pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Submission: On June 28 via api (June 28th 2023, 9:48:37 pm UTC) from TR — Scanned from DE

Summary HTTP 427 Redirects Behaviour Indicators

Summary

This website contacted 66 IPs in 7 countries across 59 domains to perform 427 HTTP transactions. The main IP is 20.60.220.36, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pcloak.blob.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on March 22nd 2023. Valid for: a year.

This is the only time pcloak.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	20.60.220.36 20.60.220.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NIOBEBILI...) (NIOBEBILISIMHIZMETLERI)
3	94.138.206.83 94.138.206.83	49126 (AS49126) (AS49126)
1	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
40	2a02:6ea0:c70... 2a02:6ea0:c700::19	60068 (CDN77 ^_^) (CDN77 ^_^)
2	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
2	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	23.206.208.114 23.206.208.114	16625 (AKAMAI-AS) (AKAMAI-AS)
22	185.7.176.223 185.7.176.223	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
72	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
3	65.9.90.93 65.9.90.93	16509 (AMAZON-02) (AMAZON-02)
21	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
1	65.9.93.173 65.9.93.173	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
2	185.7.176.221 185.7.176.221	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
1 47	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
14 51	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
5 11	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
4 7	37.252.171.21 37.252.171.21	29990 (ASN-APPNEX) (ASN-APPNEX)
2	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
1	213.202.235.10 213.202.235.10	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
4	46.4.10.47 46.4.10.47	24940 (HETZNER-AS) (HETZNER-AS)
3	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1 5	88.99.165.19 88.99.165.19	24940 (HETZNER-AS) (HETZNER-AS)
3 9	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
52	2a00:1450:400... 2a00:1450:4001:811::2006	15169 (GOOGLE) (GOOGLE)
2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1 4	104.75.89.75 104.75.89.75	16625 (AKAMAI-AS) (AKAMAI-AS)
3 4	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
1	3.71.149.231 3.71.149.231	16509 (AMAZON-02) (AMAZON-02)
3	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
1	2a0b:4d07:102::1 2a0b:4d07:102::1	44239 (PROINITY ...) (PROINITY PROINITY)
1 2	2a01:4f8:d0a:... 2a01:4f8:d0a:2321::2	24940 (HETZNER-AS) (HETZNER-AS)
1	49.12.16.151 49.12.16.151	24940 (HETZNER-AS) (HETZNER-AS)
1	2620:116:800d... 2620:116:800d:21:b314:a0ef:ab7c:d546	() ()
2 2	185.29.134.248 185.29.134.248	() ()
1 1	35.204.158.49 35.204.158.49	() ()
2 2	85.114.159.93 85.114.159.93	() ()
2 2	213.155.156.166 213.155.156.166	() ()
4	35.186.253.211 35.186.253.211	() ()
3 3	46.228.174.117 46.228.174.117	() ()
8	142.250.181.226 142.250.181.226	() ()
1	13.41.123.192 13.41.123.192	() ()
1 2	142.250.186.134 142.250.186.134	() ()
1 2	46.228.164.11 46.228.164.11	() ()
4 4	54.93.94.222 54.93.94.222	() ()
1	178.250.7.11 178.250.7.11	() ()
2 2	37.157.6.243 37.157.6.243	() ()
1 2	2606:4700::68... 2606:4700::6812:18ad	() ()
4 4	198.47.127.19 198.47.127.19	() ()
1 1	69.173.144.138 69.173.144.138	() ()
3 3	51.75.86.98 51.75.86.98	() ()
2 2	54.246.170.49 54.246.170.49	() ()
1 2	3.124.162.174 3.124.162.174	() ()
1	2a02:fa8:8806... 2a02:fa8:8806:13::1400	() ()
2	52.223.40.198 52.223.40.198	() ()
2 2	2a05:d018:d29... 2a05:d018:d29:3605:c153:9878:d174:5b1b	() ()
1	185.86.138.151 185.86.138.151	() ()
2 2	18.194.169.246 18.194.169.246	() ()
1	34.96.105.8 34.96.105.8	() ()
2 2	216.52.2.16 216.52.2.16	() ()
1	2a02:26f0:350... 2a02:26f0:3500:f::1732:8316	() ()
1	65.9.95.48 65.9.95.48	() ()
1	65.9.95.73 65.9.95.73	() ()
2	18.168.234.149 18.168.234.149	() ()
1 2	34.246.32.5 34.246.32.5	() ()
427	66

4 20.60.220.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pcloak.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NIOBEBILISIMHIZMETLERI, TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 94.138.206.83 (Turkey)

ASN49126 (AS49126, TR)

ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a02:6ea0:c700::19 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

cdn.ye-mek.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.206.208.114 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-206-208-114.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 185.7.176.223 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

static.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng2.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

72 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.90.93 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-90-93.prg50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.93.173 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-93-173.prg50.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.7.176.221 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

c1.imgiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

feed.pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

47 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

51 142.250.185.194 (United States) 14 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 185.80.39.216 (Canada) 5 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 37.252.171.21 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.202.235.10 (Grenzach-Wyhlen, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

tagm.tchibo.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.4.10.47 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.47.10.4.46.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 88.99.165.19 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.19.165.99.88.clients.your-server.de

hal900028.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

52 2a00:1450:4001:811::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.75.89.75 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-89-75.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.94.180.126 (Amsterdam, Netherlands) 3 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.71.149.231 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 145.239.193.130 (France)

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:102::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a01:4f8:d0a:2321::2 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)

cdn.retailads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 49.12.16.151 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: lb-1.futalis.de

futalis.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:b314:a0ef:ab7c:d546 (None, )

ASN- ()

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.134.248 (None, ) 2 redirects

ASN- ()

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.158.49 (None, ) 1 redirects

ASN- ()

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.114.159.93 (None, ) 2 redirects

ASN- ()

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.166 (None, ) 2 redirects

ASN- ()

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.186.253.211 (None, )

ASN- ()

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 46.228.174.117 (None, ) 3 redirects

ASN- ()

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.181.226 (None, )

ASN- ()

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.41.123.192 (None, )

ASN- ()

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.134 (None, ) 1 redirects

ASN- ()

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 46.228.164.11 (None, ) 1 redirects

ASN- ()

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.93.94.222 (None, ) 4 redirects

ASN- ()

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.11 (None, )

ASN- ()

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.243 (None, ) 2 redirects

ASN- ()

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (None, ) 1 redirects

ASN- ()

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 198.47.127.19 (None, ) 4 redirects

ASN- ()

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (None, ) 1 redirects

ASN- ()

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.75.86.98 (None, ) 3 redirects

ASN- ()

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.246.170.49 (None, ) 2 redirects

ASN- ()

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.124.162.174 (None, ) 1 redirects

ASN- ()

d.adtriba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:13::1400 (None, )

ASN- ()

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.223.40.198 (None, )

ASN- ()

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:d29:3605:c153:9878:d174:5b1b (None, ) 2 redirects

ASN- ()

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.138.151 (None, )

ASN- ()

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.194.169.246 (None, ) 2 redirects

ASN- ()

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (None, )

ASN- ()

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.16 (None, ) 2 redirects

ASN- ()

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:f::1732:8316 (None, )

ASN- ()

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.95.48 (None, )

ASN- ()

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.95.73 (None, )

ASN- ()

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.168.234.149 (None, )

ASN- ()

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.246.32.5 (None, ) 1 redirects

ASN- ()

unilever.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
129	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 135 a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 160	1004 KB
90	doubleclick.net 15 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 216 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 cm.g.doubleclick.net — Cisco Umbrella Rank: 254 googleads4.g.doubleclick.net 5994599.fls.doubleclick.net	536 KB
52	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 325	963 KB
43	ye-mek.net ye-mek.net cdn.ye-mek.net	659 KB
22	virgul.com static.virgul.com — Cisco Umbrella Rank: 81866 ng.virgul.com — Cisco Umbrella Rank: 65490 ng2.virgul.com	233 KB
12	google.com 3 redirects adservice.google.com — Cisco Umbrella Rank: 113 www.google.com — Cisco Umbrella Rank: 10	1 KB
11	gstatic.com www.gstatic.com encrypted-tbn3.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn0.gstatic.com fonts.gstatic.com	180 KB
11	casalemedia.com 5 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 635	8 KB
9	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 38273 hal900028.redintelligence.net — Cisco Umbrella Rank: 323534	44 KB
9	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 205	504 KB
7	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 257	7 KB
6	openx.net us-u.openx.net — Cisco Umbrella Rank: 496 rtb.openx.net	882 B
4	pubmatic.com 4 redirects image6.pubmatic.com	2 KB
4	w55c.net 4 redirects pm.w55c.net	3 KB
4	spotxchange.com 3 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 794	2 KB
4	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1425	773 B
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 353 aax.amazon-adsystem.com — Cisco Umbrella Rank: 438	62 KB
4	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 433 imasdk.googleapis.com — Cisco Umbrella Rank: 500 fonts.googleapis.com — Cisco Umbrella Rank: 88	214 KB
4	windows.net pcloak.blob.core.windows.net	3 KB
3	webgains.io analytics.webgains.io api.webgains.io	31 KB
3	onetag-sys.com 3 redirects onetag-sys.com	1005 B
3	medialead.de pv.medialead.de — Cisco Umbrella Rank: 49812	1 KB
3	yahoo.com 2 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 338 pr-bh.ybp.yahoo.com	2 KB
2	demdex.net 1 redirects unilever.demdex.net	2 KB
2	lijit.com 2 redirects ap.lijit.com	1 KB
2	bidswitch.net 2 redirects x.bidswitch.net	1 KB
2	adsrvr.org match.adsrvr.org	529 B
2	adtriba.com 1 redirects d.adtriba.com	757 B
2	360yield.com 2 redirects match.360yield.com	815 B
2	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	1 KB
2	adform.net 2 redirects c1.adform.net	1 KB
2	turn.com 1 redirects ad.turn.com r.turn.com	869 B
2	1rx.io 2 redirects sync.1rx.io	2 KB
2	de17a.com 2 redirects d5p.de17a.com	651 B
2	adition.com 2 redirects dsp.adfarm1.adition.com	1 KB
2	mathtag.com 2 redirects sync.mathtag.com	2 KB
2	retailads.net 1 redirects cdn.retailads.net — Cisco Umbrella Rank: 131895	6 KB
2	imgiz.com c1.imgiz.com — Cisco Umbrella Rank: 136022	131 KB
2	pghub.io pghub.io — Cisco Umbrella Rank: 2090 feed.pghub.io — Cisco Umbrella Rank: 2360	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 173	89 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 13228	6 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	91 KB
2	cloakan.co www.cloakan.co	1 KB
1	webgains.team cdn.track.production.webgains.team	3 KB
1	createjs.com code.createjs.com	63 KB
1	blismedia.com tr.blismedia.com	173 B
1	smartadserver.com ssbsync.smartadserver.com	75 B
1	dotomi.com dclk-match.dotomi.com	104 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	461 B
1	criteo.com dis.criteo.com	363 B
1	webgains.com track.webgains.com	2 KB
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	576 B
1	simpli.fi 1 redirects um.simpli.fi	715 B
1	quantserve.com cms.quantserve.com	464 B
1	futalis.de futalis.de — Cisco Umbrella Rank: 175361	401 B
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 208307	931 B
1	tchibo.de tagm.tchibo.de — Cisco Umbrella Rank: 40501
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 63	21 KB
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2484	361 B
427	59

