQ3OTYxNjIzMTMwNjA1Mzg5&google_push=AaAOQGFrZtgZBgcjp1oN2ypJX6EM33GxTFb9cdRM2-ycEpKA0XatiLVfnR3A9el-v8pjm9iviq6Rd5Mo31GjaFwvdzDZLLekEv72

Request Chain 285

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEPSGEkzcVThv8EANCn1Bo8A&google_cver=1&google_push=AaAOQGFwaAyfnllIH7bzcRX_eVWtM_3w1t7cviKRAPhw_RF-l_It08QUUeKG0t7Fx05B_WRGE6hoSN4gZGA8NEufBGkvJlVBPFwYCw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGFwaAyfnllIH7bzcRX_eVWtM_3w1t7cviKRAPhw_RF-l_It08QUUeKG0t7Fx05B_WRGE6hoSN4gZGA8NEufBGkvJlVBPFwYCw HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

333 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 6x6uf5z9e3262.html Show response
pcloak.blob.core.windows.net/web/ 1 KB
2 KB 419ms
100ms Document
text/html 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 22fee539734d38c9e84e3982188b21bafc9457236279a136ce1b3b9d55667437

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 1324
Content-MD5: XPHdOVCmWyxrVVstkB9xGw==
Content-Type: text/html
Date: Fri, 30 Jun 2023 22:52:02 GMT
ETag: 0x8DB5ED08476F0C5
Last-Modified: Sat, 27 May 2023 16:36:27 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 2bac9f21-c01e-001e-2ea5-abaed5000000
x-ms-version: 2009-09-19

GET
H/1.1 404
The specified blob does not exist. jquery.min.js
pcloak.blob.core.windows.net/web/ 0
0 95ms
94ms Script
application/xml 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/jquery.min.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-request-id: 2bac9fa7-c01e-001e-23a5-abaed5000000
Date: Fri, 30 Jun 2023 22:52:02 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 200
OK cloakan.js Show response
pcloak.blob.core.windows.net/web/ 308 B
717 B 286ms
95ms Script
text/javascript 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 30 Jun 2023 22:52:02 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: zPiKctHo6j8i1UGOFPpInw==
ETag: 0x8DA4D4A263C11C2
Content-Type: text/javascript
x-ms-request-id: 2baca09f-c01e-001e-7aa5-abaed5000000
x-ms-version: 2009-09-19
Content-Length: 308

GET
H/1.1 200
OK style.css
pcloak.blob.core.windows.net/web/ 166 B
568 B 190ms
96ms Stylesheet
text/css 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/style.css
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 30 Jun 2023 22:52:02 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 9ruAIrm4XHnQO3/sM8J0AQ==
ETag: 0x8DA4D4A26527CA0
Content-Type: text/css
x-ms-request-id: 2baca00a-c01e-001e-7ba5-abaed5000000
x-ms-version: 2009-09-19
Content-Length: 166

GET
H2 200 px.php Show response
www.cloakan.co/ 743 B
681 B 268ms
133ms XHR
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/px.php?id=6x6uf5z9e3262
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:00 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 404

GET
H2 200 nv.php Show response
www.cloakan.co/ 232 B
385 B 252ms
141ms Script
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/nv.php?id=6x6uf5z9e3262-m
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:01 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 112

GET
H2 200 / Show response
ye-mek.net/ Frame 0E33 77 KB
78 KB 196ms
54ms Document
text/html 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/
Requested by: Host: www.cloakan.co
URL: https://www.cloakan.co/nv.php?id=6x6uf5z9e3262-m
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 639bf56a0531ed5bb0e272832626286b9d06daeed7c0a8f6a008cf652b4daa94

Request headers

Referer: https://pcloak.blob.core.windows.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-length: 79186
content-type: text/html; charset=utf-8
date: Fri, 30 Jun 2023 22:52:03 GMT
expires: -1
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame 0E33 90 KB
33 KB 38ms
7ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:06:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 193540
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33018
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 27 Jun 2024 17:06:24 GMT

GET
H2 200 yemeknet.js Show response
ye-mek.net/js/ Frame 0E33 10 KB
2 KB 78ms
77ms Script
application/javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/js/yemeknet.js?v=1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Fri, 30 Jun 2023 22:52:03 GMT
content-encoding: br
last-modified: Tue, 20 Aug 2019 13:15:54 GMT
server: Microsoft-IIS/10.0
etag: "0a144655957d51:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=691200
accept-ranges: bytes
content-length: 2179

GET
H2 200 maincss.css
cdn.ye-mek.net/ Frame 0E33 40 KB
12 KB 82ms
17ms Stylesheet
text/css 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ye-mek.net/maincss.css?v=434
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 6356122
x-accel-date: 1681809402
x-77-nzt: AcO1rw5X6l7/mvxgAA
x-accel-expires: @1713345402
last-modified: Tue, 24 Nov 2020 00:00:32 GMT
server: CDN77-Turbo
etag: W/"5fbc4d20-9e5b"
x-77-nzt-ray: 908339308477e47a945c9f64287f6714
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 0E33 233 KB
82 KB 42ms
21ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6B70JBQEWN

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8ea1071252699fbd6695ad709d08085eb7981d7e0149ab69b6e17c3d83f3cabd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83411
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 30 Jun 2023 22:52:04 GMT

GET
H2 200 WebResource.axd Show response
ye-mek.net/ Frame 0E33 23 KB
23 KB 46ms
44ms Script
application/x-javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/WebResource.axd?d=YeedoL8dFzo5gymDuarFXngFaaXpLN8jYlixY-HzMyr_r8lEwXsCQefYQgi2kFzYfrVacpu_9us1eVTBWQamZuI0ynrH9LDfafZF-A5wZF41&t=637811837229275428
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Fri, 30 Jun 2023 22:52:03 GMT
last-modified: Wed, 23 Feb 2022 00:28:42 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: application/x-javascript
cache-control: public
content-length: 23063
expires: Fri, 28 Jun 2024 21:32:10 GMT

GET
H2 200 searchButton.png
cdn.ye-mek.net/App_UI/Img/ Frame 0E33 542 B
894 B 13ms
13ms Image
image/png 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/searchButton.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6356121
x-accel-date: 1681809403
content-length: 542
x-77-nzt: AcO1rw6LaUr/mfxgAA
x-accel-expires: @1713345403
last-modified: Sat, 22 Oct 2022 20:00:57 GMT
server: CDN77-Turbo
etag: "63544bf9-21e"
x-77-nzt-ray: 908339308477e47a945c9f640b405416
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ara.png
cdn.ye-mek.net/App_UI/Img/ Frame 0E33 2 KB
2 KB 17ms
12ms Image
image/png 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/ara.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6356112
x-accel-date: 1681809412
content-length: 1651
x-77-nzt: AcO1rw6rTFb/kPxgAA
x-accel-expires: @1713345412
last-modified: Mon, 14 May 2018 22:41:08 GMT
server: CDN77-Turbo
etag: "5afa1084-673"
x-77-nzt-ray: 908339308477e47a945c9f644dd2ab16
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 terbiyeli-kabak-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/07/ Frame 0E33 11 KB
11 KB 21ms
16ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/07/terbiyeli-kabak-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3cf33fd1cc895fe26505c0677f183cec819f5d55d54905a1adf8e95322d67c19

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 326
x-accel-date: 1688165198
content-length: 11302
x-77-nzt: AcO1rw6ttSz/RgEAAA
x-accel-expires: @1719701198
last-modified: Fri, 30 Jun 2023 22:20:09 GMT
server: CDN77-Turbo
etag: "649f5519-2c26"
x-77-nzt-ray: 908339308477e47a945c9f6462c6b016
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 soguk-kahve-resimli-yemek-tarifi(8).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 0E33 10 KB
10 KB 24ms
19ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/soguk-kahve-resimli-yemek-tarifi(8).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 66f57830eba3793b6d407a90dc0636b5e5e028f466bec6045ebc0813acaf7afa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 90887
x-accel-date: 1688074637
content-length: 9818
x-77-nzt: AcO1rw5XC6v/B2MBAA
x-accel-expires: @1719610637
last-modified: Thu, 29 Jun 2023 21:14:19 GMT
server: CDN77-Turbo
etag: "649df42b-265a"
x-77-nzt-ray: 908339308477e47a945c9f64484ebb16
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mangal-icin-et-marinesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 0E33 14 KB
15 KB 30ms
24ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/mangal-icin-et-marinesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 6501e50ffffdc89ec56c93111f32c70f697610d4af971fb38ae964b5824c7eb1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 174477
x-accel-date: 1687991047
content-length: 14815
x-77-nzt: AcO1rw4ojur/jakCAA
x-accel-expires: @1719527047
last-modified: Wed, 28 Jun 2023 22:12:14 GMT
server: CDN77-Turbo
etag: "649cb03e-39df"
x-77-nzt-ray: 908339308477e47a945c9f64d7f3bf16
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ic-baklali-enginar-salatasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 0E33 15 KB
16 KB 35ms
30ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ic-baklali-enginar-salatasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: eab1145c02ae44ca45370dbdb689a98d1756fe3726fde675886a95730fee691d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 262809
x-accel-date: 1687902715
content-length: 15738
x-77-nzt: AcO1rw6vweL/mQIEAA
x-accel-expires: @1719438715
last-modified: Tue, 27 Jun 2023 21:35:10 GMT
server: CDN77-Turbo
etag: "649b560e-3d7a"
x-77-nzt-ray: 908339308477e47a945c9f647883c416
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-sebzeli-tavuk-sote-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/11/ Frame 0E33 13 KB
14 KB 40ms
35ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/11/firinda-sebzeli-tavuk-sote-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b2ecd92de7982ef4ffd3778b02d62aaef7341b3c9ac5f4e53e749a9bde702119

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6355031
x-accel-date: 1681810493
content-length: 13621
x-77-nzt: AcO1rw7EIAv/V/hgAA
x-accel-expires: @1713346493
last-modified: Sat, 16 Nov 2019 21:54:33 GMT
server: CDN77-Turbo
etag: "5dd07019-3535"
x-77-nzt-ray: 908339308477e47a945c9f64a76ec816
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tarhana-koftesi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/05/ Frame 0E33 15 KB
15 KB 40ms
35ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/05/tarhana-koftesi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a7bdc5489a06f3c3cc24119a5a76f4d5af38e07c2b7e4e458ce411993eb12e7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6355994
x-accel-date: 1681809530
content-length: 15200
x-77-nzt: AcO1rw4VZ2v/GvxgAA
x-accel-expires: @1713345530
last-modified: Sun, 16 May 2021 23:23:16 GMT
server: CDN77-Turbo
etag: "60a1a964-3b60"
x-77-nzt-ray: 908339308477e47a945c9f644802cb16
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-etimekli-besamel-soslu-tavuk-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/12/ Frame 0E33 12 KB
13 KB 40ms
35ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/12/firinda-etimekli-besamel-soslu-tavuk-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e041f359812b31ffb3d561c106435550a58d86540a0262a93e6e462624fada6f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6355935
x-accel-date: 1681809589
content-length: 12566
x-77-nzt: AcO1rw5eSxb/3/tgAA
x-accel-expires: @1713345589
last-modified: Wed, 01 May 2019 23:10:13 GMT
server: CDN77-Turbo
etag: "5cca2755-3116"
x-77-nzt-ray: 908339308477e47a945c9f64d955cd16
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ramazan-pidesinden-yalanci-iskender-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2013/07/ Frame 0E33 17 KB
17 KB 41ms
36ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2013/07/ramazan-pidesinden-yalanci-iskender-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3002b527e1cb5e6d8601854825ff1a291b37dfe3e190c02eb7ac1ad76cb12898

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5729932
x-accel-date: 1682435592
content-length: 17200
x-77-nzt: AcO1rw5Og7v/jG5XAA
x-accel-expires: @1713971592
last-modified: Wed, 01 May 2019 22:16:10 GMT
server: CDN77-Turbo
etag: "5cca1aaa-4330"
x-77-nzt-ray: 908339308477e47a945c9f644cf4ce16
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yagli-kofte-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/12/ Frame 0E33 15 KB
15 KB 41ms
36ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/12/yagli-kofte-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 61ef244a7f7b27ce2c69ff28e1bb69f7bac2e6be7fe6dbbbcb82feeb11db7d84

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6350969
x-accel-date: 1681814555
content-length: 15394
x-77-nzt: AcO1rw7oejP/eehgAA
x-accel-expires: @1713350555
last-modified: Fri, 17 Dec 2021 23:00:27 GMT
server: CDN77-Turbo
etag: "61bd168b-3c22"
x-77-nzt-ray: 908339308477e47a945c9f6433660d17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 badem-tatlisi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/03/ Frame 0E33 13 KB
13 KB 41ms
36ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/03/badem-tatlisi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 10b43d3e90245cb8bf52bd969b4b7ce4fa9996f56f23679e334053f679533386

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6356035
x-accel-date: 1681809489
content-length: 12938
x-77-nzt: AcO1rw7D0Uj/Q/xgAA
x-accel-expires: @1713345489
last-modified: Wed, 01 May 2019 23:32:23 GMT
server: CDN77-Turbo
etag: "5cca2c87-328a"
x-77-nzt-ray: 908339308477e47a945c9f64b9711317
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 bugu-kebabi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/07/ Frame 0E33 11 KB
12 KB 41ms
36ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/07/bugu-kebabi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7de327885eb13552b4d8343d92108ecd9f34c139b358c2e2e4573227be944949

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6353953
x-accel-date: 1681811571
content-length: 11750
x-77-nzt: AcO1rw44uHL/IfRgAA
x-accel-expires: @1713347571
last-modified: Wed, 01 May 2019 23:21:23 GMT
server: CDN77-Turbo
etag: "5cca29f3-2de6"
x-77-nzt-ray: 908339308477e47a945c9f64cb371617
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 nohutlu-misket-kofte-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/02/ Frame 0E33 13 KB
13 KB 41ms
36ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/02/nohutlu-misket-kofte-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 50282fee83281adfa1bd8aa7771950d435a2799ca90959ae8f3a483ff4fb0be0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6354501
x-accel-date: 1681811023
content-length: 13272
x-77-nzt: AcO1rw4c8OP/RfZgAA
x-accel-expires: @1713347023
last-modified: Wed, 01 May 2019 22:22:18 GMT
server: CDN77-Turbo
etag: "5cca1c1a-33d8"
x-77-nzt-ray: 908339308477e47a945c9f64c2601817
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kofteli-orman-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/05/ Frame 0E33 12 KB
13 KB 41ms
36ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/05/kofteli-orman-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2ee4854a38ad37b61a8727c71e98305037bc4711d65f4bac43420986b4c9455f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 464215
x-accel-date: 1687701309
content-length: 12566
x-77-nzt: AcO1rw446vz/VxUHAA
x-accel-expires: @1719237309
last-modified: Sat, 25 May 2019 22:23:34 GMT
server: CDN77-Turbo
etag: "5ce9c066-3116"
x-77-nzt-ray: 908339308477e47a945c9f644f1e1a17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-patlican-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/05/ Frame 0E33 15 KB
15 KB 41ms
37ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/05/firinda-patlican-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: fe665a455aceb9598500cae8ccd808cbffe5a3525c32cdc7bcbaa0e83a58ac0c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6355608
x-accel-date: 1681809916
content-length: 15015
x-77-nzt: AcO1rw5s79z/mPpgAA
x-accel-expires: @1713345916
last-modified: Wed, 01 May 2019 22:25:01 GMT
server: CDN77-Turbo
etag: "5cca1cbd-3aa7"
x-77-nzt-ray: 908339308477e47a945c9f64c0d71b17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mantar-soslu-kofte-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/04/ Frame 0E33 14 KB
15 KB 41ms
37ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/04/mantar-soslu-kofte-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 63b3428dab8c9858bfec0fdd1766207549e01494b99c89a230937546c926592d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6355349
x-accel-date: 1681810175
content-length: 14751
x-77-nzt: AcO1rw5eICf/lflgAA
x-accel-expires: @1713346175
last-modified: Thu, 21 Apr 2022 11:59:00 GMT
server: CDN77-Turbo
etag: "62614704-399f"
x-77-nzt-ray: 908339308477e47a945c9f6401d51d17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-etli-karnabahar-yemegi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/11/ Frame 0E33 16 KB
16 KB 41ms
37ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/11/firinda-etli-karnabahar-yemegi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 537d42962737bc550bbf34d1404e336cebc1b46ced111cc3c5b1ab744d38bb85

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6354965
x-accel-date: 1681810559
content-length: 16427
x-77-nzt: AcO1rw6rVhX/FfhgAA
x-accel-expires: @1713346559
last-modified: Wed, 01 May 2019 22:50:41 GMT
server: CDN77-Turbo
etag: "5cca22c1-402b"
x-77-nzt-ray: 908339308477e47a945c9f64e1482017
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mantarli-kori-soslu-tavuk-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/03/ Frame 0E33 15 KB
15 KB 41ms
37ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/03/mantarli-kori-soslu-tavuk-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2efed30acdac9725b233f6d3d5bd8a16a9049980ceaa91525e061cc9c63da1e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6355796
x-accel-date: 1681809728
content-length: 15410
x-77-nzt: AcO1rw4rq3j/VPtgAA
x-accel-expires: @1713345728
last-modified: Tue, 07 Mar 2023 20:31:42 GMT
server: CDN77-Turbo
etag: "64079f2e-3c32"
x-77-nzt-ray: 908339308477e47a945c9f64ae282317
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-tavuk-pirzola-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/06/ Frame 0E33 12 KB
13 KB 41ms
37ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/06/firinda-tavuk-pirzola-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 09d46eb1397a55833670832dcac4edf7f7e1d2b170b3eb7c11557cadcfe0a784

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6355331
x-accel-date: 1681810193
content-length: 12609
x-77-nzt: AcO1rw7l93v/g/lgAA
x-accel-expires: @1713346193
last-modified: Wed, 01 May 2019 23:19:17 GMT
server: CDN77-Turbo
etag: "5cca2975-3141"
x-77-nzt-ray: 908339308477e47a945c9f6462e02617
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuk-kroket-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/05/ Frame 0E33 14 KB
15 KB 41ms
37ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/05/tavuk-kroket-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 05c72250b7b0da8e896799e32f88440d53848a083665b797629e25bad1bde6fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6355597
x-accel-date: 1681809927
content-length: 14613
x-77-nzt: AcO1rw56Rwn/jfpgAA
x-accel-expires: @1713345927
last-modified: Thu, 26 May 2022 23:00:23 GMT
server: CDN77-Turbo
etag: "62900687-3915"
x-77-nzt-ray: 908339308477e47a945c9f64b4db2917
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 citir-tavuk-gogsu-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/06/ Frame 0E33 12 KB
12 KB 41ms
37ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/06/citir-tavuk-gogsu-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b869a852368eaa119ee4b5b375ad2c86eb2c8eedaceafc3aff741faf14dc48b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6355761
x-accel-date: 1681809763
content-length: 11895
x-77-nzt: AcO1rw5zptj/MftgAA
x-accel-expires: @1713345763
last-modified: Thu, 20 Jun 2019 22:35:57 GMT
server: CDN77-Turbo
etag: "5d0c0a4d-2e77"
x-77-nzt-ray: 908339308477e47a945c9f641ab42c17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 karnabahar-mantisi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/12/ Frame 0E33 16 KB
16 KB 51ms
47ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/12/karnabahar-mantisi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 167b361207c0dbe5cc3e6a4aded1c1523af5ca6241dd25f5087a33d63ed89ed0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-nzt: AcO1rw6KOUrR
x-accel-expires: @1719701524
date: Fri, 30 Jun 2023 22:52:04 GMT
x-77-pop: frankfurtDE
last-modified: Thu, 30 Dec 2021 20:54:18 GMT
server: CDN77-Turbo
etag: "61ce1c7a-3e33"
x-77-nzt-ray: 908339308477e47a945c9f64268e3217
x-cache: MISS
content-type: image/jpeg
access-control-allow-origin: *
x-77-cache: MISS
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 15923

GET
H2 200 kremali-sebzeli-makarna-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/09/ Frame 0E33 17 KB
17 KB 41ms
38ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/09/kremali-sebzeli-makarna-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8e080429f5f69e47f9092b6106ca96eb4a31191dc00cbef1f20104561b44f10b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6355709
x-accel-date: 1681809815
content-length: 17091
x-77-nzt: AcO1rw5nye3//fpgAA
x-accel-expires: @1713345815
last-modified: Wed, 15 Sep 2021 21:52:55 GMT
server: CDN77-Turbo
etag: "61426b37-42c3"
x-77-nzt-ray: 908339308477e47a945c9f64e9043717
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 yesil-mercimekli-ispanak-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/08/ Frame 0E33 15 KB
15 KB 42ms
38ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/08/yesil-mercimekli-ispanak-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: da91387680a9a55651afd3e8937cb5e32defb01d582dbf5cb791fa812e8d893b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6349354
x-accel-date: 1681816170
content-length: 15001
x-77-nzt: AcO1rw6mwBz/KuJgAA
x-accel-expires: @1713352170
last-modified: Sat, 14 Aug 2021 21:03:21 GMT
server: CDN77-Turbo
etag: "61182f99-3a99"
x-77-nzt-ray: 908339308477e47a945c9f64068d3917
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 bal-kabagi-sinkonta-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/02/ Frame 0E33 11 KB
12 KB 50ms
46ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/02/bal-kabagi-sinkonta-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 6e1330041e6221db02bceb99117262e8223c801c9c2708e99630521939b3f0d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-nzt: AcO1rw7r9fKh
x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
last-modified: Tue, 25 Feb 2020 22:03:55 GMT
server: CDN77-Turbo
etag: "5e5599cb-2d98"
x-77-nzt-ray: 908339308477e47a945c9f64d23a4317
x-cache: MISS
content-type: image/jpeg
access-control-allow-origin: *
x-77-cache: MISS
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 11672

GET
H2 200 gendime-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/05/ Frame 0E33 9 KB
10 KB 42ms
38ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/05/gendime-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9133b1a03fbaae9ea9cc0430b15c8f9a20dbff26288ab9eef75a9959d775c6ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6355933
x-accel-date: 1681809591
content-length: 9686
x-77-nzt: AcO1rw76De7/3ftgAA
x-accel-expires: @1713345591
last-modified: Wed, 15 May 2019 23:07:19 GMT
server: CDN77-Turbo
etag: "5cdc9ba7-25d6"
x-77-nzt-ray: 908339308477e47a945c9f64ab614517
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sakala-carpan-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/05/ Frame 0E33 14 KB
14 KB 42ms
38ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/05/sakala-carpan-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: efb6dfb64e21ed016f93813c7b6995a3e3692b1cc0eb1baeaa282c63a2982931

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6355933
x-accel-date: 1681809591
content-length: 14165
x-77-nzt: AcO1rw644n7/3ftgAA
x-accel-expires: @1713345591
last-modified: Mon, 11 May 2020 23:56:30 GMT
server: CDN77-Turbo
etag: "5eb9e62e-3755"
x-77-nzt-ray: 908339308477e47a945c9f64cec44a17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 balkabagi-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/11/ Frame 0E33 14 KB
14 KB 42ms
38ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/11/balkabagi-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 37696e118071c7484a8001f32a4e80edaab20322d5c8ae8e2b1f48a1c45baad9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6353953
x-accel-date: 1681811571
content-length: 13941
x-77-nzt: AcO1rw4NrCz/IfRgAA
x-accel-expires: @1713347571
last-modified: Wed, 01 May 2019 22:51:05 GMT
server: CDN77-Turbo
etag: "5cca22d9-3675"
x-77-nzt-ray: 908339308477e47a945c9f64cdee5317
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sutlu-karnabahar-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/11/ Frame 0E33 12 KB
12 KB 42ms
38ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/11/sutlu-karnabahar-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4c77f8aab3efdc86229d1c28f8275fc0d19491711970bb5be4b8b79d011e2b55

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 5728860
x-accel-date: 1682436664
content-length: 12053
x-77-nzt: AcO1rw4sCR3/XGpXAA
x-accel-expires: @1713972664
last-modified: Wed, 25 Nov 2020 22:49:41 GMT
server: CDN77-Turbo
etag: "5fbedf85-2f15"
x-77-nzt-ray: 908339308477e47a945c9f644f145717
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ev-yapimi-puding-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/09/ Frame 0E33 12 KB
12 KB 42ms
38ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/09/ev-yapimi-puding-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7fb5acaef87323202589a768ca2f6852b1ff651c1b2a4f6b3e0914c433cab044

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6352109
x-accel-date: 1681813415
content-length: 12384
x-77-nzt: AcO1rw7nvoz/7exgAA
x-accel-expires: @1713349415
last-modified: Wed, 01 May 2019 23:39:45 GMT
server: CDN77-Turbo
etag: "5cca2e41-3060"
x-77-nzt-ray: 908339308477e47a945c9f6457df5917
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kesme-muhallebi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/03/ Frame 0E33 15 KB
15 KB 42ms
39ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/03/kesme-muhallebi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 90b76298736807f5f931fb06b8902492b849ec52f2f045549a0242b99b3aaaba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6354805
x-accel-date: 1681810719
content-length: 15141
x-77-nzt: AcO1rw7auXD/dfdgAA
x-accel-expires: @1713346719
last-modified: Fri, 19 Mar 2021 21:04:56 GMT
server: CDN77-Turbo
etag: "605511f8-3b25"
x-77-nzt-ray: 908339308477e47a945c9f64c4295c17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kadayifli-etimek-tatl%C4%B1s%C4%B1-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/10/ Frame 0E33 11 KB
12 KB 42ms
39ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/10/kadayifli-etimek-tatl%C4%B1s%C4%B1-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 976c546d7233891d42bbe8ef3d19db7d8808cf1038dd4b20fc95326d24c03921

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6356033
x-accel-date: 1681809491
content-length: 11561
x-77-nzt: AcO1rw5yKG3/QfxgAA
x-accel-expires: @1713345491
last-modified: Wed, 01 May 2019 23:25:24 GMT
server: CDN77-Turbo
etag: "5cca2ae4-2d29"
x-77-nzt-ray: 908339308477e47a945c9f647ba17c17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sufle-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/05/ Frame 0E33 13 KB
14 KB 42ms
39ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/05/sufle-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4595241cedd0561ea7df5dae27079da65aff6eea25ca9a06869c82524835bd44

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6355116
x-accel-date: 1681810408
content-length: 13763
x-77-nzt: AcO1rw4qJEn/rPhgAA
x-accel-expires: @1713346408
last-modified: Mon, 04 May 2020 00:10:13 GMT
server: CDN77-Turbo
etag: "5eaf5d65-35c3"
x-77-nzt-ray: 908339308477e47a945c9f64c18c8517
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 peynirli-sigara-boregi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/01/ Frame 0E33 11 KB
12 KB 42ms
39ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/01/peynirli-sigara-boregi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e8c63d2d30b5ec92225ddec525d42bd96820b0d352bbc94d89cefbb627dc6f20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6355969
x-accel-date: 1681809555
content-length: 11501
x-77-nzt: AcO1rw5xnlD/AfxgAA
x-accel-expires: @1713345555
last-modified: Wed, 01 May 2019 23:29:05 GMT
server: CDN77-Turbo
etag: "5cca2bc1-2ced"
x-77-nzt-ray: 908339308477e47a945c9f6425108e17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 pirasali-kek-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/12/ Frame 0E33 14 KB
14 KB 43ms
40ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/12/pirasali-kek-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 504638cbcafafa2aaa5ed5d0551239803a52f81ffc79c42508e7ff8deea5311f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 46323
x-accel-date: 1688119201
content-length: 13879
x-77-nzt: AcO1rw6Onk3/87QAAA
x-accel-expires: @1719655201
last-modified: Wed, 16 Dec 2020 23:01:31 GMT
server: CDN77-Turbo
etag: "5fda91cb-3637"
x-77-nzt-ray: 908339308477e47a945c9f641b339817
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sosyete-pogacasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/03/ Frame 0E33 14 KB
15 KB 43ms
40ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/03/sosyete-pogacasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5190a205bf30235a69098c5a28efa26c0802c43319c21b0ecf454cd3c0d1385b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6355089
x-accel-date: 1681810435
content-length: 14541
x-77-nzt: AcO1rw6iOOr/kfhgAA
x-accel-expires: @1713346435
last-modified: Wed, 01 May 2019 23:31:20 GMT
server: CDN77-Turbo
etag: "5cca2c48-38cd"
x-77-nzt-ray: 908339308477e47a945c9f6433eb9d17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 karmaca-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/11/ Frame 0E33 15 KB
16 KB 43ms
40ms Image
image/jpeg 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/11/karmaca-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2eb2914e0253d3d949c2aad28f6f109c7b3a67ef37696a4496592837c0f9d7a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6355101
x-accel-date: 1681810423
content-length: 15740
x-77-nzt: AcO1rw6PEWf/nfhgAA
x-accel-expires: @1713346423
last-modified: Mon, 15 Nov 2021 22:38:31 GMT
server: CDN77-Turbo
etag: "6192e167-3d7c"
x-77-nzt-ray: 908339308477e47a945c9f641204a017
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 _dmca_premi_badge_5.png
images.dmca.com/Badges/ Frame 0E33 5 KB
6 KB 78ms
22ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_5.png?ID=da1d399b-5fd3-4da3-b5cd-8af692c19999
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:04 GMT
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: Microsoft-IIS/10.0
etag: "8ae3cdbd420cc1:0"
x-powered-by: ASP.NET
x-hw: 1688165524.cds208.lo4.hn,1688165524.cds041.lo4.c
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/_dmca_premi_badge_5.png>; rel="canonical"
content-length: 5605

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ Frame 0E33 56 B
362 B 741ms
16ms Script
text/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 30 Jun 2023 22:52:05 GMT
server: Oracle API Gateway
opc-request-id: /0194B87F9C7B083A0B87BA7E9DEE0FAD/C60B7F64FE793DC5FF80C5C35F767382
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H2 200 DMCABadgeHelper.min.js Show response
images.dmca.com/Badges/ Frame 0E33 465 B
585 B 78ms
23ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://images.dmca.com/Badges/DMCABadgeHelper.min.js
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:04 GMT
content-encoding: gzip
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
server: Microsoft-IIS/10.0
etag: "26b181f16d28d51:0"
x-powered-by: ASP.NET
x-hw: 1688165524.cds208.lo4.hn,1688165524.cds281.lo4.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/DMCABadgeHelper.min.js>; rel="canonical"
content-length: 395

GET
H2 200 outside.js Show response
static.virgul.com/theme/mockups/adcode/ Frame 0E33 75 KB
26 KB 470ms
53ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:04 GMT
content-encoding: gzip
last-modified: Fri, 23 Jun 2023 06:55:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=43200

GET
H2 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 0E33 3 KB
2 KB 25ms
9ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f40438e04ea24746ce45988712a53a47765cbf5c627104dc52a5ba51742a2959

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 30 Jun 2023 22:52:04 GMT
content-md5: EKFRd9CP/qcW7XyRqp74/A==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
x-fb-debug: VhnWuuQ6TN1yQCzata6AALR5C8vmMzNjBjHEygLvpqN4ulC4hNPyFF98BfgDqmvQZQDBg9hTGUh6v5HL26k3jQ==
x-fb-content-md5: 2e304ca3424eeb8c72f00a5328a824db
cross-origin-opener-policy: same-origin-allow-popups
etag: "2d1effa345266ed6422449728aece7ba"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Fri, 30 Jun 2023 23:03:37 GMT

GET
H2 200 sprite_3.png
cdn.ye-mek.net/grafik/ Frame 0E33 21 KB
21 KB 40ms
40ms Image
image/png 2a02:6ea0:c700::10
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/grafik/sprite_3.png
Requested by: Host: cdn.ye-mek.net
URL: https://cdn.ye-mek.net/maincss.css?v=434
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.ye-mek.net/maincss.css?v=434
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Fri, 30 Jun 2023 22:52:04 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6356122
x-accel-date: 1681809402
content-length: 21525
x-77-nzt: AcO1rw5LwrH/mvxgAA
x-accel-expires: @1713345402
last-modified: Mon, 14 May 2018 20:55:05 GMT
server: CDN77-Turbo
etag: "5af9f7a9-5415"
x-77-nzt-ray: 908339308477e47a945c9f6452a0a817
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H3 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 0E33 307 KB
87 KB 17ms
9ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js?hash=14546a0c64a99bae15b5c263880e100d

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/tr_TR/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5bcc3839734e1ecee3f45fab7a57d5d4c5d2f617ff621850d1c0c40b5165d700

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 30 Jun 2023 22:52:04 GMT
content-md5: N3O34M3B6qRs7w2GiigmJQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88849
x-fb-debug: J7qF6qm+vpEGV3QiDUG/DgW48BgHmJpRPr6O3BnYFmvRFK18DVRWk7WFKkyJh+Fo9+sTtUvjHU3bbWnPlKaKNA==
x-fb-content-md5: 8515bbffd4cc446bcf066eaa4ef6b492
cross-origin-opener-policy: same-origin-allow-popups
etag: "6276cb3242b32d56969af5feacb6d3ce"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 29 Jun 2024 21:22:14 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 0E33 76 KB
26 KB 152ms
114ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aeb0864740dfc598eaf36b8de8c84c9f0195a08be0980ddec4196f8bc6e6d70c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26085
x-xss-protection: 0
server: cafe
etag: 144 / 19538 / 31075743 / config-hash: 4433571151520717869
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 22:52:05 GMT

GET
H2 200 ads.js Show response
static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ Frame 0E33 120 B
306 B 50ms
50ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ads.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:04 GMT
last-modified: Wed, 21 Dec 2022 18:47:42 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 120

GET
H2 200 str.html Show response
static.virgul.com/theme/mockups/outside/ Frame 4D46 891 B
1 KB 50ms
50ms Document
text/html 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
content-length: 891
content-type: text/html
date: Fri, 30 Jun 2023 22:52:04 GMT
last-modified: Wed, 28 Sep 2022 10:07:57 GMT
server: openresty/1.15.8.3

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 0E33 141 KB
49 KB 61ms
33ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a919710dfb0d1ff0b11b995e46bad7f792f54640c236f1b5f2d82a179284f78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49372
x-xss-protection: 0
server: cafe
etag: 14946248738904383029
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 22:52:04 GMT

GET
H2 200 prebid7.38.0.js Show response
static.virgul.com/theme/mockups/outside/ Frame 0E33 489 KB
182 KB 56ms
56ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:04 GMT
content-encoding: gzip
last-modified: Mon, 27 Mar 2023 14:56:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 0E33 236 KB
58 KB 66ms
7ms Script
application/javascript 13.224.192.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-181.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:32:23 GMT
content-encoding: gzip
via: 1.1 cb0a9b0d01a1b0cc9278d9875ce23c92.cloudfront.net (CloudFront), 1.1 cdcb559c2f25d8ad2ccf0419bee33b02.cloudfront.net (CloudFront)
last-modified: Thu, 29 Jun 2023 21:03:20 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA2-C1
age: 1182
etag: W/"9352f20e556bff9fea6fd0461aac850d"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: AzbUO6L9eeCUKs633ZfjRmOmbQBB0F8m6lOPKfS3PpXsU8t4ah-A4A==

GET
H2 200 pageview Show response
ng.virgul.com/ Frame 0E33 37 KB
7 KB 257ms
80ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/pageview?c=site_geneli&mt=1688165524908&v=https%3A%2F%2Fye-mek.net%2F&r=yemek_net:site_geneli&userId=&tp=&os=&call=noktaad.ads.vvad&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc0,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.5225643670901723
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: c6e568a84576356e9f2e5cdd8be09f47f46f447339be162266be52bc0de2ea4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/fallback/ Frame 0E33 12 KB
2 KB 50ms
50ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/fallback/yemek_net.js?dts=19538
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:04 GMT
content-encoding: gzip
last-modified: Tue, 20 Jun 2023 21:45:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 hb Show response
ng.virgul.com/ Frame 0E33 50 KB
5 KB 232ms
60ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/hb?call=noktaad.setHbParameters&site=yemek_net&dts=468934
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 663179435228f005c85ec62b4510192db0c04e24b06f997ddfcaffb7a0b2fa25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
cache-control: max-age=3600
access-control-allow-credentials: true

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306220101/ Frame 0E33 346 KB
119 KB 65ms
50ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306220101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

77e00e1f2a238cf50cb6170d2bb91fdb9d5922d449211f93f70345e152876f8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121738
x-xss-protection: 0
server: cafe
etag: 15529776770941228691
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 22:52:05 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230627/r20190131/ Frame 4F14 10 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230627/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 76417
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4544
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 01:38:28 GMT
etag: 12368291122986407432
expires: Fri, 14 Jul 2023 01:38:28 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 0E33 0
305 B 8ms
7ms XHR
text/plain 13.224.192.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fye-mek.net&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-181.fra2.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:05:58 GMT
via: 1.1 cdcb559c2f25d8ad2ccf0419bee33b02.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
age: 2767
x-cache: Hit from cloudfront
access-control-allow-origin: https://ye-mek.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: jC7zMg9Xt3QwD5mLVm76jLwbN4PJaARbUoH05NtEFLBxfKPPFMVDHQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 0E33 6 KB
3 KB 22ms
7ms XHR
application/javascript 13.224.192.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-181.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: rBtfgJUMGYsy5fZuQwMAU7hSD.fVdF76
content-encoding: gzip
via: 1.1 69f13f852a135432abb1b7bfc5a8b420.cloudfront.net (CloudFront)
date: Fri, 30 Jun 2023 06:03:07 GMT
x-amz-cf-pop: FRA2-C1
age: 62574
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sat, 24 Jun 2023 09:19:11 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: V8JwU_hMJ7CPhQypJDereiaTEa6IfffVF1Cto0RF9YkDuMY4MTbt-A==

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/ Frame 0E33 392 KB
125 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6df7c73fa12d8261f09a11faff5c77f91f912362a9fdc15c46c3b949b188717b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 05:42:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61751
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127740
x-xss-protection: 0
server: cafe
etag: 1744020965594933375
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sat, 29 Jun 2024 05:42:54 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 0E33 107 B
456 B 48ms
15ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306220101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 541D 603 B
67 B 30ms
29ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688165524989&bpp=3&bdt=721&idt=104&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&nras=1&correlator=4295001838546&frm=24&ife=1&pv=2&ga_vid=238289290.1688165525&ga_sid=1688165525&ga_hid=1950052761&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C31075625%2C31075758%2C44788442&oid=2&pvsid=1720949175410743&tmod=31284352&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.qgwghgjghm67&fsb=1&dtd=117

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 22:52:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 empowerwebplayer3.js Show response
static.virgul.com/theme/mockups/outside/ Frame 0E33 10 KB
3 KB 51ms
51ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
content-encoding: gzip
last-modified: Tue, 13 Jun 2023 13:36:40 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ Frame 0E33 23 B
458 B 389ms
328ms XHR
text/javascript 13.32.119.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pr=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pid=2ZUDUXLl8cYlJ&cb=0&ws=1600x1200&v=23.612.1758&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338221728129623web_yemeknet_right_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_right_tower%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15336621728129623web_yemeknet_masthead%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%2C%22300x250%22%2C%22200x200%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_masthead%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338321728129623web_yemeknet_left_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_left_tower%22%7D%5D&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.119.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-119-77.fra60.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 ec1ac21acdbd36c971eca9d6b61d0744.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA60-P1
x-amz-rid: 1VN0Q4AKVZTV4EDKSGRD
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: m-p1XJPqV47iQ7b_U-GtAiOoEb1LHv_wxJaIi6O7dOWUNHOrZJVpMw==

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/sites/ Frame 0E33 11 KB
5 KB 50ms
50ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/sites/yemek_net.js?dts=468934
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 09:08:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ Frame 0E33 17 KB
5 KB 42ms
7ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19538
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:16:05 GMT
content-encoding: gzip
age: 2160
x-guploader-uploadid: ADPycdveCwcs3pzbVFXD44vXqWdidhMO7pNhAUcC_wCQmHi0KSQ29O5BULb5VwY6jIkGMV6DXSIycRevvKB-0HD2iHwcFkD-yH8g
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5009
last-modified: Mon, 05 Jun 2023 16:36:50 GMT
server: UploadServer
etag: "47a886353056caf33a998c6041e20896"
vary: Accept-Encoding
x-goog-generation: 1685983010517890
x-goog-hash: crc32c=aHj4lg==, md5=R6iGNTBWyvM6mYxgQeIIlg==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 5009
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 zoneview
ng.virgul.com/ Frame 0E33 0
209 B 51ms
50ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1688165525175&v=https%3A%2F%2Fye-mek.net%2F&r=153366@153377@153378@153379@153379@153382@153383:yemek_net&userId=vnet30fdf97d-b55a-4897-98c3-08cd17af8e3e&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.6260536312607468
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 22:52:05 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 0E33 107 B
165 B 16ms
16ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 0E33 113 KB
41 KB 269ms
267ms XHR
text/plain 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1720949175410743&correlator=749900843326467&eid=31074651%2C31075743%2C31075762%2C31075763&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=2&adks=3733009076&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688165524908%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet30fdf97d-b55a-4897-98c3-08cd17af8e3e%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet30fdf97db55a489798c308cd17af8e3e&sc=1&cdm=ye-mek.net&abxe=1&dt=1688165525204&lmt=1688165525&dlt=1688165524268&idt=859&adxs=436&adys=2665&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=hsln73614qyx&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=238289290.1688165525&ga_sid=1688165525&ga_hid=1950052761&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

43cce357815d8360b1d09769864e73deabea36ed058b5bf5cd02569148351102

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41801
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3BEB 6 KB
3 KB 72ms
16ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 22:52:05 GMT
expires: Sat, 29 Jun 2024 22:52:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ Frame 0E33 7 KB
3 KB 440ms
49ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19538
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Fri, 07 Jul 2023 22:52:05 GMT

GET
H2 200 tag Show response
feed.pghub.io/ Frame 237A 13 B
257 B 61ms
21ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Fri, 30 Jun 2023 22:52:05 GMT
strict-transport-security: max-age=31536000
via: 1.1 google

GET
H2 200 zoneview
ng.virgul.com/ Frame 0E33 0
209 B 51ms
50ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1688165525250&v=https%3A%2F%2Fye-mek.net%2F&r=153394@153493:yemek_net&userId=vnet30fdf97d-b55a-4897-98c3-08cd17af8e3e&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.38691276509665906
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 22:52:05 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 container.html Show response
6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 714F 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 22:52:05 GMT
expires: Sat, 29 Jun 2024 22:52:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 714F 34 KB
13 KB 53ms
9ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7f3232e16c5af1b4d3192ed6be46c39b4902ecef8717b7a1dc69da6b8fe34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 18:39:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15163
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13672
x-xss-protection: 0
server: cafe
etag: 2805512053162071780
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 18:39:22 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 714F 24 KB
7 KB 49ms
7ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 19:05:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 531996
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 23 Jun 2024 19:05:29 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 714F 179 KB
57 KB 65ms
23ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 22:52:05 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 714F 23 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite_fy2021.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 09:09:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49369
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9104
x-xss-protection: 0
server: cafe
etag: 12939045362079141464
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 09:09:16 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 714F 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 14:55:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28600
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 14:55:25 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 714F 20 KB
8 KB 50ms
8ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 17:50:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18106
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 17:50:19 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 714F 0
0 36ms
14ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRpecc9ZJNwW3YIfSphxUDt3PJaGS1T6fSadY2J8_JQo0sT30xB8JyTUZpaAbY8q8l3GXarhdYYSafS_L9agZSFV2AtFw
Requested by: Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 0E33 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 0E33 24 KB
11 KB 265ms
265ms XHR
text/plain 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1720949175410743&correlator=716128898828779&eid=31074651%2C31075743%2C31075762%2C31075763&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_left_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=3&adks=3299242717&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688165524908%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet30fdf97d-b55a-4897-98c3-08cd17af8e3e%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet30fdf97db55a489798c308cd17af8e3e&sc=1&cdm=ye-mek.net&abxe=1&dt=1688165525610&lmt=1688165525&dlt=1688165524268&idt=859&adxs=122&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=w34pit6093m4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=238289290.1688165525&ga_sid=1688165525&ga_hid=1950052761&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2f0916a3ecc4a78bcab59f9c4e0ef10973f5cc5c7b24f83e7b14261678208f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11370
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 0E33 34 KB
15 KB 241ms
240ms XHR
text/plain 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1720949175410743&correlator=3854627277507902&eid=31074651%2C31075743%2C31075762%2C31075763&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=4&adks=345722362&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688165524908%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet30fdf97d-b55a-4897-98c3-08cd17af8e3e%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet30fdf97db55a489798c308cd17af8e3e&sc=1&cdm=ye-mek.net&abxe=1&dt=1688165525659&lmt=1688165525&dlt=1688165524268&idt=859&adxs=436&adys=1389&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=9zbmhi5k1n88&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=238289290.1688165525&ga_sid=1688165525&ga_hid=1950052761&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2e1f2cd9beb9f3a92f62e481ad414089ed4d682834352f9a903d0073809d5398

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14822
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 0E33 24 KB
11 KB 264ms
263ms XHR
text/plain 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1720949175410743&correlator=4334308134823823&eid=31074651%2C31075743%2C31075762%2C31075763&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_right_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=5&adks=3203893797&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688165524908%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet30fdf97d-b55a-4897-98c3-08cd17af8e3e%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet30fdf97db55a489798c308cd17af8e3e&sc=1&cdm=ye-mek.net&abxe=1&dt=1688165525663&lmt=1688165525&dlt=1688165524268&idt=859&adxs=1318&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=sz65r6injt26&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=238289290.1688165525&ga_sid=1688165525&ga_hid=1950052761&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

559f5e3732d49bed57c12fa7ccb96e390f0f6fd99fda009d48c9069e50fd8fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11121
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 0E33 62 KB
14 KB 279ms
278ms XHR
text/plain 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1720949175410743&correlator=2742886757221327&eid=31074651%2C31075743%2C31075762%2C31075763&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C970x250%7C970x90%7C728x90%7C300x250%7C468x60%7C250x250%7C200x200%7C160x160%7C640x205&fluid=height&ifi=6&adks=3050045420&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688165524908%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet30fdf97d-b55a-4897-98c3-08cd17af8e3e%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet30fdf97db55a489798c308cd17af8e3e&sc=1&cdm=ye-mek.net&abxe=1&dt=1688165525668&lmt=1688165525&dlt=1688165524268&idt=859&adxs=315&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=3n0rwxll5g2q&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=996x0&msz=996x0&fws=388&ohw=1600&ga_vid=238289290.1688165525&ga_sid=1688165525&ga_hid=1950052761&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a307a38b115fab5f5342fb29a034d366e91c28be59eb09c626126e194742cb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13877
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 0E33 113 KB
41 KB 275ms
274ms XHR
text/plain 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1720949175410743&correlator=327826530439535&eid=31074651%2C31075743%2C31075762%2C31075763&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_ust_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=7&adks=456810305&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688165524908%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet30fdf97d-b55a-4897-98c3-08cd17af8e3e%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet30fdf97db55a489798c308cd17af8e3e&sc=1&cdm=ye-mek.net&abxe=1&dt=1688165525672&lmt=1688165525&dlt=1688165524268&idt=859&adxs=436&adys=751&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=9kvk6179f1oj&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=238289290.1688165525&ga_sid=1688165525&ga_hid=1950052761&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

118282328991bd513a015230b0cbc07589832055ff1bf09c396ba0fde27e462d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41839
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 0E33 113 KB
41 KB 351ms
350ms XHR
text/plain 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1720949175410743&correlator=4195241593014591&eid=31074651%2C31075743%2C31075762%2C31075763&output=ldjh&gdfp_req=1&vrg=202306270101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=8&adks=2157304621&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1688165524908%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet30fdf97d-b55a-4897-98c3-08cd17af8e3e%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet30fdf97db55a489798c308cd17af8e3e&sc=1&cdm=ye-mek.net&abxe=1&dt=1688165525677&lmt=1688165525&dlt=1688165524268&idt=859&adxs=436&adys=2027&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=ciazp256wa92&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=238289290.1688165525&ga_sid=1688165525&ga_hid=1950052761&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d5e7c4ade6724f8d19485613aecc8e52a6f1c0480396fd6f97d5dcd4f67578a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: true
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42102
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 10261972549777223277
s0.2mdn.net/simgad/ Frame 714F 44 KB
44 KB 42ms
8ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/10261972549777223277

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25b451f3cad26104f57800c79546bf5a40295d0cecf5623e623f4479b94d0ddd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:54:04 GMT
x-content-type-options: nosniff
age: 190681
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44765
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 13:36:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 17:54:04 GMT

GET
H2 200 7352296608196688721
s0.2mdn.net/simgad/ Frame 714F 10 KB
10 KB 48ms
13ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7352296608196688721

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:54:07 GMT
x-content-type-options: nosniff
age: 190678
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 13:36:48 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 17:54:07 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 714F 42 B
63 B 32ms
31ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A2ALg6VevXRSQGniKvku_QcAyVvpQUYkrAnbKSBOfhhPPBp1sfoctLeOQymP7WQgZNucGOr7IQvks_9B4GGM5zaKjLgLrmTA8Z3BJTHEC0XBjLh-2KiJKxnrQe3GgCtBBrrg6Y_C2KuK9aynIadzGMZ8N5bg&dbm_d=AKAmf-AW8SOQrZsIL9Ss9PdWnWPfvFLSjXxmXPczcCNnvAj4UCQ44rnH5LU45pgd6AnzU3KCm58znWqqc2wofKfj62JZFhoMSlEYZ_H31ljGyX3MVadA88PtL73B5QSFI-qDcJh6fEu0MFNbdAa1ciJqXSuyOzcwlJYrSlyUAnuUe09VJp8IcP6AZRSaP6ecFMBLFvjwtn38iW68an5sP5M_F-03NGI_o-_LuX_wJYqq4DN9TVff1gUjTo1iTT9O8G6LZTwXrjUYBi-INMK30xuW692T9WQ7glhtbUvikGo0A973sW7BNHlrT6IAHVcV8o6zIIuoObCNC2FHxQRX9DTzK-GE0IQI70I7GPnVy0wAMFdGtPjkdecvmedzRPJajqr3p8rMaF4IyuOqzITpCTgeWJZRbSzHpK2bz2RGesIFuW4fhhM0mqP5sUGapkcGQzslbSiB5gzvfDlvqX7Q0Orf8E66tZP_TT6whXsPTzhA5zABY_d5Wx16gxjVqDwqlLoDB77568eqigRzR6c_Kpg4fMNF8tHuCh4JqeAMHMoO17b9T_YhCSnj-ot7jbsRqMf8CPUMV1tAJzMc4BnJkviCxQerF1-8sGvcv8JQB558qJBnLumkL9PFIUN0ovXwYO0KFlmB3VHY87rEmcG_DSNykHCdMYBSxR1kTEYVYsXJDtQGAQyJck7Nofo7LdmkoBn56kyjFUz7b8bWYHwCyAvU8UF3X__ZE3kr8_te1R49I3Usv6t7jdsOAIWpretk6YqNWG2T278D5UcVztzPYH_Z25BDL7FXPnLYDQxYu0N3ZpDVO1SCZvqy3JqN6sbrkBkoW5HCEu6XYY2KxVk55e_-nUOf1E0qz5VHVz2CofJnhlFSc3KAyT4Rb4zAdjzyLyfrqTG61DKsVwBGRJxkLegt44xiiBv9t4vEkSyThFIoJzycbtCk45Z8DsuHJoVEYZohGp67-BihQTRfn_CXzjH2AVKRzBadGEFzUDyZrc5ChhIyQ1mRTgMTL-vmDzv8RmglVPq7kXC9aokuKIpdTox4FlT0G71wxEBtPHbYEz9FqsJSKme25ie1-oO4i9caZwKVbwKdCBF1_USbo6W2UwwXJQWHv5lrPVY5epWobgaZ-ClwHg0-CjmMNzi6QK68ka71-N3849cp1ZAGbKRkIu94Lsq1WIVPYi4CnJveTV3pi03P3LY5zqJbAmXBTXCzK7loQcGgWYJRRArbKJYqUfhroILl4sYY5noXFAoGzlvKSS6jfG5fy0Q-Upp5BTvcTnqpdRCLQ-qEDjfEi4iee7u1CGUh4aE5w866AMz7mxwPUquoA8XIMzqn05oK9knzOTY0Yf-hyNYE59rkb8mKf4yiTeuGYgoWAO07wIKu_rdkMUMDKHMLwQBdLFIBoqK9R-avi_nctEE8mqbO8nEkQl5hwB6PJmXTfPhFhsryUdZ2gOhaZvj0vIXE074j6-srbxZovq4iVal_qt-5KgPLTmO8RPrNmlCv5Ol9DhBYx9l5IGBQGa-LSZfHuRgWmC5Bwo480TWV0VnA_ysdalKZT_huir75uT2IevUGt_VgA9BOJan8EpYjyCCtRgT_T9o0UBRQrG0Y03XkXpC0MUXgFUnbopwRVoNsoo_AlUHuJIdyja2L2NIrHD4PQH9arG-ZmuXpwzSGHKh4WGOujcGtXBx4SasEmAb29K7b58RySg-se8YuqOaPQNWfUMT7axC6dHTaqQyFMmjfJe1Fj0NxGyKiTn0Z29Ttgw9VG5C5PeeDIwd0f2qawGDpcVmAT0i-lwJu3nBBkkPs9-jEEX8CW4t6WZC6jFj0cVMJqaXgbu971p6tdGC7DU2bsd6Rpy5LFoAKdVZ8NCbJ2-pTgiJxp-EDhalaJERPETGZWi0iooKxumkFshgg0eS0m-O7VToRfKjVPmSrA3MEVbmBoAGFqlD95QtHFQj7s4dCA2ICOVk7E3aJZGuKUNmA0e_PhaXWb-XQejv3gyA9ZLjUwBkEgn_2AIwrq83O35UhdvgUw3tFf__mK7Gf0IQ1-WiGdzxJ9Ajvt4gzQ4GcQkdCIYg19XdMB0RIuZUqgW8DI0veLvMItuGatrCdGbE7iukOBBF6vBxAk2vd2A0aFPwRVJEtV_RRlCcktig7Qfp8YtR4-aR7RyGA4pv-4ltPCxVbkGpQ5y7Vwt1HaJHZQQam6bipuLGVrccFCkO56umv0wpAzuRzek4vnivjcjM1P4PQgs1-NM64Nrj0nWdNsg4gSbIfh36tGGxkFl2QxEQVtgtU-Wj57N44164pFosINgDdiAhQ7m-KiuPa1snw4ZnNjtJW8pEeOfCv_X3jQnqGKURkS8Z2QCYBYj1_4mi1iY3YuXIYCJMUzDkruardgl7Wn8kKKPZ3wtbXrOQMbfxlfyC9I8e6y6dY0JmTU0aUla5zlHGgoGHatjAYJfIuF3OPsXsu4GPKTsxbgLWeT9u0pD_mBxGKFNANSn-qv8elJrtJMWGZyGtIf-Mqc3wsxUTJdpQY4qZNsda_Rypd-j4kyqUy8Jby2f37sKuIoi1_IrYpjOjX4T9CeJksiiPWIWMtFkFBIlWxiwv4zSjaxWvagHqzs7lTlnYNJSuCNvRDlbOo_BgGtCxijdY5r3dje64LWb2DcPaemXd5DxPfBqE-mS_1T3wOrehXQ4jW1cyLrdiapHT6I8a0h7gh9o_QGbevHTCVRfgVyOjaNZlJs_gp2IrYd2mJQaDu2cwflXhfSeZ-lZgUcc-_8Jh3vn9fE--RLauSHDiM8K54Bu5H4f16u8wrdiGb5O4M1klFdlKz_pb4CKfW9cuxOvNOEDlKWTglydBI3gHU9tP98XEyBtSkebwsXJp39CMwxdbvE1huZNyT2Igeqli95OdvlBhrARjoavi0CeZsq5nZMinCujjzdNTW0ISsls4BLA0cIcF2iyswRj_S786e-T59X9EqQ1gBqHe4UyWfSS4IgBBWEDyD7BEA1aZzY0w3To1f2dcwKxMagmVv3s1l7f165qhbQyoBmlz77CSk9hkl1Nf1ZB-gPGJ__FedRC5hUXUT37THYvkRv11bFKTPQwbnK9PV961-aek_tz0V_zSpwljWJ0Kz4iOxHuRHcn6NyheNOKy0T-pDhCqae730duxJbVLuNvGVyaAX4y8SDJalmbfpyvAhLy2YtTHhm7YMHKydCylwZJdJ2oitSXe21XmMD1H08IXlc52qC9VTc-uSQ_tRQW-3VLnjWpfy6fGfe0tdleM6d2ioN1OqswZuO52arCpKdKuwOgKCll-WAwlOE5QFGIHQ1reBTvATcFHt1KnxHrQ1mlYbkUT2yCA3lVHesET4DoJxtDopU1uhTM8WVoMwlcUVG-WHiP6tNzyAQxC3scGBIIeGD01ml6xdKIn4-myPjM_zKNDAC2dGaY4Ddn3swCszq_0vgd1sWAguclANR_IWkpGg5UGKNZPEWwcVbeE8sxk9aPbgy4HZuX1qVMBxKQ&cid=CAQSOwBygQiDcWik38Hze00X48zBu1kNiDJbtOt33p9P-wUsa8prrWV75yFC-7HPcLs1qYhvOJyzRSHT15NBGAE&dc_exteid=31141157402215894686042662254827970&dc_pubid=4

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 714F 0
0 44ms
44ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CEk_zlVyfZMmWELCAx_APsJWRqA7asbn-cJTvwrn5EY6qvZ_ZPBABIMCygmtgleKQgqAHoAHTqd35AsgBBqkCHnDbWkVOsj6oAwGqBNMBT9C_cHO5QjSM5_EPN5dDeNZqhJD7Lka88OMaLtX5zxYgXtDLdQslMUQBS7J46Ui_0oKiTvOiJzZuzn7KhgpmPJUjQSeCpx2bu6A__FyhCt2OPPurZE2XDZUKSXceZoBibJkdQeslTTQmGt-XqNWO5N4ATkXGviMslXvmcBwubij8EoXpb9rfaSANPQ4tVp-OlSbKyDmHwzvyUXpMyieCDv8BdXnKA20UaxStymAZtdaCdyAKcXD_-D9u83HvKBg7aH2BNGzHnMC6QYr2gsLbkPNgL8AElJuD_sEE4AQDiAX42de5S5IFBggDEAIYAZIFBggbEAIYAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGN4AHldaihgGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHChCPywUYpfXv7AHSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoDyAsBsBPSy-MTyBOXuoXjA9ATANgTDYgUBNgUAdAVAYAXAbIXHgocCAASFHB1Yi02NTkzNTIzMjEwMDEwMTU0GOrBbQ&sigh=zCZo-J5Uzns&uach_m=[UACH]&cid=CAQSOwBygQiDcWik38Hze00X48zBu1kNiDJbtOt33p9P-wUsa8prrWV75yFC-7HPcLs1qYhvOJyzRSHT15NBGAE&template_id=509&vt=10
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 0E33 361 KB
121 KB 52ms
19ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19538

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123120
x-xss-protection: 0
expires: Fri, 30 Jun 2023 22:52:05 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ Frame 0E33 398 KB
128 KB 53ms
52ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=6/30/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19538
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
content-encoding: gzip
last-modified: Mon, 29 May 2023 18:51:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Fri, 07 Jul 2023 22:52:05 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 744A 143 B
166 B 6ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3375
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 21:55:50 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9194 1 KB
643 B 7ms
6ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 54953
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 07:36:12 GMT
etag: 48472445140208031
expires: Sat, 01 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 714F 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f6b620a7cee8cf468a2991aa1c8948ad06d692336ce60b93b7599ef9afabe30c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 9194
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEIqcwNUgZOMEhfasuKufz9M&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEIqcwNUgZOMEhfasuKufz9M&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MXNjejdOMWMxUWZtWWQ1&google_gid=CAESEIqcwNUgZOMEhfasuKufz9M&google_cver=1&google_push=AaAOQGHcDAAUO9LsdSg1ZfxonOJapvFlfARpuxivx-DL3Zr...

170 B
232 B

16ms
16ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MXNjejdOMWMxUWZtWWQ1&google_gid=CAESEIqcwNUgZOMEhfasuKufz9M&google_cver=1&google_push=AaAOQGHcDAAUO9LsdSg1ZfxonOJapvFlfARpuxivx-DL3Zr29wXMEtsc-h5JOyY67DsjfyGEYpZRhXv4WWlz0R58WQh2WrNY973Y

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 22:52:05 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-782-g97d928b#rel-ec2-master i-0caa68a19e3c1fdac@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MXNjejdOMWMxUWZtWWQ1&google_gid=CAESEIqcwNUgZOMEhfasuKufz9M&google_cver=1&google_push=AaAOQGHcDAAUO9LsdSg1ZfxonOJapvFlfARpuxivx-DL3Zr29wXMEtsc-h5JOyY67DsjfyGEYpZRhXv4WWlz0R58WQh2WrNY973Y
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 9194
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEPmAg2_rcpuNJKgaRiw3xKU&google_cver=1&google_push=AaAOQGHh1iSbHyhO1DPIZ80Vaa9THdWtEbW_dh9FebnYc7Zwgl-2hBDOm03h8SFg82GY7E8KmgNRZHAPh-nziDrQMkbjmRmiWD4_&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPmAg2_rcpuNJKgaRiw3xKU&google_cver=1&google_push=AaAOQGHh1iSbHyhO1DPIZ80Vaa9THdWtEbW_dh9FebnYc7Zwgl-2hBDOm03h8SFg82GY7E8KmgNRZHAPh-nziDrQMkbjmRmiWD4...

43 B
446 B

203ms
183ms

Image
image/gif

2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPmAg2_rcpuNJKgaRiw3xKU&google_cver=1&google_push=AaAOQGHh1iSbHyhO1DPIZ80Vaa9THdWtEbW_dh9FebnYc7Zwgl-2hBDOm03h8SFg82GY7E8KmgNRZHAPh-nziDrQMkbjmRmiWD4_&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGHh1iSbHyhO1DPIZ80Vaa9THdWtEbW_dh9FebnYc7Zwgl-2hBDOm03h8SFg82GY7E8KmgNRZHAPh-nziDrQMkbjmRmiWD4_%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7df9fa49ded4915f-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:05 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 587
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPmAg2_rcpuNJKgaRiw3xKU&google_cver=1&google_push=AaAOQGHh1iSbHyhO1DPIZ80Vaa9THdWtEbW_dh9FebnYc7Zwgl-2hBDOm03h8SFg82GY7E8KmgNRZHAPh-nziDrQMkbjmRmiWD4_&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGHh1iSbHyhO1DPIZ80Vaa9THdWtEbW_dh9FebnYc7Zwgl-2hBDOm03h8SFg82GY7E8KmgNRZHAPh-nziDrQMkbjmRmiWD4_%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7df9fa484dac915f-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 9194
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEDigz6oZXeZucXY5EdOQ8TQ&google_cver=1&google_push=AaAOQGGtc0Oda8UyrwUIUVWHrRDCiMkpFDAuzyF5iYnuku3D60GcXXIxFENcwJAYVj2ei9HTzIPmB77Zp_je7YcO4ixB4_fii92S
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=38F3C3DB873A4D0BA09CE1B8DE868BD8&google_push=AaAOQGGtc0Oda8UyrwUIUVWHrRDCiMkpFDAuzyF5iYnuku3D60GcXXIxFENcwJAYVj2ei9HTzIPmB77Zp_je7Yc...

170 B
232 B

16ms
16ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=38F3C3DB873A4D0BA09CE1B8DE868BD8&google_push=AaAOQGGtc0Oda8UyrwUIUVWHrRDCiMkpFDAuzyF5iYnuku3D60GcXXIxFENcwJAYVj2ei9HTzIPmB77Zp_je7YcO4ixB4_fii92S

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 30 Jun 2023 22:52:05 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=38F3C3DB873A4D0BA09CE1B8DE868BD8&google_push=AaAOQGGtc0Oda8UyrwUIUVWHrRDCiMkpFDAuzyF5iYnuku3D60GcXXIxFENcwJAYVj2ei9HTzIPmB77Zp_je7YcO4ixB4_fii92S
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 29 Jun 2023 22:52:05 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 9194
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEEN_1AfyFeCNVFw1ourIhks&google_cver=1&google_push=AaAOQGGuvOw2GrCylv--pTWGEiBiTc1eauZfO9xbktYtgUDiCtRz1XI1A61ZPKGFpuRwUbNoh8f8pyPtZAbvCiFX...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Cc3K5Qi1S8qSPD_8si_fmQ2&google_push=AaAOQGGuvOw2GrCylv--pTWGEiBiTc1eauZfO9xbktYtgUDiCtRz1XI1A61ZPKGFpuRwUbNoh8f8pyPtZAbvCiFXmUR597znFV2d

170 B
232 B

17ms
16ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Cc3K5Qi1S8qSPD_8si_fmQ2&google_push=AaAOQGGuvOw2GrCylv--pTWGEiBiTc1eauZfO9xbktYtgUDiCtRz1XI1A61ZPKGFpuRwUbNoh8f8pyPtZAbvCiFXmUR597znFV2d

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 30 Jun 2023 22:52:05 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Cc3K5Qi1S8qSPD_8si_fmQ2&google_push=AaAOQGGuvOw2GrCylv--pTWGEiBiTc1eauZfO9xbktYtgUDiCtRz1XI1A61ZPKGFpuRwUbNoh8f8pyPtZAbvCiFXmUR597znFV2d
x-host: tde-deliveryengine-production-7c97bc8457-srkr8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 9194
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBRVxvEXb29qRyr9-dv7yRg&google_cver=1&google_push=AaAOQGFdOk0KDlshtIyjl8asAKec4KbTENkTbB4V9vpeM4kDYEvoB8PvtrpfT1n9jApFcbuTd5w...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpKNjYwQ0gtWi1CTzNI&google_push=AaAOQGFdOk0KDlshtIyjl8asAKec4KbTENkTbB4V9vpeM4kDYEvoB8PvtrpfT1n9jApFcbuTd5wdCJTPgelNTFsQ-kMHW1PtZLXU

170 B
232 B

16ms
15ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpKNjYwQ0gtWi1CTzNI&google_push=AaAOQGFdOk0KDlshtIyjl8asAKec4KbTENkTbB4V9vpeM4kDYEvoB8PvtrpfT1n9jApFcbuTd5wdCJTPgelNTFsQ-kMHW1PtZLXU

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpKNjYwQ0gtWi1CTzNI&google_push=AaAOQGFdOk0KDlshtIyjl8asAKec4KbTENkTbB4V9vpeM4kDYEvoB8PvtrpfT1n9jApFcbuTd5wdCJTPgelNTFsQ-kMHW1PtZLXU
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9194
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEC3vPUNV4sOs12JZ1LGaGHk&google_cver=1&google_push=AaAOQGF7Fvv7l7YdMPO_BypcJmWaXUMvS_EeI8mYw4zORYP3v8nDFhH3xWU7ESfVdagaXAT0CDxmUxWxbja7s_aARwskEu...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEC3vPUNV4sOs12JZ1LGaGHk&google_cver=1&google_push=AaAOQGF7Fvv7l7YdMPO_BypcJmWaXUMvS_EeI8mYw4zORYP3v8nDFhH3xWU7ESfVdagaXAT0CDxmUxWxbja7s_aA...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9k7771emT7uyaMWIjPCliw&google_push=AaAOQGF7Fvv7l7YdMPO_BypcJmWaXUMvS_EeI8mYw4zORYP3v8nDFhH3xWU7ESfVdagaXAT0CDxmUxWxbja7s_a...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9k7771emT7uyaMWIjPCliw&google_push=AaAOQGF7Fvv7l7YdMPO_BypcJmWaXUMvS_EeI8mYw4zORYP3v8nDFhH3xWU7ESfVdagaXAT0CDxmUxWxbja7s_aARwskEu2t_fzi

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9k7771emT7uyaMWIjPCliw&google_push=AaAOQGF7Fvv7l7YdMPO_BypcJmWaXUMvS_EeI8mYw4zORYP3v8nDFhH3xWU7ESfVdagaXAT0CDxmUxWxbja7s_aARwskEu2t_fzi
access-control-allow-origin: *
date: Fri, 30 Jun 2023 22:52:05 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 9194
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEO8Eyl_gbkP3x_mamTLiCRU&google_cver=1&google_push=AaAOQGETNP1WbM20cZB4AElrpi8KbAz1m3rWb2K0GTN6zbzox5UX0QE_dGKihNH5pEeVqnyZjl5hMs7rr4R4EyqPVkiENOosUeTo
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AaAOQGETNP1WbM20cZB4AElrpi8KbAz1m3rWb2K0GTN6zbzox5UX0QE_dGKihNH5pEeVqnyZjl5hMs7rr4R4EyqPVkiENOosUeT...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTM1MDQ3OTYxNjIzMTMwNjA1Mzg5&google_push=AaAOQGETNP1WbM20cZB4AElrpi8KbAz1m3rWb2K0GTN6zbzox5UX0QE_dGKihNH5...