	Domain	Requested by
72	pagead2.googlesyndication.com	static.virgul.com pagead2.googlesyndication.com a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com pcloak.blob.core.windows.net tpc.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net www.googletagservices.com securepubads.g.doubleclick.net
52	s0.2mdn.net	a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com pcloak.blob.core.windows.net s0.2mdn.net ye-mek.net
47	tpc.googlesyndication.com	1 redirects a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com pcloak.blob.core.windows.net s0.2mdn.net securepubads.g.doubleclick.net
44	cm.g.doubleclick.net	14 redirects googleads.g.doubleclick.net ye-mek.net a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
40	cdn.ye-mek.net	ye-mek.net cdn.ye-mek.net
21	googleads.g.doubleclick.net	pagead2.googlesyndication.com a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com pcloak.blob.core.windows.net
15	securepubads.g.doubleclick.net	static.virgul.com securepubads.g.doubleclick.net pcloak.blob.core.windows.net a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
11	dsum-sec.casalemedia.com	5 redirects googleads.g.doubleclick.net
10	a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
9	www.google.com	3 redirects a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com tpc.googlesyndication.com
9	www.googletagservices.com	a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
9	ng.virgul.com	static.virgul.com ye-mek.net
8	googleads4.g.doubleclick.net	pcloak.blob.core.windows.net
7	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
7	static.virgul.com	ye-mek.net static.virgul.com pcloak.blob.core.windows.net
6	ng2.virgul.com	ye-mek.net
5	hal900028.redintelligence.net	1 redirects a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com hal900028.redintelligence.net
4	image6.pubmatic.com	4 redirects
4	pm.w55c.net	4 redirects
4	rtb.openx.net	a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
4	sync.search.spotxchange.com	3 redirects googleads.g.doubleclick.net
4	sync.teads.tv	1 redirects googleads.g.doubleclick.net a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
4	hal9000.redintelligence.net	a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com hal900028.redintelligence.net
4	pcloak.blob.core.windows.net	pcloak.blob.core.windows.net
3	onetag-sys.com	3 redirects
3	pv.medialead.de	hal900028.redintelligence.net
3	fonts.gstatic.com	fonts.googleapis.com
3	adservice.google.com	securepubads.g.doubleclick.net 5994599.fls.doubleclick.net
3	c.amazon-adsystem.com	static.virgul.com c.amazon-adsystem.com
3	ye-mek.net	www.cloakan.co ye-mek.net
2	unilever.demdex.net	1 redirects
2	api.webgains.io	analytics.webgains.io
2	ap.lijit.com	2 redirects
2	x.bidswitch.net	2 redirects
2	pr-bh.ybp.yahoo.com	2 redirects
2	match.adsrvr.org	a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
2	d.adtriba.com	1 redirects a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
2	match.360yield.com	2 redirects
2	c1.adform.net	2 redirects
2	5994599.fls.doubleclick.net	1 redirects a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
2	sync.1rx.io	2 redirects
2	d5p.de17a.com	2 redirects
2	dsp.adfarm1.adition.com	2 redirects
2	sync.mathtag.com	2 redirects
2	cdn.retailads.net	1 redirects futalis.de
2	us-u.openx.net	googleads.g.doubleclick.net
2	encrypted-tbn1.gstatic.com	a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
2	encrypted-tbn2.gstatic.com	a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
2	encrypted-tbn3.gstatic.com	a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
2	fonts.googleapis.com	a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com hal900028.redintelligence.net
2	c1.imgiz.com	static.virgul.com c1.imgiz.com
2	connect.facebook.net	ye-mek.net connect.facebook.net
2	images.dmca.com	ye-mek.net
2	www.googletagmanager.com	ye-mek.net adv.office-partner.de
2	www.cloakan.co	pcloak.blob.core.windows.net
1	cdn.track.production.webgains.team	a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
1	analytics.webgains.io	track.webgains.com
1	code.createjs.com	s0.2mdn.net
1	tr.blismedia.com	a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
1	ssbsync.smartadserver.com	a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
1	dclk-match.dotomi.com	a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
1	pixel.rubiconproject.com	1 redirects
1	s.tribalfusion.com	a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
1	a.tribalfusion.com	1 redirects
1	dis.criteo.com	a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
1	r.turn.com	ye-mek.net
1	ad.turn.com	1 redirects
1	track.webgains.com	a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
1	sync.targeting.unrulymedia.com	1 redirects
1	um.simpli.fi	1 redirects
1	cms.quantserve.com	a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
1	futalis.de	hal900028.redintelligence.net
1	adv.office-partner.de	hal900028.redintelligence.net
1	ups.analytics.yahoo.com	googleads.g.doubleclick.net
1	encrypted-tbn0.gstatic.com	a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
1	www.gstatic.com	a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
1	tagm.tchibo.de	pcloak.blob.core.windows.net
1	imasdk.googleapis.com	c1.imgiz.com
1	feed.pghub.io	pghub.io
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	pghub.io	static.virgul.com
1	www.google-analytics.com	www.googletagmanager.com
1	s7.addthis.com	ye-mek.net
1	ajax.googleapis.com	ye-mek.net
427	84

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2023-03-22` - `2024-03-22`	a year	crt.sh
cpanel.cloakan.co R3	`2023-05-03` - `2023-08-01`	3 months	crt.sh
www.ye-mek.net RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-11-29` - `2023-07-07`	7 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
1099124734.rsc.cdn77.org R3	`2023-06-13` - `2023-09-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
images.dmca.com R3	`2023-05-13` - `2023-08-11`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
*.virgul.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-24` - `2023-09-28`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-04-07` - `2023-07-06`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.imgiz.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-27` - `2023-09-09`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
tagm.tchibo.de GeoTrust RSA CA 2018	`2022-10-12` - `2023-10-12`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
redintelligence.net R3	`2023-06-09` - `2023-09-07`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-05-29` - `2023-08-21`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
teads.tv R3	`2023-06-26` - `2023-09-24`	3 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-02-21` - `2023-08-16`	6 months	crt.sh
pv.medialead.de R3	`2023-06-14` - `2023-09-12`	3 months	crt.sh
adv.office-partner.de R3	`2023-05-01` - `2023-07-30`	3 months	crt.sh
*.futalis.de R3	`2023-06-16` - `2023-09-14`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
cdn.retailads.net Encryption Everywhere DV TLS CA - G2	`2023-05-18` - `2024-05-17`	a year	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-12` - `2023-08-10`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-06-09` - `2023-09-07`	3 months	crt.sh
tls.adobe.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-08` - `2024-03-10`	a year	crt.sh
*.webgains.io Amazon RSA 2048 M02	`2023-03-02` - `2023-09-21`	7 months	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M01	`2023-02-28` - `2023-10-28`	8 months	crt.sh

This page contains 49 frames:

Primary Page: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Frame ID: 5AE9F96FA37C64D2AD6AF997FD797FD3
Requests: 6 HTTP requests in this frame

Frame: https://ye-mek.net/
Frame ID: 1B9F74F5E180B6EB4CA9657526CAD22C
Requests: 99 HTTP requests in this frame

Frame: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Frame ID: B961A7696F68AD36A4939F30FC4730E6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230620/r20190131/zrt_lookup.html
Frame ID: 0A8B8386E69DD5356C309340051321B5
Requests: 1 HTTP requests in this frame

Frame: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 5945F3559204A651AD3174BF6A8B666A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plaf=1%3A2%2C7%3A2&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687988910799&bpp=3&bdt=524&idt=148&shv=r20230620&mjsv=m202306200101&ptt=9&saldr=aa&nras=1&correlator=769850748361&frm=24&ife=1&pv=2&ga_vid=215418476.1687988911&ga_sid=1687988911&ga_hid=2064569244&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C42532277%2C42532279%2C31075626%2C31075645%2C44788441&oid=2&pvsid=4406933181835019&tmod=9758648&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.w657v3mxojpn&fsb=1&dtd=162
Frame ID: 91BEDFDA24AD8602827102545C13BDE8
Requests: 1 HTTP requests in this frame

Frame: https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D
Frame ID: 751602E7BC0A62AF0F5B11906A692ADC
Requests: 1 HTTP requests in this frame

Frame: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 241896B76DFAC169294C4F77C9F7EC41
Requests: 22 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNW0GG5nLX3i1Qk_MbJWG8AK5lnrPidEz7TMG2mzZphKETkpqh_ss0fRXWIP7hbXOJ5HthK-WscKNIrXUQRr0xY5Uy37kxese9hF3rYQD6BUInCY8gDDAmFUnW_UTkUs1OnmQXkkYGwM6mBPad8zEQc9TxcIyqqQZNShCTfXuiIAzIbgMLE
Frame ID: 17D604237CA20A1DB72426083D3FAABC
Requests: 5 HTTP requests in this frame

Frame: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: AD74E95F24338C307B44E782285A09A4
Requests: 20 HTTP requests in this frame

Frame: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 7BF8E4786B09E67C8A595ACBF40D5E66
Requests: 13 HTTP requests in this frame

Frame: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: D999DE78CB523F1ECFD5220682EC2E8E
Requests: 13 HTTP requests in this frame

Frame: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: B9FF031300908BFB611F6CF90A13E874
Requests: 20 HTTP requests in this frame

Frame: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: C5D8BDE387B043A1F17B5231E4ADA8A6
Requests: 20 HTTP requests in this frame

Frame: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 276EEB0D4B9F2E7DEE2035DD55A57102
Requests: 21 HTTP requests in this frame

Frame: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 8B272B4AF5504FFBA47CD1FA2C613D69
Requests: 13 HTTP requests in this frame

Frame: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 6EAA2D7148C72A35A91A319C80A15C74
Requests: 19 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js
Frame ID: A9BF51535BC567F80E9DF3EDC053623A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 2BAFA2EF9E8ECEF523D18924E05EDED1
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjstJ_sATAB&v=APEucNW3GJbeG5VpZvCq01OCHnAXZfbbTzRt5j_tYYgX9i_St0JIWjeT9KvcO4XNkS6T3wq6d3yPn9dh__ZPdiIjW5kkP4ppE1KCLWIOBD7QwV8si0tMArrtAzmG9Ss-RR_9kwKRig5skyvv343v13tka3Ped3mTUbVuI3Xq0neKJAylTbwPDCg
Frame ID: DC1C250F5D7E81EF066041A324FEE434
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARj8x7LlATAB&v=APEucNVPMLW0FMoyN7iVRZplRWDF-_cSVrOATbA2AA10dtUSXLxtHkZd6hwrDdfvz5D3Q2PNq-PRRvkLH7CHKKSV5dAlsIZh9KqWYQRirySZrkp8uYb0nmWb1FnP6e4q53ob_Ly9MXldqwRwH7o4-miGvt3xkcboICILZUgB2ZupcSiA72rErME
Frame ID: 25B18FFBEACFD25D0587B21DF3AFA1E8
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEYjayL7AEwAQ&v=APEucNUTALzEaak8Be7FBWzgBO2voipe3c0pHaYfeydVnnrVRInxdxM0b6sFCKiJF47Bm0qt6jbF0Dod9oC-RNETTtkD-F9JaVq4TnZ4lrlSRZT0CnDZIoX83b9nPIx-FUHbNT4e_uPh4H6AJqLAcAekYBOA6pSDqFaAJJNRyhHzTH4aYjpJmuI
Frame ID: 580571C5D89F0F489C1596171135C868
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhi9hsHjATAB&v=APEucNWGx2R4ZhUxTfxE_gV_tCqWYHvMoiGoqShuyTaiIDC3A8W9C7Z2AwZtjnG6m6MRGVQEktiUtVHQ9TaqKkdAooilvQOYZCZFpUHEgLDPzs6CFoygfBFsdHmRm7OiISMldyixdTqsKsFnQyK8u2feHMjYva21kRCF5GWND03Xd2Vp2tyCTCE
Frame ID: 4485552FF339D5E3244F6F0BB9D73613
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 88387DF272D651FBCDB7DAD8F7E81BD5
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: BC0E944CEEFB46EA378C1FDF410BD7D9
Requests: 9 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=35277400156373704444554012369028&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: 4A4E9C10C4B7C12AE53CCEFE3E7E526E
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 3DD14E3328462BBC87D950B92157AC78
Requests: 2 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2829290701
Frame ID: E00563F8690D74C3957F162C76CEE2E0
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 9508922E44BDFCB37D95086FFE48C60F
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 22B41077F6A15120E61F9774CE26656D
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 999CA0BE74734043FE7C25226943AE5E
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9EC72C42186752293F52B6C2C9F0D8E3
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 25F9C8B6D7CBF08E2A4910E62DF0517F
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 0067DD96E83F46BE7CFF01D00E7B7B11
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=alpD2ojRTA&t=1&renderingType=2&ev=01_250
Frame ID: D9A065EE350418A4BC1D135ABA84B8BF
Requests: 15 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CJb2oNz45v8CFdCNsgodf_kBPg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=683185057596.4938
Frame ID: EE2DA3233F7E78AEBFECE6E8D9866A29
Requests: 2 HTTP requests in this frame