170 B
329 B

17ms
16ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTM1MDQ3OTYxNjIzMTMwNjA1Mzg5&google_push=AaAOQGETNP1WbM20cZB4AElrpi8KbAz1m3rWb2K0GTN6zbzox5UX0QE_dGKihNH5pEeVqnyZjl5hMs7rr4R4EyqPVkiENOosUeTo

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTM1MDQ3OTYxNjIzMTMwNjA1Mzg5&google_push=AaAOQGETNP1WbM20cZB4AElrpi8KbAz1m3rWb2K0GTN6zbzox5UX0QE_dGKihNH5pEeVqnyZjl5hMs7rr4R4EyqPVkiENOosUeTo
date: Fri, 30 Jun 2023 22:52:05 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 9194 0
130 B 54ms
14ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Kv4eBe7M0G1CSlqOUnLNMM2IC8RVBglgTOCqEIXortRAIjD864rUid5rpWzKY6Ef3-4JFj

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 744A
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

18ms
17ms

Document
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 22:52:05 GMT
expires: Fri, 30 Jun 2023 22:52:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 22:52:05 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 11C8 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 22:52:05 GMT
expires: Sat, 29 Jun 2024 22:52:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8B53 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 22:52:05 GMT
expires: Sat, 29 Jun 2024 22:52:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame BD79 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 22:52:05 GMT
expires: Sat, 29 Jun 2024 22:52:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 11C8 0
0 50ms
49ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CFXm7lVyfZNyqLIqigAfJz7qgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwHIAwKqBPUBT9BnElqjEMb9jts3eZgK7P8JEH7HnyPr9ZWDJLxyRUuWsJrek-PSOmxu8rZT2Rlq1EoAEvQsyttq5pZ2K3iSCHqS9wfVLTXB_73P3LRix1YSdk-0lD1vi5dF72YITXk-5tRhHFB_S4eOdUc3cPJ5ceF9JXxbhO1Uu1VmdxE38OaozaSPsdvTToNHOHIrjY4w9YKt113MZ8QhlfPqi81B5tdVKfKWXebF8RCfov1Oki0O1Le6G8it9IQQrwxm1ZdSxhEnMsft2XM5hdU_2VD-k9T3WoKNba04_El-I-Xuu8tB_eZC37JoW_-JAz0MdrVvXmFq72TgBAGABr7U1vzZmuidqAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNzk4MzY1MTI1NzgzODI4MhjqwW0&sigh=56ChiGeo5GU&uach_m=[UACH]&cid=CAQSOwBygQiDrmpZQbg9PV66EIQLfGw4MG5sTRNjjC37jwinrJ628RRLUonOEPSC95Ciy3rKaKnheE0c2BjlGAE&tpd=AGWhJmuc2gsmuo0m8C_Lvuo9gV9zbYZ3svhy5WYjI_AYZupdtNKpB8Vagy8sl9I3TWvaCMNk5J0lLjKu44IQIXbXdOwjSe7Et7Q43dGe2UbTlWcnKUh0JDsD0SI691s5M-NNT3unT0CQeqJoc7SNid5qZpBZOoVCMCzfqFrOwaYPPplGZF8hnapt4X650FcBdPZAPz3iGF7R2iVQ-jZQ6pcHFDiKhhOanVmANWVoyrPfESImB00pozZPO5Pu4yl8yULXfGUafLUIrFidklceuNm4kphmDBBHc9PW70_P6VfNwzZXG1-d-bRrazmY-5T5HVp5ui0Ze2OuPSrlR5JX9Cjr-p-uuWxUFAOlZ_8bVn80oLJgteG6vNsFi3s99i6GZ1jTGvE611UsDL-6JapqkfZI3hgm0xvJt4Jg8gxwqy4r7jUR14bYU6xZfoDvg7_cDnGohHfYr7anX0UGf5Hmx2NQLsvKfr0WEMGmsMC3LOVEwnhUf4uOcUWTx3NIyqPUsnSYgUcTtgASvrF5IqZHMpLjmdsFumoBeJN_h9zGY4cWoWuAe-v4EB7NMjCNON4Wcw-dE01sbGMo6rZExoz2DRXu5K9fZEy-X9Bc9U3WYUiDhNrxcobBM6g-91PI0syRMyfRHvbPoJ3SJRnZpS-bs645gTMCyQLo0shDfjKbQnK8l7DLmxRvgkMJq07_L070_14b2aRJm4kUqA-ItKNqknB3_7IEg8Z0jJwaPT-PFlyzHf8kGnKiYBPcGmEHhOulpkAecvMdoZY0ux_KSR5iolU4nW1voJ7ScrGjB0cInLHq4fDfaqSTR7CMCKtPj-xOhfiM_WXmzvaHkaHDK0Mcf5YIsYmLBqMmZifm-3TZueh7GNPEYV1_hqmXSlusGdjniP1nRHJNLTIrKoomBUJI1gi4XqOqer2WH-zMjnumMqltPpt14ss_8Rs6SR8TLymkBLNx-3CEzJYndAwNDO1DwnHq69fBN82pUfLY4mDvIxVpnQXEVWWu4L5SJ1MkmiVmaDKu11Y5345WSIv-m9Lyk4tKRfaYOZkBCo_MsWT1m-xyFJw04IIsKYSry1ZT1m5hJHum2A9_Q1c-rP4BGTFPDhcrgsfAM9II_S_7M-Penxat6lk
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 11C8 3 KB
2 KB 77ms
21ms Script
application/x-javascript 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzI0LyAvWkRnNVltSTJZamd0T0RFNVppMHlObVE1TFRBd01EQXRNREF3TURBd01EQXdNREF3LzY3NjEzOTgyMDYxMDMyMDA5MC82NjIyMzMyLzQ1NjIzMDYvNC9ESFNDM3Nsb1NycWg5enJyUjFEdTUyZG95Z0hZdmtfa1VpNVpCU1YydmdVLzEvNC8wLzAvOTU2ODAzLzAvMjE2NTM2LzY1MTg3MS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzY3NjEzOTgyMDYxMDMyMDA5MC9hbXMvMC8xNjMvMy85OTkvMTYyLzIwMDE6YWM4OjIwOjovMC4wMDAvMTY4ODE2NTUyNS8xNjg4MTc4MTI1LzQvcHViLTc5ODM2NTEyNTc4MzgyODIvMS8/0xsKS9czT7JuD1J_yMLnQjC7OCM&nodeid=4043&group=cdg&auctionid=676139820610320090&pbs_auctionid=676139820610320090&shardkey=676139820610320090&sid=4562306&cid=6622332&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.72&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCs6DclVyfZNyqLIqigAfJz7qgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwHIAwKqBPgBT9BnElqjEMb9jts3eZgK7P8JEH7HnyPr9ZWDJLxyRUuWsJrek-PSOmxu8rZT2Rlq1EoAEvQsyttq5pZ2K3iSCHqS9wfVLTXB_73P3LRix1YSdk-0lD1vi5dF72YITXk-5tRhHFB_S4eOdUc3cPJ5ceF9JXxbhO1Uu1VmdxE38OaozaSPsdvTToNHOHIrjY4w9YKt113MZ8QhlfPqi81B5tdVKfKWXebF8RCfov1Oki0O1Le6G8it9IQQrwxm1ZdSxhEnMsft2XM5hdU_2VD-0dbWyC4xyaq1WAHV-6VBS9ZV91pI8aqJ5j_JrMetaJl38PjW6OmQFnfgBAGABr7U1vzZmuidqAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_32FHMT5WONy1zYS7730a1bQdLH3w%26client%3Dca-pub-7983651257838282%26adurl%3D
Requested by: Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.393.0 /
Resource Hash: 9a8f7e72cc6f6419f6b4707cde3e993ebc768dc8536bdb50fb27687994c1635d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 22:52:06 GMT
x-mm-nodeid: 4043
Content-Encoding: gzip
x-mm-bid-request-time: 1688165525
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Connection: close
x-mm-handled-by-owner: true
Last-Modified: Fri, 30 Jun 2023 22:52:05 GMT
Server: MMBD/3.393.0
x-mm-latency: 2 (0)
x-mm-notify-action-done: LD5wfw
Content-Type: application/x-javascript; charset=UTF-8
x-mm-dbg: NotCount
Cache-Control: no-cache
x-mm-host: cdg-router-x54, cdg-bidder-x188
x-mm-lag: 1
Expires: Fri, 30 Jun 2023 22:52:05 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 11C8 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 14:55:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28600
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 14:55:25 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 11C8 20 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 17:50:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18106
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 17:50:19 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 11C8 0
0 15ms
14ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQXMrqKw_4GKotCOOl7rQL1SVO0J6uMB4G9etTV6FobwU6KwFZ1Vt7SFkXyL00FxIZf6MXLDuH44Z0OgktZR5ynCtx8ig
Requested by: Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 11C8 24 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 19:05:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 531996
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 23 Jun 2024 19:05:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 11C8 179 KB
56 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 22:52:05 GMT

GET
H3 200 container.html Show response
6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 291F 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 22:52:05 GMT
expires: Sat, 29 Jun 2024 22:52:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012306200257000/ Frame 1156 222 KB
61 KB 58ms
13ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306200257000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20f091e39a994eac247abb2db8c48d424cb5f3ea8280cea2194168c2bf5f437e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Jun 2023 17:13:26 GMT
age: 365920
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61862
x-xss-protection: 0
server: sffe
etag: "bf95dc6813023782"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 25 Jun 2024 17:13:26 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012306200257000/v0/ Frame 1156 15 KB
6 KB 52ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306200257000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db6c8330efd6e6bfd20dbed90de2e76fe0bac473c76abe90aaa91fac7bb067c6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Jun 2023 17:13:26 GMT
age: 365920
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5232
x-xss-protection: 0
server: sffe
etag: "b6c1e0819a00bf67"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 25 Jun 2024 17:13:26 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012306200257000/v0/ Frame 1156 94 KB
28 KB 65ms
20ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306200257000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8169070527736f2296d9d72e169101428b2f9821205614dc54cd16d3130c70f8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Jun 2023 17:13:26 GMT
age: 365920
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28873
x-xss-protection: 0
server: sffe
etag: "75041cf86819093a"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 25 Jun 2024 17:13:26 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012306200257000/v0/ Frame 1156 5 KB
2 KB 53ms
9ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306200257000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e5a28a902c7f1edfc9c082269da365300b36ceb1eed186bf26523d6867ed986

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Jun 2023 17:13:26 GMT
age: 365920
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1911
x-xss-protection: 0
server: sffe
etag: "5f86339daf79d63d"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 25 Jun 2024 17:13:26 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012306200257000/v0/ Frame 1156 40 KB
13 KB 53ms
9ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012306200257000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d660119d70fde473f7720a43fb960d95c8ff46768e67d762f9557179709b8942

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Jun 2023 17:13:26 GMT
age: 365920
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12958
x-xss-protection: 0
server: sffe
etag: "bf1167c9eaa58b59"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 25 Jun 2024 17:13:26 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 1156 14 KB
2 KB 37ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 30 Jun 2023 22:52:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 22:48:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 30 Jun 2023 22:52:06 GMT

GET
H3 200 tr.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 1156 3 KB
3 KB 8ms
8ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 19:04:08 GMT
x-content-type-options: nosniff
server: cafe
age: 13678
etag: 9957912877679239782
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3057
x-xss-protection: 0
expires: Sat, 01 Jul 2023 19:04:08 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 1156 344 B
368 B 6ms
6ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 13:35:10 GMT
x-content-type-options: nosniff
server: cafe
age: 33416
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Sat, 01 Jul 2023 13:35:10 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 1156 0
0 15ms
14ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQFYRJSN_-cHti5uF7nmskJ9TdlghqT3EyuzhcZobEduM4K4W-wcstwnBM2PYV4IIjDy8ud_vOlqrCo8_ci5VMVy2Vwrg
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 1156 0
0 54ms
53ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cs0tPlVyfZOiuLNXwgAep6bCACdfl3q5x4pLOtqMQt8uCm48OEAEgwLKCa2CV4pCCoAegAd7Z9YwpyAEJqQIecNtaRU6yPuACAKgDAcgDCqoE3gFP0H1V5FFlw1cy2uyGAsUrJ43leZu76ibg3sh6jxHJYsiNcRoQp6kRAKxPzyHgBj_SglgEQHwADy0_qomE1JH8YZr7pHLra9STNRy0Hez-lX6Oxczj_M9--7DxcRY738B5IPiZwVcUYCGSUqWTf7nu7COUkWsGkJxJ6ITSPqT54AHfovUFtRhVpUEbc2DkNMjSoi2NduMtmHW4DkuxrrdBrE13QfybEEVpJHJmM_dXniHGB0-4xVOGC6VyaRZldbgLDr5tKspBBmPnYKPMSM8LYZgtnPpV0wD1HIip_KvABLmsztenBOAEAZIFBAgEGAGSBQQIBRgEoAYugAfekcbsA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEM6KAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgPICwHYEwzQFQGAFwGyFx4KHAgAEhRwdWItNjU5MzUyMzIxMDAxMDE1NBjqwW0&sigh=5oLmOLk4caY&uach_m=[UACH]&cid=CAQSOwBygQiDRd3n3fLoO_ro1_VquDfrQQNLGrqsH2FWVprFXd91b7CufJdJpye4KU49mLHI8B5LDFhkxLa3GAE&template_id=5000
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/4029907352422879322/ Frame 1156 121 KB
121 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4029907352422879322/14763004658117789537

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ba39a88a1887e575637dc2cec1a6e3bbf0410dd16021c8209495ac614420a836

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 06:28:02 GMT
x-content-type-options: nosniff
age: 231844
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123995
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 21:06:08 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 27 Jun 2024 06:28:02 GMT

GET
DATA 200
OK truncated
/ Frame 1156 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 1156 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 1156 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7e4732443bd4d5fd7196897f6868c6f1e56ac9ed9c22af90e6d255bb4e814844

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F878 624 B
242 B 20ms
19ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4Lo4gEwAQ&v=APEucNWe8iD4aVMb-u5Zgzm6rvBbcQFZ91EFUjfUpC-_bRHzuQzj4NF1GsYUdAro0koVtPej4mpFyxg3TE5M-cSaBZinyS8VGgJtse2fnuTi4WRjjsOue23KJw1EKsRQQ6qAyC0VQbz5MdgbLOqWvcqRcoIBaTZ2mxn6xby9xcULAaOhMvKWLlc

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 22:52:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 8B53 78 KB
27 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 22:52:06 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8B53 42 B
63 B 44ms
43ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AydHbRsRxXyI7SJG4nYqFP-DRc5cqPB0g1aShVYN5WaLuTBuiSQ1OScV3_UlUEft1tCzhbXZx1PToMmxi5M3TDuIG0HQd12MWbdoox1UbYgXsDYTo

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8B53 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=18396302603105361185&x=1&ct=76

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 8B53 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 14:55:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28601
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 14:55:25 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 8B53 20 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 17:50:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 17:50:19 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 8B53 0
0 15ms
14ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTj8odOI4YRj-Mvn_w0OZOVljMW7_8WvPUh1t-demcLLNnginoklwd1ohULpbYzsnKsFxW7Cpq0LPa0zSEDCV8BvBKOlQ
Requested by: Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8B53 179 KB
56 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 22:52:06 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2120 640 B
262 B 24ms
22ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4Lo4gEwAQ&v=APEucNU_aCh5hDI1jkpJ-WJsqu4J_sUFPl_bHY_Fl8Xq1Ol-nEOOeTw43Ln8Y3W1GHtRHmwdAfyG7BhqRilPAfVxtS1xQ3BuHLM-c0UhURRHtdrReqVFNj5ATGcUA3-8vBUR_f8P9pvKX_66IiSzARWe-QYv-EtWTNo2bT_9iRuycGT8Sldxoew

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 22:52:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame BD79 78 KB
27 KB 87ms
86ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 30 Jun 2023 22:52:06 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame BD79 42 B
63 B 42ms
40ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CbeejR2myqqEfB1loFazAjrLDNnU4vS4h03nNTUYrxsZTZxIZbLLB6hqT4ZJHLIyUXq9gPNhjg5H6EXZeiNdmUveboAy0DTQJ2AqlLILHh2lh8oRY

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BD79 0
20 B 42ms
40ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=4947200756656001890&x=1&ct=76

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame BD79 3 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 14:55:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28601
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 14:55:25 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame BD79 20 KB
8 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 17:50:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 17:50:19 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BD79 179 KB
56 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 22:52:06 GMT

GET
H3 200 container.html Show response
6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0DA2 6 KB
3 KB 9ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306270101/pubads_impl.js?cb=31075743

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 22:52:05 GMT
expires: Sat, 29 Jun 2024 22:52:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 1156 33 KB
34 KB 29ms
6ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 19:09:17 GMT
x-content-type-options: nosniff
age: 272569
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 19:09:17 GMT

GET
H3 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 291F 34 KB
13 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7f3232e16c5af1b4d3192ed6be46c39b4902ecef8717b7a1dc69da6b8fe34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 18:39:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15164
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13672
x-xss-protection: 0
server: cafe
etag: 2805512053162071780
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 18:39:22 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 291F 24 KB
6 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 19:05:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 531997
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 23 Jun 2024 19:05:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 291F 179 KB
56 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 22:52:06 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 291F 23 KB
9 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite_fy2021.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 09:09:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49370
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9104
x-xss-protection: 0
server: cafe
etag: 12939045362079141464
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 09:09:16 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 291F 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 14:55:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28601
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 14:55:25 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 291F 20 KB
8 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 17:50:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 17:50:19 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 291F 0
0 15ms
14ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRLYHTADpAxu8moNT7ds81Nur-NPq0Di_mEzVRgjnseNp-_9TYgA9KdBL8HUkl9brFR1H8Zr45BCluuNU0Fkej4qXMHRQ
Requested by: Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F878
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGEgYZPZKA1rPbXPU8C8-_0&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGEgYZPZKA1rPbXPU8C8-_0&google_cver=1&C=1

43 B
632 B

7ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGEgYZPZKA1rPbXPU8C8-_0&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4Lo4gEwAQ&v=APEucNWe8iD4aVMb-u5Zgzm6rvBbcQFZ91EFUjfUpC-_bRHzuQzj4NF1GsYUdAro0koVtPej4mpFyxg3TE5M-cSaBZinyS8VGgJtse2fnuTi4WRjjsOue23KJw1EKsRQQ6qAyC0VQbz5MdgbLOqWvcqRcoIBaTZ2mxn6xby9xcULAaOhMvKWLlc
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 22:52:06 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 22:52:06 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEGEgYZPZKA1rPbXPU8C8-_0&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F878
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJ9clnyK0eZzOFLIHqvncQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGEgYZPZKA1rPbXPU8C8-_0&google_cver=1

43 B
632 B

7ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGEgYZPZKA1rPbXPU8C8-_0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4Lo4gEwAQ&v=APEucNWe8iD4aVMb-u5Zgzm6rvBbcQFZ91EFUjfUpC-_bRHzuQzj4NF1GsYUdAro0koVtPej4mpFyxg3TE5M-cSaBZinyS8VGgJtse2fnuTi4WRjjsOue23KJw1EKsRQQ6qAyC0VQbz5MdgbLOqWvcqRcoIBaTZ2mxn6xby9xcULAaOhMvKWLlc
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 22:52:06 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGEgYZPZKA1rPbXPU8C8-_0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame F878
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEKovGhQ8XyIk0bTIbPkpX30&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEKovGhQ8XyIk0bTIbPkpX30%26google_cver%3D1

43 B
1 KB

13ms
13ms

Image
image/gif

185.89.210.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEKovGhQ8XyIk0bTIbPkpX30%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4Lo4gEwAQ&v=APEucNWe8iD4aVMb-u5Zgzm6rvBbcQFZ91EFUjfUpC-_bRHzuQzj4NF1GsYUdAro0koVtPej4mpFyxg3TE5M-cSaBZinyS8VGgJtse2fnuTi4WRjjsOue23KJw1EKsRQQ6qAyC0VQbz5MdgbLOqWvcqRcoIBaTZ2mxn6xby9xcULAaOhMvKWLlc

Protocol

HTTP/1.1

Server

185.89.210.153 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 22:52:06 GMT
AN-X-Request-Uuid: 8bb6c118-44ad-4589-82c1-ecc03ffcf06f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 45.141.152.73; 45.141.152.73; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 22:52:06 GMT
AN-X-Request-Uuid: a6bbd69c-5bbb-44a1-9a1f-9262b24cc000
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEKovGhQ8XyIk0bTIbPkpX30%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 45.141.152.73; 45.141.152.73; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F878
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTUyMTc2ODM3MTg0MDk0MjkyMg%3D%3D

170 B
188 B

16ms
16ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTUyMTc2ODM3MTg0MDk0MjkyMg%3D%3D

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 30 Jun 2023 22:52:06 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 45.141.152.73; 45.141.152.73; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 9a9ccb5d-ee55-4ce3-8263-b1e9bb96316f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTUyMTc2ODM3MTg0MDk0MjkyMg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 2120
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFaLzMY3uyaa1GKA8KX4Ess&google_cver=1

43 B
114 B

16ms
15ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFaLzMY3uyaa1GKA8KX4Ess&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4Lo4gEwAQ&v=APEucNU_aCh5hDI1jkpJ-WJsqu4J_sUFPl_bHY_Fl8Xq1Ol-nEOOeTw43Ln8Y3W1GHtRHmwdAfyG7BhqRilPAfVxtS1xQ3BuHLM-c0UhURRHtdrReqVFNj5ATGcUA3-8vBUR_f8P9pvKX_66IiSzARWe-QYv-EtWTNo2bT_9iRuycGT8Sldxoew
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFaLzMY3uyaa1GKA8KX4Ess&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 2120 43 B
304 B 49ms
15ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4Lo4gEwAQ&v=APEucNU_aCh5hDI1jkpJ-WJsqu4J_sUFPl_bHY_Fl8Xq1Ol-nEOOeTw43Ln8Y3W1GHtRHmwdAfyG7BhqRilPAfVxtS1xQ3BuHLM-c0UhURRHtdrReqVFNj5ATGcUA3-8vBUR_f8P9pvKX_66IiSzARWe-QYv-EtWTNo2bT_9iRuycGT8Sldxoew
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 2120
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEEq3807gKdHyA8E94-lXxTo&google_cver=1

23 B
163 B

32ms
32ms

Image
image/gif

104.102.35.84
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEEq3807gKdHyA8E94-lXxTo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4Lo4gEwAQ&v=APEucNU_aCh5hDI1jkpJ-WJsqu4J_sUFPl_bHY_Fl8Xq1Ol-nEOOeTw43Ln8Y3W1GHtRHmwdAfyG7BhqRilPAfVxtS1xQ3BuHLM-c0UhURRHtdrReqVFNj5ATGcUA3-8vBUR_f8P9pvKX_66IiSzARWe-QYv-EtWTNo2bT_9iRuycGT8Sldxoew
Protocol: H2
Server: 104.102.35.84 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-35-84.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Fri, 30 Jun 2023 22:52:06 GMT
pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEEq3807gKdHyA8E94-lXxTo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 2120 23 B
163 B 72ms
34ms Image
image/gif 104.102.35.84
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYm4Lo4gEwAQ&v=APEucNU_aCh5hDI1jkpJ-WJsqu4J_sUFPl_bHY_Fl8Xq1Ol-nEOOeTw43Ln8Y3W1GHtRHmwdAfyG7BhqRilPAfVxtS1xQ3BuHLM-c0UhURRHtdrReqVFNj5ATGcUA3-8vBUR_f8P9pvKX_66IiSzARWe-QYv-EtWTNo2bT_9iRuycGT8Sldxoew
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.35.84 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-35-84.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Fri, 30 Jun 2023 22:52:06 GMT
pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H/1.1 200
OK ajk4xlebn4mw Show response
hal9000.redintelligence.net/zone/ Frame 11C8 10 KB
4 KB 52ms
18ms Script
text/html 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/ajk4xlebn4mw?subid=&gdpr=1&gdpr_consent=li&rnd=676139820610320090&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DzNG8KmxNsGZaGT5aZaZAmw%26exch_seat%3D20035004448%26mt_aid%3D676139820610320090%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dfce7649f-5c96-4801-b09e-4114a8d85f0c%26mt_cid%3Dfce7649f-5c96-4801-b09e-4114a8d85f0c%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCs6DclVyfZNyqLIqigAfJz7qgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwHIAwKqBPgBT9BnElqjEMb9jts3eZgK7P8JEH7HnyPr9ZWDJLxyRUuWsJrek-PSOmxu8rZT2Rlq1EoAEvQsyttq5pZ2K3iSCHqS9wfVLTXB_73P3LRix1YSdk-0lD1vi5dF72YITXk-5tRhHFB_S4eOdUc3cPJ5ceF9JXxbhO1Uu1VmdxE38OaozaSPsdvTToNHOHIrjY4w9YKt113MZ8QhlfPqi81B5tdVKfKWXebF8RCfov1Oki0O1Le6G8it9IQQrwxm1ZdSxhEnMsft2XM5hdU_2VD-0dbWyC4xyaq1WAHV-6VBS9ZV91pI8aqJ5j_JrMetaJl38PjW6OmQFnfgBAGABr7U1vzZmuidqAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_32FHMT5WONy1zYS7730a1bQdLH3w%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 Falkenstein, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 65fbb0b0a75628d64f6ab9ab994b504bb65caf107e13cca7c2a74e1ea5ce14fe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 22:52:06 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3461
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame 11C8 49 B
330 B 54ms
19ms Image
image/gif 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=676139820610320090&node_id=4043&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzI0LyAvWkRnNVltSTJZamd0T0RFNVppMHlObVE1TFRBd01EQXRNREF3TURBd01EQXdNREF3LzY3NjEzOTgyMDYxMDMyMDA5MC82NjIyMzMyLzQ1NjIzMDYvNC9ESFNDM3Nsb1NycWg5enJyUjFEdTUyZG95Z0hZdmtfa1VpNVpCU1YydmdVLzEvNC8wLzAvOTU2ODAzLzAvMjE2NTM2LzY1MTg3MS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzY3NjEzOTgyMDYxMDMyMDA5MC9hbXMvMC8xNjMvMy85OTkvMTYyLzIwMDE6YWM4OjIwOjovMC4wMDAvMTY4ODE2NTUyNS8xNjg4MTc4MTI1LzQvcHViLTc5ODM2NTEyNTc4MzgyODIvMS8/0xsKS9czT7JuD1J_yMLnQjC7OCM&nodeid=4043&group=cdg&auctionid=676139820610320090&pbs_auctionid=676139820610320090&shardkey=676139820610320090&sid=4562306&cid=6622332&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.72&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCs6DclVyfZNyqLIqigAfJz7qgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwHIAwKqBPgBT9BnElqjEMb9jts3eZgK7P8JEH7HnyPr9ZWDJLxyRUuWsJrek-PSOmxu8rZT2Rlq1EoAEvQsyttq5pZ2K3iSCHqS9wfVLTXB_73P3LRix1YSdk-0lD1vi5dF72YITXk-5tRhHFB_S4eOdUc3cPJ5ceF9JXxbhO1Uu1VmdxE38OaozaSPsdvTToNHOHIrjY4w9YKt113MZ8QhlfPqi81B5tdVKfKWXebF8RCfov1Oki0O1Le6G8it9IQQrwxm1ZdSxhEnMsft2XM5hdU_2VD-0dbWyC4xyaq1WAHV-6VBS9ZV91pI8aqJ5j_JrMetaJl38PjW6OmQFnfgBAGABr7U1vzZmuidqAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_32FHMT5WONy1zYS7730a1bQdLH3w%26client%3Dca-pub-7983651257838282%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.393.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 22:52:06 GMT
Server: MMBD/3.393.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x96, cdg-bidder-x188
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Fri, 30 Jun 2023 22:52:05 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 11C8 43 B
418 B 82ms
29ms Image
image/gif 95.101.148.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=676139820610320090&v3=651871&v4=4562306&v5=6622332&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzI0LyAvWkRnNVltSTJZamd0T0RFNVppMHlObVE1TFRBd01EQXRNREF3TURBd01EQXdNREF3LzY3NjEzOTgyMDYxMDMyMDA5MC82NjIyMzMyLzQ1NjIzMDYvNC9ESFNDM3Nsb1NycWg5enJyUjFEdTUyZG95Z0hZdmtfa1VpNVpCU1YydmdVLzEvNC8wLzAvOTU2ODAzLzAvMjE2NTM2LzY1MTg3MS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzY3NjEzOTgyMDYxMDMyMDA5MC9hbXMvMC8xNjMvMy85OTkvMTYyLzIwMDE6YWM4OjIwOjovMC4wMDAvMTY4ODE2NTUyNS8xNjg4MTc4MTI1LzQvcHViLTc5ODM2NTEyNTc4MzgyODIvMS8/0xsKS9czT7JuD1J_yMLnQjC7OCM&nodeid=4043&group=cdg&auctionid=676139820610320090&pbs_auctionid=676139820610320090&shardkey=676139820610320090&sid=4562306&cid=6622332&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.72&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCs6DclVyfZNyqLIqigAfJz7qgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwHIAwKqBPgBT9BnElqjEMb9jts3eZgK7P8JEH7HnyPr9ZWDJLxyRUuWsJrek-PSOmxu8rZT2Rlq1EoAEvQsyttq5pZ2K3iSCHqS9wfVLTXB_73P3LRix1YSdk-0lD1vi5dF72YITXk-5tRhHFB_S4eOdUc3cPJ5ceF9JXxbhO1Uu1VmdxE38OaozaSPsdvTToNHOHIrjY4w9YKt113MZ8QhlfPqi81B5tdVKfKWXebF8RCfov1Oki0O1Le6G8it9IQQrwxm1ZdSxhEnMsft2XM5hdU_2VD-0dbWyC4xyaq1WAHV-6VBS9ZV91pI8aqJ5j_JrMetaJl38PjW6OmQFnfgBAGABr7U1vzZmuidqAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_32FHMT5WONy1zYS7730a1bQdLH3w%26client%3Dca-pub-7983651257838282%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.148.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-148-198.deploy.static.akamaitechnologies.com
Software: MT3 1031 59fd23a master zrh zrh-pixel-x14 config_version:"1524" /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 22:52:06 GMT
Server: MT3 1031 59fd23a master zrh zrh-pixel-x14 config_version:"1524"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Fri, 30 Jun 2023 22:52:05 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 11C8 49 B
330 B 59ms
20ms Image
image/gif 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=676139820610320090&st=4562306&time=1688165526&nodeid=4043
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzI0LyAvWkRnNVltSTJZamd0T0RFNVppMHlObVE1TFRBd01EQXRNREF3TURBd01EQXdNREF3LzY3NjEzOTgyMDYxMDMyMDA5MC82NjIyMzMyLzQ1NjIzMDYvNC9ESFNDM3Nsb1NycWg5enJyUjFEdTUyZG95Z0hZdmtfa1VpNVpCU1YydmdVLzEvNC8wLzAvOTU2ODAzLzAvMjE2NTM2LzY1MTg3MS8xLzAvMC9NREF3TURBd01EQXRNREF3TUMwd01EQXdMVEF3TURBdE1EQXdNREF3TURBd01EQXcvMC8wLzAvMC8wLzY3NjEzOTgyMDYxMDMyMDA5MC9hbXMvMC8xNjMvMy85OTkvMTYyLzIwMDE6YWM4OjIwOjovMC4wMDAvMTY4ODE2NTUyNS8xNjg4MTc4MTI1LzQvcHViLTc5ODM2NTEyNTc4MzgyODIvMS8/0xsKS9czT7JuD1J_yMLnQjC7OCM&nodeid=4043&group=cdg&auctionid=676139820610320090&pbs_auctionid=676139820610320090&shardkey=676139820610320090&sid=4562306&cid=6622332&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.72&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCs6DclVyfZNyqLIqigAfJz7qgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwHIAwKqBPgBT9BnElqjEMb9jts3eZgK7P8JEH7HnyPr9ZWDJLxyRUuWsJrek-PSOmxu8rZT2Rlq1EoAEvQsyttq5pZ2K3iSCHqS9wfVLTXB_73P3LRix1YSdk-0lD1vi5dF72YITXk-5tRhHFB_S4eOdUc3cPJ5ceF9JXxbhO1Uu1VmdxE38OaozaSPsdvTToNHOHIrjY4w9YKt113MZ8QhlfPqi81B5tdVKfKWXebF8RCfov1Oki0O1Le6G8it9IQQrwxm1ZdSxhEnMsft2XM5hdU_2VD-0dbWyC4xyaq1WAHV-6VBS9ZV91pI8aqJ5j_JrMetaJl38PjW6OmQFnfgBAGABr7U1vzZmuidqAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_32FHMT5WONy1zYS7730a1bQdLH3w%26client%3Dca-pub-7983651257838282%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.393.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 22:52:06 GMT
Server: MMBD/3.393.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x39, cdg-bidder-x188
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Fri, 30 Jun 2023 22:52:05 GMT

GET
H3 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 0DA2 34 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7f3232e16c5af1b4d3192ed6be46c39b4902ecef8717b7a1dc69da6b8fe34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 18:39:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15164
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13672
x-xss-protection: 0
server: cafe
etag: 2805512053162071780
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 18:39:22 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 0DA2 24 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 19:05:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 531997
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 23 Jun 2024 19:05:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0DA2 179 KB
56 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 30 Jun 2023 22:52:06 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 0DA2 23 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite_fy2021.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 09:09:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49370
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9104
x-xss-protection: 0
server: cafe
etag: 12939045362079141464
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 09:09:16 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 0DA2 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/window_focus_fy2021.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 14:55:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28601
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 14:55:25 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/ Frame 0DA2 20 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230627/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 17:50:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8312
x-xss-protection: 0
server: cafe
etag: 5477749917372345267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 17:50:19 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0DA2 0
0 14ms
14ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSd-FQ2k5cW_UdsoLjjCkSt5O_CPrRUanw3DK_Tzy75cPueliuNvytK9wLLWC-pYy3T39Lf8LPXzFVAfWTzbwEb6mo7LA
Requested by: Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 5ed7638be4b07a92411bbffe
ng2.virgul.com/tck/imp/ Frame 0E33 0
209 B 254ms
50ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7638be4b07a92411bbffe?g=1&t=gb&r=153366@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688165524908&userId=vnet30fdf97d-b55a-4897-98c3-08cd17af8e3e
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 22:52:06 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5648818383791576392
s0.2mdn.net/simgad/ Frame 291F 532 KB
532 KB 10ms
7ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/5648818383791576392

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

187574c8a3cf0026b633b356842e03d60450be911027b697e9542a650d1049c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 23:03:05 GMT
x-content-type-options: nosniff
age: 517741
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 544482
x-xss-protection: 0
last-modified: Fri, 31 Mar 2023 09:51:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 23:03:05 GMT

GET
H2 200 14952963386359035714
s0.2mdn.net/simgad/ Frame 291F 10 KB
10 KB 30ms
26ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14952963386359035714

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 23:03:12 GMT
x-content-type-options: nosniff
age: 517734
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Fri, 31 Mar 2023 09:51:26 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 23:03:12 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 291F 42 B
63 B 32ms
29ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DCb3nU9bHTTvXRBhl4V7nVjPc1aj2aLTWYqcbgCZ9F-ehThqJLZUI4wCChDNFzftrrNKR6Wyz2u0Qizw92torruUYc_ebgkMU3VattclqNwIdOZQ0XQANAJ3xMMLnKjgwsqILEyxLRzPr049P32oY_YeGBiw&dbm_d=AKAmf-Ds_jVp-3dZbJeI7LT6UjaDCnSRz-q3FmcqRgS3IzVZtmiOYcqtjebi_4WKUmqcnYHnzLyGMdZbeoQjOBgoX9aO1951kMnzD81cd9Xd-VNVM0VAzmzoiFfhrX2-GB5EZrog2vmsFgpvy5mSwgKgB7S4ibq2a1mX_tisb2mK8bcp_R-6glZq0cLUfS5vYRTmLvcvIpVPPrOud0SCItKZueyDioHAg2650JV006weKNgoSDVchwCd2uE84kYpKEU5FYczRksb9-C-f-ul8XG9Yx38j7UwWMPcHOzvyaukBc1FdRKzlrEtuVjFlTXh3a1ZGBha-7Z4GUq4yvy443a2I2RQfjmGyNMjYADLnF45QagNOxeDIvhIj4rfQkuYVrt5oQNV6U0_aHafNUMw3eyiTo9DznK4_I6J40GONyoLjQ4XCN1yl2_W5mbw10tKQlrfti3Ns31V2ejEwFjTQMrlt5wJ19MqaryNM0s2HkoKr0kKdgFlxnruHv8aFyKdWcSZcpcDwLk_eYLHRpMmHbTtmx3cQiL-PW7VqCnOLPNiKt5hFbUe5go6i3Gl7SQ00Zn10KdBO9E9M3mjjT0g7H5TVq3JgUlIU01Na42VlcFPMmNaTOYJMDRi8FoUrvzRQOhtPlkPPg5SsY7QanoyCtOzzUSYmgdCwHZnMnTsOAnwT-nbDllLkYCKZzQyxfgiglt6Wit2HVsIQ2EC92oWtldVTkp-hCS_QWndVtSdGyvzjn7PFOJIFdJy9ZZmAcqdUhBHgLylLefZvTzBs7i2aeWyMpdhH-8uSBDppPjnzoCHTctyNxGBbMARvdTsaxJWZfHcnLsueMz9hM95zo-SkmlHsP4DMqvTgNdJwqoe3zotAz1HVvsvgbpC0lLgIBAOuNWB_Xqhjsy9Z4YK53ONw1G7_kxE90yDYn_oXxfomkw8tgyK3PZMkvkkmANNmLiAIstEwZZyBfq94VItzbd8Azf4oJQqUkFsiN6Xc0IfmnxkFG32RAVw1lf7Z9Ly4VvLS9W-JAbJl_Gp1A7dlBE9thWobe-ordd5Bb17nsdxj1lc6cVshsU2oMRzK8_uY7VRizjLmighILjMtLZ85JRFVAzH4K0H7Ji0Y79XKbYfmRUlNMTjt9PiDxGX2aLhCWKEKGbCqvF-jtWwbqtHLPoFCrEVnpFVl0SjZJ_sEvYvPrfY3eqFQBnAV-WdvRA57fF2B0ei41dMo0p5s4aIBm9dzCbLnyrC5xjC7NSiZ86VnQirKCkuOoxAkDi_jTHfb1eQStMjCtRVWYpMe3uZc6VLUdslDq_Ni2qMSnthT0omNDQ_r59VuSFEbQAJXj0Dy4KGT7ACCilqBHMyW3zrk-YRMUMD58EP1vO316QdIHFmXkqEP7zjlXSfYVMAI1L1gclCRkYy7OSDOo_oHDxlNhR_EuzyFn1hqHhvrBDVZsNO77lwdTxLYTpG4359rjwPdpg2Q-_82lraUkqhEETutv1gnR9gH7M2N5zRq_B22DWIFhoNXvX7zT2qvKkBzDoc2BzdSEni0bP_cEnkXZfw9TxXfArwbt-ztW8ZK5wzB9UNYVn04IIqdsT7l85woaYVQqo4NbiLX5fgru7sk_nrM25r_HKYWwFEIDI8hBnaGgWfMFdc8qF2LLNCsnSjFYFWBI3ES5LQj3s5PW9qwDNklQen6XrVMG0I9cuaaMx0IKqo0H_b1ZmM1GMH3qkGXRDH01_atJlwMPKl4eO03iPl6Iox7FaTl42qmiMOzNMMLjLnkmfQyO4RSjV9If_NhYQRqXC0Kf9KHaCPi6BL8QnLBjo4x0lur7OeviHce9trIgzkrZzsr59OVIyBJ6f_LbLLeAsxEs_Trl260zggnVr0qwkj53ufyRJxRwGAXG4_wlLRjTFYuaehBYMUCjTDvXmI9U0FYot8_Ds_Sh8lEyWK0HIGG9kPPyrUnA2hCpy9GU7sw8lEAxb3GifDxIAsS_Nk5X0V-Pn1Qvb08fntyjLXL2t8OeRSo3pkaNepFNuXA4Ijvx-Ov7JCkYG42D2T5QCLjxXnBC73fm9LF1IgoS7pOZWPOpLR39Z_6-e0DAephTzjvDBel3SF8eyFc4ybztnlB44apBGuV2Wx_q67VzQnCIZ4wQ4aWWOXk8f4ERXGzcPIVo0prWM34XeR0dFePsSi92muZ9LA2yESLaw-CUNbtzho17qnPmwMCqpDH3hgKT-VXsEPP4IGrzlNe0N-gLoKqrkLAF-eYdW_C3PInHkKM1osiLlEjFTeA_1BwVprBIla9d9RjH2O9Pyy6ifvbPoGjfQS_-9EvAHiwk5cov-EcFbIaQ5v3tjmzQCxgHm079wkGUwvuZqZo6nGZqh5KxTsg1cc4ZbOeO_wqzBZ-rocIK3eZNhTIs7Jjn8vvD6rVnniXEM5qM6rfxb-aHn3Q_EVE6dnLJujwzC-_yuXdbScJZnbDFc9HOW8aWywMJWZ0uOdO0H2HkHGV_9_UPmsksxn8ceaC4IyRrfX9KkaOShdqqgSMcMlp41A1-fAARnBD3SZtDDFS8CfkQzntowm5134ZbviLvp_grlrvw_8k_1f1nX76QEsd20OqKuVX2lCqqs9vVLiQoKI9P2QjoSVlqzgc6HAaeq-AgCAllARn7JiS7FofidDLrkt-WLL0-jqMmq_Do4KHLAPHc_WDsX5j2bdgq-SoU4W0DnLT0KfR9jCG5ziLnOR156G-T7i3RFYaSXROWzeES8mPihSx4FLzd60s27mI_I4v0E6K7rTscukUxudy5wOK_cWUxUImX6xkmUbxGIMTOaoIUmP3OX4QR0QEYGivgky_PxyQyToFIvOuWxjUIqTXYIHvqt5aGHBERsOb0mYP8tp6aGKmu2Pn7027kS6H_a3f_UVLLQWCDiRNDozvBFgAwmy7dgj3HvP6cEx1sTdvv9Tnc6-LPbwhSIIQJjLKseN09cjJw14aDwGaBEYeKFixDOii4Dr5oWynPoKb4pjzV8G3Ph6D-9OxATVVgULQH_kT0ApMxEZ5nMZb57FNrDhyLFIl6xS7S8Fr6Ac9IEAexDCfKwTOTWIt6YsMXIxjlVAGHmRHg1Cbkqdb4_hj8SAX3aLNWFuPFQaXrkv1Ow7i6zK3b8u9qQ6dAsihL60e4_Zu-Lin8ATePx2I58x_OE-6cYFioNjt4k2GY5-mmnXiPYg74iiGEtV4kmKPOXooy-ZGig2JoApjF3OEpn2GsNTZqfp5OaFdMkH88g3NLxVl_C-TiSvak3XhfS2C1otDovcFojP_txTWFFyE08P3081edefW-cJ4ISBY4PNu7ALjSmbtn0CeRDMCElqy3L-rHUQb_bJNwA_4_F2BPNco4pqSQPULCMWet4IcbAqLhD3toX5WQ9kULd04mHDeoaS0ifIS2LFXPBqVydQnWvMszb-lzlBXA3SRg8BLKG1lI5OYJDqPs6B5Ln1muakiarzdkhfcWN-zj9En7rGzRMqfcO5nexxLPMcrCDjA4RCPvSXtWglLVGpKRKs8TTRaCfTpLsNkVApWbfUMpxUJoYhlQae7C3mnz4vsrh8F2e_EjhdB1S57w7YhCo&cid=CAQSOwBygQiDDAsDm-byXx5OG_QwXJ8vUwv1TCi2IuDErdhfWlX-vobsDGIjVqBhD1lDr8XjoObrqKEDtH1rGAE&dc_exteid=31141157410939618231844229804967161&dc_pubid=4

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 291F 0
0 46ms
44ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C1fMWlVyfZIG2LIKHgAfxkYsIl_bW5m-3m8itjRGeuIi2gwMQASDAsoJrYJXikIKgB6AB06nd-QLIAQapAooDYljaUbI-qAMBqgTaAU_Qni2niNplknzBOIYNq5FiTA7tz66ZUemdrUE4aFHnc2z4XE2NuJGT3VSX7u8WVby57qy7yqIGl2D73ew78fIFYDqa8i7UU6lpLi2GC0QyqbfC2WBj5l1IQ_YGt7SO_8IJy87NQyx1jvMiSnaGjeamAKdU8jlpuQ1B-8rU_dS7dSpVmKdkArF4PgWRSOxbXHwma5fhzBFkGa-DBKriRgTIAtGVysFQg-8BmqVTbeex2_qCdf1Og5ldG-4dlNa9JDRClFUGWInV0OxD5MRMyulvkaxcctpN0rW3wATw97ucrwTgBAOIBc75m5VKkgUGCBsQAhgBkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAY3gAeV1qKGAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcKEOnGCRi0kcDlAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgPICwGwE8O84xPIE5vtjuID0BMA2BMNiBQC2BQB0BUBgBcBshceChwIABIUcHViLTY1OTM1MjMyMTAwMTAxNTQY6sFt&sigh=_2gWQxc5_tg&uach_m=[UACH]&cid=CAQSOwBygQiDDAsDm-byXx5OG_QwXJ8vUwv1TCi2IuDErdhfWlX-vobsDGIjVqBhD1lDr8XjoObrqKEDtH1rGAE&template_id=509&vt=10
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8B53 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8736768384462&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8B53 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8736768384462&version=m202301230201&ct=76&x=1&cor=18396302603105362000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 8B53 94 KB
37 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D06o_qHCyZG5kX_B9I5dIvP0yjjcJezIugjao-Fvaermzg6B_L1KN8YVIEhxh28zbxeFnIqrDpZRR1Fwp2lMr4WaccyjlmK_ugWA9qFoi1j0g0wOU&cry=1&dbm_d=AKAmf-D7lvQVVsUdyHJXVUXUEKDT_NS1KSfsp9CoBnYwcVyAV3Xd0bb2mdVFNHPhUkN6I-dbXsKfb4gxg2eoivrqr7tqvrL7CVtc9flOSWA4VWeVRKKOMlEIvFBJ3QxJFySy5gJ9ALvNuTPsEEvXJh4His60Zr0r92L5Cj0-zfRYsfUhzAuQ-nOpI-8t_0TNt5BkXkHoGVNzg80wHNxL6LCxs50GRI8zhdKnSVM4AjeY-Nbo6qzK-gpmFh4jZi4N87gYybyLp23wsx5bkXL7t6biPKqIW2QzEUG5lSWARK0tvURUKrItao_wEbcP6NXH1Y6Zhd-x9h5uxyubs5LzJQJ6Va4F3n5BbixahUvsm32tP3CsKFgkU7KmbcYejrxDFyUmExDb_fpWaTx1sWnPJb9jsXfTFNotyzRA975SnB0preaYRnp4rsoZY8FUdZ0MCAleUq1xP4CmTFs3GDnVdf3C1gsSERtm-ot9KVP2ywSU4GhFzpqhUoOsydhKCXzoFiqAkNcjWG9UTaR1o4l4eq_-LlV3Q3gQ0bEWvSAkNVLopLVSnSkjzq3Hi1BfbmKLoG1-l_088j2RqCqwYzUV0lPUXTutxvamHhXh-0UR75LV65gErnH18Vn0CeOoCBqrnDFy51ULwkw9xkWUJ_04-0UWrmKi95-BXEXoFT1Tw4q-N-CMi9okGsHPurzlKoHRkH-sqhAId2f2cQfMCJw9TM-4Lin7iMqpwOP8mIJMCpJtoMHQyaMvCUZpAoZGzAkhBQwwQSr3XzAxAoCnGVTLPGlLOLBaKxXMxDh45to4G1ikKvmEWaBzg6rwc4hRjRgkE1zgVRU9uKC5tSMIdkxXAA1M3YA0W_rYX-povGjYMqsjO5YHrxRYY97GqxV98D734VdosAtz-bpC1iAxNXiCZu_Hqgt7NprZqV-OnX43XvAHvzlvPb3zC8cSYxnZvdNpZ9s_Ltscr6fMfnmiirjglrTvb_tB05gUt4a_OP2ydY-iKamNFz1xhQGwOcTxqhaVnATZWA6zPOfh0POE8_VtB3IChwplufKX1x6lnC1b-epu1PTMQgfAqV3Fbnre84_AyKByXiLcldfN1IaB7pDwZDMhgUOszATy5YE-drpYHzZMEeyvw87nVgZ4nSNlspGMVTTeU_lXmSQjsY1Qvq_2lKEBWCeqf5-A3YUqwLhc3VmUJnU563Wd2OPRe1MEAoffTLTlkDo2l7IHUF-r30V0UfRXyV9-hN8lT7A7PiEdww-S2MKSel0NcPWbvistbz7K_UlHpGPrI8h_X7BFVXsUxmquuObhEclTqfVqMZ4tSV6HwlQugNb_pD5APlrLBe-4FCgn2Tcr3ErJf5Zg0oOJ_UCnOJuyj1TY8GZJoHxdWFKaVyHFFYOhyFrdQTdT6eUFFcPObSkTuzZjblN74SDxzJxeVnY7WyVEAMz49GwIOHdmufUluGZzrrEhD-UFMwOivMjj43h4TSF-yYGbQ9ZXdDkycX-PoU7KbfygqyGafuqRPd-z0JszZ3DpsGL67a7IgIV8LnnMz_Xfb9QOEeN-TWBj4O523C8ZUA5KnKE7YkWvW4KkYgRHUhmvDnTspB45hvw1XPWdbcT_PnygPEncHJZRDTDakPMzQ82QAkJnEs7HcM66CBH6HeWaRy9IILsxSU8y2tqqxsovsNFxZo8HGoFkHw1mxHASkC8U_VGyMif8hf214rTcekbMTaQ2zfRQMY1R0BE-jDg364h1wC0Kb9am39O9cjAGCAV3pKSsVc2DRZ2r4uPF9rdJpa3W5WPcpqI2zcv16_f7Cejv-c9LpXB6UhghAKQakKHq8AG6OlSVwWpIgEJTx465o-i5shA9BBu9xdnzOIxfFhl9pbrvvizmQaqpBLd4Qcd97sYKoeuagfgYUPOhzept7POySDX5dXjpnSYI09knCAPTGI4InFrVHYUBBycTyP5fetNA0cXplNP22PEdOzFiNXn5sC63JcehhqnOj0EeI1ZxCOFeqPwet5_KUz5qFxMNzU2SshM6LLTmo-hV-95f_1JdqBME9Sp2DSyOXeAaEljuDJXS3Bqmtg1UDPcR68tmclTrcnmTS8SHYP8P2IciWmWAdpKFChnD39XrJ0ye5G4Vd0nXyiAsqf0srYaewX4CE4UtibHXQuOBVpfNNlHj62hlIfsAc27ytUNgQSWDpqBWSV53y1jBnBIrOrAgrbY8i9QoWLf2VFF0lI2t5cQPNRt8IGbDS2iii80SWkxAYlPsRWuLwKrXIz7l0vDDSEJ9Uk1Y6KR3DMaQt5evxVv09AdLpKhQBrYZ9xPeA8cwHN_igirG2fL6RipIYSjATFp1tIcFVVuu1Wjz6aXDHxcYJ6Z0NqtI_W9dYge0qQfyINRNAxn5RU7dfasNCyGaPnmXhWJDWsrRn665oKNb_xT5tp_Xhc5WuKbjemZmfSOeBMrJ1aXooKw3MCCKanooKnGjFWW3Zy9o4-bj9xT1ioEYFvQT30SE2JRcqMS9J6HntBVS7590yFo7xNpareo4i5KVMWRM4FsCVgtBpkIO6Rjpc-5NN83mcKJVFW_q78WH2aP2QkBTtTJbRcc4yEhy_zC3gFWad8i8YpkilR-RRMUsic8-CkRIRfUK5d4SFJqNON7QTWQ87x9qVMel1rkoEOWnSBzYzVJLI5pElWvXWI75Zv3Fm-xClyjQtJvUzCOSr1inI12lVrJ0Zf_VBIHA2Ms-are7V0NrixXNP0lmz9WrjfkEsTFfP7hAWxxhB_aZKZiKD4gJJijf07yTLLmfa3tzJcHTatZaO7JMIizkcxUQBATb-G_BMX3oXtwSZ7mVOcIYzrUlG4fqpQSEbDUYt7RX4fAfCGJHreZqMMSyMSd8cs-psikqXAoQQ5zSDyb7QEskjio9An9ibGaUj0dUXuZYVvwaQstX7kTqPVOheZeQ4Z1qoyeN9tzEI4duvui62VPdTfPyXnWATyY9kxFH5JNw181098NZjuBbycx3wTDCaKLBS_Wsi17acPSDHVfg_jNOKWTjrXRlzDPcjmbHhxzTlZlN09fgeLKWOl8jVHOcp629r2A-lOMSWfVgYU-8f4yuG3MAX_dJ4vpo2fshRShlmxHa5_BIILYgZZWsTqvo0fU2Bpv1_CKGhha3dAdXdhcHt0XNFqIsp2YvaEIbhlmxl54lNWp2OzWKFZzd57HlInpAo--aG0kqfibLwZkwwMK2iB_-jbnMVm3szMG7ysZO1_US2EtI2qAEKk9GL4pXn5NYkUdd-g_XUOv4lCfnbZ4D2bCWPZyNm6qvzLMFppjtDBtn6zFJ6LInv70fVyV5fYtkFdQNyy3qYw8wER9Z4_4tPG98IKT5LhMJbR13Vyb7oQnrYx4spx9IZVnahB_ri6okSHPkN8Siisw3lTcYHBruWpO1AllmQ3Dx0_QD-aMqBt0uihynYJztEKKVF_U&cid=CAQSOwBygQiDaYD5zfxYiuHIuMawGYbMRQOtPAShi3nVnbYtQ8thHzTbvaP2_Ao0L95wGxD2-KjQ_BQZGgAuGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=18396302603105362000&adk=1599433117&idt=60&cac=0&dtd=23

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

77d039ec23c648af833e447a3df69bed74cdf84c465422c52eff9a37a9503fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38025
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 tr.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 1156 3 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/tr.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012306200257000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 19:04:08 GMT
x-content-type-options: nosniff
server: cafe
age: 13678
etag: 9957912877679239782
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3057
x-xss-protection: 0
expires: Sat, 01 Jul 2023 19:04:08 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 1156 344 B
368 B 6ms
6ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012306200257000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 13:35:10 GMT
x-content-type-options: nosniff
server: cafe
age: 33416
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Sat, 01 Jul 2023 13:35:10 GMT

GET
H3 200 10261972549777223277
s0.2mdn.net/simgad/ Frame 0DA2 44 KB
44 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/10261972549777223277

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25b451f3cad26104f57800c79546bf5a40295d0cecf5623e623f4479b94d0ddd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:54:04 GMT
x-content-type-options: nosniff
age: 190682
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44765
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 13:36:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 17:54:04 GMT

GET
H3 200 7352296608196688721
s0.2mdn.net/simgad/ Frame 0DA2 10 KB
10 KB 11ms
10ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7352296608196688721

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:54:07 GMT
x-content-type-options: nosniff
age: 190679
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 13:36:48 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 17:54:07 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0DA2 42 B
63 B 29ms
27ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BZdx8C6wqyCbdBku5JYkj56etjaRMujIdKyn7Mxte6pxR0UPkDtiCguZzw2fgV4X0wEsZ0BwOgAunYzOU-kv5cg-Utva0RQZF-jAZ2W-sqV4UE934vdBeU9e-dZ2BdfBcOCqxiTFP6GYb2uKXX4nS9E628tg&dbm_d=AKAmf-Bwv4rYHfZJg_juWITs8LrgdLaS-EUElYagMbtNoOkGYI8F1_D5zt0QTvxfIJsuk7lEP5getTl90q32BEtpmOeXKZAfiIH6SFwtfPNEBV96Q8w9fOr1fW968SIAyodsViYODqyTeEzken5tjGuGARz80hYcYtRdDXoN03CELlhqzKLk11ieB829Ac-yZx_VG7qw7A7_jSVPq4ivxlkrSYyaHl-nltwTas757HMkn-tMb4qqA6lvQyqGdxr_DZkjaxcUmOHPXrvJM-sfembSG24m__AxWO7YnGLBSxq_MVwvWU8XyOBFxQpgBoC3rpOUTvvnRfvKWKD96yJVEJ8K_6Jr41MzQF_4kemlvABPF45zxXS0JxN5QnqXo-FRfBnxQ9XOgAW7SSsCyt9-QfGziqCaUxvjG8yNyzwPhTsr5h-SI1wgCIJ0FC3tvw5OspgvRN1CZGOYpjAiWwmnCArByhxu5cEUXDBfIsfOaK2RAPXbOxk2JFcIunSzSCJFX3aLmGaxpwXWWnUrunEJYt-72Gc5YW6dglqDcEovD8kq9pzD14SbBNrsY_hStBiCOQF-8HVhssswap6DU2kxbjQ6LfTHOeo7aWrmoRkfAHCfwtwikG5MMxxiR-N82yrArEPmnzzwdHNkDJ98rDE9TNXLh8nXsdaKeYuP5uApWRgf5B-I0bCoFUfSkJnp6NDIgp0Nm8WJeXeZP78vIpwqiCEZztAop4L3chUAMnSIvHSEAH1VQ6djD8LqceiL-QZdQxfUAe2Eg2wn0Xw8mBjVjZpTYooKbdJodIBSJ7o71RBuKDjhu6FbssBPZmfv6MO2kRARraYn8pILjFYnN442Bs59cXN_8CoJLmcLSejLZilgQFXXhJhZ5qFzVzxX0eAlLDOG-UzYoQ6EenmgQt8wfyhxAtKLP2DPRkBuEX9H1KDFBb14LZxYh1VDxIuQ4bBAHkgTBCLrVA22DdCYfdWaA3tYD4otq3UFQbVUb-2Fgf_l8b3LUO0T0yI-KrfuifCjC8Nwr7w58RHW9bh9_ZDH9Gj61DcRDCdXTArJ9NKQFybG9Zu5YXxmzi-FTunQQZzdFNLHnB9vOX0eY_iHlAnG4QmL6sJyhzMEPNyiKHga_yQZIfgHC2hbFw334CUluEqW_BeFQ2bxwkSI5FH504qAy2F3q5-QG4DGfarCjalzpK4vSH9M8dLHGLYpEWmQxy3IXFCaScxwiUC_H3hsn1vTlM5aag-wZM1s2ZzHo8i2epKuuSfWOcc4kp40OX8N5fgyDDfwKB9A7bvuriRke7UBdp8oA9a63lQ6aOc6VvqKQ5hOTDraiLKXoIWrWh2p7LX-BjFffkud3CQD8MpOeINrFAmrn4Am9stLVJ65aks_ikEigFq2iSw_h1Ksmbpe4WyS8uOAWLudvwvurFY3PS0CQeDKSsHfNjf1AuxPP6WGDLHhhpNz_o0SxYptvPwtnXp3kSN0CDoE_cUfihHcGgDRWype5kSRWvbBP7NBvyRev6MFTtnzApHQwQ6FSGMDgRyOVIoB0E2x0SVsG5ap1HiG8I8InPdUbOgeYdYsEzQvGiRwDllMtoobDRk2Hi0CquoTBEbPFvvjpMirUVvwP4uTHedNXi63BrX5kKUH_P4WyvN1EnrKLfqthlwRWI9XDC6yEokqryTgFZ1oBRYXpCxBSWH0RvgbOMQT6CVA2qwZkstyuBxT_bouW3e1oS3Z56AF0Bc9d_Rt_fAb-XvcklO1wqFD3GyIh65PVkHYFRJ5MjzbQgRnRdMPT9ckDeMBFsrILp2ZceFmMxoGsop8d8eX6IuC-uZ4enO73J1EmoBfphIfsQisNz0YvRbCpv1pgEV0IQpXZMqgyMyxQ9FNpXKGP9g4Yf8eYNLe9JQLZAgo-fbP3sVY8ODIKLdHoY_5m7bGeol5U4STg3Lt1DbvL7lPEMd2Zw-guenjNUi1dcA9S4ihDJfIlh6FQ9xUnoIo4gBFLCghRgeahXLkpO9TBFA29bynJaM9mk9WpMn9YrjpVJmYFrYdBE2Z3kev69rMdwFWcnEtCjKbCUMBs1QLfxfSv2HONwLlYZr6L5fix3YhX3XtTvEZKSBcD0RgIQZPmWQpRWngd42ogBnFVUcRWXzagtvgHvxpE8JWewhxfD3hue70p-yoZPR6hPv6LdBqD0bF-BBJTfOiN13Tor5-OBW3L38-bqMqtAlnJY8cbV1qc6CVBJeFLeSt40Ubj3pqG8ZrVun12JBBJ5XA2or3nd29w6NpV8jU4zn_PaSMCurj9BgMpHZ7K4Cx5d8i0OP_bWPQpg01S2pv960sqQUOR-OwhLqP7ITl0NHd7ZwE15GvLzReMLMpWYrY58Aa4NZAt1e9Cnl1fRdOaSzQ5WI_Ul6vmrJ0w7o9DWzJZ-RnoUchZWXj83uncDsfxXUrlq7OGwzARIX-GP0aIECm19we7s4pncvIf_rc89aD1W1brJueT9T3-Fow618_FotSbZVfmbvc4--P9cAfpMJ95zz5ca1FamYxfFUm_hPk6fWVc_MrxdgyOCLkVd0M0J2JBgeFCIVaiPhrzVKrThJncOVcVIB79VkXviZjf4ubtIUccpkfqaQy6T0gE7eaB1E4Bur6x3bZw-kTxhDkw5_KMmPS0RD42agnqmtP4wOLTnZ7Z_yjfiXIAIMnjvgeAsiTlc-5EejQH-C_1JtkHNda8EUlgYW2IbNoi7AP66JsjlY7KGmim43RN_79mmy2sdjoI6T6A30M0dkZWY9_764B6-3kOOB6CQ_8AH-jjv3PRXKjwTxf0gcB-KrRBcZ9hNHFmT13RhzGHXuHwQ5y1k8f_FsXOmJBc6YJOIvwMs1DtDfxk_RKuI38ih_gfzxp9qQIfPKdHht3e7je-60QiWZ0s4eWOxvbxANjjsErmI6Ow97UEa_FZAY-V2vzcigxvp7w3AWBcZjj9C9B6-j0Kq0yfZrlbHApqvzJUrtxAmn59rHc_Hm5xuNgSog9RPiFhx48YLZNYWSnNgCDv8Uz7Bj46sd1QRT9sZjrOmWSR_vQQXC0p-ZVzXsFTlu-9ALahGA3O9iZbOgRvVY7uy1lTaUeDN0lVzrfelkaqvFkCA4QHGh1u05J9NAiUZL1JFsWqsopCnW_xlBatIZCReZ8I-kOvIs6a8ztJIOXSD6e6cpGv1zfhWMCuFv-Jy3ViWAIEus7KrWtb-K1WQbrkQwNivOhsGyH_3MZhJJ5iQdMJgNRhe-IgPh4PlFnLq-40k1SAieZ9c-Zz6OSKAos_DvDJl2UMDGa4xqPBes9Gr1iehWWncMzb4n9ZONXkSlEkFp4QsGFOUd0ooppInUtbqZx-tcuhACaegJBM0DZ4Dgi6IWaqc_PBjuhqY83t2_tYpGln4OIP1lkuKIy48USD2tvZ4AoCwdP6Objgj1rhPFZiy7C-iZq6gbMq3Hi0wbG_9V7LhExj8qApWJR_3sfVMwSHWfk0vt5TZGPXigQNzmppdEtgVOWWifBpU6O7kc26YoctUhaJgiHn1K7D5tIo2BV_OJwcIWR1QBIv0H44k1ww3mnlrJZByw9tleg1m2RQ_7im2JuzFNOqfhCLV-EFMF7LAHYPgOgVRZeO7pKGO9DRvbbMguNtXa6VyrhkBsJ6VAfFh1TyMG6Jf2hxScglVWA7THLl2y5baab8g3GjBlq6JC7HCW8aOwaRPC-eYxxRr4jSro&cid=CAQSOwBygQiDy_YbPJT_29YVpnI0C9LQlqn3dCcnQ0gcUYqcMQVFbQSxmK1pYSlUFuIZ1wUWBgjYxYNaPJFuGAE&dc_exteid=31141157412337143746228617302229322&dc_pubid=4

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0DA2 0
0 46ms
45ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CoXRclVyfZNy6LNHRgQeBn4yQCr7iqv1wquK5ncoRm5Gty9Q8EAEgwLKCa2CV4pCCoAegAdOp3fkCyAEGqQKKA2JY2lGyPqgDAaoE0wFP0HCDb-WSvfT82aB7a2avXOo4wjlHe85mNR-hmgnT-Ekh8DIEFvpd_Wrjil_-Vkrof-5pArcm7Er3JaK3pOXU8ip_iwSCfHU5b0sxhvmDh-JiXv7WndkYInkHuo42pksTf1qiKpyaCtpS6M4dRxGoepPlkU_hAz1vSC7h_FaV5s_3SVJPgirQy2DyzyXEzY-RoKKPYkKNZchng8wrbQ57QttYC0Y_zvO2Tw_tuTD2DNn2IH1poFC50xxLbfqdWNuDBQ2vJekbXWz0h5LGBCjDKE_JwASsj_L9wQTgBAOIBcjf17lLkgUGCAMQAhgBkgUGCBsQAhgBkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAY3gAeV1qKGAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcKENaMCBil9e_sAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgPICwGwE9LL4xPIE5e6heMD0BMA2BMNiBQE2BQB0BUBgBcBshceChwIABIUcHViLTY1OTM1MjMyMTAwMTAxNTQY6sFt&sigh=0gCyoYDcArs&uach_m=[UACH]&cid=CAQSOwBygQiDy_YbPJT_29YVpnI0C9LQlqn3dCcnQ0gcUYqcMQVFbQSxmK1pYSlUFuIZ1wUWBgjYxYNaPJFuGAE&template_id=509&vt=10
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BD79 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7254517325326&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BD79 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7254517325326&version=m202301230201&ct=76&x=1&cor=4947200756656002000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame BD79 93 KB
37 KB 46ms
46ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CIOmCtXNp5mbfsWAlfGK2klnsdlkYhQPewmK3YhdRsyfT63tz3iy3HEpFCf1gwrBqq5uz2dam0UNma8Ti_LBBEn0qNBriMANGXc7bc4YsQB6RHzSs&cry=1&dbm_d=AKAmf-DJWokJtfUv5Td8dzNjVi3C04a70z3vfnw_FF_DqsfxVNSenQ_SEqsC7RD7UQFnZKs5x4iiNlDm60X2w7GMU5Rwfw2ljmqPriin7BXdIleHyyM93lfHrIv19srWvg3rN-PiNa5SH8RlSEH8zZg2F9H2JGwXRsmdwj-NfRf8OIV0cYbiwcS_9fFDe1OjW3IMHceMAc36Df7ujJoIGnncJ7btCssomXSyf_oO6bz3_xFis97dCiAV19gUbwasz0HdEVOUWjLXktwE1yEVZ1p3sVuPoMIEe0rMcOoscVDpwmOxXnw7L9YK3yq5ehGtSvkrDN-62-W8FwJ46dhqgqN1rToxJ4-mqwQHcy0sZXtHkki6_T4rLQklAg0gAeqxCe_taoUaLs7aLJ798K-B7qz0ZZoujh8XYyLlEwn7mxo6fnO6zyasX3rbESTJCplZuCMonM0ac_eWA1iN6nv3NEueMP-7Qp_pewub0hSC1GUsdt-EuwvQNj6CoSqsKzwQnD-ypjSJz5YGjee4bSEzEUugD9mQ84dnK-mEi9VYuVmLPeDTDQsK-7mY9yOgyNQu8vXyT-aFmiPv_2AF_uGN9XjCYATmO7aWPImHWCUW2W59TA_k4RUiffqN8nnLU7hEHw0Hc9s3Gi079zH7O2d6tgZAXgUSIJJ8ULIu-Up7JZPrslNSRGZR5fX-cchHtiOBxAf6Nl7MSOy_ayjmHbpBkFzZFMYLkyBGzkyFMAoNAKNFfhT7hPc62SFDslf5Qsa5E0F32E6jdPltFrbCVzA_Jp3mTL9BdYhFE8T4TZHOXLvfFxHf7Ylm1CROUIi5ErdtzuqtVsmy_GFnhaGSHPxGLqzYFdFWkWu8TNmQs-IXMh_SgPpHX2jMRRDhvI0cSKbGQUF_DFftVX4bb04nyNFrk6FtIBhrLkNyLfL5oSIT-heCLHGbCC9P0hUmvxz96J5ZEibOVBsgT3UYo-smz89-jmOiJZKvCs0nOfiCGtqNGhWRyENDlhMIFI-lAhzuAROUs_mF0l7ecvcehikLrj3nZGox5kK8jahSPMfJ3SiICmZwXSqZg4RX2NibtW1REilnaz9zgDOhtIdFh2pNXi3aB3Wp8tvYJpSIS-6wA7Z_D8Jdk6Ge40U_EwH2AMhC1_WgK0b5PO5OSKfHs8Nt9-7UZvX4_HkMXyr8251j7mYAFJ3NaG6gwoKn29vysPxORtPJN0sdmFLCwbXFZoX9lYakw3In1IjdpJ8ixDB0p5zay43I0Z_cz-lNNQZQUnpNdiBOc1wPhGkP3FnlcE2xJ2Q0fb6lKDNebhshBYcTR0FfV_qqcXOmBbjCrP0ilAc3WI9-CMMRMxTFe0Vmd8IG5_erodTJIIzbN6l_O1W1DF_zXZi4Qd-Ce0XZOC2H8tq6_3xCsNBv-N0CEI4WV2UQ6S-UEJlyAkbU_lqXruo35trrgvzscOYjFIHlRbsVOuC1MGy1H6zec6FLt73ksam3R3awQwu0KoQMF-PyqJfnXtRi80StuIEtbn208HTKocDh2uzCfl8A887TBLQLSN0X52XUstZlpxljsvwE_nOW_aKfrGsOjJoIIn3c9o41cEXJI3YLg2ej93Wnc0EtsSQmGvNfPbzVwaia6RV4DafvPKcxJ8UinGDWkaA5S2bTNWAHy4T3gooL-QRFhKsRabm_LKVcWqK8Y_XVK1wiDGtNiCtcH1eKzgYzt-Pl4Fsedg7U1wflMdST9Q9I-L2ewi5T_-VMuIYAOze-pSqlO6GNjHKLz54ttqBx1Wvc72w2eOAvZNGQ0eapiP1ovni-e6vS9H0tHhYsNIDvVYjtW-09KAv16LT5vf3LPUoIDO7zeqPcegxc2kWJ2VBSzQ9aOb9KlDZdbTJLnnXaCkM7Xzgw1QHhTQOY0dDcwKRfPp2gncrd7zi0G9KCvblk9-XmkxIgh1P4VJ4jnPwPuBrLBxJYtsUPQ4PrdJx7NPgYtSkVyxIj_xvF_GDraGkIu4kmRx_GLFIjHrBevzxB-3QKILnVokve7Ha72pAbgTQSaYzGMrBi_TKpDDlmNq-ghUTieIN5yh-jVgSPT2a-hVFXtGlMVEmrwOKz_2KKranXEyp9mHWP0hP_DNoJ2wC29EE1-vDRGSdrALkF8iantizKhv0f6zvGLXg_ElUOIhvLXSvtkVgWfZeMdx7yTywdgtti4_TQqGzjzIBsqdED7-P4jdl1w6Lhn1-msIQzXc4JuQ8tlnW5coxaxX20cOfZid2OpGNmWq8Kle1mGkX7ZsCqnUgvTboewtEwf1B2xi1QiYmw0LMCTySPhc3AbweLL2VH9rPmAICO0laDGM2mIj9tLTQgQmBtiyqoZcmRN8c4yW-l0iF8wmTJG9FEDQ5FbIcHAmFpY3mdv4ElelH7zLda3bdayIuO96G8uHTz4QJu8f0p1B5deJMVSBdmNkmmsb_AFtYFkW1fCTvld4fqlb0Z5uSj1RXDH7kiv4AydHL4jhgJRuH5zu0Vc-jpCA5WzYHR3cPj-9RFHbmGOeqIxPqItA40a8RnGafwXQ6Hm-nKhrtaiuHWFtqWCKvxVsQPq_iw6G7mRtSfkgruJc36GLDJ0RZKJR3qtaOxB7yYpbGPHJ-G3JWpqz_wwiru3KPQtqOlVLStTRWM8cIsCVFcZfy2K6yjA43_uK7p1Mxj5HPwMiutfC2gw7HEdNJgUCtnVG7NdWGAw_8ioKoTI5CCUoowfrkPwxAt8FAKGB75WJINzZRKlM58UKLR_vI6f2Vl6iQFw_gcJu09fUNkQ9znE5Nhzrk6030hKnpgFUnxqfVJWYSRxio87lx-uEv_HCDa9T2GOTgSG592RZ5bGD2ndJbc5swC2gQYkdmPolpVrp6bNTo2oTjW1l7g6XPNNAjP_U_RjUckpXcDvwt6ifZQe-dSEBTl2P9hy1QYxnVk5GhkDQejaAckwMYagBUTA6QFA44yGIQcfgwu3udDdS7B0dv2jLLy-6XC-Y60sLVb45jXSyqScWZXbuq8wNFCWexTRpJj5zTPuGVI0cxgp58m63ReaR5GYd1A9rF-oFW7MMOdLUIwEX7BENQQs2058kJ_IPyJob63XRmOH0F_OT9wXF1nxYXtv4OapxsB3Ag9_pPJ9DtcAbTYUGVkox5tCxrQkhmfsJtDZp4Ok1yOCIvANEP5zdTzyVAi9FuPJH5G1bMCNcPCkZLXJjuBSUWrZpG_ErzJxMS1Qn-Xl6vWJCsN15aMyV4f4ljAg9HviqMeH8FDOyYFPEVQNOA-45-eUu5ayQ-Y09fJsx4kNo_oSpMV8ESSxrlfE5-lIgrFMAe1sv9LUblkCZxDxpJNa9xLYiR1DHzIDDC6pFefFDP_i2pH78zZQ35SjYysGtmm0I3yOobpRLx9FzHqHO6lAoy36HRO3v98wwdnUke9DmJJcMyuDB0bDu5fQJj8DsFy3x_K09_Enqk&cid=CAQSOwBygQiDP5Gusm8l49lax7-DSgKNxabRVZ9spnjGuYH8JA2R0JcLepybO6TmicYcLSMdoHozvgQltW46GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=4947200756656002000&adk=2465470143&idt=93&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0bd34a8f13262cf1f75646e68b24998c6b2da10b92e94e305c227af68c2627e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38028
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 5BC6 143 B
166 B 6ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3376
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 21:55:50 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame CE1C 1 KB
643 B 7ms
6ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 54954
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 07:36:12 GMT
etag: 48472445140208031
expires: Sat, 01 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request.php Show response
hal900020.redintelligence.net/ Frame 11C8 3 KB
2 KB 103ms
61ms Script
application/x-javascript 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900020.redintelligence.net/request.php?zone=ajk4xlebn4mw&nw=20&renderingType=javascript&namespace=0976c81a7f&subid=&uid=a344657ea95669cf&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DzNG8KmxNsGZaGT5aZaZAmw%26exch_seat%3D20035004448%26mt_aid%3D676139820610320090%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dfce7649f-5c96-4801-b09e-4114a8d85f0c%26mt_cid%3Dfce7649f-5c96-4801-b09e-4114a8d85f0c%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCs6DclVyfZNyqLIqigAfJz7qgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwHIAwKqBPgBT9BnElqjEMb9jts3eZgK7P8JEH7HnyPr9ZWDJLxyRUuWsJrek-PSOmxu8rZT2Rlq1EoAEvQsyttq5pZ2K3iSCHqS9wfVLTXB_73P3LRix1YSdk-0lD1vi5dF72YITXk-5tRhHFB_S4eOdUc3cPJ5ceF9JXxbhO1Uu1VmdxE38OaozaSPsdvTToNHOHIrjY4w9YKt113MZ8QhlfPqi81B5tdVKfKWXebF8RCfov1Oki0O1Le6G8it9IQQrwxm1ZdSxhEnMsft2XM5hdU_2VD-0dbWyC4xyaq1WAHV-6VBS9ZV91pI8aqJ5j_JrMetaJl38PjW6OmQFnfgBAGABr7U1vzZmuidqAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_32FHMT5WONy1zYS7730a1bQdLH3w%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D&documentReferer=https%3A%2F%2F6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=7168976731413&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/ajk4xlebn4mw?subid=&gdpr=1&gdpr_consent=li&rnd=676139820610320090&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DzNG8KmxNsGZaGT5aZaZAmw%26exch_seat%3D20035004448%26mt_aid%3D676139820610320090%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dfce7649f-5c96-4801-b09e-4114a8d85f0c%26mt_cid%3Dfce7649f-5c96-4801-b09e-4114a8d85f0c%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCs6DclVyfZNyqLIqigAfJz7qgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwHIAwKqBPgBT9BnElqjEMb9jts3eZgK7P8JEH7HnyPr9ZWDJLxyRUuWsJrek-PSOmxu8rZT2Rlq1EoAEvQsyttq5pZ2K3iSCHqS9wfVLTXB_73P3LRix1YSdk-0lD1vi5dF72YITXk-5tRhHFB_S4eOdUc3cPJ5ceF9JXxbhO1Uu1VmdxE38OaozaSPsdvTToNHOHIrjY4w9YKt113MZ8QhlfPqi81B5tdVKfKWXebF8RCfov1Oki0O1Le6G8it9IQQrwxm1ZdSxhEnMsft2XM5hdU_2VD-0dbWyC4xyaq1WAHV-6VBS9ZV91pI8aqJ5j_JrMetaJl38PjW6OmQFnfgBAGABr7U1vzZmuidqAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_32FHMT5WONy1zYS7730a1bQdLH3w%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: 87314dbb81dc94a79407a82c386cce38eab9e99a6cc57fc31b5d2aaeafdc1195