Frame: https://hal900028.redintelligence.net/request_content.php?s=35277400156373704444554012369028&a=594cae1b
Frame ID: 27BC54E7452FFD1FC3D90D872061A3DB
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12768919073557039455/index.html?ev=01_250
Frame ID: DBECBAAFBF173CA06AA92190112F8B13
Requests: 16 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=LD27Gsvsre&t=1&renderingType=2&ev=01_250
Frame ID: 83D01E89EAD96AE70CE59C1D4131D65C
Requests: 12 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/14378586457215718461/index.html?e=69&leftOffset=0&topOffset=0&c=vKrntbhuam&t=1&renderingType=2&ev=01_250
Frame ID: 2E5392D4D6C540252DF31A0E02C86984
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5CED3C18FF773104AF65273EC5801BBF
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 4A33577B22327DB09AA2135DC4BB433C
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F2A3FFB004F2F1047D68BB194D3070DA
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C0C9D6753DA46E5B5DCCB8C4507A1C81
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js
Frame ID: FC9C674BEB2AC28B5CC5E463B06BC272
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js
Frame ID: 0B96F04715DE40CF9DC602A62A18CB52
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js
Frame ID: FE5C7FDA8EE812B4ED025B9A481E5C8D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 2A312388C81B56DBEA43E5923D41C629
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 71320986ECBE0446EE04A6CA802524EE
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

427
Requests

90 %
HTTPS

37 %
IPv6

59
Domains

84
Subdomains

66
IPs

7
Countries

4862 kB
Transfer

11083 kB
Size

41
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 103

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDApG3Jf9ibtOR_x0zGHKoc&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDApG3Jf9ibtOR_x0zGHKoc&google_cver=1&C=1

Request Chain 104

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJyqr0VIkytEHzvV7KweTAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECp2CEUNEet3vfirHowPD_M&google_cver=1

Request Chain 105

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEA50sH99w-3K9gZJ_8DjAr4&google_cver=1

Request Chain 106

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU4NjQzODkzMDIzMjkzNDk0MQ%3D%3D

Request Chain 126

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDP-7vrpAEQ6AcY6AcyCEPlfr8JziOv HTTP 301
https://tpc.googlesyndication.com/simgad/6940406974179512899

Request Chain 138

https://hal900028.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=a5e1aaff91&subid=&uid=bfc4e159d1959003&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxK1MrqqcZJzpO5DwgAeey5ioCablvaBprZWcp8kP8C4QASDAsoJrYJWCgICYB8gBCakCC94UsJJQsj6oAwHIA5sEqgTdAU_QAKojiTF8yRmoa6t4Z0vIas-Mpaih26HMyCnu2gCxXCdJ2Xy_Eg67jTEr79GEvJR4ICSVbjoKrRdLTkbtHNV2t5VhVRNTmQlPGUw7zumXhMwvz8UewYVMvc2qXclraLY2zKpyruLV7OiCBASdEcb2JzLYH-zkMb-566sgUr03HPB4UZ2Ucbh1470BLzZ1G-XZEaxwWxjLVncI0_mJsAc-pzMFFIoEbgpMdeEN8o0qmJBErMopaUdWg-GSP3FroIP97KueJRKvxeyRP5Mt7uqjFy4hsuTwiVXF0djkwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgOYCwHICwGADAGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiDnhtTem870tkP4aWMhKZ6Kz1GaEeUhZqzuy75x42W6ikvyDHIKj94Znfx8fx7qRDByfM84dZGQYSNYs0wfjhtyTCyac2NOBdk2Cg6mOICtMEiygSp93HmAVnlxAO_aHajXbmJNRPVQtkYAQ%26sig%3DAOD64_2SNew2PrmJaGRVzg8ZUshw-dui1Q%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-D2XubXqDwEhIyIUaMyZAouXpYyiL9q99hXqnDIgCF9H4VCcRA-5N5JMCpNglUZaIziylD9NX7H4E2ixJTdr5yf3pNXXw4XtcQwGF5IXpvOZzBX6jRboKeu_AQ34f9ju3WzNjzDZBeuS2Z5SfbmiNdH0_qWvC3rA0kznom7VDbiy4e8heU%26cry%3D1%26dbm_d%3DAKAmf-AWwawG-9wC_LO170WsboIN3sBjwIAxYBdnpiKNT86vxG0lcsUAiqtORFeS3gcdswx0zi5TM4cXhK8kH413Hnk4YUlsBz6zqsAgTBbMaG19RbIFdmGPeWW0nztMSa2qXpfVEY28Bo21_1jYTfTp87PekUIEYn8Oj68-TCpznxYAWY56pV--yBXci5QvOZP7TQiyXRixUU5TeinLfi7nbWDQbAS98MmC4SgoxVeGTENseqluJMGhVliRYohf5rgz_RV9Qo7dy1WOMnwy9YfY4GSZQwJa_CoO9cnojVv9z8WHsAqSaUEybB1SYrkm2_R3ejKiL7mph9DLXXJOLBnvhNENWblRIn9vV5FunddGXuQP9hFMBk5cZohbqf_lTpzMQctwzf1KL7dT8TO5hiv6see3dFSZ7w4TI-zoAt6HirjWlwaYoaXaCu5q-ygPfY9ylBQlj7vR-waYewzh7t2QpB1LayhguEiyJAWxHUtwQKBAtS7aMLaZFXWZXCEqeqpfN3s1ZlEAUhTzrTPFek6Z4QH-TIjWyrjh1rlP-vx07NCHB_yPO0I%26adurl%3D&documentReferer=https%3A%2F%2Fye-mek.net%2F&ancestorOrigins=https%3A%2F%2Fye-mek.net%2Chttps%3A%2F%2Fpcloak.blob.core.windows.net&random=5528586753483&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900028.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=a5e1aaff91&subid=&uid=bfc4e159d1959003&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxK1MrqqcZJzpO5DwgAeey5ioCablvaBprZWcp8kP8C4QASDAsoJrYJWCgICYB8gBCakCC94UsJJQsj6oAwHIA5sEqgTdAU_QAKojiTF8yRmoa6t4Z0vIas-Mpaih26HMyCnu2gCxXCdJ2Xy_Eg67jTEr79GEvJR4ICSVbjoKrRdLTkbtHNV2t5VhVRNTmQlPGUw7zumXhMwvz8UewYVMvc2qXclraLY2zKpyruLV7OiCBASdEcb2JzLYH-zkMb-566sgUr03HPB4UZ2Ucbh1470BLzZ1G-XZEaxwWxjLVncI0_mJsAc-pzMFFIoEbgpMdeEN8o0qmJBErMopaUdWg-GSP3FroIP97KueJRKvxeyRP5Mt7uqjFy4hsuTwiVXF0djkwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgOYCwHICwGADAGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiDnhtTem870tkP4aWMhKZ6Kz1GaEeUhZqzuy75x42W6ikvyDHIKj94Znfx8fx7qRDByfM84dZGQYSNYs0wfjhtyTCyac2NOBdk2Cg6mOICtMEiygSp93HmAVnlxAO_aHajXbmJNRPVQtkYAQ%26sig%3DAOD64_2SNew2PrmJaGRVzg8ZUshw-dui1Q%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-D2XubXqDwEhIyIUaMyZAouXpYyiL9q99hXqnDIgCF9H4VCcRA-5N5JMCpNglUZaIziylD9NX7H4E2ixJTdr5yf3pNXXw4XtcQwGF5IXpvOZzBX6jRboKeu_AQ34f9ju3WzNjzDZBeuS2Z5SfbmiNdH0_qWvC3rA0kznom7VDbiy4e8heU%26cry%3D1%26dbm_d%3DAKAmf-AWwawG-9wC_LO170WsboIN3sBjwIAxYBdnpiKNT86vxG0lcsUAiqtORFeS3gcdswx0zi5TM4cXhK8kH413Hnk4YUlsBz6zqsAgTBbMaG19RbIFdmGPeWW0nztMSa2qXpfVEY28Bo21_1jYTfTp87PekUIEYn8Oj68-TCpznxYAWY56pV--yBXci5QvOZP7TQiyXRixUU5TeinLfi7nbWDQbAS98MmC4SgoxVeGTENseqluJMGhVliRYohf5rgz_RV9Qo7dy1WOMnwy9YfY4GSZQwJa_CoO9cnojVv9z8WHsAqSaUEybB1SYrkm2_R3ejKiL7mph9DLXXJOLBnvhNENWblRIn9vV5FunddGXuQP9hFMBk5cZohbqf_lTpzMQctwzf1KL7dT8TO5hiv6see3dFSZ7w4TI-zoAt6HirjWlwaYoaXaCu5q-ygPfY9ylBQlj7vR-waYewzh7t2QpB1LayhguEiyJAWxHUtwQKBAtS7aMLaZFXWZXCEqeqpfN3s1ZlEAUhTzrTPFek6Z4QH-TIjWyrjh1rlP-vx07NCHB_yPO0I%26adurl%3D&documentReferer=https%3A%2F%2Fye-mek.net%2F&ancestorOrigins=https%3A%2F%2Fye-mek.net%2Chttps%3A%2F%2Fpcloak.blob.core.windows.net&random=5528586753483&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 197

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECp2CEUNEet3vfirHowPD_M&google_cver=1

Request Chain 198

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJyqr0VIkytEHzvV7KweTAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECp2CEUNEet3vfirHowPD_M&google_cver=1

Request Chain 199

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEFOUAa_AEPHo2o2OCgVrNig&google_cver=1

Request Chain 200

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU4NjQzODkzMDIzMjkzNDk0MQ%3D%3D

Request Chain 201

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECp2CEUNEet3vfirHowPD_M&google_cver=1

Request Chain 202

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJyqr0VIkytEHzvV7KweTAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECp2CEUNEet3vfirHowPD_M&google_cver=1

Request Chain 203

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEFOUAa_AEPHo2o2OCgVrNig&google_cver=1

Request Chain 204

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU4NjQzODkzMDIzMjkzNDk0MQ%3D%3D

Request Chain 205

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECcSngEGC4KOcCjO1a6g3MQ&google_cver=1

Request Chain 207

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEK4W9rSnGwBwKviMw_x7bxI&google_cver=1

Request Chain 209

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEF8HtDF_TE9yirIsNjonYpg&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEF8HtDF_TE9yirIsNjonYpg&google_cver=1&__user_check__=1&sync_id=8688d684-15fd-11ee-81c3-175cf56a0106

Request Chain 210

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=867a82f6-15fd-11ee-8de0-1e875f050206 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ODY3YTgyOWQtMTVmZC0xMWVlLThkZTAtMWU4NzVmMDUwMjA2

Request Chain 234

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=35277400156373704444554012369028&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2829290701

Request Chain 263

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESECJtjVJv__UMqaSOfD1bAzQ&google_cver=1&google_push=ATf1kGNWSbynJwmdp6jB1J_LXdoknJRCP09d1T1Od8S2w2gHH9ne2Nw2JP7oliSOGvXfPLbrSDUu_KLoMzacp-9Ay_v0vynZ91QH1A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGNWSbynJwmdp6jB1J_LXdoknJRCP09d1T1Od8S2w2gHH9ne2Nw2JP7oliSOGvXfPLbrSDUu_KLoMzacp-9Ay_v0vynZ91QH1A

Request Chain 264

https://um.simpli.fi/gp_match?google_gid=CAESEOPnL7uquMvb1Vg5AS7QIjU&google_cver=1&google_push=ATf1kGPbFrJxZDQOFhSFP76R5PnVK8wRzgtY-kXAOjHwVSD6ug6PHOUu3NarylajNoynWhPCLAwimKsuTo7sJfGyFOZt3H9HajtMMQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=F7202CCB98F6422AA06174676E6E01D3&google_push=ATf1kGPbFrJxZDQOFhSFP76R5PnVK8wRzgtY-kXAOjHwVSD6ug6PHOUu3NarylajNoynWhPCLAwimKsuTo7sJfGyFOZt3H9HajtMMQ