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 30 Jun 2023 22:52:06 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 49013000003019200951389012372020
Connection: close
Content-Length: 1120
Expires: Fri, 30 Jun 2023 23:52:06 +0200

GET
DATA 200
OK truncated
/ Frame 291F 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7a04bcaf932d4fea3063b238b311f463d828ba876aa7f7a76826a65344b58561

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 8B53 172 KB
60 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
Origin: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32371
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 01 Jul 2023 13:52:35 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame 8B53 11 KB
4 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D06o_qHCyZG5kX_B9I5dIvP0yjjcJezIugjao-Fvaermzg6B_L1KN8YVIEhxh28zbxeFnIqrDpZRR1Fwp2lMr4WaccyjlmK_ugWA9qFoi1j0g0wOU&cry=1&dbm_d=AKAmf-D7lvQVVsUdyHJXVUXUEKDT_NS1KSfsp9CoBnYwcVyAV3Xd0bb2mdVFNHPhUkN6I-dbXsKfb4gxg2eoivrqr7tqvrL7CVtc9flOSWA4VWeVRKKOMlEIvFBJ3QxJFySy5gJ9ALvNuTPsEEvXJh4His60Zr0r92L5Cj0-zfRYsfUhzAuQ-nOpI-8t_0TNt5BkXkHoGVNzg80wHNxL6LCxs50GRI8zhdKnSVM4AjeY-Nbo6qzK-gpmFh4jZi4N87gYybyLp23wsx5bkXL7t6biPKqIW2QzEUG5lSWARK0tvURUKrItao_wEbcP6NXH1Y6Zhd-x9h5uxyubs5LzJQJ6Va4F3n5BbixahUvsm32tP3CsKFgkU7KmbcYejrxDFyUmExDb_fpWaTx1sWnPJb9jsXfTFNotyzRA975SnB0preaYRnp4rsoZY8FUdZ0MCAleUq1xP4CmTFs3GDnVdf3C1gsSERtm-ot9KVP2ywSU4GhFzpqhUoOsydhKCXzoFiqAkNcjWG9UTaR1o4l4eq_-LlV3Q3gQ0bEWvSAkNVLopLVSnSkjzq3Hi1BfbmKLoG1-l_088j2RqCqwYzUV0lPUXTutxvamHhXh-0UR75LV65gErnH18Vn0CeOoCBqrnDFy51ULwkw9xkWUJ_04-0UWrmKi95-BXEXoFT1Tw4q-N-CMi9okGsHPurzlKoHRkH-sqhAId2f2cQfMCJw9TM-4Lin7iMqpwOP8mIJMCpJtoMHQyaMvCUZpAoZGzAkhBQwwQSr3XzAxAoCnGVTLPGlLOLBaKxXMxDh45to4G1ikKvmEWaBzg6rwc4hRjRgkE1zgVRU9uKC5tSMIdkxXAA1M3YA0W_rYX-povGjYMqsjO5YHrxRYY97GqxV98D734VdosAtz-bpC1iAxNXiCZu_Hqgt7NprZqV-OnX43XvAHvzlvPb3zC8cSYxnZvdNpZ9s_Ltscr6fMfnmiirjglrTvb_tB05gUt4a_OP2ydY-iKamNFz1xhQGwOcTxqhaVnATZWA6zPOfh0POE8_VtB3IChwplufKX1x6lnC1b-epu1PTMQgfAqV3Fbnre84_AyKByXiLcldfN1IaB7pDwZDMhgUOszATy5YE-drpYHzZMEeyvw87nVgZ4nSNlspGMVTTeU_lXmSQjsY1Qvq_2lKEBWCeqf5-A3YUqwLhc3VmUJnU563Wd2OPRe1MEAoffTLTlkDo2l7IHUF-r30V0UfRXyV9-hN8lT7A7PiEdww-S2MKSel0NcPWbvistbz7K_UlHpGPrI8h_X7BFVXsUxmquuObhEclTqfVqMZ4tSV6HwlQugNb_pD5APlrLBe-4FCgn2Tcr3ErJf5Zg0oOJ_UCnOJuyj1TY8GZJoHxdWFKaVyHFFYOhyFrdQTdT6eUFFcPObSkTuzZjblN74SDxzJxeVnY7WyVEAMz49GwIOHdmufUluGZzrrEhD-UFMwOivMjj43h4TSF-yYGbQ9ZXdDkycX-PoU7KbfygqyGafuqRPd-z0JszZ3DpsGL67a7IgIV8LnnMz_Xfb9QOEeN-TWBj4O523C8ZUA5KnKE7YkWvW4KkYgRHUhmvDnTspB45hvw1XPWdbcT_PnygPEncHJZRDTDakPMzQ82QAkJnEs7HcM66CBH6HeWaRy9IILsxSU8y2tqqxsovsNFxZo8HGoFkHw1mxHASkC8U_VGyMif8hf214rTcekbMTaQ2zfRQMY1R0BE-jDg364h1wC0Kb9am39O9cjAGCAV3pKSsVc2DRZ2r4uPF9rdJpa3W5WPcpqI2zcv16_f7Cejv-c9LpXB6UhghAKQakKHq8AG6OlSVwWpIgEJTx465o-i5shA9BBu9xdnzOIxfFhl9pbrvvizmQaqpBLd4Qcd97sYKoeuagfgYUPOhzept7POySDX5dXjpnSYI09knCAPTGI4InFrVHYUBBycTyP5fetNA0cXplNP22PEdOzFiNXn5sC63JcehhqnOj0EeI1ZxCOFeqPwet5_KUz5qFxMNzU2SshM6LLTmo-hV-95f_1JdqBME9Sp2DSyOXeAaEljuDJXS3Bqmtg1UDPcR68tmclTrcnmTS8SHYP8P2IciWmWAdpKFChnD39XrJ0ye5G4Vd0nXyiAsqf0srYaewX4CE4UtibHXQuOBVpfNNlHj62hlIfsAc27ytUNgQSWDpqBWSV53y1jBnBIrOrAgrbY8i9QoWLf2VFF0lI2t5cQPNRt8IGbDS2iii80SWkxAYlPsRWuLwKrXIz7l0vDDSEJ9Uk1Y6KR3DMaQt5evxVv09AdLpKhQBrYZ9xPeA8cwHN_igirG2fL6RipIYSjATFp1tIcFVVuu1Wjz6aXDHxcYJ6Z0NqtI_W9dYge0qQfyINRNAxn5RU7dfasNCyGaPnmXhWJDWsrRn665oKNb_xT5tp_Xhc5WuKbjemZmfSOeBMrJ1aXooKw3MCCKanooKnGjFWW3Zy9o4-bj9xT1ioEYFvQT30SE2JRcqMS9J6HntBVS7590yFo7xNpareo4i5KVMWRM4FsCVgtBpkIO6Rjpc-5NN83mcKJVFW_q78WH2aP2QkBTtTJbRcc4yEhy_zC3gFWad8i8YpkilR-RRMUsic8-CkRIRfUK5d4SFJqNON7QTWQ87x9qVMel1rkoEOWnSBzYzVJLI5pElWvXWI75Zv3Fm-xClyjQtJvUzCOSr1inI12lVrJ0Zf_VBIHA2Ms-are7V0NrixXNP0lmz9WrjfkEsTFfP7hAWxxhB_aZKZiKD4gJJijf07yTLLmfa3tzJcHTatZaO7JMIizkcxUQBATb-G_BMX3oXtwSZ7mVOcIYzrUlG4fqpQSEbDUYt7RX4fAfCGJHreZqMMSyMSd8cs-psikqXAoQQ5zSDyb7QEskjio9An9ibGaUj0dUXuZYVvwaQstX7kTqPVOheZeQ4Z1qoyeN9tzEI4duvui62VPdTfPyXnWATyY9kxFH5JNw181098NZjuBbycx3wTDCaKLBS_Wsi17acPSDHVfg_jNOKWTjrXRlzDPcjmbHhxzTlZlN09fgeLKWOl8jVHOcp629r2A-lOMSWfVgYU-8f4yuG3MAX_dJ4vpo2fshRShlmxHa5_BIILYgZZWsTqvo0fU2Bpv1_CKGhha3dAdXdhcHt0XNFqIsp2YvaEIbhlmxl54lNWp2OzWKFZzd57HlInpAo--aG0kqfibLwZkwwMK2iB_-jbnMVm3szMG7ysZO1_US2EtI2qAEKk9GL4pXn5NYkUdd-g_XUOv4lCfnbZ4D2bCWPZyNm6qvzLMFppjtDBtn6zFJ6LInv70fVyV5fYtkFdQNyy3qYw8wER9Z4_4tPG98IKT5LhMJbR13Vyb7oQnrYx4spx9IZVnahB_ri6okSHPkN8Siisw3lTcYHBruWpO1AllmQ3Dx0_QD-aMqBt0uihynYJztEKKVF_U&cid=CAQSOwBygQiDaYD5zfxYiuHIuMawGYbMRQOtPAShi3nVnbYtQ8thHzTbvaP2_Ao0L95wGxD2-KjQ_BQZGgAuGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=18396302603105362000&adk=1599433117&idt=60&cac=0&dtd=23

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 17:55:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17800
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 17:55:26 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame 8B53 30 KB
11 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 17:57:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17674
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 17:57:32 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 8B53 41 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 07:09:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 229357
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 27 Jun 2024 07:09:29 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2C60 143 B
166 B 6ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3376
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 21:55:50 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 141C 1 KB
643 B 7ms
6ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 54954
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 07:36:12 GMT
etag: 48472445140208031
expires: Sat, 01 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame F62D 1 KB
643 B 7ms
6ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 54954
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 07:36:12 GMT
etag: 48472445140208031
expires: Sat, 01 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 8B53 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 520e012e29c2167a1b625641aa7e2f31e30515ed2bb9ffb71129bb6331a8b0a3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 0DA2 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34187be2fcb2930cc82f97f0a49d26a8dfbc304b0eeee395a513a79d5eeaa09b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame BD79 172 KB
60 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
Origin: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 13:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32371
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 01 Jul 2023 13:52:35 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/ Frame BD79 11 KB
4 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CIOmCtXNp5mbfsWAlfGK2klnsdlkYhQPewmK3YhdRsyfT63tz3iy3HEpFCf1gwrBqq5uz2dam0UNma8Ti_LBBEn0qNBriMANGXc7bc4YsQB6RHzSs&cry=1&dbm_d=AKAmf-DJWokJtfUv5Td8dzNjVi3C04a70z3vfnw_FF_DqsfxVNSenQ_SEqsC7RD7UQFnZKs5x4iiNlDm60X2w7GMU5Rwfw2ljmqPriin7BXdIleHyyM93lfHrIv19srWvg3rN-PiNa5SH8RlSEH8zZg2F9H2JGwXRsmdwj-NfRf8OIV0cYbiwcS_9fFDe1OjW3IMHceMAc36Df7ujJoIGnncJ7btCssomXSyf_oO6bz3_xFis97dCiAV19gUbwasz0HdEVOUWjLXktwE1yEVZ1p3sVuPoMIEe0rMcOoscVDpwmOxXnw7L9YK3yq5ehGtSvkrDN-62-W8FwJ46dhqgqN1rToxJ4-mqwQHcy0sZXtHkki6_T4rLQklAg0gAeqxCe_taoUaLs7aLJ798K-B7qz0ZZoujh8XYyLlEwn7mxo6fnO6zyasX3rbESTJCplZuCMonM0ac_eWA1iN6nv3NEueMP-7Qp_pewub0hSC1GUsdt-EuwvQNj6CoSqsKzwQnD-ypjSJz5YGjee4bSEzEUugD9mQ84dnK-mEi9VYuVmLPeDTDQsK-7mY9yOgyNQu8vXyT-aFmiPv_2AF_uGN9XjCYATmO7aWPImHWCUW2W59TA_k4RUiffqN8nnLU7hEHw0Hc9s3Gi079zH7O2d6tgZAXgUSIJJ8ULIu-Up7JZPrslNSRGZR5fX-cchHtiOBxAf6Nl7MSOy_ayjmHbpBkFzZFMYLkyBGzkyFMAoNAKNFfhT7hPc62SFDslf5Qsa5E0F32E6jdPltFrbCVzA_Jp3mTL9BdYhFE8T4TZHOXLvfFxHf7Ylm1CROUIi5ErdtzuqtVsmy_GFnhaGSHPxGLqzYFdFWkWu8TNmQs-IXMh_SgPpHX2jMRRDhvI0cSKbGQUF_DFftVX4bb04nyNFrk6FtIBhrLkNyLfL5oSIT-heCLHGbCC9P0hUmvxz96J5ZEibOVBsgT3UYo-smz89-jmOiJZKvCs0nOfiCGtqNGhWRyENDlhMIFI-lAhzuAROUs_mF0l7ecvcehikLrj3nZGox5kK8jahSPMfJ3SiICmZwXSqZg4RX2NibtW1REilnaz9zgDOhtIdFh2pNXi3aB3Wp8tvYJpSIS-6wA7Z_D8Jdk6Ge40U_EwH2AMhC1_WgK0b5PO5OSKfHs8Nt9-7UZvX4_HkMXyr8251j7mYAFJ3NaG6gwoKn29vysPxORtPJN0sdmFLCwbXFZoX9lYakw3In1IjdpJ8ixDB0p5zay43I0Z_cz-lNNQZQUnpNdiBOc1wPhGkP3FnlcE2xJ2Q0fb6lKDNebhshBYcTR0FfV_qqcXOmBbjCrP0ilAc3WI9-CMMRMxTFe0Vmd8IG5_erodTJIIzbN6l_O1W1DF_zXZi4Qd-Ce0XZOC2H8tq6_3xCsNBv-N0CEI4WV2UQ6S-UEJlyAkbU_lqXruo35trrgvzscOYjFIHlRbsVOuC1MGy1H6zec6FLt73ksam3R3awQwu0KoQMF-PyqJfnXtRi80StuIEtbn208HTKocDh2uzCfl8A887TBLQLSN0X52XUstZlpxljsvwE_nOW_aKfrGsOjJoIIn3c9o41cEXJI3YLg2ej93Wnc0EtsSQmGvNfPbzVwaia6RV4DafvPKcxJ8UinGDWkaA5S2bTNWAHy4T3gooL-QRFhKsRabm_LKVcWqK8Y_XVK1wiDGtNiCtcH1eKzgYzt-Pl4Fsedg7U1wflMdST9Q9I-L2ewi5T_-VMuIYAOze-pSqlO6GNjHKLz54ttqBx1Wvc72w2eOAvZNGQ0eapiP1ovni-e6vS9H0tHhYsNIDvVYjtW-09KAv16LT5vf3LPUoIDO7zeqPcegxc2kWJ2VBSzQ9aOb9KlDZdbTJLnnXaCkM7Xzgw1QHhTQOY0dDcwKRfPp2gncrd7zi0G9KCvblk9-XmkxIgh1P4VJ4jnPwPuBrLBxJYtsUPQ4PrdJx7NPgYtSkVyxIj_xvF_GDraGkIu4kmRx_GLFIjHrBevzxB-3QKILnVokve7Ha72pAbgTQSaYzGMrBi_TKpDDlmNq-ghUTieIN5yh-jVgSPT2a-hVFXtGlMVEmrwOKz_2KKranXEyp9mHWP0hP_DNoJ2wC29EE1-vDRGSdrALkF8iantizKhv0f6zvGLXg_ElUOIhvLXSvtkVgWfZeMdx7yTywdgtti4_TQqGzjzIBsqdED7-P4jdl1w6Lhn1-msIQzXc4JuQ8tlnW5coxaxX20cOfZid2OpGNmWq8Kle1mGkX7ZsCqnUgvTboewtEwf1B2xi1QiYmw0LMCTySPhc3AbweLL2VH9rPmAICO0laDGM2mIj9tLTQgQmBtiyqoZcmRN8c4yW-l0iF8wmTJG9FEDQ5FbIcHAmFpY3mdv4ElelH7zLda3bdayIuO96G8uHTz4QJu8f0p1B5deJMVSBdmNkmmsb_AFtYFkW1fCTvld4fqlb0Z5uSj1RXDH7kiv4AydHL4jhgJRuH5zu0Vc-jpCA5WzYHR3cPj-9RFHbmGOeqIxPqItA40a8RnGafwXQ6Hm-nKhrtaiuHWFtqWCKvxVsQPq_iw6G7mRtSfkgruJc36GLDJ0RZKJR3qtaOxB7yYpbGPHJ-G3JWpqz_wwiru3KPQtqOlVLStTRWM8cIsCVFcZfy2K6yjA43_uK7p1Mxj5HPwMiutfC2gw7HEdNJgUCtnVG7NdWGAw_8ioKoTI5CCUoowfrkPwxAt8FAKGB75WJINzZRKlM58UKLR_vI6f2Vl6iQFw_gcJu09fUNkQ9znE5Nhzrk6030hKnpgFUnxqfVJWYSRxio87lx-uEv_HCDa9T2GOTgSG592RZ5bGD2ndJbc5swC2gQYkdmPolpVrp6bNTo2oTjW1l7g6XPNNAjP_U_RjUckpXcDvwt6ifZQe-dSEBTl2P9hy1QYxnVk5GhkDQejaAckwMYagBUTA6QFA44yGIQcfgwu3udDdS7B0dv2jLLy-6XC-Y60sLVb45jXSyqScWZXbuq8wNFCWexTRpJj5zTPuGVI0cxgp58m63ReaR5GYd1A9rF-oFW7MMOdLUIwEX7BENQQs2058kJ_IPyJob63XRmOH0F_OT9wXF1nxYXtv4OapxsB3Ag9_pPJ9DtcAbTYUGVkox5tCxrQkhmfsJtDZp4Ok1yOCIvANEP5zdTzyVAi9FuPJH5G1bMCNcPCkZLXJjuBSUWrZpG_ErzJxMS1Qn-Xl6vWJCsN15aMyV4f4ljAg9HviqMeH8FDOyYFPEVQNOA-45-eUu5ayQ-Y09fJsx4kNo_oSpMV8ESSxrlfE5-lIgrFMAe1sv9LUblkCZxDxpJNa9xLYiR1DHzIDDC6pFefFDP_i2pH78zZQ35SjYysGtmm0I3yOobpRLx9FzHqHO6lAoy36HRO3v98wwdnUke9DmJJcMyuDB0bDu5fQJj8DsFy3x_K09_Enqk&cid=CAQSOwBygQiDP5Gusm8l49lax7-DSgKNxabRVZ9spnjGuYH8JA2R0JcLepybO6TmicYcLSMdoHozvgQltW46GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=4947200756656002000&adk=2465470143&idt=93&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 17:55:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17800
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 17:55:26 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/ Frame BD79 30 KB
11 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230627/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 17:57:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17674
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 14 Jul 2023 17:57:32 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame BD79 41 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 07:09:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 229357
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 27 Jun 2024 07:09:29 GMT

GET
H2 200 i.match
a.tribalfusion.com/ Frame CE1C 43 B
399 B 204ms
202ms Image
image/gif 2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEPmAg2_rcpuNJKgaRiw3xKU&google_cver=1&google_push=AaAOQGHCDULbOUJ37Z_Z0Q4igIoxIxk9vlbrSd4BxTg6v1ihPUSpXGBEj3rLy25VP86FFBcDil1yqV3ibBu8hOt_5nvmO-1z7jI&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGHCDULbOUJ37Z_Z0Q4igIoxIxk9vlbrSd4BxTg6v1ihPUSpXGBEj3rLy25VP86FFBcDil1yqV3ibBu8hOt_5nvmO-1z7jI%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7df9fa4c185e915f-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CE1C
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEDigz6oZXeZucXY5EdOQ8TQ&google_cver=1&google_push=AaAOQGHSuC0DJx0cwweq_T595E9pSCYdMdm5BT5D42Kz0zDNrVeKQsPRUKZ8a6Q7u3C2HkZ1MxycqMpyGKyCDG0MY1x8g0UvMfd6
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=38F3C3DB873A4D0BA09CE1B8DE868BD8&google_push=AaAOQGHSuC0DJx0cwweq_T595E9pSCYdMdm5BT5D42Kz0zDNrVeKQsPRUKZ8a6Q7u3C2HkZ1MxycqMpyGKyCDG0...

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=38F3C3DB873A4D0BA09CE1B8DE868BD8&google_push=AaAOQGHSuC0DJx0cwweq_T595E9pSCYdMdm5BT5D42Kz0zDNrVeKQsPRUKZ8a6Q7u3C2HkZ1MxycqMpyGKyCDG0MY1x8g0UvMfd6

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 30 Jun 2023 22:52:06 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=38F3C3DB873A4D0BA09CE1B8DE868BD8&google_push=AaAOQGHSuC0DJx0cwweq_T595E9pSCYdMdm5BT5D42Kz0zDNrVeKQsPRUKZ8a6Q7u3C2HkZ1MxycqMpyGKyCDG0MY1x8g0UvMfd6
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 29 Jun 2023 22:52:06 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CE1C
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEIDQyg24a2dooYvR4O8fd8Y&google_cver=1&google_push=AaAOQGHGQnZOMf98kYL_Tz0bjtBZHZzs_ZE_3eqKy3JFwfyWkLTW4isl4ETu3SZX74tH8E0_J5pRHF6Z19oQMl...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDYxNTcyNDQxNDU5NzI2Mw%3D%3D&google_push=AaAOQGHGQnZOMf98kYL_Tz0bjtBZHZzs_ZE_3eqKy3JFwfyWkLTW4isl4ETu3SZX74tH8E0_J5pRHF6Z19oQMls79L...

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDYxNTcyNDQxNDU5NzI2Mw%3D%3D&google_push=AaAOQGHGQnZOMf98kYL_Tz0bjtBZHZzs_ZE_3eqKy3JFwfyWkLTW4isl4ETu3SZX74tH8E0_J5pRHF6Z19oQMls79LWaqF8qcoDC

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDYxNTcyNDQxNDU5NzI2Mw%3D%3D&google_push=AaAOQGHGQnZOMf98kYL_Tz0bjtBZHZzs_ZE_3eqKy3JFwfyWkLTW4isl4ETu3SZX74tH8E0_J5pRHF6Z19oQMls79LWaqF8qcoDC
Date: Fri, 30 Jun 2023 22:52:06 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CE1C
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEO9ODDjHBrmFM7eYn-3Ny28&google_cver=1&google_push=AaAOQGH7EHob7UCy25yGjfHV6CVPCg72a2ejdj65UBqUPB9w02M9Ny27eAu6Vu_ybsW0jxHosh2H5VS3jkPXxluZRFgLXoJ...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGH7EHob7UCy25yGjfHV6CVPCg72a2ejdj65UBqUPB9w02M9Ny27eAu6Vu_ybsW0jxHosh2H5VS3jkPXxluZRFgLXoJKCUhv&google_hm=eS0zejZVRmhsRTJwR3YuMT...

170 B
188 B

23ms
22ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGH7EHob7UCy25yGjfHV6CVPCg72a2ejdj65UBqUPB9w02M9Ny27eAu6Vu_ybsW0jxHosh2H5VS3jkPXxluZRFgLXoJKCUhv&google_hm=eS0zejZVRmhsRTJwR3YuMTB6RVg1azZ3V3FIWVM2Qld5aX5B

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 30 Jun 2023 22:52:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGH7EHob7UCy25yGjfHV6CVPCg72a2ejdj65UBqUPB9w02M9Ny27eAu6Vu_ybsW0jxHosh2H5VS3jkPXxluZRFgLXoJKCUhv&google_hm=eS0zejZVRmhsRTJwR3YuMTB6RVg1azZ3V3FIWVM2Qld5aX5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CE1C
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEJNnSdTdR8LzJLRUTo8Rbyo&google_cver=1&google_push=AaAOQGGPEa69VyCea1wrCE6JHuFsOjiB76RqF5bZlHqC7rTSEYvRB83sAS2Vpb6XPk63wECGQOe2WfuM...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEJNnSdTdR8LzJLRUTo8Rbyo&google_cver=1&google_push=AaAOQGGPEa69VyCea1wrCE6JHuFsOjiB76RqF5bZlHqC7rTSEYvRB83sAS2Vpb6XPk63wECGQOe...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjQ5NzAwMjYzNDQzNDEwODM5Nw&google_push=AaAOQGGPEa69VyCea1wrCE6JHuFsOjiB76RqF5bZlHqC7rTSEYvRB83sAS2Vpb6XPk63wECGQOe2Wf...