Request Chain 265

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEKsES7pjAUIpX750Is17MbA&google_cver=1&google_push=ATf1kGNFz6qcJ1OJ9LnCxKbZJs9qLcQKUK4S3CT4a1QBFryvS1kid-sgufMtH9RUVZqLslz9zDIdIMp89Gn1YaqakSGZxJimWbZTmQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0OTg1NzE3MzA3MTU5MTU2Ng%3D%3D&google_push=ATf1kGNFz6qcJ1OJ9LnCxKbZJs9qLcQKUK4S3CT4a1QBFryvS1kid-sgufMtH9RUVZqLslz9zDIdIMp89Gn1YaqakSGZxJimWbZTmQ

Request Chain 266

https://d5p.de17a.com/cookies/google?google_gid=CAESEG2r-yJd1n5tKxfri_zgDFs&google_cver=1&google_push=ATf1kGPyOpr_GKaYgoZ5HXmNYMPqgwfMVEHWRLxFuf02wWPstds7aIX5x_LZLomJ2bgk_dR1bQixvLbLxEHRflztUfG9cHrbqyGx4w HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEG2r-yJd1n5tKxfri_zgDFs&google_cver=1&google_push=ATf1kGPyOpr_GKaYgoZ5HXmNYMPqgwfMVEHWRLxFuf02wWPstds7aIX5x_LZLomJ2bgk_dR1bQixvLbLxEHRflztUfG9cHrbqyGx4w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGPyOpr_GKaYgoZ5HXmNYMPqgwfMVEHWRLxFuf02wWPstds7aIX5x_LZLomJ2bgk_dR1bQixvLbLxEHRflztUfG9cHrbqyGx4w

Request Chain 268

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEEDPTjxgKqyGIUMx_kOpMHI&google_cver=1&google_push=ATf1kGP5NYsLQvvu29c04bsGe1IFF5iV7pRlP8kNljucKYZBAJu-jT86rPx7bbEssvuOpNXBwWkpBqId1DpF4yH4dTKpD27jr4McBA HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=ATf1kGP5NYsLQvvu29c04bsGe1IFF5iV7pRlP8kNljucKYZBAJu-jT86rPx7bbEssvuOpNXBwWkpBqId1DpF4yH4dTKpD27jr4McBA&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1687988912490 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-f11c2a21-98f9-4b57-92f6-e7f384975fec-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DATf1kGP5NYsLQvvu29c04bsGe1IFF5iV7pRlP8kNljucKYZBAJu-jT86rPx7bbEssvuOpNXBwWkpBqId1DpF4yH4dTKpD27jr4McBA%26google_hm%3DA_EcKiGY-UtXkvbn84SXX-w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGP5NYsLQvvu29c04bsGe1IFF5iV7pRlP8kNljucKYZBAJu-jT86rPx7bbEssvuOpNXBwWkpBqId1DpF4yH4dTKpD27jr4McBA&google_hm=A_EcKiGY-UtXkvbn84SXX-w

Request Chain 279

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 280

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 284

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=683185057596.4938 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CJb2oNz45v8CFdCNsgodf_kBPg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=683185057596.4938

Request Chain 287

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEJ3TUBt-04iK4ryocNgyR6U&google_cver=1&google_push=ATf1kGNFtjx_Uv0RoRlPc3hpa9zCBI8lIQrPEoi3Q7S2nur_NDQzqcEREwQG1d7MocpeK275n38PrvrFZthHbYKTpy5aBETjBx_w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=Mzg5MzYwNjA4MzAwNzE5Njc1MQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEJ3TUBt-04iK4ryocNgyR6U&google_cver=1

Request Chain 288

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEDeVafMLGuyFk88fluOH0x8&google_cver=1&google_push=ATf1kGMUqZ8MKZFAWO_mtBTnzsmkyERIQbKmhhAeUzRk3_m1xj43mKrK_h8FcOoNzQZtFCw-_cNaCVcXssAjI2A0QGHR4PGr3H50 HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEDeVafMLGuyFk88fluOH0x8&google_cver=1&google_push=ATf1kGMUqZ8MKZFAWO_mtBTnzsmkyERIQbKmhhAeUzRk3_m1xj43mKrK_h8FcOoNzQZtFCw-_cNaCVcXssAjI2A0QGHR4PGr3H50 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MHRBYWM5NXQxUWVEMUM1&google_gid=CAESEDeVafMLGuyFk88fluOH0x8&google_cver=1&google_push=ATf1kGMUqZ8MKZFAWO_mtBTnzsmkyERIQbKmhhAeUzRk3_m1xj43mKrK_h8FcOoNzQZtFCw-_cNaCVcXssAjI2A0QGHR4PGr3H50

Request Chain 289

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEH9vVo9ZhPTzRWfU9T50ByM&google_cver=1&google_push=ATf1kGPtcMkpV64mrn6HsBmoKuJp2yB4RcLQSmmge6K-jULBJZXSoKK4aI0rgGKOLM10zjIDJ3ZKXmydd6I7rx6tLqoayDiiu8Xg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=VL1knKqwSQCsyI7kb0k0qQ&google_push=ATf1kGPtcMkpV64mrn6HsBmoKuJp2yB4RcLQSmmge6K-jULBJZXSoKK4aI0rgGKOLM10zjIDJ3ZKXmydd6I7rx6tLqoayDiiu8Xg

Request Chain 290

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEPWw6KCehec5BORWDd46qrc&google_cver=1&google_push=ATf1kGOXa54ntMEsSIB1YMBCyL6bNLLqUlUh0fbDLkuKwL7m9bXKn1UJpezOLaynfeVb5KC_40E6JKRZJSjfJSiz-AqCiC4WAoig HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0OTg1NzE3MzA3MTU5MTU2Ng%3D%3D&google_push=ATf1kGOXa54ntMEsSIB1YMBCyL6bNLLqUlUh0fbDLkuKwL7m9bXKn1UJpezOLaynfeVb5KC_40E6JKRZJSjfJSiz-AqCiC4WAoig

Request Chain 292

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEIphNuN-fGJyvnagDmlrEzU&google_cver=1&google_push=ATf1kGOqUaOCQVQDpziyMWm7mCLMPdbkaOKcARw0roYbS2On-_XYOi6djmeO9E1MpXMvRB0dIAJ7vZ80lIjD0YBgkoGrZ2rwXKcZ HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEIphNuN-fGJyvnagDmlrEzU&google_cver=1&google_push=ATf1kGOqUaOCQVQDpziyMWm7mCLMPdbkaOKcARw0roYbS2On-_XYOi6djmeO9E1MpXMvRB0dIAJ7vZ80lIjD0YBgkoGrZ2rwXKcZ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzM4MTQ4ODE0MDA3NzEzODM3&google_push=ATf1kGOqUaOCQVQDpziyMWm7mCLMPdbkaOKcARw0roYbS2On-_XYOi6djmeO9E1MpXMvRB0dIAJ7vZ80lIjD0YBgkoGrZ2rwXKcZ

Request Chain 300

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEG267Ro40rhGDPOmUkNyeE0&google_cver=1&google_push=ATf1kGPXDSvW4lhIHTalUw_sF0ErLFBNdfIPTUYqj17coGVpVApB3B7hBVgkoiBLJ5mqvFePbh3PWmjGVcDJqoUUWqPatmHmSbII HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEG267Ro40rhGDPOmUkNyeE0&google_cver=1&google_push=ATf1kGPXDSvW4lhIHTalUw_sF0ErLFBNdfIPTUYqj17coGVpVApB3B7hBVgkoiBLJ5mqvFePbh3PWmjGVcDJqoUUWqPatmHmSbII HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MHRBYWM5NXQxUWVEMUM1&google_gid=CAESEG267Ro40rhGDPOmUkNyeE0&google_cver=1&google_push=ATf1kGPXDSvW4lhIHTalUw_sF0ErLFBNdfIPTUYqj17coGVpVApB3B7hBVgkoiBLJ5mqvFePbh3PWmjGVcDJqoUUWqPatmHmSbII

Request Chain 301

https://a.tribalfusion.com/i.match?p=b6&u=CAESEGW6WdjiujeKds1FcCtx6yo&google_cver=1&google_push=ATf1kGNlOijN0oWgRKlWi7XxUqHu8FEusAnCDMFp6OVoXpYE5ef4EwCI9bjeYhEVNoLuYAgpNYj45lmgQgY6Xm8UjPmRATAakSwZ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGNlOijN0oWgRKlWi7XxUqHu8FEusAnCDMFp6OVoXpYE5ef4EwCI9bjeYhEVNoLuYAgpNYj45lmgQgY6Xm8UjPmRATAakSwZ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEGW6WdjiujeKds1FcCtx6yo&google_cver=1&google_push=ATf1kGNlOijN0oWgRKlWi7XxUqHu8FEusAnCDMFp6OVoXpYE5ef4EwCI9bjeYhEVNoLuYAgpNYj45lmgQgY6Xm8UjPmRATAakSwZ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGNlOijN0oWgRKlWi7XxUqHu8FEusAnCDMFp6OVoXpYE5ef4EwCI9bjeYhEVNoLuYAgpNYj45lmgQgY6Xm8UjPmRATAakSwZ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 302

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEGVfS8uJaHr2jmCN7Yzqb4s&google_cver=1&google_push=ATf1kGOwdHmtpriTfN5Nin3GhowAo5N3OqsuWIRoRXxloHGVkSJXg0i3Pkw-OPUwB79tmcQA-geQypBrkRNaQbXlRXKeBMceyaUf HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEGVfS8uJaHr2jmCN7Yzqb4s&google_cver=1&google_push=ATf1kGOwdHmtpriTfN5Nin3GhowAo5N3OqsuWIRoRXxloHGVkSJXg0i3Pkw-OPUwB79tmcQA-geQypBrkRNaQbXlRXKeBMceyaUf&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GL_Bqo5GTnCtw-2KFdSUTw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGOwdHmtpriTfN5Nin3GhowAo5N3OqsuWIRoRXxloHGVkSJXg0i3Pkw-OPUwB79tmcQA-geQypBrkRNaQbXlRXKeBMceyaUf

Request Chain 303

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEOWB8pL4ZqsuK0bNYhaK3pg&google_cver=1&google_push=ATf1kGNHfbjdsb9sLPzqyIMA4YT5F1dCaQdqWO_sVfDG7p8SAOmyaX4VFEy5L5d1GpOQw5gbcgeKbWQtkfu-b-YHED5y7pfRFIUy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpHOTBMQ1otMU0tRjgyNg==&google_push=ATf1kGNHfbjdsb9sLPzqyIMA4YT5F1dCaQdqWO_sVfDG7p8SAOmyaX4VFEy5L5d1GpOQw5gbcgeKbWQtkfu-b-YHED5y7pfRFIUy

Request Chain 304

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEGLhm_Z9toEEgeh4yF_WcUE&google_cver=1&google_push=ATf1kGPmfF4X3jgDdJnBYoLAxtK0-5oM0LA9Lxxfora0qqyirTPo3Udr08ZdXqYXEnDzkRuqlxjE-lQo8ptYMXPq5IHHgpWtbaqM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGPmfF4X3jgDdJnBYoLAxtK0-5oM0LA9Lxxfora0qqyirTPo3Udr08ZdXqYXEnDzkRuqlxjE-lQo8ptYMXPq5IHHgpWtbaqM

Request Chain 305

https://match.360yield.com/match/ebda?google_gid=CAESEICoMSBXQ-RTEnycl7IlVQw&google_cver=1&google_push=ATf1kGPXsWqBGozusXXM5L2byJ4W5ZnpPZhWz9BQZgtXJtAh2NhgtVKn4tbwkTICH-cn09WCxZo34xC-OjYH80EZ-aGuNjjUDBXb HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEICoMSBXQ-RTEnycl7IlVQw&google_cver=1&google_push=ATf1kGPXsWqBGozusXXM5L2byJ4W5ZnpPZhWz9BQZgtXJtAh2NhgtVKn4tbwkTICH-cn09WCxZo34xC-OjYH80EZ-aGuNjjUDBXb HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uhbxUkNmRPyqUELDTPoTAw&google_push=ATf1kGPXsWqBGozusXXM5L2byJ4W5ZnpPZhWz9BQZgtXJtAh2NhgtVKn4tbwkTICH-cn09WCxZo34xC-OjYH80EZ-aGuNjjUDBXb