170 B
188 B

16ms
16ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjQ5NzAwMjYzNDQzNDEwODM5Nw&google_push=AaAOQGGPEa69VyCea1wrCE6JHuFsOjiB76RqF5bZlHqC7rTSEYvRB83sAS2Vpb6XPk63wECGQOe2WfuMY2_LcY69oefLXOQThi0m

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjQ5NzAwMjYzNDQzNDEwODM5Nw&google_push=AaAOQGGPEa69VyCea1wrCE6JHuFsOjiB76RqF5bZlHqC7rTSEYvRB83sAS2Vpb6XPk63wECGQOe2WfuMY2_LcY69oefLXOQThi0m
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CE1C
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=sKkDfLY7TFm_IeUzdPu9Kg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

20ms
20ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=sKkDfLY7TFm_IeUzdPu9Kg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHDR6_BOYusvGZXxFZCKKunJCYS53fec8pUPKC20hx3-UZR_NspqGVzTMZbOWTUpBEpyzU6ki-zCGHSjo8Yfns5bDjdld0

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=sKkDfLY7TFm_IeUzdPu9Kg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGHDR6_BOYusvGZXxFZCKKunJCYS53fec8pUPKC20hx3-UZR_NspqGVzTMZbOWTUpBEpyzU6ki-zCGHSjo8Yfns5bDjdld0
date: Fri, 30 Jun 2023 22:52:05 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CE1C
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGjMmFUtRbJyjXIBI1a2nrE&google_cver=1&google_push=AaAOQGFDIEOH9S4PrwcKhT8HlbF4r4rCBeuthtMLL-yQhf06vG1SXhG2_n-qJB77_IqJZiJoC-9L7_1cVYtSMTeT9...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGjMmFUtRbJyjXIBI1a2nrE&google_cver=1&google_push=AaAOQGFDIEOH9S4PrwcKhT8HlbF4r4rCBeuthtMLL-yQhf06vG1SXhG2_n-qJB77_IqJZiJoC-9L7_1cVYtSMTeT9...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGFDIEOH9S4PrwcKhT8HlbF4r4rCBeuthtMLL-yQhf06vG1SXhG2_n-qJB77_IqJZiJoC-9L7_1cVYtSMTeT95mCYeR_MR3u&google_hm=G55cqGZHzW6HPrBdSDqXggYa

170 B
188 B

20ms
20ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGFDIEOH9S4PrwcKhT8HlbF4r4rCBeuthtMLL-yQhf06vG1SXhG2_n-qJB77_IqJZiJoC-9L7_1cVYtSMTeT95mCYeR_MR3u&google_hm=G55cqGZHzW6HPrBdSDqXggYa

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 30 Jun 2023 22:52:06 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGFDIEOH9S4PrwcKhT8HlbF4r4rCBeuthtMLL-yQhf06vG1SXhG2_n-qJB77_IqJZiJoC-9L7_1cVYtSMTeT95mCYeR_MR3u&google_hm=G55cqGZHzW6HPrBdSDqXggYa
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame CE1C 0
12 B 14ms
13ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I14f_snO7s9gBytJ7CnW4vKjblDXF2Qn-KS1DOiTTUpa28Dd4qsuAgEKqpSASvK2x9e_iu

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 64E0 1 KB
643 B 7ms
6ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 54954
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 07:36:12 GMT
etag: 48472445140208031
expires: Sat, 01 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame BD79 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 53793159ba248bbddce26d587ff959a9af45529d6e6e6f4409f3653e02185dfc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 5BC6
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

15ms
14ms

Document
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 22:52:06 GMT
expires: Fri, 30 Jun 2023 22:52:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 22:52:06 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK e99aace94e6e5873881d3400993e1e7e Show response
pv.medialead.de/trck/epv/ Frame 1CF5 0
366 B 133ms
72ms Document
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=49013000003019200951389012372020&t=htlp&gdpr=1&consent=1&gdpr_consent=li

Requested by

Host: hal900020.redintelligence.net
URL: https://hal900020.redintelligence.net/request.php?zone=ajk4xlebn4mw&nw=20&renderingType=javascript&namespace=0976c81a7f&subid=&uid=a344657ea95669cf&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DzNG8KmxNsGZaGT5aZaZAmw%26exch_seat%3D20035004448%26mt_aid%3D676139820610320090%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dfce7649f-5c96-4801-b09e-4114a8d85f0c%26mt_cid%3Dfce7649f-5c96-4801-b09e-4114a8d85f0c%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCs6DclVyfZNyqLIqigAfJz7qgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwHIAwKqBPgBT9BnElqjEMb9jts3eZgK7P8JEH7HnyPr9ZWDJLxyRUuWsJrek-PSOmxu8rZT2Rlq1EoAEvQsyttq5pZ2K3iSCHqS9wfVLTXB_73P3LRix1YSdk-0lD1vi5dF72YITXk-5tRhHFB_S4eOdUc3cPJ5ceF9JXxbhO1Uu1VmdxE38OaozaSPsdvTToNHOHIrjY4w9YKt113MZ8QhlfPqi81B5tdVKfKWXebF8RCfov1Oki0O1Le6G8it9IQQrwxm1ZdSxhEnMsft2XM5hdU_2VD-0dbWyC4xyaq1WAHV-6VBS9ZV91pI8aqJ5j_JrMetaJl38PjW6OmQFnfgBAGABr7U1vzZmuidqAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_32FHMT5WONy1zYS7730a1bQdLH3w%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D&documentReferer=https%3A%2F%2F6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=7168976731413&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 0
Content-Type: application/javascript; charset=utf-8
Date: Fri, 30 Jun 2023 22:52:06 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40027
X-IPLB-Request-ID: 2D8D9849:DC30_91EFC182:01BB_649F5C96_60299FD:25BCF

GET
H2 200 / Show response
adv.office-partner.de/ Frame F31D 930 B
931 B 183ms
6ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900020.redintelligence.net
URL: https://hal900020.redintelligence.net/request.php?zone=ajk4xlebn4mw&nw=20&renderingType=javascript&namespace=0976c81a7f&subid=&uid=a344657ea95669cf&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DzNG8KmxNsGZaGT5aZaZAmw%26exch_seat%3D20035004448%26mt_aid%3D676139820610320090%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dfce7649f-5c96-4801-b09e-4114a8d85f0c%26mt_cid%3Dfce7649f-5c96-4801-b09e-4114a8d85f0c%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCs6DclVyfZNyqLIqigAfJz7qgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwHIAwKqBPgBT9BnElqjEMb9jts3eZgK7P8JEH7HnyPr9ZWDJLxyRUuWsJrek-PSOmxu8rZT2Rlq1EoAEvQsyttq5pZ2K3iSCHqS9wfVLTXB_73P3LRix1YSdk-0lD1vi5dF72YITXk-5tRhHFB_S4eOdUc3cPJ5ceF9JXxbhO1Uu1VmdxE38OaozaSPsdvTToNHOHIrjY4w9YKt113MZ8QhlfPqi81B5tdVKfKWXebF8RCfov1Oki0O1Le6G8it9IQQrwxm1ZdSxhEnMsft2XM5hdU_2VD-0dbWyC4xyaq1WAHV-6VBS9ZV91pI8aqJ5j_JrMetaJl38PjW6OmQFnfgBAGABr7U1vzZmuidqAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_32FHMT5WONy1zYS7730a1bQdLH3w%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D&documentReferer=https%3A%2F%2F6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=7168976731413&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Fri, 30 Jun 2023 22:52:06 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Fri, 07 Jul 2023 22:52:06 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2

200

htlp Show response
futalis.de/ Frame 95B1
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=49013000003019200951389012372020&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2835770517

350 B
401 B

47ms
13ms

Document
text/html

167.233.14.134
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2835770517
Requested by: Host: hal900020.redintelligence.net
URL: https://hal900020.redintelligence.net/request.php?zone=ajk4xlebn4mw&nw=20&renderingType=javascript&namespace=0976c81a7f&subid=&uid=a344657ea95669cf&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DzNG8KmxNsGZaGT5aZaZAmw%26exch_seat%3D20035004448%26mt_aid%3D676139820610320090%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dfce7649f-5c96-4801-b09e-4114a8d85f0c%26mt_cid%3Dfce7649f-5c96-4801-b09e-4114a8d85f0c%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCs6DclVyfZNyqLIqigAfJz7qgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwHIAwKqBPgBT9BnElqjEMb9jts3eZgK7P8JEH7HnyPr9ZWDJLxyRUuWsJrek-PSOmxu8rZT2Rlq1EoAEvQsyttq5pZ2K3iSCHqS9wfVLTXB_73P3LRix1YSdk-0lD1vi5dF72YITXk-5tRhHFB_S4eOdUc3cPJ5ceF9JXxbhO1Uu1VmdxE38OaozaSPsdvTToNHOHIrjY4w9YKt113MZ8QhlfPqi81B5tdVKfKWXebF8RCfov1Oki0O1Le6G8it9IQQrwxm1ZdSxhEnMsft2XM5hdU_2VD-0dbWyC4xyaq1WAHV-6VBS9ZV91pI8aqJ5j_JrMetaJl38PjW6OmQFnfgBAGABr7U1vzZmuidqAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_32FHMT5WONy1zYS7730a1bQdLH3w%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D&documentReferer=https%3A%2F%2F6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=7168976731413&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 167.233.14.134 Hallbergmoos, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lb-2.futalis.de
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

content-length: 0
content-type: text/html; charset=utf-8
date: Fri, 30 Jun 2023 22:52:06 GMT
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2835770517
p3p: policyref="https://www.retailads.net/w3c/p3p.xml",CP="NOI CUR OUR STP"
server: Apache
xphp81: true

GET
H2 200 link.html Show response
track.webgains.com/ Frame 11C8 2 KB
2 KB 225ms
79ms Script
text/html 18.171.17.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=49013000003019200951389012372020&nw=1
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.171.17.177 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-171-17-177.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 2fc08ba9dcbece85da68f4c118b4b142e05836eb44dd38300f4fd0395d9d6f2b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
last-modified: Fri, 30 Jun 2023 22:52:06 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Fri, 30 Jun 2023 22:53:06 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900020.redintelligence.net/ Frame 9E9C 7 KB
2 KB 32ms
11ms Document
text/html 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900020.redintelligence.net/request_content.php?s=49013000003019200951389012372020&a=a54aa62f
Requested by: Host: hal900020.redintelligence.net
URL: https://hal900020.redintelligence.net/request.php?zone=ajk4xlebn4mw&nw=20&renderingType=javascript&namespace=0976c81a7f&subid=&uid=a344657ea95669cf&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DzNG8KmxNsGZaGT5aZaZAmw%26exch_seat%3D20035004448%26mt_aid%3D676139820610320090%26mt_id%3D6622332%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dfce7649f-5c96-4801-b09e-4114a8d85f0c%26mt_cid%3Dfce7649f-5c96-4801-b09e-4114a8d85f0c%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCs6DclVyfZNyqLIqigAfJz7qgAs-HjptcwIbZgsYCwI23ARABIABgleKQgqAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQngAgCoAwHIAwKqBPgBT9BnElqjEMb9jts3eZgK7P8JEH7HnyPr9ZWDJLxyRUuWsJrek-PSOmxu8rZT2Rlq1EoAEvQsyttq5pZ2K3iSCHqS9wfVLTXB_73P3LRix1YSdk-0lD1vi5dF72YITXk-5tRhHFB_S4eOdUc3cPJ5ceF9JXxbhO1Uu1VmdxE38OaozaSPsdvTToNHOHIrjY4w9YKt113MZ8QhlfPqi81B5tdVKfKWXebF8RCfov1Oki0O1Le6G8it9IQQrwxm1ZdSxhEnMsft2XM5hdU_2VD-0dbWyC4xyaq1WAHV-6VBS9ZV91pI8aqJ5j_JrMetaJl38PjW6OmQFnfgBAGABr7U1vzZmuidqAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDn6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_32FHMT5WONy1zYS7730a1bQdLH3w%2526client%253Dca-pub-7983651257838282%2526adurl%253D%26mt_lp%3Dhttps%253A%2F%2Fwww.soberberlin.com%2F%26redirect%3D&documentReferer=https%3A%2F%2F6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html%3Fn%3D1&ancestorOrigins=null&random=7168976731413&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: 127d7b0b1fc9c461300ffb78c801f5458e396e13bfbdf7582da4379928d685a9

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2070
Content-Type: text/html; charset=utf-8
Date: Fri, 30 Jun 2023 22:52:06 GMT
Expires: Fri, 30 Jun 2023 23:52:06 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/eview/ Frame 11C8
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=49013000003019200951389012372020&t=htlp&gdpr=1&consent=1&gdpr_consent=li
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=49013000003019200951389012372020&t=htlp&gdpr=1&consent=1&gdpr_consent=li

43 B
382 B

89ms
80ms

Image
image/gif

145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=49013000003019200951389012372020&t=htlp&gdpr=1&consent=1&gdpr_consent=li

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 22:52:06 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: 2D8D9849:DC30_91EFC182:01BB_649F5C96_6029A00:25BCF
X-IPLB-Instance: 40027
Content-Type: image/gif
Keep-Alive: timeout=20
Content-Length: 43
Proxy-Host: pv.medialead.de

Redirect headers

location: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=49013000003019200951389012372020&t=htlp&gdpr=1&consent=1&gdpr_consent=li
date: Fri, 30 Jun 2023 22:52:06 GMT
server: nginx
content-length: 154
content-type: text/html

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/12943809228921786815/ Frame 8CD7 1 KB
767 B 16ms
16ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=pg1Uh1dWX8&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68b34a28617137221b76b93546359bf577aea1d6b3aadbd65b40e8bbdae7dd0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 739
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 22:52:06 GMT
expires: Sat, 29 Jun 2024 22:52:06 GMT
last-modified: Thu, 27 Apr 2023 13:46:02 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 8B53 0
0 86ms
51ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstYoUDzjnVC_VacnZa6K1oNgziH8x-mTAjmLOE1UNpWdjtZtw8kUnu_M4uPyd1_a_g64orqXnKabyJpX-mVFSAjw7PTNvGV9pxtkir0LKCRSJA0hSbmTxtyRVIMBFjFLHAV_E_dT2MSK0DMO_406O7N0LPe9aoHz4EUT4-dGbzhJ1PhUvuEuP-ozqxaBE6H1JeLVmmVQ6qbuR__A5w4ui_XJzecPTlnMjKOuOA9f6g0KMZKQr7g3HlFrxsea2FgAUFvDnE4b3RrgifccD_F7JQVXhnSj3xuz3zTecRfBPnPG3sdfrPSHZ4gFo_OOzSA1-MRnUQw_aqIWV_lhi9kq8EoVJpFLwloq6gZpKwNRp2k_kseGsg498hQ_L-TGNQhhldcJCmzqWJeSz1at_yxNc7rrYjCsTgwwkttcrNa2JkTqPcHEqphvAXKQDJOMd_cEmcb7pTImOLy8pZwu_Mci_DXMePAhwcww7Nv5dsEZBvFjfS-Z0ImxTWCzu0TBxrsexlgfdAeBmr-PYBp4IFr-I7NLgzuKLiNaHaMfnUfqI4XJDXGJePbRRxaDe56jvzLs2sF798W922j3RkvMpBjpM-RB11ShBeyIvNYzEtUxoOOXcoi12DgEyf5vBpOY0wNYOKuA8Gr7xV0g7m69fEFP5ajIyOc2rBOQFOfLByJKTiqODzjBVuvOZHxGlwkFBekj3l_6G-UZmRF-nR8YN82mWB3dN0j7hsWAsbhMPsyGEHfgig4PZEuwiICKRLgu_jEun_POO42eiUe5tnbm9DxxPD7ax9k8_d5cKr9LdK3wI3X7p0-EGDIDX5Q8cNwVfsDjJBm7L0co0ENeVJbzJB_Cux_0kvODysJpEW0W5ou7NqEiRoe0Hi_xP87gE0EkHggANTEkvTUenKdSh6ufYYXuywWfsLzEOd5Wdm2bRnbKL969p0THXXAgIwJ-WysmjA96m66WqpbxbcRBKo2xHnAWs9i4rZXJ-uWuqKV6-4w7uXLyH7V-byfuFTQEux9wzSa5L6JmSbuRDXW3E0apA3DX1Ppulf9IXOYsw6ODJL-Wor-d2Q65uYLX1h_8AIkHmPkA1C42XaHR6TMRMVwahIdz-OVoH0otA6N2zaQywMjd25ZSd4bfqciURRwjkmtaQZE5n9fGxiao1e9KEvqChNU8mkFH6DS3hUl0vHQZWFJjUQMlWVTcCAdfpuHLZnf_IdNY2tgZhXtjCbv9c0owdRSXmmAsSCqPmS9QT03XFalzIy4F5s9CkSH5w7zkqOtYVWzImuRnPV0LOloeboNFS69376fXNIPM98UmdnJ99okT27RNKclgYNNHlA&sai=AMfl-YQsHNQHVnjkTFLpHrQobvEbClG8lilVi8vzqVIPqYMgfD07cyCCvkG_eR2KDrdZ4goBwPgKU3D6OUTEcUTCWTRDCvzKFO98swi0dX11awHQL0qASOMJcfwbDZe2EJm_SDV0XQ-fWQeH8n9L6fYXgYWtmBK0BhxJUIv9l5zvgu8JIfKkH4oJgRKXa0Xj8Upk29vbiPT6iUxRJgEe8WN0ANe2M-nFZWezwiYy1IAOvCh45grgbDAhFvkWiPeAtv4dCYK0&sig=Cg0ArKJSzHt0BEJLAFrnEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=166&cbvp=1&cstd=156&cisv=r20230627.58655&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 30 Jun 2023 22:52:06 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 30 Jun 2023 22:52:06 GMT

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame 8B53 60 B
60 B 78ms
14ms Image
image/gif 85.14.248.91
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lh-mindshare&extProvApi=lh_de&extLi=26915561&extCr=180662177&extPm=361577763&gdpr_consent=&gdpr=

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

85.14.248.91 Mülheim, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 22:52:05 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Fr, 30 Jun 2023 10:52:06 GMT
X-ET-Code: 0
Content-Type: image/gif
Cache-Control: max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-ET-Camp: 1119
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 i.match
a.tribalfusion.com/ Frame 141C 43 B
593 B 186ms
185ms Image
image/gif 2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEPmAg2_rcpuNJKgaRiw3xKU&google_cver=1&google_push=AaAOQGGTwRZbzn8sJpNXnoZ0H1amjzwUV5HNz18u-fkIdSJeMs2hcJoPcGA42MvUXpUJ4HUi5_qA7IQrPC9IdSI1j0xJGsKERciH&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGGTwRZbzn8sJpNXnoZ0H1amjzwUV5HNz18u-fkIdSJeMs2hcJoPcGA42MvUXpUJ4HUi5_qA7IQrPC9IdSI1j0xJGsKERciH%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7df9fa4c880f3a5a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 141C
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEDigz6oZXeZucXY5EdOQ8TQ&google_cver=1&google_push=AaAOQGHpSqSIrfZyNFDKxFFWAST78_hDTna-v1xTM9Vkwq_HTtv2ic9trkR02OyNAg5Yc5aesbTj6xKN3ZXfqh2fKy_KoCo2ORXD
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=38F3C3DB873A4D0BA09CE1B8DE868BD8&google_push=AaAOQGHpSqSIrfZyNFDKxFFWAST78_hDTna-v1xTM9Vkwq_HTtv2ic9trkR02OyNAg5Yc5aesbTj6xKN3ZXfqh2...

170 B
188 B

19ms
18ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=38F3C3DB873A4D0BA09CE1B8DE868BD8&google_push=AaAOQGHpSqSIrfZyNFDKxFFWAST78_hDTna-v1xTM9Vkwq_HTtv2ic9trkR02OyNAg5Yc5aesbTj6xKN3ZXfqh2fKy_KoCo2ORXD

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 30 Jun 2023 22:52:06 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=38F3C3DB873A4D0BA09CE1B8DE868BD8&google_push=AaAOQGHpSqSIrfZyNFDKxFFWAST78_hDTna-v1xTM9Vkwq_HTtv2ic9trkR02OyNAg5Yc5aesbTj6xKN3ZXfqh2fKy_KoCo2ORXD
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 29 Jun 2023 22:52:06 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 141C
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEIDQyg24a2dooYvR4O8fd8Y&google_cver=1&google_push=AaAOQGGcRuAH36JQ0YL95qXHJikQzb7BRsNA6n53cG0PL3fl-vMYp0ltv7jhpe9W3bEWKB93yNCQXgPowj3vey...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDYxNTcyNDQxNDU5NzI2Mw%3D%3D&google_push=AaAOQGGcRuAH36JQ0YL95qXHJikQzb7BRsNA6n53cG0PL3fl-vMYp0ltv7jhpe9W3bEWKB93yNCQXgPowj3veyCI5k...

170 B
188 B

18ms
17ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDYxNTcyNDQxNDU5NzI2Mw%3D%3D&google_push=AaAOQGGcRuAH36JQ0YL95qXHJikQzb7BRsNA6n53cG0PL3fl-vMYp0ltv7jhpe9W3bEWKB93yNCQXgPowj3veyCI5kiehlN9yclC

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDYxNTcyNDQxNDU5NzI2Mw%3D%3D&google_push=AaAOQGGcRuAH36JQ0YL95qXHJikQzb7BRsNA6n53cG0PL3fl-vMYp0ltv7jhpe9W3bEWKB93yNCQXgPowj3veyCI5kiehlN9yclC
Date: Fri, 30 Jun 2023 22:52:06 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 141C
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEO9ODDjHBrmFM7eYn-3Ny28&google_cver=1&google_push=AaAOQGGFqL1s4OWF8HQHIGK0kGzkwUCNV8_4Prq59rwejMW0uMx3lPzkK8RigrFH3RrLSxmUELltpshJirYVfcWJE6DQTpo...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGGFqL1s4OWF8HQHIGK0kGzkwUCNV8_4Prq59rwejMW0uMx3lPzkK8RigrFH3RrLSxmUELltpshJirYVfcWJE6DQTpoXISRP&google_hm=eS1TWXguZ1FCRTJwRUhMWU...

170 B
188 B

23ms
20ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGGFqL1s4OWF8HQHIGK0kGzkwUCNV8_4Prq59rwejMW0uMx3lPzkK8RigrFH3RrLSxmUELltpshJirYVfcWJE6DQTpoXISRP&google_hm=eS1TWXguZ1FCRTJwRUhMWU9VUHZRcmUzMTVEa3gya3VTTH5B

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 30 Jun 2023 22:52:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGGFqL1s4OWF8HQHIGK0kGzkwUCNV8_4Prq59rwejMW0uMx3lPzkK8RigrFH3RrLSxmUELltpshJirYVfcWJE6DQTpoXISRP&google_hm=eS1TWXguZ1FCRTJwRUhMWU9VUHZRcmUzMTVEa3gya3VTTH5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 141C
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Juyf_i7qSJemZbaGU52dHA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Juyf_i7qSJemZbaGU52dHA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGFZzwKajw2LdbpkTnpECwVNH_F_wlIdECFOBc3PKDqbZ_yBgqJ5rKYztx0heox2qGGYJtBu2xq-v7X5g7mqwLeRp35XJusv

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Juyf_i7qSJemZbaGU52dHA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGFZzwKajw2LdbpkTnpECwVNH_F_wlIdECFOBc3PKDqbZ_yBgqJ5rKYztx0heox2qGGYJtBu2xq-v7X5g7mqwLeRp35XJusv
date: Fri, 30 Jun 2023 22:52:05 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 141C
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGjMmFUtRbJyjXIBI1a2nrE&google_cver=1&google_push=AaAOQGEu4ZqI1IWDDAxUOkpMK18JobuRh4NI7yehSB9oSog_6eLFiHqF4PZV4Udn0A0auWyQKN7eCx7eTy5hiMZMQ...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGEu4ZqI1IWDDAxUOkpMK18JobuRh4NI7yehSB9oSog_6eLFiHqF4PZV4Udn0A0auWyQKN7eCx7eTy5hiMZMQ-WZOdvrGcAy&google_hm=G55cqGZHzW6HPrBdSDqXggYa

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGEu4ZqI1IWDDAxUOkpMK18JobuRh4NI7yehSB9oSog_6eLFiHqF4PZV4Udn0A0auWyQKN7eCx7eTy5hiMZMQ-WZOdvrGcAy&google_hm=G55cqGZHzW6HPrBdSDqXggYa

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 30 Jun 2023 22:52:06 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGEu4ZqI1IWDDAxUOkpMK18JobuRh4NI7yehSB9oSog_6eLFiHqF4PZV4Udn0A0auWyQKN7eCx7eTy5hiMZMQ-WZOdvrGcAy&google_hm=G55cqGZHzW6HPrBdSDqXggYa
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58281/ Frame 141C 0
125 B 92ms
9ms Image
text/plain 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEM8tj7_2hPb1gPlEOuDvksM&google_cver=1&google_push=AaAOQGEBSfCwVh6Ip8EL7kAx_r-aGg-FqzWf4K2F4D3cV-htwY8TPmriuocwOUGdHwmED1g8etvpuUfkRHJnhjkKKITvViwzcW-ewQ

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 141C 0
12 B 15ms
14ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K5q8NpYZjMUzBL0fziGFf3XXCsrOZSck0sDRplBOxO1CCSoiUZQa01RM1KrO0HO-cF1mnd9w

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F62D
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEIDQyg24a2dooYvR4O8fd8Y&google_cver=1&google_push=AaAOQGGXAbocyJybqDBBaypp7X5CMzX0pbSkaSaDxy7UwnUr22VGxaaKZ1fZ3fmKi11WRDHi7ndckutJ9mLYr3...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDYxNTcyNDQxNDU5NzI2Mw%3D%3D&google_push=AaAOQGGXAbocyJybqDBBaypp7X5CMzX0pbSkaSaDxy7UwnUr22VGxaaKZ1fZ3fmKi11WRDHi7ndckutJ9mLYr3fPoK...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDYxNTcyNDQxNDU5NzI2Mw%3D%3D&google_push=AaAOQGGXAbocyJybqDBBaypp7X5CMzX0pbSkaSaDxy7UwnUr22VGxaaKZ1fZ3fmKi11WRDHi7ndckutJ9mLYr3fPoKYWzKqhqtyJ

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDYxNTcyNDQxNDU5NzI2Mw%3D%3D&google_push=AaAOQGGXAbocyJybqDBBaypp7X5CMzX0pbSkaSaDxy7UwnUr22VGxaaKZ1fZ3fmKi11WRDHi7ndckutJ9mLYr3fPoKYWzKqhqtyJ
Date: Fri, 30 Jun 2023 22:52:06 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F62D
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEO9ODDjHBrmFM7eYn-3Ny28&google_cver=1&google_push=AaAOQGH-4NrmChWYogvuBlFR66DQnWHmDeKErog1jLaXX8Xzze7ZU9jCrP09trMHfb-0aLjeHD76e4qLkv3fwb55eoQG6If...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGH-4NrmChWYogvuBlFR66DQnWHmDeKErog1jLaXX8Xzze7ZU9jCrP09trMHfb-0aLjeHD76e4qLkv3fwb55eoQG6IfWRIoc&google_hm=eS1zdmtldTExRTJwRXNSSz...

170 B
188 B

18ms
18ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGH-4NrmChWYogvuBlFR66DQnWHmDeKErog1jLaXX8Xzze7ZU9jCrP09trMHfb-0aLjeHD76e4qLkv3fwb55eoQG6IfWRIoc&google_hm=eS1zdmtldTExRTJwRXNSSzVxSVp4dVEwSGw0dk9Tb3prTH5B

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 30 Jun 2023 22:52:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGH-4NrmChWYogvuBlFR66DQnWHmDeKErog1jLaXX8Xzze7ZU9jCrP09trMHfb-0aLjeHD76e4qLkv3fwb55eoQG6IfWRIoc&google_hm=eS1zdmtldTExRTJwRXNSSzVxSVp4dVEwSGw0dk9Tb3prTH5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F62D
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEJNnSdTdR8LzJLRUTo8Rbyo&google_cver=1&google_push=AaAOQGEkCYCDQpo8BnVgL2DlMjDO0pRN14rNIHVseU_KiPrmVmWAliB0msPXWdImCr1Mp_qMKBbKs72_...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEJNnSdTdR8LzJLRUTo8Rbyo&google_cver=1&google_push=AaAOQGEkCYCDQpo8BnVgL2DlMjDO0pRN14rNIHVseU_KiPrmVmWAliB0msPXWdImCr1Mp_qMKBb...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYzNDg0MDgyNTU0MDUyMDU3MQ&google_push=AaAOQGEkCYCDQpo8BnVgL2DlMjDO0pRN14rNIHVseU_KiPrmVmWAliB0msPXWdImCr1Mp_qMKBbKs7...

170 B
188 B

16ms
16ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYzNDg0MDgyNTU0MDUyMDU3MQ&google_push=AaAOQGEkCYCDQpo8BnVgL2DlMjDO0pRN14rNIHVseU_KiPrmVmWAliB0msPXWdImCr1Mp_qMKBbKs72_EQ1jV9zC3A1WpJ17mTRR

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYzNDg0MDgyNTU0MDUyMDU3MQ&google_push=AaAOQGEkCYCDQpo8BnVgL2DlMjDO0pRN14rNIHVseU_KiPrmVmWAliB0msPXWdImCr1Mp_qMKBbKs72_EQ1jV9zC3A1WpJ17mTRR
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 dds
rtb.openx.net/sync/ Frame F62D 43 B
245 B 49ms
15ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEDePM4PnPAyMataUOlHifk8&google_cver=1&google_push=AaAOQGF8w4VqRSBZ0376erPWC_eEtx5jQigPrnud6BhPPPDdcYxbuhQEAyDVuuGUq8N862pbOAeGiZNUiPe577aFt9CkUcTt0dw
Requested by: Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F62D
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=sKkDfLY7TFm_IeUzdPu9Kg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=sKkDfLY7TFm_IeUzdPu9Kg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGGxct0q71P-txZ2yVZCMLkSv-hxhZysdTMT8KYqa8qjphEAKI3grMyeolI4KdX6YOTDWT8u1ybq9-CmJoBbYPYAV5aKDT4J

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=sKkDfLY7TFm_IeUzdPu9Kg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGGxct0q71P-txZ2yVZCMLkSv-hxhZysdTMT8KYqa8qjphEAKI3grMyeolI4KdX6YOTDWT8u1ybq9-CmJoBbYPYAV5aKDT4J
date: Fri, 30 Jun 2023 22:52:06 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F62D
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEGjMmFUtRbJyjXIBI1a2nrE&google_cver=1&google_push=AaAOQGHKj9ADN60jXyp-Q9vKizid_V-NgMY_emUuV3wPvxNEph3mpObQVydQtE6j5wnO9CnTaJJQ_nAyiQ2Mxxvsy...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGHKj9ADN60jXyp-Q9vKizid_V-NgMY_emUuV3wPvxNEph3mpObQVydQtE6j5wnO9CnTaJJQ_nAyiQ2Mxxvsy0fJIAEir0sE&google_hm=G55cqGZHzW6HPrBdSDqXggYa

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGHKj9ADN60jXyp-Q9vKizid_V-NgMY_emUuV3wPvxNEph3mpObQVydQtE6j5wnO9CnTaJJQ_nAyiQ2Mxxvsy0fJIAEir0sE&google_hm=G55cqGZHzW6HPrBdSDqXggYa

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 30 Jun 2023 22:52:06 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AaAOQGHKj9ADN60jXyp-Q9vKizid_V-NgMY_emUuV3wPvxNEph3mpObQVydQtE6j5wnO9CnTaJJQ_nAyiQ2Mxxvsy0fJIAEir0sE&google_hm=G55cqGZHzW6HPrBdSDqXggYa
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58281/ Frame F62D 0
15 B 89ms
10ms Image
text/plain 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEM8tj7_2hPb1gPlEOuDvksM&google_cver=1&google_push=AaAOQGEGnKREk6OKisC8Kndb822rlmH3NSRanes8w2FPwv5I8PiheTjcXUSB62Z9OEtIlX_s_FTxet1WvO0vlEA_Xqk6dP_Dk7MmNw

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame F62D 0
12 B 14ms
13ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J_d2GWn_GP9mwHUXok0tj7iEP0mEod-bo5E19_97hJbCmvs0ATLkMidGOBqNKHG1adhEzKKQ

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4A1D 1 KB
643 B 7ms
6ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 54954
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 07:36:12 GMT
etag: 48472445140208031
expires: Sat, 01 Jul 2023 07:36:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 11C8 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aebbdede6d20a09305202759973dde54dd747a1b51ad43c1cb7969d6ec3dde73

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C345 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 229293
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 07:10:33 GMT
expires: Thu, 27 Jun 2024 07:10:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2C60
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

16ms
15ms

Document
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 22:52:06 GMT
expires: Fri, 30 Jun 2023 22:52:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 22:52:06 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/12943809228921786815/ Frame 1999 1 KB
767 B 15ms
15ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=nMWscgejZt&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68b34a28617137221b76b93546359bf577aea1d6b3aadbd65b40e8bbdae7dd0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 739
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 22:52:06 GMT
expires: Sat, 29 Jun 2024 22:52:06 GMT
last-modified: Thu, 27 Apr 2023 13:46:02 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame BD79 0
0 50ms
50ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstf0jromS0gkOiDdr-wiVQXNaLpf9HzAKW3gp175j_yEgsREANQf5Msh4yc7wf3fVL6rNq8-ZxZBwGSyB8tFdzUy3687OvCyt_cJIAEi_iyL_MRQgGxsB8uXE57U_Bs1oZm1zod5J3_bBdf13C45alOdmR1GirmqH3WALIuzq6pv07razEi5vcmY2JegHhE_MkxCXQ6oD7PJlJPFcMoHoNcaG0Jo97AcoFtDXQGQps4QI_qESluz-OgyOssoC2h45bJXpfGJ87MQ-SU7I02gHXRwlAb5fgB11RCHRIlUKIi0V3LbKQ_Kr6ulh-p_o24ifvgPRaJGnBVkmwHSxE9YriUF22PK1I8xLD65Ku8IW9RA8afgYhwL2pz8mNyM603UUesp94DWrBf3RFblIHsAJZEQtiqnKA88w924r9DRo22voZup-8XnUslFsmWMhAjoo9JWqMOmdVAJZ-QMsOlA7okCa3OIO4flPkzZWjQfwP6b3Hv9bUeGtpvKqWRzZMPJMIRj-lweIonX8YkoC7nqnA_h1kh1-q9g-324p4e6EWNY24AzGBFLIoy8PP52vxh3vhPlLG6KRskV9yTHb1M_0YaEGJMYcvkubXDb_HqcF8sOmpjaP4Wri96MIYSCQSVMK417L820-D3IJYgMAqMrIR5yeUV310eQxJAEo2WogrxzHUY70CemWOPec-qMocIh6s5mqwYyiI9V21g2RFlYtHinVsCYXCZ12EyS-aHpK_AN1OU71Htp_PmoLAOxsI-k6fr0c19SQmrxU0BEIXHDiweUGlI0q4mniZtLhL-XFCxti0wQJjJpzm7o2lhh0m_LqR2-cWTWZmvDB17GNRmS-umsc9eNfh0uyCD6Tc5hyA89LbOxSwR_ajWo8M_gwnoau-BBx-V-WehgEI5AvPaJKWP0jsHQ7wLWPfxl7rP_POmwRYsvLpRMgaVXBQx3hQPS7e_VuW7tEgJqpC1Z5ctQ7RdTmrVL3ElY5u_YrM4EdeCHZGL-utEKBiqLl5LmjNweGShMYZPNTpfJ-3pL5bONsB03pG7pY2exr-EPjpRLBQ5z-pXkAXVrb2toA8cBjM13dV23EkEtYQ8kK94qFN4GgiuHB7SHfJvnGcjhp392vQxPj0RtbzguvIcVsiXrbG-D4irG7deIN5vgb6qYbP4afU3UjEkC9fvfocb97m472JIsVMXUCDmqBS3qVknJERl8-WfuRsBoVX9PKP2b7RuQRKdjhaI0wiIlnDKRykN2VaWin9B21BcDs3bw6z51m93UKmCNiQBS_7bOeItvjKigE3iHWDULGvc3uQDxaV3ROceeytXGxurtiA&sai=AMfl-YTpqAR0wg6wg7HW8-22bwQ1X4ilKon7Vbvm09-AnaNIiDEqGFCBBODHGprREQqD3wJGbSKxpZGhQGv5vNvtUyP-bV_PTh-6o9qaoJUgDRLwKdyrLEAogb_SpX6RBczH8fmMaccSk8H2wPjz3jF1xu8yWoCidqwj8eejEq8-qbXAg3EfyB195WOZPn7wqrikXDF_GvWskE9F_c7Z-ZCtudLx4r_UJx72PI6rFYh3TCVHiqDKv4nrmQcZPK9OOODl80ai&sig=Cg0ArKJSzNmt7z6cRtojEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=163&cbvp=1&cstd=157&cisv=r20230627.04337&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 30 Jun 2023 22:52:06 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 30 Jun 2023 22:52:06 GMT

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame BD79 60 B
60 B 44ms
14ms Image
image/gif 85.14.248.91
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lh-mindshare&extProvApi=lh_de&extLi=26915561&extCr=180662177&extPm=361577763&gdpr_consent=&gdpr=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

85.14.248.91 Mülheim, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 22:52:05 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Fr, 30 Jun 2023 10:52:06 GMT
X-ET-Code: 0
Content-Type: image/gif
Cache-Control: max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-ET-Camp: 1119
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 8CD7 113 KB
38 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=pg1Uh1dWX8&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=pg1Uh1dWX8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 22:52:06 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 8CD7 118 KB
40 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=pg1Uh1dWX8&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=pg1Uh1dWX8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 13:52:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32370
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 01 Jul 2023 13:52:36 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 9E9C 2 KB
507 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900020.redintelligence.net
URL: https://hal900020.redintelligence.net/request_content.php?s=49013000003019200951389012372020&a=a54aa62f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7fb07880fe0e8c6a59441a5eb71aed95f6542a8c4bc1ed859984d2e8efe054e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900020.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 30 Jun 2023 22:52:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 20:56:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 30 Jun 2023 22:52:06 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 9E9C 16 KB
16 KB 33ms
12ms Image
image/png 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal900020.redintelligence.net
URL: https://hal900020.redintelligence.net/request_content.php?s=49013000003019200951389012372020&a=a54aa62f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 Falkenstein, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 575bd073465a3ca348b492f66cafd8d81da9d04178ec53ff70fd95affd6174b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900020.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 22:52:06 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16229
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 9E9C 16 KB
16 KB 193ms
170ms Image
image/png 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900020.redintelligence.net
URL: https://hal900020.redintelligence.net/request_content.php?s=49013000003019200951389012372020&a=a54aa62f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 Falkenstein, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 64f050fbc4e0e656d03b9e6d8b9fb95fb3d0f5e15c8ccccb80bad3b3f0da9289

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900020.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 22:52:06 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16512
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 9E9C 13 KB
13 KB 41ms
18ms Image
image/png 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by: Host: hal900020.redintelligence.net
URL: https://hal900020.redintelligence.net/request_content.php?s=49013000003019200951389012372020&a=a54aa62f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 Falkenstein, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 1648d3653d9554cc95adeae17f6119abb5c45948ec12e309116588bec9a3b698

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900020.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 22:52:06 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 12998
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 i.match
a.tribalfusion.com/ Frame 64E0 43 B
559 B 188ms
185ms Image
image/gif 2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEPmAg2_rcpuNJKgaRiw3xKU&google_cver=1&google_push=AaAOQGF2-xZV8S0lcMIygsV7ZA9kKeAcX7BYsbZcozC3-n6Oogm6s_WmuQdy0pPQLyKrWSEnnpJPyd7SOlDdTZa6gn8ZfFk4ctOY&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAaAOQGF2-xZV8S0lcMIygsV7ZA9kKeAcX7BYsbZcozC3-n6Oogm6s_WmuQdy0pPQLyKrWSEnnpJPyd7SOlDdTZa6gn8ZfFk4ctOY%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7df9fa4d38b43a5a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 64E0
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEDigz6oZXeZucXY5EdOQ8TQ&google_cver=1&google_push=AaAOQGGaA8hQ0EMy8XUnpubxEoPQ5S52_xPagHFO_QQsuspF6m_CxJmXFc0RqT6aZ1R0aCVyo8UEnniKlAMfRexLGLoY0uFPKHAv
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=38F3C3DB873A4D0BA09CE1B8DE868BD8&google_push=AaAOQGGaA8hQ0EMy8XUnpubxEoPQ5S52_xPagHFO_QQsuspF6m_CxJmXFc0RqT6aZ1R0aCVyo8UEnniKlAMfRex...