Request Chain 306

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEKjmwF14nYnV7sssQrBacSw&google_cver=1&google_push=ATf1kGNt24UKmyvu3daRRNeZ8HYGhc9iw4HgAQmBVQgNRAJWB1iNAFnUeXjcCGpJJd3AEhzq1amtJPTsNSuNWfj8E9tXh5asnc6h HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=ATf1kGNt24UKmyvu3daRRNeZ8HYGhc9iw4HgAQmBVQgNRAJWB1iNAFnUeXjcCGpJJd3AEhzq1amtJPTsNSuNWfj8E9tXh5asnc6h HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 319

https://d.adtriba.com/collect?atb_ptid=f65079e0&atb_dcaid=202305_es_nothilfe_dv_pros_367777967&atb_dpuid=di_dv&gdpr=&gdpr_consent= HTTP 302
https://d.adtriba.com/px.gif

Request Chain 320

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 323

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEG8qbmt1BZ6sO68HfdwEBOA&google_cver=1&google_push=ATf1kGP2tOAEP7LQKpKevLf_fUY9UYmOvEW7DKAzcvzRo146791K-tdT02yFJTxNBX60H9EHSJ4acnlymOQILXZE8yvs9WYILcF9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGP2tOAEP7LQKpKevLf_fUY9UYmOvEW7DKAzcvzRo146791K-tdT02yFJTxNBX60H9EHSJ4acnlymOQILXZE8yvs9WYILcF9&google_hm=eS1KLjY1c2dCRTJwR2hxM2cwWWlJbUU1ZDY4c0F0RFpFWX5B

Request Chain 325

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEMAfFIU4X51VWyT_i_N62Gw&google_cver=1&google_push=ATf1kGPPkgvIMGdiynK0I4xcgm5fqZpg3SNYy_jzKOjkQv2Pd9ATVXJCvobvuHga2q34927B0HIdH0E6k2NZoewAIvrp2gu5OHg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGPPkgvIMGdiynK0I4xcgm5fqZpg3SNYy_jzKOjkQv2Pd9ATVXJCvobvuHga2q34927B0HIdH0E6k2NZoewAIvrp2gu5OHg

Request Chain 327

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEORh0TUB71c7Sb5ChJ4hTkY&google_cver=1&google_push=ATf1kGMwEFl5Bwzph1Y_EmiD_DklGwc-UoR24WelfSh49pku8rzIQLbjJz4qmpsyRInJAoMMzfvtcshhvpHec28deOpVMi1WC9dMuA HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEORh0TUB71c7Sb5ChJ4hTkY&google_cver=1&google_push=ATf1kGMwEFl5Bwzph1Y_EmiD_DklGwc-UoR24WelfSh49pku8rzIQLbjJz4qmpsyRInJAoMMzfvtcshhvpHec28deOpVMi1WC9dMuA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=e284671e-43d8-4c86-ae88-bb73f17d20e5&%%GOOGLE_PUSH_PAIR%%

Request Chain 331

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEFS_XvAW5vIN6eNnFcB6s6o&google_cver=1&google_push=ATf1kGP8GJLvhdiE_I6bv8MIyGTELh_NPJfRITJW6DJV-eIr_igGo7-Jzs_L1l9krF-RtSAajc9y2_PzNzu-mUGEEifSr5wK-Qon HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGP8GJLvhdiE_I6bv8MIyGTELh_NPJfRITJW6DJV-eIr_igGo7-Jzs_L1l9krF-RtSAajc9y2_PzNzu-mUGEEifSr5wK-Qon&google_hm=eS1WdVFyVTFSRTJwR0NnbEl3TmZpV2cybFpQN2ZkU2YwdX5B

Request Chain 333

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEP1I-nIPJBJ1CwmpcIr2wMc&google_cver=1&google_push=ATf1kGMtpcINcJehytzUxOTlGUJFgFSjwy-NnKKIRWF1TmUaby6bfM8JO7NxVEXoqL_jnYnLRicgdERICONHAzB3V9SqefJQBuQU HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEP1I-nIPJBJ1CwmpcIr2wMc&google_cver=1&google_push=ATf1kGMtpcINcJehytzUxOTlGUJFgFSjwy-NnKKIRWF1TmUaby6bfM8JO7NxVEXoqL_jnYnLRicgdERICONHAzB3V9SqefJQBuQU&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=pjz3iZ2cQKe3zwWnizPnEQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGMtpcINcJehytzUxOTlGUJFgFSjwy-NnKKIRWF1TmUaby6bfM8JO7NxVEXoqL_jnYnLRicgdERICONHAzB3V9SqefJQBuQU

Request Chain 334

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEJb4vcaXLfVDU-mNU2eh8po&google_cver=1&google_push=ATf1kGOYAJt-oq-MKVeX72EEJNW_q8ZK-AfIAEe91eRACf8R58DyTG_S-M9KK5PMc3qLcpIaTS5MLJKE2V3rdS30GnHecIr-Yk9r HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEJb4vcaXLfVDU-mNU2eh8po&google_cver=1&google_push=ATf1kGOYAJt-oq-MKVeX72EEJNW_q8ZK-AfIAEe91eRACf8R58DyTG_S-M9KK5PMc3qLcpIaTS5MLJKE2V3rdS30GnHecIr-Yk9r&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGOYAJt-oq-MKVeX72EEJNW_q8ZK-AfIAEe91eRACf8R58DyTG_S-M9KK5PMc3qLcpIaTS5MLJKE2V3rdS30GnHecIr-Yk9r&google_hm=G5LcrGZH9dlTrbA7QIiUyM_d

Request Chain 335

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEPEKu_Fe3p8CMrULb6aYoFQ&google_cver=1&google_push=ATf1kGMNl5KgjVOC1Xulcebn9yGnPuYecpTHSZlHPpbfzjNM5m28XZbNXOXzikZ66ae6XdyZLCOA0CHbQOxC2gf1_29pDSKPKffb HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGMNl5KgjVOC1Xulcebn9yGnPuYecpTHSZlHPpbfzjNM5m28XZbNXOXzikZ66ae6XdyZLCOA0CHbQOxC2gf1_29pDSKPKffb

Request Chain 426

https://unilever.demdex.net/event?d_sid=25453995&cs=1687988914944 HTTP 302
https://unilever.demdex.net/firstevent?d_sid=25453995&cs=1687988914944

427 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 6x69807j0b5.html Show response
pcloak.blob.core.windows.net/web/ 1 KB
2 KB 401ms
96ms Document
text/html 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: d469330093a2cebd898628a339df6abaf5edcb89e85769ff79840371195a7d1f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 1318
Content-MD5: +Dz/d7Mp2GQfilgWrAkqiw==
Content-Type: text/html
Date: Wed, 28 Jun 2023 21:48:27 GMT
ETag: 0x8DB5ED0599CC10C
Last-Modified: Sat, 27 May 2023 16:35:15 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 8e755424-e01e-0036-220a-aacf7d000000
x-ms-version: 2009-09-19

GET
H/1.1 404
The specified blob does not exist. jquery.min.js
pcloak.blob.core.windows.net/web/ 0
0 96ms
95ms Script
application/xml 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/jquery.min.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-request-id: 8e7554bc-e01e-0036-740a-aacf7d000000
Date: Wed, 28 Jun 2023 21:48:27 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 200
OK cloakan.js Show response
pcloak.blob.core.windows.net/web/ 308 B
717 B 292ms
97ms Script
text/javascript 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 28 Jun 2023 21:48:27 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: zPiKctHo6j8i1UGOFPpInw==
ETag: 0x8DA4D4A263C11C2
Content-Type: text/javascript
x-ms-request-id: 8e75561d-e01e-0036-320a-aacf7d000000
x-ms-version: 2009-09-19
Content-Length: 308

GET
H/1.1 200
OK style.css
pcloak.blob.core.windows.net/web/ 166 B
568 B 194ms
98ms Stylesheet
text/css 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/style.css
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 28 Jun 2023 21:48:27 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 9ruAIrm4XHnQO3/sM8J0AQ==
ETag: 0x8DA4D4A26527CA0
Content-Type: text/css
x-ms-request-id: 8e75555f-e01e-0036-500a-aacf7d000000
x-ms-version: 2009-09-19
Content-Length: 166

GET
H2 200 px.php Show response
www.cloakan.co/ 743 B
681 B 864ms
139ms XHR
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/px.php?id=6x69807j0b5
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:26 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 404

GET
H2 200 nv.php Show response
www.cloakan.co/ 232 B
385 B 476ms
246ms Script
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/nv.php?id=6x69807j0b5-m
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:27 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 112

GET
H2 200 / Show response
ye-mek.net/ Frame 1B9F 77 KB
77 KB 210ms
52ms Document
text/html 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/
Requested by: Host: www.cloakan.co
URL: https://www.cloakan.co/nv.php?id=6x69807j0b5-m
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 59c949c5c11661d43e80180a727893dac9ea3095d0946fcc8a84a44d7ccfad69

Request headers

Referer: https://pcloak.blob.core.windows.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-length: 79004
content-type: text/html; charset=utf-8
date: Wed, 28 Jun 2023 21:48:29 GMT
expires: -1
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame 1B9F 90 KB
91 KB 38ms
11ms Script
text/javascript 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 18:18:28 GMT
x-content-type-options: nosniff
age: 444602
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 92629
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 22 Jun 2024 18:18:28 GMT

GET
H2 200 yemeknet.js Show response
ye-mek.net/js/ Frame 1B9F 10 KB
2 KB 83ms
83ms Script
application/javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/js/yemeknet.js?v=1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Wed, 28 Jun 2023 21:48:29 GMT
content-encoding: br
last-modified: Tue, 20 Aug 2019 13:15:54 GMT
server: Microsoft-IIS/10.0
etag: "0a144655957d51:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=691200
accept-ranges: bytes
content-length: 2179

GET
H2 200 maincss.css
cdn.ye-mek.net/ Frame 1B9F 40 KB
12 KB 71ms
19ms Stylesheet
text/css 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ye-mek.net/maincss.css?v=434
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
content-encoding: gzip
x-cache: HIT
x-77-cache: HIT
x-age: 6179457
x-accel-date: 1681809453
x-77-nzt: AcO1qhESXnL/gUpeAA
x-accel-expires: @1713345453
last-modified: Tue, 24 Nov 2020 00:00:32 GMT
server: CDN77-Turbo
etag: W/"5fbc4d20-9e5b"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c641f033a14
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 1B9F 122 KB
47 KB 46ms
21ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-38733763-1

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

18db09aaeeee5c7da8919c77d8aa609493829b1a25530582f0b7f901e8ad02ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48159
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 28 Jun 2023 21:48:30 GMT

GET
H2 200 WebResource.axd Show response
ye-mek.net/ Frame 1B9F 23 KB
23 KB 45ms
45ms Script
application/x-javascript 94.138.206.83
AS49126

General

Check archive.org

Show headers Download Go to

Full URL: https://ye-mek.net/WebResource.axd?d=YeedoL8dFzo5gymDuarFXngFaaXpLN8jYlixY-HzMyr_r8lEwXsCQefYQgi2kFzYfrVacpu_9us1eVTBWQamZuI0ynrH9LDfafZF-A5wZF41&t=637811837229275428
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.138.206.83 , Turkey, ASN49126 (AS49126, TR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-powered-by-plesk: PleskWin
date: Wed, 28 Jun 2023 21:48:29 GMT
last-modified: Wed, 23 Feb 2022 00:28:42 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: application/x-javascript
cache-control: public
content-length: 23063
expires: Sat, 04 May 2024 23:14:43 GMT

GET
H2 200 searchButton.png
cdn.ye-mek.net/App_UI/Img/ Frame 1B9F 542 B
895 B 8ms
8ms Image
image/png 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/searchButton.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179522
x-accel-date: 1681809388
content-length: 542
x-77-nzt: AcO1qhFPXsH/wkpeAA
x-accel-expires: @1713345388
last-modified: Sat, 22 Oct 2022 20:00:57 GMT
server: CDN77-Turbo
etag: "63544bf9-21e"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c64aebb0b16
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ara.png
cdn.ye-mek.net/App_UI/Img/ Frame 1B9F 2 KB
2 KB 12ms
6ms Image
image/png 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/ara.png
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179457
x-accel-date: 1681809453
content-length: 1651
x-77-nzt: AcO1qhGkjlH/gUpeAA
x-accel-expires: @1713345453
last-modified: Mon, 14 May 2018 22:41:08 GMT
server: CDN77-Turbo
etag: "5afa1084-673"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c6418158a16
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ic-baklali-enginar-salatasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 1B9F 15 KB
16 KB 18ms
9ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ic-baklali-enginar-salatasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: eab1145c02ae44ca45370dbdb689a98d1756fe3726fde675886a95730fee691d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 86438
x-accel-date: 1687902472
content-length: 15738
x-77-nzt: AcO1qhE9FCbvplEBAA
x-accel-expires: @1719438472
last-modified: Tue, 27 Jun 2023 21:35:10 GMT
server: CDN77-Turbo
etag: "649b560e-3d7a"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c645b47b916
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sucuklu-bezelye-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 1B9F 13 KB
14 KB 19ms
11ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/sucuklu-bezelye-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 75c5dcb0b1839bbb85275b03f330dd59c04167b59fe68b07cedad9f8292040f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 174227
x-accel-date: 1687814683
content-length: 13665
x-77-nzt: AcO1qhFtBY3/k6gCAA
x-accel-expires: @1719350683
last-modified: Mon, 26 Jun 2023 15:19:38 GMT
server: CDN77-Turbo
etag: "6499ac8a-3561"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c641eb1c216
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cilekli-dondurma-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 1B9F 14 KB
15 KB 22ms
14ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/cilekli-dondurma-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: f8fd679d9f44bca3f206280b3e5601ccbd0a22d9d46be815a98859729a6e57f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 252208
x-accel-date: 1687736702
content-length: 14588
x-77-nzt: AcO1qhGGHWj/MNkDAA
x-accel-expires: @1719272702
last-modified: Sun, 25 Jun 2023 23:22:33 GMT
server: CDN77-Turbo
etag: "6498cc39-38fc"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c6463c6c816
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kaburga-misir-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/06/ Frame 1B9F 17 KB
17 KB 89ms
81ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/06/kaburga-misir-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 60553b12e1cecec323684ec8158d0fdcc8cc22ae5ee712fc104390e70637df74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 340116
x-accel-date: 1687648794
content-length: 17278
x-77-nzt: AcO1qhEId+T/lDAFAA
x-accel-expires: @1719184794
last-modified: Sat, 24 Jun 2023 23:00:33 GMT
server: CDN77-Turbo
etag: "64977591-437e"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c64f664cd16
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 etli-nohut-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2014/09/ Frame 1B9F 11 KB
12 KB 89ms
81ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2014/09/etli-nohut-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7619efea4ccd65a5edde7db90013478309541941826ee2aacacaf95614043b87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6178134
x-accel-date: 1681810776
content-length: 11666
x-77-nzt: AcO1qhE4YAz/VkVeAA
x-accel-expires: @1713346776
last-modified: Wed, 01 May 2019 22:29:51 GMT
server: CDN77-Turbo
etag: "5cca1ddf-2d92"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c64db4bd016
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 lokanta-usulu-tavuk-sote-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/05/ Frame 1B9F 15 KB
15 KB 89ms
81ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/05/lokanta-usulu-tavuk-sote-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d6350ccbc96e6f4089866ba29b8e2fcdf961c3c5b428e8611226d39922e1fce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179144
x-accel-date: 1681809766
content-length: 15502
x-77-nzt: AcO1qhElODD/SEleAA
x-accel-expires: @1713345766
last-modified: Tue, 17 May 2022 22:25:33 GMT
server: CDN77-Turbo
etag: "628420dd-3c8e"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c64967e2b17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kc4b1ymalc4b1-kibrit-kebabc4b1-resimli-yemek-tarifi-20.jpg
cdn.ye-mek.net/App_UI/Img/out/270/2012/09/ Frame 1B9F 14 KB
14 KB 89ms
81ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2012/09/kc4b1ymalc4b1-kibrit-kebabc4b1-resimli-yemek-tarifi-20.jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: dacdec6aa88bb9571d309c295248ee5b202de625eba8aaa232f863ad9ba9fed5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6178131
x-accel-date: 1681810779
content-length: 14293
x-77-nzt: AcO1qhHpsF3/U0VeAA
x-accel-expires: @1713346779
last-modified: Wed, 01 May 2019 22:05:06 GMT
server: CDN77-Turbo
etag: "5cca1812-37d5"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c6456483617
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 somelek-kofte-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/04/ Frame 1B9F 14 KB
14 KB 89ms
81ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/04/somelek-kofte-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: a0a4cc3fe2d3f622420ca59c87382ef49c8810febf4eed0cf5f5b37b0df663fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179296
x-accel-date: 1681809614
content-length: 14352
x-77-nzt: AcO1qhHucqf/4EleAA
x-accel-expires: @1713345614
last-modified: Sun, 11 Apr 2021 23:09:03 GMT
server: CDN77-Turbo
etag: "6073818f-3810"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c6477b33e17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-zeytinyagli-biber-dolmasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/05/ Frame 1B9F 14 KB
14 KB 89ms
82ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/05/firinda-zeytinyagli-biber-dolmasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d69f2b4ba0b3d3c411bb34844d812afa68128a4ad85f62bb62df1b31fcf05b2b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6178816
x-accel-date: 1681810094
content-length: 14323
x-77-nzt: AcO1qhGik23/AEheAA
x-accel-expires: @1713346094
last-modified: Wed, 01 May 2019 22:42:33 GMT
server: CDN77-Turbo
etag: "5cca20d9-37f3"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c6463734217
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 bostana-salatasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/05/ Frame 1B9F 15 KB
16 KB 89ms
82ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/05/bostana-salatasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b736f3c590f550a31f5c5d2e0ce32c364cda805b06a730adc877dab95d115037

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6177264
x-accel-date: 1681811646
content-length: 15719
x-77-nzt: AcO1qhG32of/8EFeAA
x-accel-expires: @1713347646
last-modified: Wed, 25 May 2022 22:44:41 GMT
server: CDN77-Turbo
etag: "628eb159-3d67"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c645ef1ae17
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 saksi-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2013/08/ Frame 1B9F 14 KB
14 KB 89ms
82ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2013/08/saksi-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 27b521443caa2567c561c9a2bd377929f40cf7fb68113ccbc4b42669c6841e79

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179385
x-accel-date: 1681809525
content-length: 13931
x-77-nzt: AcO1qhFf9Kz/OUpeAA
x-accel-expires: @1713345525
last-modified: Wed, 01 May 2019 22:17:07 GMT
server: CDN77-Turbo
etag: "5cca1ae3-366b"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c64ebe14b18
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 mengen-pilavi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/03/ Frame 1B9F 16 KB
17 KB 89ms
82ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/03/mengen-pilavi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: bb7675b559b6b715e1583e5b7267a368f56cb8961a364f5204695d500614bb67

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6178937
x-accel-date: 1681809973
content-length: 16805
x-77-nzt: AcO1qhFWcRH/eUheAA
x-accel-expires: @1713345973
last-modified: Mon, 20 Mar 2023 22:40:04 GMT
server: CDN77-Turbo
etag: "6418e0c4-41a5"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c6425e05018
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 seftali-kebabi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/04/ Frame 1B9F 13 KB
14 KB 89ms
82ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/04/seftali-kebabi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: caba686e8a0a57536805240ee1ac6b56d9f5b5add5a8bf88fd6ff83d8a860b63

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6178134
x-accel-date: 1681810776
content-length: 13794
x-77-nzt: AcO1qhGYJCX/VkVeAA
x-accel-expires: @1713346776
last-modified: Wed, 01 May 2019 22:40:09 GMT
server: CDN77-Turbo
etag: "5cca2049-35e2"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c6414675518
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 besni-tava-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/03/ Frame 1B9F 18 KB
18 KB 89ms
82ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/03/besni-tava-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 599bb6748f60ecce39049c7c6feed7bfd65e9ba09ef478ff0661381840117a9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6178790
x-accel-date: 1681810120
content-length: 18119
x-77-nzt: AcO1qhFrKBj/5kdeAA
x-accel-expires: @1713346120
last-modified: Wed, 29 Mar 2023 22:35:22 GMT
server: CDN77-Turbo
etag: "6424bd2a-46c7"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c6452085918
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kofteli-orman-kebabi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2019/05/ Frame 1B9F 12 KB
13 KB 89ms
82ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2019/05/kofteli-orman-kebabi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2ee4854a38ad37b61a8727c71e98305037bc4711d65f4bac43420986b4c9455f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179385
x-accel-date: 1681809525
content-length: 12566
x-77-nzt: AcO1qhGBGHP/OUpeAA
x-accel-expires: @1713345525
last-modified: Sat, 25 May 2019 22:23:34 GMT
server: CDN77-Turbo
etag: "5ce9c066-3116"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c644a4e5c18
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 belen-tava-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/05/ Frame 1B9F 17 KB
17 KB 89ms
83ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/05/belen-tava-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5a890b96bb00fd6a96f4b5e43fa646fb4b331d9c55b88bf6ca5dafd2bf1bf184

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6176800
x-accel-date: 1681812110
content-length: 17356
x-77-nzt: AcO1qhGwbEj/IEBeAA
x-accel-expires: @1713348110
last-modified: Wed, 13 May 2020 21:44:39 GMT
server: CDN77-Turbo
etag: "5ebc6a47-43cc"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c646b4b5f18
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavuk-sote-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2017/12/ Frame 1B9F 12 KB
12 KB 89ms
83ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2017/12/tavuk-sote-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 6bfe09f0e69c4c09277d895b1146f4217b705d6bee219c661b36031742c24dd0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6176751
x-accel-date: 1681812159
content-length: 12346
x-77-nzt: AcO1qhGK1UD/7z9eAA
x-accel-expires: @1713348159
last-modified: Wed, 01 May 2019 23:27:27 GMT
server: CDN77-Turbo
etag: "5cca2b5f-303a"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c6484d66418
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cerkez-pilavi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/04/ Frame 1B9F 16 KB
16 KB 90ms
83ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/04/cerkez-pilavi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 298e30cd4e01948d540e8aff796e294da1ae095578b2403f2b97280e3b969a6f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179441
x-accel-date: 1681809469
content-length: 16373
x-77-nzt: AcO1qhGPqsH/cUpeAA
x-accel-expires: @1713345469
last-modified: Tue, 11 Apr 2023 16:32:39 GMT
server: CDN77-Turbo
etag: "64358ba7-3ff5"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c64f2a46718
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 pilic-tava-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/12/ Frame 1B9F 15 KB
15 KB 90ms
83ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/12/pilic-tava-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2c481ccdb6e10e0136132ac25c732c873df15b1cf23a063a714f63606159551e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6178370
x-accel-date: 1681810540
content-length: 15498
x-77-nzt: AcO1qhHl82D/QkZeAA
x-accel-expires: @1713346540
last-modified: Fri, 30 Dec 2022 22:50:02 GMT
server: CDN77-Turbo
etag: "63af6b1a-3c8a"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c64add76f18
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 tavada-tavuk-pirzola-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2021/03/ Frame 1B9F 14 KB
14 KB 90ms
83ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2021/03/tavada-tavuk-pirzola-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3a55a81ee41fb052562bfb3751492caf7ce85c5c029a7a7b03fa55797707b85a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6178881
x-accel-date: 1681810029
content-length: 14203
x-77-nzt: AcO1qhEkTX//QUheAA
x-accel-expires: @1713346029
last-modified: Sun, 28 Feb 2021 23:53:10 GMT
server: CDN77-Turbo
etag: "603c2ce6-377b"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c644e789018
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-kasarli-karnabahar-ezmesi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/11/ Frame 1B9F 12 KB
12 KB 90ms
83ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/11/firinda-kasarli-karnabahar-ezmesi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 822511e83f8f0a91a794447e76b86cbe86ec23663f925f814dfbe9d3d859e85a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 113621
x-accel-date: 1687875289
content-length: 12088
x-77-nzt: AcO1qhGCyDH/1bsBAA
x-accel-expires: @1719411289
last-modified: Wed, 01 May 2019 22:50:37 GMT
server: CDN77-Turbo
etag: "5cca22bd-2f38"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c64cb47b118
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 lahana-yemegi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/10/ Frame 1B9F 14 KB
15 KB 90ms
84ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/10/lahana-yemegi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: b927930fac90644d24523c173be181b6ecf87293484531a003184e2cfa4a38d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6178881
x-accel-date: 1681810029
content-length: 14792
x-77-nzt: AcO1qhEpzb7/QUheAA
x-accel-expires: @1713346029
last-modified: Wed, 28 Oct 2020 23:06:52 GMT
server: CDN77-Turbo
etag: "5f99f98c-39c8"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c64ffe1e218
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-patlican-graten-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/08/ Frame 1B9F 16 KB
16 KB 90ms
84ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/08/firinda-patlican-graten-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3d8139674dae70e3d6825845bd963841ab4ce23d55252685fe8061f6276bdc1e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6178402
x-accel-date: 1681810508
content-length: 16224
x-77-nzt: AcO1qhHYBuv/YkZeAA
x-accel-expires: @1713346508
last-modified: Thu, 11 Aug 2022 22:25:22 GMT
server: CDN77-Turbo
etag: "62f581d2-3f60"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c640861f318
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 firinda-sebze-kizartmasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/02/ Frame 1B9F 12 KB
12 KB 90ms
84ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/02/firinda-sebze-kizartmasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: aff61aadcc94c243e1dd0ff0cb91051de3139cf9ebfc910764e41f0a409f3cbf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 81391
x-accel-date: 1687907519
content-length: 12308
x-77-nzt: AcO1qhGqCT7/7z0BAA
x-accel-expires: @1719443519
last-modified: Fri, 31 Jan 2020 22:27:19 GMT
server: CDN77-Turbo
etag: "5e34a9c7-3014"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c645b06f718
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 terbiyeli-pirasa-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/04/ Frame 1B9F 12 KB
12 KB 93ms
87ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/04/terbiyeli-pirasa-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: cb999f85fd1d501283263c9716367eb7fca38ef43777df0fa253ee71bdf19565