170 B
188 B

16ms
15ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=38F3C3DB873A4D0BA09CE1B8DE868BD8&google_push=AaAOQGGaA8hQ0EMy8XUnpubxEoPQ5S52_xPagHFO_QQsuspF6m_CxJmXFc0RqT6aZ1R0aCVyo8UEnniKlAMfRexLGLoY0uFPKHAv

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 30 Jun 2023 22:52:06 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=38F3C3DB873A4D0BA09CE1B8DE868BD8&google_push=AaAOQGGaA8hQ0EMy8XUnpubxEoPQ5S52_xPagHFO_QQsuspF6m_CxJmXFc0RqT6aZ1R0aCVyo8UEnniKlAMfRexLGLoY0uFPKHAv
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 29 Jun 2023 22:52:06 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 64E0
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEIDQyg24a2dooYvR4O8fd8Y&google_cver=1&google_push=AaAOQGGYCJ1bPptEGZP6gaKsQY3IU595pPIq5-IfUuRg8vloE2QwUNR1hNEnpucJ7x8CCeC3fSzCRG-MPMcu50...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDYxNTcyNDQxNDU5NzI2Mw%3D%3D&google_push=AaAOQGGYCJ1bPptEGZP6gaKsQY3IU595pPIq5-IfUuRg8vloE2QwUNR1hNEnpucJ7x8CCeC3fSzCRG-MPMcu50XioW...

170 B
188 B

16ms
16ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDYxNTcyNDQxNDU5NzI2Mw%3D%3D&google_push=AaAOQGGYCJ1bPptEGZP6gaKsQY3IU595pPIq5-IfUuRg8vloE2QwUNR1hNEnpucJ7x8CCeC3fSzCRG-MPMcu50XioWairu5MrKbwfw

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1MDYxNTcyNDQxNDU5NzI2Mw%3D%3D&google_push=AaAOQGGYCJ1bPptEGZP6gaKsQY3IU595pPIq5-IfUuRg8vloE2QwUNR1hNEnpucJ7x8CCeC3fSzCRG-MPMcu50XioWairu5MrKbwfw
Date: Fri, 30 Jun 2023 22:52:06 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2 200 dds
rtb.openx.net/sync/ Frame 64E0 43 B
103 B 19ms
15ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEDePM4PnPAyMataUOlHifk8&google_cver=1&google_push=AaAOQGGPuUggZ_rTD--AoAQRXfPWmSmMAPIpKmMqYwL-DTS5JILRMri5PSxG9Se9cTRFBoksG-5mUcqLwpUrk2--C_hhTZYm67TZtQ
Requested by: Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 64E0
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=sKkDfLY7TFm_IeUzdPu9Kg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

16ms
16ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=sKkDfLY7TFm_IeUzdPu9Kg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGGcoEY3oCxV7lAKeZIdKopnQD_GMQhXNiHhcwdCDreR_6kgg4D_ggluhDzg6K4p0RYJmDUXNmb185xnRvEbod3_ne_bRyjc6w

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=sKkDfLY7TFm_IeUzdPu9Kg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AaAOQGGcoEY3oCxV7lAKeZIdKopnQD_GMQhXNiHhcwdCDreR_6kgg4D_ggluhDzg6K4p0RYJmDUXNmb185xnRvEbod3_ne_bRyjc6w
date: Fri, 30 Jun 2023 22:52:06 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 64E0
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBRVxvEXb29qRyr9-dv7yRg&google_cver=1&google_push=AaAOQGFGplqXdnzMXtQM3ij4rueqJyTcC1tB6-fnaisNt9jrzisnHCrmyTFI8XE-at5oWUSOCfx...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpKNjYwWTItMUYtRjgwQQ==&google_push=AaAOQGFGplqXdnzMXtQM3ij4rueqJyTcC1tB6-fnaisNt9jrzisnHCrmyTFI8XE-at5oWUSOCfxa9oGJxHRFU5MEV18pMUbPbVSUYQ

170 B
188 B

18ms
17ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpKNjYwWTItMUYtRjgwQQ==&google_push=AaAOQGFGplqXdnzMXtQM3ij4rueqJyTcC1tB6-fnaisNt9jrzisnHCrmyTFI8XE-at5oWUSOCfxa9oGJxHRFU5MEV18pMUbPbVSUYQ

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpKNjYwWTItMUYtRjgwQQ==&google_push=AaAOQGFGplqXdnzMXtQM3ij4rueqJyTcC1tB6-fnaisNt9jrzisnHCrmyTFI8XE-at5oWUSOCfxa9oGJxHRFU5MEV18pMUbPbVSUYQ
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58281/ Frame 64E0 0
15 B 14ms
10ms Image
text/plain 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEM8tj7_2hPb1gPlEOuDvksM&google_cver=1&google_push=AaAOQGGg5jGyi6_bx5cvNYVOnWT5d0eiQXW8mRivYMf5CcnXF__FAZjHkSQfPDUah33co-_U6NAeUGEk6NkR2gbB25-eiwvE5M02AA

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 64E0 0
12 B 19ms
16ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13ITS_fwb-X0qbkff357qJtuCynVcTLKyx5H6CMBsfthbVW4RDMvOMJprLAAtg6DCD2i-aZE5A

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame 95B1 5 KB
5 KB 10ms
9ms Script
application/javascript 2a01:4f8:d0a:2321::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2835770517
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a01:4f8:d0a:2321::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: 525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
last-modified: Wed, 05 Apr 2023 20:14:46 GMT
server: Apache
etag: "1416-5f89c717cdc2f"
content-type: application/javascript
xphp81: true
accept-ranges: bytes
content-length: 5142

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 1999 113 KB
38 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=nMWscgejZt&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=nMWscgejZt&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 22:52:06 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 1999 118 KB
40 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=nMWscgejZt&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=nMWscgejZt&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 13:52:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32370
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 01 Jul 2023 13:52:36 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 72C6 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 229293
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 07:10:33 GMT
expires: Thu, 27 Jun 2024 07:10:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4A1D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAvBj4bufCXJawCGbQ4m0OE&google_push=AaAOQGEr9VPRggNDJoLPX9wPKNderxfs2EY23kzZ_Z8MEg0-7vqm1DMbFC...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAvBj4bufCXJawCGbQ4m0OE&google_push=AaAOQGEr9VPRggNDJoLPX9wPKNderxfs2EY23kzZ_Z8MEg0-7vqm1DMbFCodrulRNGB5XRVQnI5iaIJQZ3kEnK989uyg2Yqcv5Fm

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230036-FRA
pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1688165527.705778,VS0,VE95
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAvBj4bufCXJawCGbQ4m0OE&google_push=AaAOQGEr9VPRggNDJoLPX9wPKNderxfs2EY23kzZ_Z8MEg0-7vqm1DMbFCodrulRNGB5XRVQnI5iaIJQZ3kEnK989uyg2Yqcv5Fm
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4A1D
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESECv1iJuqU_LY9hyWPXsETpc&google_cver=1&google_push=AaAOQGHw2H4BQAe3h1xA24tOuSBgsE9VH7j_JamYzkwavApOPEVqsp1jGFhAyT9kC52qb6ud6uQsMjocmu3...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGHw2H4BQAe3h1xA24tOuSBgsE9VH7j_JamYzkwavApOPEVqsp1jGFhAyT9kC52qb6ud6uQsMjocmu3V_iu0GAPTKOsUrtEE_A&google_hm=VxEFfcxyTji2h6lM74...

170 B
188 B

16ms
16ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGHw2H4BQAe3h1xA24tOuSBgsE9VH7j_JamYzkwavApOPEVqsp1jGFhAyT9kC52qb6ud6uQsMjocmu3V_iu0GAPTKOsUrtEE_A&google_hm=VxEFfcxyTji2h6lM74k5PEk

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:05 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGHw2H4BQAe3h1xA24tOuSBgsE9VH7j_JamYzkwavApOPEVqsp1jGFhAyT9kC52qb6ud6uQsMjocmu3V_iu0GAPTKOsUrtEE_A&google_hm=VxEFfcxyTji2h6lM74k5PEk
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4A1D
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESED6OaeOvhPHFXlnCy7Plsz0&google_cver=1&google_push=AaAOQGE3r4H6YKqWAD0Ul49SgukjW7nraec0oTJwoI7d8DkHiu4kMaWd8RrICWcL99YPuouDW6h36dxGk6e3ggLxg3BE...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESED6OaeOvhPHFXlnCy7Plsz0&google_cver=1&google_push=AaAOQGE3r4H6YKqWAD0Ul49SgukjW7nraec0oTJwoI7d8DkHiu4kMaWd8RrICWcL99YPuouDW6h36dxGk6e3gg...
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=google
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=bbe7c7b8-31c8-4b01-9f71-8190ed8e0721&ssp=google
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGE3r4H6YKqWAD0Ul49SgukjW7nraec0oTJwoI7d8DkHiu4kMaWd8RrICWcL99YPuouDW6h36dxGk6e3ggLxg3BE0d_W970DJA&google_hm=LLgcxovIQ3mfz3V5kAP26Q==

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGE3r4H6YKqWAD0Ul49SgukjW7nraec0oTJwoI7d8DkHiu4kMaWd8RrICWcL99YPuouDW6h36dxGk6e3ggLxg3BE0d_W970DJA&google_hm=LLgcxovIQ3mfz3V5kAP26Q==

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:07 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AaAOQGE3r4H6YKqWAD0Ul49SgukjW7nraec0oTJwoI7d8DkHiu4kMaWd8RrICWcL99YPuouDW6h36dxGk6e3ggLxg3BE0d_W970DJA&google_hm=LLgcxovIQ3mfz3V5kAP26Q==
date: Fri, 30 Jun 2023 22:52:07 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4A1D
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBRVxvEXb29qRyr9-dv7yRg&google_cver=1&google_push=AaAOQGEnQifpVz8Vy6IvHdRiRQj-Mzi4Jw792qSH9MoIAcw3oOG7lGRoNW6pVvJshoLIJL1L_i4...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpKNjYwWlEtNS1HVjhH&google_push=AaAOQGEnQifpVz8Vy6IvHdRiRQj-Mzi4Jw792qSH9MoIAcw3oOG7lGRoNW6pVvJshoLIJL1L_i4BVK8ZYc3M97IX8NLDVVyeKr1d0A

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpKNjYwWlEtNS1HVjhH&google_push=AaAOQGEnQifpVz8Vy6IvHdRiRQj-Mzi4Jw792qSH9MoIAcw3oOG7lGRoNW6pVvJshoLIJL1L_i4BVK8ZYc3M97IX8NLDVVyeKr1d0A

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpKNjYwWlEtNS1HVjhH&google_push=AaAOQGEnQifpVz8Vy6IvHdRiRQj-Mzi4Jw792qSH9MoIAcw3oOG7lGRoNW6pVvJshoLIJL1L_i4BVK8ZYc3M97IX8NLDVVyeKr1d0A
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4A1D
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEJ...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AaAOQGGQ_s9lH9wtEROMlAYOIXehXsq6skPH-Syh3p5IXmw_JWUTaJi6M2LG8lobJFDM664zprVtENZhuWGwral95p9iTCnaNoa4vg&redir=https%3A%2F%2Fcm.g.dou...
https://sync.targeting.unrulymedia.com/csync/RX-0072ec52-ae03-4b82-964b-44d53e52249a-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAaAOQGGQ_s9lH9wtEROMlAYOI...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGGQ_s9lH9wtEROMlAYOIXehXsq6skPH-Syh3p5IXmw_JWUTaJi6M2LG8lobJFDM664zprVtENZhuWGwral95p9iTCnaNoa4vg&google_hm=AwBy7FKuA0uClktE1T5SJJo

170 B
188 B

18ms
17ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGGQ_s9lH9wtEROMlAYOIXehXsq6skPH-Syh3p5IXmw_JWUTaJi6M2LG8lobJFDM664zprVtENZhuWGwral95p9iTCnaNoa4vg&google_hm=AwBy7FKuA0uClktE1T5SJJo

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGGQ_s9lH9wtEROMlAYOIXehXsq6skPH-Syh3p5IXmw_JWUTaJi6M2LG8lobJFDM664zprVtENZhuWGwral95p9iTCnaNoa4vg&google_hm=AwBy7FKuA0uClktE1T5SJJo
date: Fri, 30 Jun 2023 22:52:06 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX0072ec52ae034b82964b44d53e52249a003
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4A1D
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEO8Eyl_gbkP3x_mamTLiCRU&google_cver=1&google_push=AaAOQGFrZtgZBgcjp1oN2ypJX6EM33GxTFb9cdRM2-ycEpKA0XatiLVfnR3A9el-v8pjm9iviq6Rd5Mo31GjaFwvdzDZLLekEv72
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTM1MDQ3OTYxNjIzMTMwNjA1Mzg5&google_push=AaAOQGFrZtgZBgcjp1oN2ypJX6EM33GxTFb9cdRM2-ycEpKA0XatiLVfnR3A9el-...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTM1MDQ3OTYxNjIzMTMwNjA1Mzg5&google_push=AaAOQGFrZtgZBgcjp1oN2ypJX6EM33GxTFb9cdRM2-ycEpKA0XatiLVfnR3A9el-v8pjm9iviq6Rd5Mo31GjaFwvdzDZLLekEv72

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTM1MDQ3OTYxNjIzMTMwNjA1Mzg5&google_push=AaAOQGFrZtgZBgcjp1oN2ypJX6EM33GxTFb9cdRM2-ycEpKA0XatiLVfnR3A9el-v8pjm9iviq6Rd5Mo31GjaFwvdzDZLLekEv72
date: Fri, 30 Jun 2023 22:52:06 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

/
onetag-sys.com/match/ Frame 4A1D
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEPSGEkzcVThv8EANCn1Bo8A&google_cver=1&google_push=AaAOQGFwaAyfnllIH7bzcRX_eVWtM_3w1t7cviKRAPhw_RF-l_It08QUUeKG0t7Fx05B_WRGE6hoSN4gZGA...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGFwaAyfnllIH7bzcRX_eVWtM_3w1t7cviKRAPhw_RF-l_It08QUUeKG0t7Fx05B_WRGE6hoSN4gZGA8NEufBGkvJlVBPFwYCw
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

7ms
7ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 4A1D 0
12 B 15ms
14ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K7N66Z2WrRWnn8TXeXjZI8OoCJ8ev6IuSxPbP5Ydrv-9TUjsOn_KIyeOfwEViaQPl1UUfXtA

Requested by

Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK viewability Show response
hal900020.redintelligence.net/ Frame 9E9C 0
150 B 33ms
11ms Script
text/html 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900020.redintelligence.net/viewability?s=49013000003019200951389012372020&a=9168a33f&vb=m
Requested by: Host: hal900020.redintelligence.net
URL: https://hal900020.redintelligence.net/request_content.php?s=49013000003019200951389012372020&a=a54aa62f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900020.redintelligence.net/request_content.php?s=49013000003019200951389012372020&a=a54aa62f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Fri, 30 Jun 2023 22:52:06 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js Show response
pagead2.googlesyndication.com/bg/ Frame C345 38 KB
14 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00e8a28586e393b1b23d23dec44dcfa2b38a457a287d33c5f0d8ef9008257387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 17:38:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18832
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14768
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 29 Jun 2024 17:38:14 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame F31D 116 KB
44 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0a06513af4e9032cdf9906545bb44cd0f956cb32e8eec7cabeb7c2c9a5367f43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45375
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 21:49:08 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 30 Jun 2023 22:52:06 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 8B53 0
0 45ms
44ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstYoUDzjnVC_VacnZa6K1oNgziH8x-mTAjmLOE1UNpWdjtZtw8kUnu_M4uPyd1_a_g64orqXnKabyJpX-mVFSAjw7PTNvGV9pxtkir0LKCRSJA0hSbmTxtyRVIMBFjFLHAV_E_dT2MSK0DMO_406O7N0LPe9aoHz4EUT4-dGbzhJ1PhUvuEuP-ozqxaBE6H1JeLVmmVQ6qbuR__A5w4ui_XJzecPTlnMjKOuOA9f6g0KMZKQr7g3HlFrxsea2FgAUFvDnE4b3RrgifccD_F7JQVXhnSj3xuz3zTecRfBPnPG3sdfrPSHZ4gFo_OOzSA1-MRnUQw_aqIWV_lhi9kq8EoVJpFLwloq6gZpKwNRp2k_kseGsg498hQ_L-TGNQhhldcJCmzqWJeSz1at_yxNc7rrYjCsTgwwkttcrNa2JkTqPcHEqphvAXKQDJOMd_cEmcb7pTImOLy8pZwu_Mci_DXMePAhwcww7Nv5dsEZBvFjfS-Z0ImxTWCzu0TBxrsexlgfdAeBmr-PYBp4IFr-I7NLgzuKLiNaHaMfnUfqI4XJDXGJePbRRxaDe56jvzLs2sF798W922j3RkvMpBjpM-RB11ShBeyIvNYzEtUxoOOXcoi12DgEyf5vBpOY0wNYOKuA8Gr7xV0g7m69fEFP5ajIyOc2rBOQFOfLByJKTiqODzjBVuvOZHxGlwkFBekj3l_6G-UZmRF-nR8YN82mWB3dN0j7hsWAsbhMPsyGEHfgig4PZEuwiICKRLgu_jEun_POO42eiUe5tnbm9DxxPD7ax9k8_d5cKr9LdK3wI3X7p0-EGDIDX5Q8cNwVfsDjJBm7L0co0ENeVJbzJB_Cux_0kvODysJpEW0W5ou7NqEiRoe0Hi_xP87gE0EkHggANTEkvTUenKdSh6ufYYXuywWfsLzEOd5Wdm2bRnbKL969p0THXXAgIwJ-WysmjA96m66WqpbxbcRBKo2xHnAWs9i4rZXJ-uWuqKV6-4w7uXLyH7V-byfuFTQEux9wzSa5L6JmSbuRDXW3E0apA3DX1Ppulf9IXOYsw6ODJL-Wor-d2Q65uYLX1h_8AIkHmPkA1C42XaHR6TMRMVwahIdz-OVoH0otA6N2zaQywMjd25ZSd4bfqciURRwjkmtaQZE5n9fGxiao1e9KEvqChNU8mkFH6DS3hUl0vHQZWFJjUQMlWVTcCAdfpuHLZnf_IdNY2tgZhXtjCbv9c0owdRSXmmAsSCqPmS9QT03XFalzIy4F5s9CkSH5w7zkqOtYVWzImuRnPV0LOloeboNFS69376fXNIPM98UmdnJ99okT27RNKclgYNNHlA&sai=AMfl-YQsHNQHVnjkTFLpHrQobvEbClG8lilVi8vzqVIPqYMgfD07cyCCvkG_eR2KDrdZ4goBwPgKU3D6OUTEcUTCWTRDCvzKFO98swi0dX11awHQL0qASOMJcfwbDZe2EJm_SDV0XQ-fWQeH8n9L6fYXgYWtmBK0BhxJUIv9l5zvgu8JIfKkH4oJgRKXa0Xj8Upk29vbiPT6iUxRJgEe8WN0ANe2M-nFZWezwiYy1IAOvCh45grgbDAhFvkWiPeAtv4dCYK0&sig=Cg0ArKJSzHt0BEJLAFrnEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=384&vt=11&dtpt=218&dett=3&cstd=156&cisv=r20230627.58655&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 30 Jun 2023 22:52:06 GMT

GET
H3 200 AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js Show response
pagead2.googlesyndication.com/bg/ Frame 72C6 38 KB
14 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00e8a28586e393b1b23d23dec44dcfa2b38a457a287d33c5f0d8ef9008257387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 17:38:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18832
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14768
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 29 Jun 2024 17:38:14 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame BD79 0
0 44ms
44ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstf0jromS0gkOiDdr-wiVQXNaLpf9HzAKW3gp175j_yEgsREANQf5Msh4yc7wf3fVL6rNq8-ZxZBwGSyB8tFdzUy3687OvCyt_cJIAEi_iyL_MRQgGxsB8uXE57U_Bs1oZm1zod5J3_bBdf13C45alOdmR1GirmqH3WALIuzq6pv07razEi5vcmY2JegHhE_MkxCXQ6oD7PJlJPFcMoHoNcaG0Jo97AcoFtDXQGQps4QI_qESluz-OgyOssoC2h45bJXpfGJ87MQ-SU7I02gHXRwlAb5fgB11RCHRIlUKIi0V3LbKQ_Kr6ulh-p_o24ifvgPRaJGnBVkmwHSxE9YriUF22PK1I8xLD65Ku8IW9RA8afgYhwL2pz8mNyM603UUesp94DWrBf3RFblIHsAJZEQtiqnKA88w924r9DRo22voZup-8XnUslFsmWMhAjoo9JWqMOmdVAJZ-QMsOlA7okCa3OIO4flPkzZWjQfwP6b3Hv9bUeGtpvKqWRzZMPJMIRj-lweIonX8YkoC7nqnA_h1kh1-q9g-324p4e6EWNY24AzGBFLIoy8PP52vxh3vhPlLG6KRskV9yTHb1M_0YaEGJMYcvkubXDb_HqcF8sOmpjaP4Wri96MIYSCQSVMK417L820-D3IJYgMAqMrIR5yeUV310eQxJAEo2WogrxzHUY70CemWOPec-qMocIh6s5mqwYyiI9V21g2RFlYtHinVsCYXCZ12EyS-aHpK_AN1OU71Htp_PmoLAOxsI-k6fr0c19SQmrxU0BEIXHDiweUGlI0q4mniZtLhL-XFCxti0wQJjJpzm7o2lhh0m_LqR2-cWTWZmvDB17GNRmS-umsc9eNfh0uyCD6Tc5hyA89LbOxSwR_ajWo8M_gwnoau-BBx-V-WehgEI5AvPaJKWP0jsHQ7wLWPfxl7rP_POmwRYsvLpRMgaVXBQx3hQPS7e_VuW7tEgJqpC1Z5ctQ7RdTmrVL3ElY5u_YrM4EdeCHZGL-utEKBiqLl5LmjNweGShMYZPNTpfJ-3pL5bONsB03pG7pY2exr-EPjpRLBQ5z-pXkAXVrb2toA8cBjM13dV23EkEtYQ8kK94qFN4GgiuHB7SHfJvnGcjhp392vQxPj0RtbzguvIcVsiXrbG-D4irG7deIN5vgb6qYbP4afU3UjEkC9fvfocb97m472JIsVMXUCDmqBS3qVknJERl8-WfuRsBoVX9PKP2b7RuQRKdjhaI0wiIlnDKRykN2VaWin9B21BcDs3bw6z51m93UKmCNiQBS_7bOeItvjKigE3iHWDULGvc3uQDxaV3ROceeytXGxurtiA&sai=AMfl-YTpqAR0wg6wg7HW8-22bwQ1X4ilKon7Vbvm09-AnaNIiDEqGFCBBODHGprREQqD3wJGbSKxpZGhQGv5vNvtUyP-bV_PTh-6o9qaoJUgDRLwKdyrLEAogb_SpX6RBczH8fmMaccSk8H2wPjz3jF1xu8yWoCidqwj8eejEq8-qbXAg3EfyB195WOZPn7wqrikXDF_GvWskE9F_c7Z-ZCtudLx4r_UJx72PI6rFYh3TCVHiqDKv4nrmQcZPK9OOODl80ai&sig=Cg0ArKJSzNmt7z6cRtojEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=313&vt=11&dtpt=150&dett=3&cstd=157&cisv=r20230627.04337&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 30 Jun 2023 22:52:06 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 11C8 85 KB
31 KB 98ms
7ms Script
text/javascript 18.66.147.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=49013000003019200951389012372020&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-98.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 12:41:10 GMT
content-encoding: gzip
via: 1.1 87fae571c6ea0d7d1101b71cc2131bba.cloudfront.net (CloudFront)
last-modified: Wed, 15 Mar 2023 17:26:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 36657
etag: W/"876c293e6c37046ecb0c11ce2e276942"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: CFDCAYjTTE20-KbItZQr0mAoXwZSdBWHw8jrS8faTvEExjFL3LOT8w==

GET
H2 200 1x1_0.png
cdn.track.production.webgains.team/7121/ Frame 11C8 3 KB
3 KB 34ms
6ms Image
image/png 99.86.4.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1688165826&Signature=deUh7HcK7sKeRN9Z1R4XW1quebRgVXO3CvCrpQ87xgnyHiri2G0s8mKcPor-SQffXk8UySCswg9KA4C0RbW0-O7uf8Q~4yL0oVg18Aa3yUqy003Z5pSxSAC6yeHD-cPrgxy3N46WYeUPTna~YTONwK38mclS5HSAYDQbSi7L7LHGL3w4ZdjqzpAYe6B5Ow8IdrSFXcQJQbM4LiPtL1RK0O4gUSTka68d3ergnm4ss2vvNKqhmYIZuduJIgOP860PNaA5k3hyI-QKrGQSSIuXnKUvO0vKRM6jYXIxO~rMUvquw1iOE8PkRo02o93tDCEtO3JNWKfFomHfwKvuD2OomA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: 6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
URL: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-36.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: null
date: Fri, 30 Jun 2023 19:22:53 GMT
via: 1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 12554
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: wOEC9ZxoHDTmCMxy73Nk4pIzW0e3AvlFkEbUKwuDZXGzlB20w-2gQg==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame F31D 260 KB
88 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8d9db20aa3d345d478a9468c62515e6b9c3cbb4b405a96b8caf4f3441642ef7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90018
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 30 Jun 2023 22:52:06 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame 8CD7 3 KB
1 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=pg1Uh1dWX8&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1b2da575466eb30982e08c1020f55bcf2d9565f53bd64c3da87a1d774d75588

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=pg1Uh1dWX8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:43:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 489
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1100
x-xss-protection: 0
last-modified: Fri, 05 May 2023 10:07:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 22:58:57 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 8CD7 7 KB
6 KB 53ms
51ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

739058dd7577d47ad6035af246fbe0fc077a1a5d5feb28a1da9ee68c1e452396

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5807
x-xss-protection: 0

GET
H3 200 main.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame 1999 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=nMWscgejZt&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1b2da575466eb30982e08c1020f55bcf2d9565f53bd64c3da87a1d774d75588

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=nMWscgejZt&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:43:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 489
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1100
x-xss-protection: 0
last-modified: Fri, 05 May 2023 10:07:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 22:58:57 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1999 8 KB
6 KB 49ms
48ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6af4cc0cd0376c4b1c73048c068dcae17c073c1f816d3a7752c6acd1a02b3851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5850
x-xss-protection: 0

GET
H3 200 160x600_de-de_performance.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame 8CD7 62 KB
17 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf035fa0bfc989035b3a60bd3384033c03a80a1ba4103a81d20e0bd053301e9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=pg1Uh1dWX8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:46:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 322
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17856
x-xss-protection: 0
last-modified: Tue, 28 Mar 2023 08:23:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 23:01:44 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 8CD7 17 KB
6 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 30 Jun 2023 22:52:06 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1999 17 KB
6 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 30 Jun 2023 22:52:06 GMT

GET
H3 200 160x600_de-de_performance.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame 1999 62 KB
17 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf035fa0bfc989035b3a60bd3384033c03a80a1ba4103a81d20e0bd053301e9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=nMWscgejZt&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:46:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 322
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17856
x-xss-protection: 0
last-modified: Tue, 28 Mar 2023 08:23:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 23:01:44 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 0E33 15 KB
11 KB 55ms
54ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230627&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ceb25bd445d6d87dcbdb5e454031bbf726e20b69cbb561b67f2a7f96d3161a7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11260
x-xss-protection: 0

GET
H3 200 AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js Show response
pagead2.googlesyndication.com/bg/ Frame 204A 38 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00e8a28586e393b1b23d23dec44dcfa2b38a457a287d33c5f0d8ef9008257387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 17:38:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18832
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14768
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 29 Jun 2024 17:38:14 GMT

GET
H3 200 star_alliance.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 8CD7 6 KB
2 KB 9ms
8ms XHR
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/star_alliance.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

563d8b655debf02dc76ee9cad7e2114692c770d009bfc9ed1f9153eb384593d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=pg1Uh1dWX8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:42:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 547
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2334
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 11:06:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 22:57:59 GMT

GET
H3 200 lh_logotype_single.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 8CD7 5 KB
2 KB 11ms
10ms XHR
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_logotype_single.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7502e785bdc8f7184cab7e278053c49be4458393085eb2fbddabf35b895c310

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=pg1Uh1dWX8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:37:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 877
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2151
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 22:52:29 GMT

GET
H3 200 lh_crane.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 8CD7 2 KB
1 KB 10ms
9ms XHR
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_crane.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d2067d4b9b5b9d3003ffa4dc17b44616dc00a543f59eea17df555e959f20b53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=pg1Uh1dWX8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:51:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1311
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 23:06:34 GMT

GET
H3 200 NH_D_NA_City-Generic_160x600.jpg
s0.2mdn.net/creatives/assets/4703548/ Frame 8CD7 79 KB
79 KB 11ms
10ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4703548/NH_D_NA_City-Generic_160x600.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3ec6be24a0d872f436258644a4fbf4c8e34b7bfeaaf90cf59b96403c4dd4329

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=pg1Uh1dWX8&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:48:47 GMT
x-content-type-options: nosniff
age: 199
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80659
x-xss-protection: 0
last-modified: Tue, 08 Nov 2022 09:03:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 23:03:47 GMT

GET
H3 200 LufthansaHeadWeb-Bold.woff2
s0.2mdn.net/creatives/assets/4714589/ Frame 8CD7 50 KB
50 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4714589/LufthansaHeadWeb-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a43c20863b324fe2bec355b5ebdc6566861742f92018f12be1b38fa2c8b7767

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=pg1Uh1dWX8&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:46:09 GMT
x-content-type-options: nosniff
age: 357
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51548
x-xss-protection: 0
last-modified: Fri, 18 Nov 2022 11:46:13 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 23:01:09 GMT

GET
H3 200 AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js Show response
pagead2.googlesyndication.com/bg/ Frame 5F0A 38 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00e8a28586e393b1b23d23dec44dcfa2b38a457a287d33c5f0d8ef9008257387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 17:38:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18833
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14768
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 29 Jun 2024 17:38:14 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 0E33 17 KB
6 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 30 Jun 2023 22:52:07 GMT

GET
H2 200 5ed76f76e4b07a92411bc03a
ng2.virgul.com/tck/imp/ Frame 0E33 0
209 B 50ms
50ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed76f76e4b07a92411bc03a?g=1&t=gb&r=153377@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688165524908&userId=vnet30fdf97d-b55a-4897-98c3-08cd17af8e3e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 22:52:07 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 star_alliance.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 1999 6 KB
2 KB 7ms
6ms XHR
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/star_alliance.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

563d8b655debf02dc76ee9cad7e2114692c770d009bfc9ed1f9153eb384593d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=nMWscgejZt&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:42:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 548
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2334
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 11:06:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 22:57:59 GMT

GET
H3 200 lh_logotype_single.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 1999 5 KB
2 KB 8ms
7ms XHR
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_logotype_single.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7502e785bdc8f7184cab7e278053c49be4458393085eb2fbddabf35b895c310

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=nMWscgejZt&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:37:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 878
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2151
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 22:52:29 GMT

GET
H3 200 lh_crane.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 1999 2 KB
1 KB 9ms
9ms XHR
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_crane.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d2067d4b9b5b9d3003ffa4dc17b44616dc00a543f59eea17df555e959f20b53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=nMWscgejZt&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:51:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1311
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 23:06:34 GMT

GET
H3 200 NH_D_NA_Miami-Palms_160x600.jpg
s0.2mdn.net/creatives/assets/4703548/ Frame 1999 56 KB
56 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4703548/NH_D_NA_Miami-Palms_160x600.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d66e2d75900969cbe04b0b3a83bbd7b2e8acef2e7678666810981bfdfc658d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=nMWscgejZt&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:47:38 GMT
x-content-type-options: nosniff
age: 269
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56879
x-xss-protection: 0
last-modified: Tue, 08 Nov 2022 09:10:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 23:02:38 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C345 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BrK0yllyfZP7uC4e69u8PusqMoAwAAAAAOAHgBAI&bg=!UVKlUgbNAAb90kgr3dI7ADkAdvg8WnAKGPYi-idSdOoRiS5eJQq-xj-9i_QSErm130d9Y8LJYtrVyTB_7moN3yCgXT1Y5i59_x8CAAABElIAAAAEaAEHmQMaLxm3L1zywzm0g-J_0XW_Ak3zz347zJXK4sL-IY1GjtegT0Bau0nyvJjlcxO46rcp5XNb8hTc3XtVDygNIRQ1RHo9rpqrAL6IjNPUD1is1OQoK5aQmaFAMZRmfQPkhdcRJRSIGprD2KQubrXqLd1e5yDKL1FNePw6TkT4yDD1jPbdAlMRJi24Brr1XlO0P-mXXJnh-mn-G24OR-WFXPXuNONqgg4wvccA67xx1HcUbzfQdh2EIulylbJGXrVu7gMDG3hxLPTDUTHa5NO6L8x3aqSUCcFfusQTGzIxxsUuXaWrI9hpu51YmgAY-JlDEu3CS9vyRSDInnEJB9vpsjtPGYZJ11Gku5xFkl2sb74o20mz73sfHCqNxknAHQpqMXf4lOFHtxGwBOGjbnJ6jEVCt3pfc1AU6hRW5LSuT14aO3eABkZkT_bJn0QMqjHI-hQgZvQPJs4JPVzXNQDel8seLuzeIsJayE_hxi3ZmSl7O8s9RERTJr00QehAP9tUBoSxjuaGzd4_fW3r9WtZGjL-VqeZPxxYcBwE70nxx86gXVLDmUXDqZ6CJaYiTu8CelSv9Ze6LVoKmZqoZxYZ0mF4euNgapIerPC-zonjvPkb6QrHuJMBtlgALK9TbrqIjtL2OnZhGnx6JhX_Vq2FSj-12Kl7_VcsXnRz2GrzzNzB2Ttt40NDUCy-_tPIzJnRcCOziOfrpiUdWk2TRgsYg0_hYX2x8-5D6ap0B3JU4V0Jdh4wGI4lIRiPf0IMZKMxYk0c6w1zKZ93TIfTtZROOeO4DOMFC1cFzbHSlaU3myXvR9CqmOE3cO0oAjxHmrh3u0M8ZWl32Op-UEWfggpYP92GZ5q9wr25kUXrJ0zczF2j9btIEvMLxaOOs6WV2RvCRlwWcHgTFjU26HXjK_5-e90yS8xuJtkYrdBP3c93VPpyKacOD1jdxOKDwsd4EzVFd3KYwA9HrC7_LW4qI5f00IneIUf0aHEcjChDBqDdwGbG6wkOqfuoEW8glxtcJIDDqr0ENL0paWKpYN7VnvjB0PeCDNxkkhdwXoV2SJ0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 LufthansaHeadWeb-Bold.woff2
s0.2mdn.net/creatives/assets/4714589/ Frame 1999 50 KB
50 KB 10ms
6ms Font
font/woff2 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4714589/LufthansaHeadWeb-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a43c20863b324fe2bec355b5ebdc6566861742f92018f12be1b38fa2c8b7767