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6178497
x-accel-date: 1681810413
content-length: 12043
x-77-nzt: AcO1qhEUIPL/wUZeAA
x-accel-expires: @1713346413
last-modified: Wed, 20 Apr 2022 23:39:13 GMT
server: CDN77-Turbo
etag: "626099a1-2f0b"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c648729c119
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 karnabahar-yapragi-corbasi-resimli-yemek-tarifi(16).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/05/ Frame 1B9F 14 KB
14 KB 93ms
87ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/05/karnabahar-yapragi-corbasi-resimli-yemek-tarifi(16).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 3f064267c64c1eeca604b20f9d60538c32c14e90528441d0524c2f30161f8b47

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 4403445
x-accel-date: 1683585465
content-length: 14031
x-77-nzt: AcO1qhHNjiX/9TBDAA
x-accel-expires: @1715121465
last-modified: Mon, 08 May 2023 22:19:39 GMT
server: CDN77-Turbo
etag: "6459757b-36cf"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c649d8ec519
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sebzeli-arpa-sehriye-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2018/01/ Frame 1B9F 12 KB
12 KB 93ms
87ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2018/01/sebzeli-arpa-sehriye-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d74e04ab3e34cfe4622ad194e062b4e9f3e10cace748d78c291344fa086d57f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179007
x-accel-date: 1681809903
content-length: 11978
x-77-nzt: AcO1qhGX60H/v0heAA
x-accel-expires: @1713345903
last-modified: Wed, 01 May 2019 23:28:59 GMT
server: CDN77-Turbo
etag: "5cca2bbb-2eca"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c64a0ebd419
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 pirincli-yogurt-corbasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/06/ Frame 1B9F 12 KB
13 KB 93ms
88ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/06/pirincli-yogurt-corbasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7e10c75356ec658e2f2fb4a409b04977fca9251f009aa4518d20c96ee4cf3440

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179412
x-accel-date: 1681809498
content-length: 12704
x-77-nzt: AcO1qhEVANz/VEpeAA
x-accel-expires: @1713345498
last-modified: Tue, 21 Jun 2022 22:02:57 GMT
server: CDN77-Turbo
etag: "62b24011-31a0"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c64f0f1f319
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 cevizli-irmik-helvasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/02/ Frame 1B9F 12 KB
13 KB 93ms
88ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/02/cevizli-irmik-helvasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 81fa8db261275be7531fb128593cece26d5e679e6e7a633f28f77add13a0d217

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6178697
x-accel-date: 1681810213
content-length: 12673
x-77-nzt: AcO1qhH3ws//iUdeAA
x-accel-expires: @1713346213
last-modified: Fri, 10 Feb 2023 21:46:02 GMT
server: CDN77-Turbo
etag: "63e6bb1a-3181"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c64631c031a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 pastane-sekerparesi-resimli-yemek-tarifi(20).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/04/ Frame 1B9F 16 KB
17 KB 93ms
88ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/04/pastane-sekerparesi-resimli-yemek-tarifi(20).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d6a0e678bddd69cf8c52d5056ebadbb5b1ce59e172bc5eb1b0a8f5aa4acac930

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179104
x-accel-date: 1681809806
content-length: 16552
x-77-nzt: AcO1qhHvFQX/IEleAA
x-accel-expires: @1713345806
last-modified: Mon, 10 Apr 2023 23:34:22 GMT
server: CDN77-Turbo
etag: "64349cfe-40a8"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c6499fe051a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 baklavalik-yufkadan-fistikli-katmer-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/04/ Frame 1B9F 15 KB
15 KB 93ms
88ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/04/baklavalik-yufkadan-fistikli-katmer-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 845eb9ea29b7a5637e5caa0a807e46db1ad49dd0bfd4dd1145a6ea3e6895555f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179071
x-accel-date: 1681809839
content-length: 15175
x-77-nzt: AcO1qhHcVuv//0heAA
x-accel-expires: @1713345839
last-modified: Wed, 01 May 2019 22:41:25 GMT
server: CDN77-Turbo
etag: "5cca2095-3b47"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c64c777081a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 alman-pastasi-resimli-yemek-tarifi(24).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2016/09/ Frame 1B9F 10 KB
11 KB 93ms
88ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2016/09/alman-pastasi-resimli-yemek-tarifi(24).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 690fca14cfec3446c6987b26b03ce4308c280b6c62435486b73be10fe4e1b511

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179370
x-accel-date: 1681809540
content-length: 10614
x-77-nzt: AcO1qhH/0Qn/KkpeAA
x-accel-expires: @1713345540
last-modified: Wed, 01 May 2019 23:05:32 GMT
server: CDN77-Turbo
etag: "5cca263c-2976"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c64e9940b1a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ispanakli-cilbir-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2020/11/ Frame 1B9F 15 KB
15 KB 94ms
88ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2020/11/ispanakli-cilbir-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 65ab75ed0100d9adf612b46d1e20ada64ac9530637f328dca42fd984da437919

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6178169
x-accel-date: 1681810741
content-length: 14881
x-77-nzt: AcO1qhEdkbv/eUVeAA
x-accel-expires: @1713346741
last-modified: Thu, 26 Nov 2020 23:32:58 GMT
server: CDN77-Turbo
etag: "5fc03b2a-3a21"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c64e7640e1a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 ev-yapimi-cilek-receli-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2015/04/ Frame 1B9F 16 KB
16 KB 94ms
89ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2015/04/ev-yapimi-cilek-receli-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 8283fa9c09b96e5929d28f325fe46a231469f9966f4b66b323faada5bc39002a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6178736
x-accel-date: 1681810174
content-length: 16167
x-77-nzt: AcO1qhHaz37/sEdeAA
x-accel-expires: @1713346174
last-modified: Wed, 01 May 2019 22:41:00 GMT
server: CDN77-Turbo
etag: "5cca207c-3f27"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c64cf43151a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 kirma-zeytin-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2022/09/ Frame 1B9F 13 KB
14 KB 94ms
89ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2022/09/kirma-zeytin-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9c1d5eead33fb63bd3a19b2444461953449797f909ef408e9aef9bf572546736

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6176493
x-accel-date: 1681812417
content-length: 13694
x-77-nzt: AcO1qhEaG33/7T5eAA
x-accel-expires: @1713348417
last-modified: Sun, 18 Sep 2022 23:21:14 GMT
server: CDN77-Turbo
etag: "6327a7ea-357e"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c6486bc321a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 sutlu-mantar-kavurmasi-resimli-yemek-tarifi(12).jpg
cdn.ye-mek.net/App_UI/Img/out/270/2023/02/ Frame 1B9F 15 KB
16 KB 94ms
89ms Image
image/jpeg 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/App_UI/Img/out/270/2023/02/sutlu-mantar-kavurmasi-resimli-yemek-tarifi(12).jpg?w=270&h=202
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 38a45d2622d89b3d2da8101fa1ecdc03ed87f51af4d93f1358530610ffd7cfcf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6176905
x-accel-date: 1681812005
content-length: 15570
x-77-nzt: AcO1qhFeCkX/iUBeAA
x-accel-expires: @1713348005
last-modified: Fri, 17 Feb 2023 22:43:31 GMT
server: CDN77-Turbo
etag: "63f00313-3cd2"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c64dcdc361a
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H2 200 _dmca_premi_badge_5.png
images.dmca.com/Badges/ Frame 1B9F 5 KB
6 KB 50ms
10ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_5.png?ID=da1d399b-5fd3-4da3-b5cd-8af692c19999
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:30 GMT
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: Microsoft-IIS/10.0
etag: "8ae3cdbd420cc1:0"
x-powered-by: ASP.NET
x-hw: 1687988910.cds258.fr8.hn,1687988910.cds153.fr8.c
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/_dmca_premi_badge_5.png>; rel="canonical"
content-length: 5605

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ Frame 1B9F 56 B
361 B 104ms
23ms Script
text/javascript 23.206.208.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.206.208.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-206-208-114.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 28 Jun 2023 21:48:30 GMT
server: Oracle API Gateway
opc-request-id: /7CE1CCD3175CB86A4CC6A188234E02F0/3DE66AA844043C1F510DEDFE1B2A5874
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H2 200 DMCABadgeHelper.min.js Show response
images.dmca.com/Badges/ Frame 1B9F 465 B
585 B 50ms
11ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://images.dmca.com/Badges/DMCABadgeHelper.min.js
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:30 GMT
content-encoding: gzip
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
server: Microsoft-IIS/10.0
etag: "26b181f16d28d51:0"
x-powered-by: ASP.NET
x-hw: 1687988910.cds258.fr8.hn,1687988910.cds057.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
link: <https://www.dmca.com/Badges/DMCABadgeHelper.min.js>; rel="canonical"
content-length: 395

GET
H2 200 outside.js Show response
static.virgul.com/theme/mockups/adcode/ Frame 1B9F 75 KB
26 KB 226ms
53ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:30 GMT
content-encoding: gzip
last-modified: Fri, 23 Jun 2023 06:55:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=43200

GET
H2 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 1B9F 3 KB
2 KB 31ms
8ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a7cda0875dee0ced1c82bf5d7bd85663c5cb5456b26ba0f4750c003884edd5a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 28 Jun 2023 21:48:30 GMT
content-md5: o82AdpVHbJwK33dsmbL5bw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
x-fb-debug: AmoLNLZXGPj9/m2Hcj/MUND7f34ZBK/k9LltZzP8gzq9/GvJYJFVnj8ry/Be4xXSR5eYK7z9oewZ2hh6NVLCVQ==
x-fb-content-md5: 2ef08ae06e4d0897c91d458cb8a4a619
cross-origin-opener-policy: same-origin-allow-popups
etag: "2d77dfa50dcb28703ee0f849e1a36af9"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:52:28 GMT