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=nMWscgejZt&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:46:09 GMT
x-content-type-options: nosniff
age: 358
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51548
x-xss-protection: 0
last-modified: Fri, 18 Nov 2022 11:46:13 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 30 Jun 2023 23:01:09 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 72C6 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bi5I4llyfZMbaENuk9u8Py8OugAIAAAAAOAHgBAI&bg=!m5ilmMzNAAb90kgr3dI7ADkAdvg8WmlB9FVsco0PQBfPtqPRQs1Z3NiqVJy52s6SBpkni-dXSSdDXUlY0sDTIzAu6u14qJcCeGACAAABDFIAAAADaAEHmQMXEhGt2ReNO6J6sqmvExNA7o-Vbuy6aHY6PheNZZqApFvDUXr4KgCdzjmd7HNQR_DskP8l-X07grwQBMqw9mpPPoi_AKE6p75tgWJ9qEkXAA9ZXPMeYlRhsfT1r096WAzcCXx0ZIaKE2SirN5NWkxdjs6YkrmMhEouHBOaeySScojofQpxt16Afq0SUnZV8pDgYAtl86H-N9JPor8bclo9BdhEwp8a4-ohDIgrLNqGv2-wroNrtr6cOC7QmdKMtKqS6UqGm0ocJNR0i7oyUXRlb4eyjNYF8mMXqxEs5x8-4j8jtfuCm8qLpdKw-ZELLQTy28gVyfq_lMP96Ti8fXZy69DpylN0Qk7iUoaAGfNa_2BTEx_EBW5WwNKLynGXVnrE50ifsD2vBxfC96opVD1LE0X3fxm3rraofJX4_1khsaa53YsGiifZukGOxbF4b1oacf8dTW40snESPEGR10_TvwuLQA48AS1w6U7TG8CVoyM4Sw_5j56fUKVhfXfgxXe6RCOunCtucVzq9sy_IJYVdx1cRnfMXZnIy9D7TBCzJYt93fUL71jNyUN7j9GoPkFMPZf8y4LH-wrNjnGDyRS3Hq-zOL7X_qXamABicLpMfyHv-IH4bhYFufuy5ODiXww8XSshndtHGJe4dLS0J4JGOFlQVeL44DaXNKw2OECP5e8xKsutoKwwADEcqZYCU5LOeqPLe3gkrbctNs-U4KaSGAk0_2bBWAiE0I7EX5D8eHfY-xdGMkZo7oJMcN6cDDZCNterLD3fThLvOyF1gAy-N5CXtMWq1Kaz6VJe-vJ0dIQNQg8TdvnSrwlf_X2jfBGAoMNhLxBllj2i7PSiLEq0I2OOoXNuKK8JE1Lr26ARQXgPiFLvzmHaQpjaEf7rdpH44zuaZDw5ieomwaB-H_jUCJ3BlUjDCI3oPhC7GI9pRpNFTXJA7EnOm8k557Lxf2yA6vMvyJ0VWowuMZ_YsF5CgQbofumxG0cb-sAVl80IhQM3ZsaxB21Q2GpaCtqgZ7hOLbhDP4GWDBWbzPGvQ6pm9ZWecSOfV3o

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 63E5 13 KB
5 KB 8ms
6ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 23980
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 16:12:27 GMT
expires: Sat, 29 Jun 2024 16:12:27 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9C47 783 B
535 B 18ms
18ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4bfab6b0f090bf6e4cef89189be2eef3c6d4995d95e25f75d2b1eb618c026396

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-HfdTuH_539WtfzqmOoQw3g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-HfdTuH_539WtfzqmOoQw3g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 30 Jun 2023 22:52:07 GMT
expires: Fri, 30 Jun 2023 22:52:07 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9C47 0
0 40ms
40ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230627&jk=1720949175410743&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js Show response
pagead2.googlesyndication.com/bg/ Frame 63E5 38 KB
14 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00e8a28586e393b1b23d23dec44dcfa2b38a457a287d33c5f0d8ef9008257387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 17:38:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18833
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14768
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 29 Jun 2024 17:38:14 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 63E5 0
12 B 6ms
6ms Image
text/plain 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?zy03WA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 30 Jun 2023 22:52:07 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 291F 42 B
64 B 49ms
49ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvo2EQifBqglHQa-WE73QojE10lVkIaixvmEkMJgc_vk3TyM_iidElZmwk075M_ccBKdTWO_WIr8w7-v5fW1DBiOISSJYRmy_VBGOFtpXj9KKZquNnnf9bg1knLRTz2RxectqOVn0G1Iv6E&sai=AMfl-YS9Gpq9PpReWNNM_9Bq2fqGMulwvz8aKg7DEd94i8-eosWZewkEt28h3fbPo-sQw-h2S2Bj7-mFedAiwfxhVgYh1KXPlHEniavhNINE5_lNpTz7BMX6yT3jEfo&sig=Cg0ArKJSzIr_TK9db8pWEAE&cid=CAQSOwBygQiDDAsDm-byXx5OG_QwXJ8vUwv1TCi2IuDErdhfWlX-vobsDGIjVqBhD1lDr8XjoObrqKEDtH1rGAE&id=lidar2&mcvt=1000&p=1,1,70,729&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=9&adk=456810305&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688165525982&rpt=295&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 1156 42 B
64 B 49ms
49ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuBv4LXBjNu9KAbwLHTvxhyeRjrH7V8ThB4sGdsdvSQOIaFFSd-PegBABf-N3xzOzhqgesSXQbHU8UmlN23n2Ha-gQkPxjV_hVwFDIYT2qindifvQlfFrQtdeNrW0y3ZR_UDuAIfgO-fV1O&sai=AMfl-YSpoHQeBN5LWHO4Cv2dGGLcgxcBTlx_wC92EDoXAu87CGmplBWcY9h6TFcUz7Cp7txsFU7jltzr38AtAtxIfHbBGhefOcQWOXANjnzlaBo6UXkab6GfbKf1808&sig=Cg0ArKJSzNAVIyRnCsM6EAE&cid=CAQSOwBygQiDRd3n3fLoO_ro1_VquDfrQQNLGrqsH2FWVprFXd91b7CufJdJpye4KU49mLHI8B5LDFhkxLa3GAE&id=ampim&o=0,251&d=996,250&ss=1600,1200&bs=996,250&mcvt=1000&mtos=0,0,0,1000,1000&tos=0,0,0,1000,0&tfs=349&tls=1349&g=100&h=100&tt=1349&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8B53 42 B
64 B 49ms
48ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu-Ec8JbZGI0HzHyLkjixs4hrd5SF-FQSznUr4R7L0Q_MQ5Q7QJ8vhIz-yXowizWszPoFvZJb5n55zsDuh1G7nkjcmVP4EmsXeqhXXy3gWPPWRZCWLf8RwnX8ukXsLoCUJWjH2FVHl2_DM2&sai=AMfl-YRQ_k_nUXGYpQiBCeYJg0WBGzI4kVk3jyqWw8EVfkHRtUkgK0_JB3IGAjt2zES1EyCTx8907DCyogPb87KeW1KUfCn4Z257QMdnXufd616rFOoebi-edhrMBAc&sig=Cg0ArKJSzJr3A_0wnQnhEAE&cid=CAQSOwBygQiDaYD5zfxYiuHIuMawGYbMRQOtPAShi3nVnbYtQ8thHzTbvaP2_Ao0L95wGxD2-KjQ_BQZGgAuGAE&id=lidar2&mcvt=1037&p=0,119,40,160&mtos=1037,1037,1037,1037,1037&tos=1037,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3203893797&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688165525951&rpt=418&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 11C8 16 B
209 B 74ms
74ms Fetch
application/json 18.168.234.149

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.168.234.149 -, , ASN (),

Reverse DNS

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 30 Jun 2023 22:52:07 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BD79 42 B
64 B 51ms
51ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssIjOehcRdeU8fN-_lcGyTyI5OFk5MjOABmZ2Lc6UcvfZoLXqKsQTVdQZ7-4oHbXAduWksdhJSXoE7xp7XjJmNTFeSGmWT7mYwuk5avokeqyXGacc0C0qtIyKXYfj4Ar9ZC9aXekl48St10&sai=AMfl-YTfGyl-Xw0SP1fIL8eQSJh-uKP-wm1r-mO4MDzPce9SRa0FghcCsVGYS2kJEaLcEGu8sHAlAc_H6jbNlpkMIOZh4qi8X-1ns4SC13T8K9C8jeKBKwFbG8gqJk4&sig=Cg0ArKJSzNULjlVEA8IlEAE&cid=CAQSOwBygQiDP5Gusm8l49lax7-DSgKNxabRVZ9spnjGuYH8JA2R0JcLepybO6TmicYcLSMdoHozvgQltW46GAE&id=lidar2&mcvt=1011&p=0,119,40,160&mtos=1011,1011,1011,1011,1011&tos=1011,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3299242717&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1688165525962&rpt=475&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8B53 0
20 B 41ms
40ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8736768384462&version=m202301230201&ct=76&x=1&cor=18396302603105362000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 161ms
21ms Preflight 18.168.234.149

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.168.234.149 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Fri, 30 Jun 2023 22:52:07 GMT
server: nginx

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BD79 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7254517325326&version=m202301230201&ct=76&x=1&cor=4947200756656002000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 30 Jun 2023 22:52:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0E33 0
0 44ms
43ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230627&jk=1720949175410743&bg=!AAOlA1fNAAb90kgr3dI7ADkAdvg8WjeFd3LJRLm09yMGRb10AsN-ljwR7h5BQJUgtilsTRvKx0msluxz7rJF1jKfUbagWymNBskCAAAAUlIAAAADaAEHCgBtfH8KuwoiNkICIGDIg6F3Ln3Ji7fNd4XgITomXlYYCYtVLQ2uxHHJB95uWXqFN6PpNNNG8439b0T4aLJ-JcRZ_ZToVtQKp8npA-BKAWspBMl6JWCSDXcd8Nvd6c0ln5q-kaITHVfHKPsXEc1g8pkCuZf7HZqrzxfQ0oWTfha8abIqZN2I-TAhghKzW01o9F6NXQin0MOT_PPFDJpKADlRAwg5s3NB-X4hdkBIgW0Lkj7CwYDw7OHtRXqB6oqWiV9GOygU6wYgJGGRKf6J9gIi7sVJaofViXCeXHQUkRryofjoyUT56xVd74OE_xfywu5Y0da-x2Q53OA49nmjBNUzrurHZUgfdnIdimeQqJyaVUUFRiDUmzFkJojcQ27ConoVTXXcL283yfprJPxw8UOhsqZJ6uqsJ2g0fW2ZPe_yMtIGx71IXEZFK6bW_U-dwpWdLMG4XxcFl4OKMFXPi4Kp0DYWK9U4nLEN5yp82GjvUa3JTzEmXm6y8IbbG1HG8Lp2Ein12M2U_dNbkj0v9cK64FYGyrMtrMvaWPZn0PPnINEyCRTGW-fogxafeZACYkXJbX-04NRXonCuyckRi_9_-yKi5BUt5xyhy8sVE-jWScN5FqJSre9kRt8UgQPzwTAmheSmhH9_b0xt29TVJyWl30oMWI5pbqks0HoKh5cmtcy6ziCyiFfiE1SvBl8p2-i88l1QV5UbZMcImfQira1KaidvDM78vFf91lIXudNy6P0E_AEeoMHeNssUHcTeYbY3jnqn-lMVSkkLvB4NVlYQSV-4S1yFcxB8rE2iGgs1JdQyxjEVBcG6t32i3tdOLI7rVGqGeDOi9i45y540gKdSJFLCGXdHavqZBHG_gcBM7zQpue6Xl1rdJqA5VL978q5z6a57ZmXlwtN87XANSZasF0mL8WAZ24pwoa-qhHAWsRIhbL6nhlSvKuYvBp0OGScDaQhmG3A382jNSFiA6vHWoiCaCVXCOecEImgIDa_PFxK1G5s5oE6tJl1wfL1HulZFkSivbDaWYx61zL0sW52fyTEYP14ICLeieTCj6H3W_f4yqWhuZoME29s
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 5ed7702fe4b07a92411bc03e
ng2.virgul.com/tck/imp/ Frame 0E33 0
209 B 51ms
50ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7702fe4b07a92411bc03e?g=1&t=gb&r=153378@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688165524908&userId=vnet30fdf97d-b55a-4897-98c3-08cd17af8e3e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 22:52:07 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed7638be4b07a92411bbffe
ng.virgul.com/tck/i_vb2/ Frame 0E33 0
209 B 51ms
50ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed7638be4b07a92411bbffe?l=&r=153366@site_geneli@yemek_net:site_geneli&cs=1688165528194&userId=vnet30fdf97d-b55a-4897-98c3-08cd17af8e3e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 22:52:08 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed76f76e4b07a92411bc03a
ng.virgul.com/tck/i_vb2/ Frame 0E33 0
209 B 52ms
51ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed76f76e4b07a92411bc03a?l=&r=153377@site_geneli@yemek_net:site_geneli&cs=1688165528194&userId=vnet30fdf97d-b55a-4897-98c3-08cd17af8e3e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 22:52:08 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771bae4b07a92411bc04c
ng.virgul.com/tck/i_vb2/ Frame 0E33 0
209 B 51ms
50ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771bae4b07a92411bc04c?l=&r=153382@site_geneli@yemek_net:site_geneli&cs=1688165528194&userId=vnet30fdf97d-b55a-4897-98c3-08cd17af8e3e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 22:52:08 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771e3e4b07a92411bc04e
ng.virgul.com/tck/i_vb2/ Frame 0E33 0
209 B 51ms
51ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771e3e4b07a92411bc04e?l=&r=153383@site_geneli@yemek_net:site_geneli&cs=1688165528194&userId=vnet30fdf97d-b55a-4897-98c3-08cd17af8e3e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 22:52:08 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed7706de4b07a92411bc042
ng2.virgul.com/tck/imp/ Frame 0E33 0
209 B 50ms
50ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7706de4b07a92411bc042?g=1&t=gb&r=153379@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1688165524908&userId=vnet30fdf97d-b55a-4897-98c3-08cd17af8e3e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Fri, 30 Jun 2023 22:52:08 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

42 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 22:17:41	Name: IDE Value: AHWqTUmIPv2Qx7R6khVqrEJzmV8deYikzOeaShl3gvaxKHHEWfn7qCDyi70wRo_y7dA
.3lift.com/	1970-01-20 15:05:41	Name: tluid Value: 135047961623130605389
.doubleclick.net/	1970-01-20 12:56:09	Name: DSID Value: NO_DATA
.travelaudience.com/	1970-01-20 22:26:19	Name: _tracker Value: %7B%22UUID%22%3A%2209CDCAE5-08B5-4BCA-923C-3FFCB22FDF99%22%7D
.simpli.fi/	1970-01-20 21:43:07	Name: suid Value: 38F3C3DB873A4D0BA09CE1B8DE868BD8
.w55c.net/	1970-01-20 22:26:19	Name: wfivefivec Value: 1scz7N1c1QfmYd5
.w55c.net/	1970-01-20 13:39:17	Name: matchgoogle Value: 5
.360yield.com/	1970-01-20 15:05:41	Name: tuuid Value: f64efbef-57a6-4fbb-b268-c5888cf0a58b
.360yield.com/	1970-01-20 15:05:41	Name: tuuid_lu Value: 1688165525
.mathtag.com/	1970-01-20 21:41:41	Name: uuid Value: fce7649f-5c96-4801-b09e-4114a8d85f0c
.casalemedia.com/	1970-01-20 21:41:41	Name: CMID Value: ZJ9clnyK0eZzOFLIHqvncQAA
.casalemedia.com/	1970-01-20 15:05:41	Name: CMPS Value: 3331
.casalemedia.com/	1970-01-20 15:05:41	Name: CMPRO Value: 3331
.adnxs.com/	1970-01-20 15:05:41	Name: uuid2 Value: 1521768371840942922
.adnxs.com/	1970-01-20 15:05:41	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVMj%#wy!]tbPl1M>e)ZlrFUfJ+tGXxoeM`TSTXPH<JFA>-*PmFYRK!YjiNaa]eN!`F53If)y3KL9D3I?+x3/LKJ
.adfarm1.adition.com/	1970-01-20 15:05:41	Name: UserID1 Value: 7250615724414597263
.lijit.com/	1970-01-20 21:41:41	Name: ljt_reader Value: G55cqGZHzW6HPrBdSDqXggYa
.pubmatic.com/	1970-01-20 12:57:31	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-20 21:41:41	Name: KADUSERCOOKIE Value: B0A9037C-B63B-4C59-BF21-E53374FBBD2A
.adform.net/	1970-01-20 13:40:43	Name: C Value: 1
.retailads.net/	1970-01-20 13:39:17	Name: ppb2172 Value: 2835770517
.yahoo.com/	1970-01-20 21:42:03	Name: A3 Value: d=AQABBJZcn2QCEBxY-H6AkGWVpE6O0lDlGPkFEgEBAQGuoGSpZAAAAAAA_eMAAA&S=AQAAAnjP_US85wIrgNTyH2hVppc
m.exactag.com/	1970-01-20 15:05:41	Name: exactag_new_gk Value: cb3d4cd7b4224b40b5055c77e2ae2197%7C29.08.2023%2022%3A52%3A06
m.exactag.com/	1970-01-20 17:15:17	Name: exactag_new_uk Value: 07468f9c7f91400b99d836a44ed6166e%7C
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: 6da56973c41741e2ae2d180a
.adform.net/	1970-01-20 14:22:29	Name: uid Value: 2497002634434108397
.futalis.de/	1970-01-20 14:22:29	Name: raSIDb Value: 2835770517
.ctnsnet.com/	1970-01-20 21:41:41	Name: cid_5711057dcc724e38b687a94cef89393c Value: 1
.ctnsnet.com/	1970-01-20 21:41:41	Name: gid_CAESECv1iJuqU_LY9hyWPXsETpc Value: 1
.1rx.io/	1970-01-20 21:41:41	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-0072ec52-ae03-4b82-964b-44d53e52249a-003%22%7D
.bidswitch.net/	1970-01-20 21:41:41	Name: tuuid Value: 2cb81cc6-8bc8-4379-9fcf-75799003f6e9
.bidswitch.net/	1970-01-20 21:41:41	Name: c Value: 1688165526
.bidswitch.net/	1970-01-20 21:41:41	Name: tuuid_lu Value: 1688165526
.office-partner.de/	1970-01-20 22:32:05	Name: source Value: {"webgains_webgains":{"timestamp":1688165526768,"clickCookie":false}}
.tribalfusion.com/	1970-01-20 15:05:41	Name: ANON_ID Value: apntmIRkP6i6eCno7bEf7LBAnfguts8UOZb2tbUSdZbjC2smZavrfyMTbRtSfr6sZakZcTXoHHWU8Ml2tF35B7GPOgOVh
.targeting.unrulymedia.com/	1970-01-20 21:41:41	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-0072ec52-ae03-4b82-964b-44d53e52249a-003%22%7D
.everesttech.net/	1970-01-20 21:41:41	Name: everest_g_v2 Value: g_surferid~ZJ9clgAVsPAbnABS
.sportradarserving.com/	1970-01-20 21:41:41	Name: zuuid Value: bbe7c7b8-31c8-4b01-9f71-8190ed8e0721
.sportradarserving.com/	1970-01-20 21:41:41	Name: c Value: 1688165527
.sportradarserving.com/	1970-01-20 21:41:41	Name: zuuid_lu Value: 1688165527
.sportradarserving.com/	1970-01-20 21:41:41	Name: zuuid_k Value: 1
.sportradarserving.com/	1970-01-20 21:41:41	Name: zuuid_k_lu Value: 1688165527

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pcloak.blob.core.windows.net/web/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
javascript	error	URL: https://ye-mek.net/(Line 39) Message: Unsafe attempt to initiate navigation for frame with URL 'https://pcloak.blob.core.windows.net/web/6x6uf5z9e3262.html' from frame with URL 'https://ye-mek.net/'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/feature/5851021045661696.
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1688165524989&bpp=3&bdt=721&idt=104&shv=r20230627&mjsv=m202306220101&ptt=9&saldr=aa&nras=1&correlator=4295001838546&frm=24&ife=1&pv=2&ga_vid=238289290.1688165525&ga_sid=1688165525&ga_hid=1950052761&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759926%2C44759842%2C44759875%2C31075625%2C31075758%2C44788442&oid=2&pvsid=1720949175410743&tmod=31284352&uas=0&nvt=1&fsapi=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.qgwghgjghm67&fsb=1&dtd=117 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6376359dd96949c9ca3ad79b4214c938.safeframe.googlesyndication.com
a.sportradarserving.com
a.tribalfusion.com
aax.amazon-adsystem.com
ads.travelaudience.com
adservice.google.com
adv.office-partner.de
ajax.googleapis.com
analytics.webgains.io
ap.lijit.com
api.webgains.io
c.amazon-adsystem.com
c1.adform.net
c1.imgiz.com
cdn.ampproject.org
cdn.retailads.net
cdn.track.production.webgains.team
cdn.ye-mek.net
cm.g.doubleclick.net
connect.facebook.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eb2.3lift.com
feed.pghub.io
fonts.googleapis.com
fonts.gstatic.com
futalis.de
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900020.redintelligence.net
ib.adnxs.com
image6.pubmatic.com
images.dmca.com
imasdk.googleapis.com
m.exactag.com
match.360yield.com
medialead.de
ng.virgul.com
ng2.virgul.com
onetag-sys.com
pagead2.googlesyndication.com
pcloak.blob.core.windows.net
pghub.io
pixel.mathtag.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
pv.medialead.de
rtb.openx.net
s.tribalfusion.com
s0.2mdn.net
s7.addthis.com
securepubads.g.doubleclick.net
static.virgul.com
sync-tm.everesttech.net
sync.1rx.io
sync.targeting.unrulymedia.com
sync.teads.tv
tags.mathtag.com
tpc.googlesyndication.com
track.webgains.com
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
www.cloakan.co
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
ye-mek.net
104.102.35.84
104.75.88.126
13.224.192.181
13.32.119.77
142.250.185.194
142.250.185.66
145.239.193.130
151.101.194.49
151.139.128.10
167.233.14.134
178.63.52.121
18.156.187.34
18.168.234.149
18.171.17.177
18.66.147.98
185.29.134.245
185.7.176.221
185.80.39.216
185.89.210.153
198.47.127.19
20.60.220.36
216.52.2.6
2606:4700::6812:19ad
2a00:1450:4001:806::2003
2a00:1450:4001:80e::2001
2a00:1450:4001:812::2001
2a00:1450:4001:812::2002
2a00:1450:4001:828::200a
2a00:1450:4001:829::2004
2a00:1450:4001:829::2008
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::2001
2a00:1450:4001:830::2002
2a00:1450:4001:830::2006
2a00:1450:4001:831::2002
2a00:1450:4001:831::200a
2a01:4f8:d0a:2321::2
2a02:6ea0:c700::10
2a03:2880:f084:d:face:b00c:0:3
2a05:d018:d29:3601:40e6:3444:17d5:43eb
2a0b:4d07:102::1
3.71.149.231
34.102.243.38
34.241.245.3
34.91.62.186
35.156.251.164
35.186.193.173
35.190.0.66
35.227.252.103
35.241.45.217
35.244.159.8
37.157.3.20
46.228.174.117
51.89.9.251
52.29.37.7
69.173.144.138
76.223.111.18
77.245.159.14
85.114.159.93
85.14.248.91
88.99.219.174
94.138.206.83
94.23.99.218
95.101.148.198
99.86.4.36
00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
00e8a28586e393b1b23d23dec44dcfa2b38a457a287d33c5f0d8ef9008257387
02193fbcb11d960448e0fa887ff68d5ce73f01076893523fc3037e00a7149bc2
05c72250b7b0da8e896799e32f88440d53848a083665b797629e25bad1bde6fd
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
09d46eb1397a55833670832dcac4edf7f7e1d2b170b3eb7c11557cadcfe0a784
0a06513af4e9032cdf9906545bb44cd0f956cb32e8eec7cabeb7c2c9a5367f43
0a43c20863b324fe2bec355b5ebdc6566861742f92018f12be1b38fa2c8b7767
0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bd34a8f13262cf1f75646e68b24998c6b2da10b92e94e305c227af68c2627e0
10b43d3e90245cb8bf52bd969b4b7ce4fa9996f56f23679e334053f679533386
118282328991bd513a015230b0cbc07589832055ff1bf09c396ba0fde27e462d
120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
127d7b0b1fc9c461300ffb78c801f5458e396e13bfbdf7582da4379928d685a9
1648d3653d9554cc95adeae17f6119abb5c45948ec12e309116588bec9a3b698
167b361207c0dbe5cc3e6a4aded1c1523af5ca6241dd25f5087a33d63ed89ed0
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
187574c8a3cf0026b633b356842e03d60450be911027b697e9542a650d1049c8
18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c
18e7f3232e16c5af1b4d3192ed6be46c39b4902ecef8717b7a1dc69da6b8fe34
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1e5a28a902c7f1edfc9c082269da365300b36ceb1eed186bf26523d6867ed986
1e5a886321d0e00c13f7abff03ca39fd782f42997fd34bcbf4fc93718f3670cc
20f091e39a994eac247abb2db8c48d424cb5f3ea8280cea2194168c2bf5f437e
22fee539734d38c9e84e3982188b21bafc9457236279a136ce1b3b9d55667437
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
25b451f3cad26104f57800c79546bf5a40295d0cecf5623e623f4479b94d0ddd
27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea
2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f
2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27
2e1f2cd9beb9f3a92f62e481ad414089ed4d682834352f9a903d0073809d5398
2eb2914e0253d3d949c2aad28f6f109c7b3a67ef37696a4496592837c0f9d7a4
2ee4854a38ad37b61a8727c71e98305037bc4711d65f4bac43420986b4c9455f
2efed30acdac9725b233f6d3d5bd8a16a9049980ceaa91525e061cc9c63da1e3
2fc08ba9dcbece85da68f4c118b4b142e05836eb44dd38300f4fd0395d9d6f2b
3002b527e1cb5e6d8601854825ff1a291b37dfe3e190c02eb7ac1ad76cb12898
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
34187be2fcb2930cc82f97f0a49d26a8dfbc304b0eeee395a513a79d5eeaa09b
37696e118071c7484a8001f32a4e80edaab20322d5c8ae8e2b1f48a1c45baad9
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
3cf33fd1cc895fe26505c0677f183cec819f5d55d54905a1adf8e95322d67c19
3d2067d4b9b5b9d3003ffa4dc17b44616dc00a543f59eea17df555e959f20b53
3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96
3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
43cce357815d8360b1d09769864e73deabea36ed058b5bf5cd02569148351102
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
4595241cedd0561ea7df5dae27079da65aff6eea25ca9a06869c82524835bd44
4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bfab6b0f090bf6e4cef89189be2eef3c6d4995d95e25f75d2b1eb618c026396
4c77f8aab3efdc86229d1c28f8275fc0d19491711970bb5be4b8b79d011e2b55
4d5e7c4ade6724f8d19485613aecc8e52a6f1c0480396fd6f97d5dcd4f67578a
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
50282fee83281adfa1bd8aa7771950d435a2799ca90959ae8f3a483ff4fb0be0
504638cbcafafa2aaa5ed5d0551239803a52f81ffc79c42508e7ff8deea5311f
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184
5190a205bf30235a69098c5a28efa26c0802c43319c21b0ecf454cd3c0d1385b
520e012e29c2167a1b625641aa7e2f31e30515ed2bb9ffb71129bb6331a8b0a3
525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148
53793159ba248bbddce26d587ff959a9af45529d6e6e6f4409f3653e02185dfc
537d42962737bc550bbf34d1404e336cebc1b46ced111cc3c5b1ab744d38bb85
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
559f5e3732d49bed57c12fa7ccb96e390f0f6fd99fda009d48c9069e50fd8fee
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
563d8b655debf02dc76ee9cad7e2114692c770d009bfc9ed1f9153eb384593d1
575bd073465a3ca348b492f66cafd8d81da9d04178ec53ff70fd95affd6174b0
5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd
597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf
5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8
5bcc3839734e1ecee3f45fab7a57d5d4c5d2f617ff621850d1c0c40b5165d700
613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61ef244a7f7b27ce2c69ff28e1bb69f7bac2e6be7fe6dbbbcb82feeb11db7d84
62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b
639bf56a0531ed5bb0e272832626286b9d06daeed7c0a8f6a008cf652b4daa94
63b3428dab8c9858bfec0fdd1766207549e01494b99c89a230937546c926592d
64f050fbc4e0e656d03b9e6d8b9fb95fb3d0f5e15c8ccccb80bad3b3f0da9289
6501e50ffffdc89ec56c93111f32c70f697610d4af971fb38ae964b5824c7eb1
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
65fbb0b0a75628d64f6ab9ab994b504bb65caf107e13cca7c2a74e1ea5ce14fe
663179435228f005c85ec62b4510192db0c04e24b06f997ddfcaffb7a0b2fa25
66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492
66f57830eba3793b6d407a90dc0636b5e5e028f466bec6045ebc0813acaf7afa
68b34a28617137221b76b93546359bf577aea1d6b3aadbd65b40e8bbdae7dd0f
6af4cc0cd0376c4b1c73048c068dcae17c073c1f816d3a7752c6acd1a02b3851
6df7c73fa12d8261f09a11faff5c77f91f912362a9fdc15c46c3b949b188717b
6e1330041e6221db02bceb99117262e8223c801c9c2708e99630521939b3f0d7
739058dd7577d47ad6035af246fbe0fc077a1a5d5feb28a1da9ee68c1e452396
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
77d039ec23c648af833e447a3df69bed74cdf84c465422c52eff9a37a9503fb0
77e00e1f2a238cf50cb6170d2bb91fdb9d5922d449211f93f70345e152876f8c
7a04bcaf932d4fea3063b238b311f463d828ba876aa7f7a76826a65344b58561
7a307a38b115fab5f5342fb29a034d366e91c28be59eb09c626126e194742cb3
7d66e2d75900969cbe04b0b3a83bbd7b2e8acef2e7678666810981bfdfc658d6
7de327885eb13552b4d8343d92108ecd9f34c139b358c2e2e4573227be944949
7e4732443bd4d5fd7196897f6868c6f1e56ac9ed9c22af90e6d255bb4e814844
7fb07880fe0e8c6a59441a5eb71aed95f6542a8c4bc1ed859984d2e8efe054e0
7fb5acaef87323202589a768ca2f6852b1ff651c1b2a4f6b3e0914c433cab044
8169070527736f2296d9d72e169101428b2f9821205614dc54cd16d3130c70f8
87314dbb81dc94a79407a82c386cce38eab9e99a6cc57fc31b5d2aaeafdc1195
8a919710dfb0d1ff0b11b995e46bad7f792f54640c236f1b5f2d82a179284f78
8d9db20aa3d345d478a9468c62515e6b9c3cbb4b405a96b8caf4f3441642ef7e
8e080429f5f69e47f9092b6106ca96eb4a31191dc00cbef1f20104561b44f10b
8ea1071252699fbd6695ad709d08085eb7981d7e0149ab69b6e17c3d83f3cabd
90b76298736807f5f931fb06b8902492b849ec52f2f045549a0242b99b3aaaba
9133b1a03fbaae9ea9cc0430b15c8f9a20dbff26288ab9eef75a9959d775c6ef
976c546d7233891d42bbe8ef3d19db7d8808cf1038dd4b20fc95326d24c03921
9a8f7e72cc6f6419f6b4707cde3e993ebc768dc8536bdb50fb27687994c1635d
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a2f0916a3ecc4a78bcab59f9c4e0ef10973f5cc5c7b24f83e7b14261678208f3
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1
a7bdc5489a06f3c3cc24119a5a76f4d5af38e07c2b7e4e458ce411993eb12e7c
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
abaf64de0855592138133fdf15c746a6e47a07d5f7a34a9513a06994c89f91af
ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a
aeb0864740dfc598eaf36b8de8c84c9f0195a08be0980ddec4196f8bc6e6d70c
aebbdede6d20a09305202759973dde54dd747a1b51ad43c1cb7969d6ec3dde73
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2ecd92de7982ef4ffd3778b02d62aaef7341b3c9ac5f4e53e749a9bde702119
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b869a852368eaa119ee4b5b375ad2c86eb2c8eedaceafc3aff741faf14dc48b1
ba39a88a1887e575637dc2cec1a6e3bbf0410dd16021c8209495ac614420a836
bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c1b2da575466eb30982e08c1020f55bcf2d9565f53bd64c3da87a1d774d75588
c6e568a84576356e9f2e5cdd8be09f47f46f447339be162266be52bc0de2ea4f
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ceb25bd445d6d87dcbdb5e454031bbf726e20b69cbb561b67f2a7f96d3161a7d
cf035fa0bfc989035b3a60bd3384033c03a80a1ba4103a81d20e0bd053301e9a
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5
cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d660119d70fde473f7720a43fb960d95c8ff46768e67d762f9557179709b8942
d7502e785bdc8f7184cab7e278053c49be4458393085eb2fbddabf35b895c310
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60
da91387680a9a55651afd3e8937cb5e32defb01d582dbf5cb791fa812e8d893b
db6c8330efd6e6bfd20dbed90de2e76fe0bac473c76abe90aaa91fac7bb067c6
dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc
e041f359812b31ffb3d561c106435550a58d86540a0262a93e6e462624fada6f
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3ec6be24a0d872f436258644a4fbf4c8e34b7bfeaaf90cf59b96403c4dd4329
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0
e8c63d2d30b5ec92225ddec525d42bd96820b0d352bbc94d89cefbb627dc6f20
eab1145c02ae44ca45370dbdb689a98d1756fe3726fde675886a95730fee691d
ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb6dfb64e21ed016f93813c7b6995a3e3692b1cc0eb1baeaa282c63a2982931
f40438e04ea24746ce45988712a53a47765cbf5c627104dc52a5ba51742a2959
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39
f6b620a7cee8cf468a2991aa1c8948ad06d692336ce60b93b7599ef9afabe30c
fe665a455aceb9598500cae8ccd808cbffe5a3525c32cdc7bcbaa0e83a58ac0c

pcloak.blob.core.windows.net Open in urlscan Pro 20.60.220.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

333 Requests

88 %HTTPS

29 %IPv6

52 Domains

72 Subdomains

49 IPs

10 Countries

4460 kBTransfer

9761 kBSize

42 Cookies

0 Outgoing links

Redirected requests

333 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Screenshot
Live screenshot

Full Image

333
Requests

88 %
HTTPS

29 %
IPv6

52
Domains

72
Subdomains

49
IPs

10
Countries

4460 kB
Transfer

9761 kB
Size

42
Cookies

333 HTTP transactions
9 data transactions