GET
H2 200 sprite_3.png
cdn.ye-mek.net/grafik/ Frame 1B9F 21 KB
21 KB 82ms
81ms Image
image/png 2a02:6ea0:c700::19
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ye-mek.net/grafik/sprite_3.png
Requested by: Host: cdn.ye-mek.net
URL: https://cdn.ye-mek.net/maincss.css?v=434
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.ye-mek.net/maincss.css?v=434
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 28 Jun 2023 21:48:30 GMT
x-cache: HIT
x-77-cache: HIT
x-age: 6179457
x-accel-date: 1681809453
content-length: 21525
x-77-nzt: AcO1qhGOk/3/gUpeAA
x-accel-expires: @1713345453
last-modified: Mon, 14 May 2018 20:55:05 GMT
server: CDN77-Turbo
etag: "5af9f7a9-5415"
x-77-nzt-ray: 4c1562242ea2b8d4aeaa9c642443f21a
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes

GET
H3 200 sdk.js Show response
connect.facebook.net/tr_TR/ Frame 1B9F 307 KB
87 KB 18ms
8ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/tr_TR/sdk.js?hash=bc08fd1d20b6c50a615322fc2affafe1

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/tr_TR/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5367005500c59c9e542250d314120e09d1c1721f471bd9e7aa7b15f6c9cc812d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 28 Jun 2023 21:48:30 GMT
content-md5: S8wBmHF8uh1wT3D7sQ7Omg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88852
x-fb-debug: ALgSVEk7e/NfHNvndYq23BR9lB8qd7WALl6yQeZmJ8CNpXIKPgl6K9V8j6rJSN97gLJ8PfyJzt5IBLQCdscwfw==
x-fb-content-md5: a74392ba3bf1b9a1d38de2a086d373a1
cross-origin-opener-policy: same-origin-allow-popups
etag: "3265691f36ad741ec603f4fe84af26ae"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Thu, 27 Jun 2024 20:12:26 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 1B9F 52 KB
21 KB 46ms
8ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-38733763-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 28 Jun 2023 20:35:22 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 4388
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 28 Jun 2023 22:35:22 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 1B9F 76 KB
26 KB 98ms
34ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7d6ab13a46e2b6c54d7cc178cdd04a5bcc4dcff75661fb8481e17ea8fe7a55a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26077
x-xss-protection: 0
server: cafe
etag: 900 / 19536 / m202306260101 / config-hash: 782518577177411778
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:48:30 GMT

GET
H2 200 ads.js Show response
static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ Frame 1B9F 120 B
306 B 54ms
54ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ads.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:30 GMT
last-modified: Wed, 21 Dec 2022 18:47:42 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 120

GET
H2 200 str.html Show response
static.virgul.com/theme/mockups/outside/ Frame B961 891 B
1 KB 49ms
49ms Document
text/html 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
content-length: 891
content-type: text/html
date: Wed, 28 Jun 2023 21:48:30 GMT
last-modified: Wed, 28 Sep 2022 10:07:57 GMT
server: openresty/1.15.8.3

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 1B9F 139 KB
48 KB 103ms
45ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7b0a1f73c3977a54b1e35b50b8d4829036fac521a03fb3b1183cde5a7e8417ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Origin: https://ye-mek.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48985
x-xss-protection: 0
server: cafe
etag: 8914006746620993322
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:48:30 GMT

GET
H2 200 prebid7.38.0.js Show response
static.virgul.com/theme/mockups/outside/ Frame 1B9F 489 KB
182 KB 56ms
56ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:30 GMT
content-encoding: gzip
last-modified: Mon, 27 Mar 2023 14:56:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 1B9F 236 KB
58 KB 67ms
10ms Script
application/javascript 65.9.90.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.90.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-90-93.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:35:01 GMT
content-encoding: gzip
via: 1.1 857b0dca772798c338c78a1be69c955c.cloudfront.net (CloudFront), 1.1 6fc3cae9692b6db972e4990be9921fae.cloudfront.net (CloudFront)
last-modified: Thu, 15 Jun 2023 18:14:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, PRG50-C1
age: 810
x-amz-server-side-encryption: AES256
etag: W/"9352f20e556bff9fea6fd0461aac850d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: Ra91JqNn4raJTRA5ldQQ-FjW6dUVxgOpy0gska3SIO1TH2MBRQsNNQ==

GET
H2 200 pageview Show response
ng.virgul.com/ Frame 1B9F 34 KB
6 KB 158ms
72ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/pageview?c=site_geneli&mt=1687988910666&v=https%3A%2F%2Fye-mek.net%2F&r=yemek_net:site_geneli&userId=&tp=&os=&call=noktaad.ads.vvad&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc0,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.08451933299010128
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a7be860b8a3390738801154b09d398cfaa7942292cc188556639160d36582e79

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:30 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/fallback/ Frame 1B9F 12 KB
2 KB 49ms
49ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/fallback/yemek_net.js?dts=19536
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:30 GMT
content-encoding: gzip
last-modified: Tue, 20 Jun 2023 21:45:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 hb Show response
ng.virgul.com/ Frame 1B9F 50 KB
5 KB 151ms
66ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/hb?call=noktaad.setHbParameters&site=yemek_net&dts=468885
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0e3062d9c8c3dfa5cabf3cdc4c058f696f21c0442f17970acabf4e9a896a2665

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:30 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://ye-mek.net
content-type: application/javascript
cache-control: max-age=3600
access-control-allow-credentials: true

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 1B9F 0
309 B 25ms
24ms XHR
text/plain 65.9.90.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fye-mek.net&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.90.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-90-93.prg50.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 15:59:50 GMT
via: 1.1 6fc3cae9692b6db972e4990be9921fae.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: PRG50-C1
age: 20920
x-cache: Hit from cloudfront
access-control-allow-origin: https://ye-mek.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: ZOLgfImaN4qYafwTW_CIkZ4zZzVFwejTWVzHbSEBOgJXr5PS5bshHQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 1B9F 6 KB
3 KB 27ms
10ms XHR
application/javascript 65.9.90.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.90.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-90-93.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: rBtfgJUMGYsy5fZuQwMAU7hSD.fVdF76
content-encoding: gzip
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
date: Wed, 28 Jun 2023 05:29:04 GMT
x-amz-cf-pop: PRG50-C1
age: 58767
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sat, 24 Jun 2023 09:19:11 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: nCiC_njfeqHLImDdAlGS4xUOQYrB5PcrGhOo9ZhjIgCjN8iePM_mXA==

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/ Frame 1B9F 392 KB
125 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9262e4f0004178b2eb384213e53dd3e0c71eb13584d3f6b6dba57437014c1b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 10:49:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39530
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127813
x-xss-protection: 0
server: cafe
etag: 18191761431352456992
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Thu, 27 Jun 2024 10:49:40 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306200101/ Frame 1B9F 345 KB
119 KB 65ms
46ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306200101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dc59fd7129986b76405c0f5b639f34c2646cb57135e0aaabdafdf244765d7361

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121300
x-xss-protection: 0
server: cafe
etag: 14105541718597860581
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:48:30 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230620/r20190131/ Frame 0A8B 10 KB
5 KB 37ms
13ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230620/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 45492
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 09:10:18 GMT
etag: 15057649708203361565
expires: Wed, 12 Jul 2023 09:10:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 empowerwebplayer3.js Show response
static.virgul.com/theme/mockups/outside/ Frame 1B9F 10 KB
3 KB 50ms
49ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:30 GMT
content-encoding: gzip
last-modified: Tue, 13 Jun 2023 13:36:40 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 yemek_net.js Show response
static.virgul.com/theme/mockups/sites/ Frame 1B9F 11 KB
5 KB 52ms
51ms Script
application/javascript 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/sites/yemek_net.js?dts=468885
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:30 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 09:08:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ Frame 1B9F 17 KB
5 KB 47ms
7ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19536
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:08:50 GMT
content-encoding: gzip
age: 2380
x-guploader-uploadid: ADPycdvzvfvbRbSzYNK6p4NcdxCx21Mc5dgAN-l1jXOAs5xKDJhOrWC3OYLt32vM5bfc1-tHcAN5dK-s77MXl6-NfIebzZ1JhCjh
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5009
last-modified: Mon, 05 Jun 2023 16:36:50 GMT
server: UploadServer
etag: "47a886353056caf33a998c6041e20896"
vary: Accept-Encoding
x-goog-generation: 1685983010517890
x-goog-hash: crc32c=aHj4lg==, md5=R6iGNTBWyvM6mYxgQeIIlg==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 5009
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 zoneview
ng.virgul.com/ Frame 1B9F 0
209 B 52ms
52ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1687988910845&v=https%3A%2F%2Fye-mek.net%2F&r=153366@153377@153378@153379@153379@153382@153383:yemek_net&userId=vnet555305dd-604f-4c2b-a899-19000d2d39c1&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.5133110921835158
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:48:30 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ Frame 1B9F 23 B
460 B 197ms
135ms XHR
text/javascript 65.9.93.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pr=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pid=6UcHU36rPdPKR&cb=0&ws=1600x1200&v=23.612.1758&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338221728129623web_yemeknet_right_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_right_tower%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15338321728129623web_yemeknet_left_tower%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_yemeknet_left_tower%22%7D%5D&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.93.173 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-93-173.prg50.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 5a9253ffd4a04a82b061e7ef23f713d4.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: PRG50-C1
x-amz-rid: DBB1E02ZX8H2NWE5VNPC
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://ye-mek.net
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: 4SowCpCIwGFRUGIxOIsCMdcJlS4pz-Voj8wxZF0vp1GEjXVjQAA0WQ==

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1B9F 107 B
456 B 55ms
17ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1B9F 143 KB
40 KB 363ms
363ms Fetch
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4406933181835019&correlator=3910517013128742&eid=31074949%2C31075485%2C31075690%2C31075693%2C31075341%2C31075694&output=ldjh&gdfp_req=1&vrg=202306260101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=2&adks=3733009076&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687988910666%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet555305dd-604f-4c2b-a899-19000d2d39c1%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet555305dd604f4c2ba89919000d2d39c1&sc=1&cdm=ye-mek.net&abxe=1&dt=1687988910892&lmt=1687988910&dlt=1687988910276&idt=578&adxs=436&adys=2665&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=u7hhrqwk2dv&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=215418476.1687988911&ga_sid=1687988911&ga_hid=2064569244&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7d4f898f5b01c4f58c14d70f7ec3f0bcce39ddc02b2edebbc8720e908304a944

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40629
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5945 6 KB
3 KB 71ms
17ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:30 GMT
expires: Thu, 27 Jun 2024 21:48:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1B9F 21 KB
10 KB 775ms
775ms Fetch
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4406933181835019&correlator=1822099341083472&eid=31074949%2C31075485%2C31075690%2C31075693%2C31075341%2C31075694&output=ldjh&gdfp_req=1&vrg=202306260101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=3&adks=1213799213&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687988910666%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet555305dd-604f-4c2b-a899-19000d2d39c1%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D%26amznbid%3D1%26amznp%3D1&ppid=vnet555305dd604f4c2ba89919000d2d39c1&sc=1&cdm=ye-mek.net&abxe=1&dt=1687988910920&lmt=1687988910&dlt=1687988910276&idt=578&adxs=315&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=7krpncc43sw7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=215418476.1687988911&ga_sid=1687988911&ga_hid=2064569244&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1ec4f4a0f3f4060a95df67e30501a7264ffd1b1423f1ea749b6ac4fe0165619

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9818
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1B9F 113 KB
41 KB 755ms
754ms Fetch
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4406933181835019&correlator=1822099341083472&eid=31074949%2C31075485%2C31075690%2C31075693%2C31075341%2C31075694&output=ldjh&gdfp_req=1&vrg=202306260101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=4&adks=101261820&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687988910666%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet555305dd-604f-4c2b-a899-19000d2d39c1%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D%26amznbid%3D1%26amznp%3D1&ppid=vnet555305dd604f4c2ba89919000d2d39c1&sc=1&cdm=ye-mek.net&abxe=1&dt=1687988910923&lmt=1687988910&dlt=1687988910276&idt=578&adxs=349&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=wkht3gttxin3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=215418476.1687988911&ga_sid=1687988911&ga_hid=2064569244&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4e5b863cd7dba4cb2c464d2d31412f51aee9311bc37000dae188c9a686547fbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41696
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1B9F 24 KB
11 KB 272ms
271ms Fetch
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4406933181835019&correlator=1822099341083472&eid=31074949%2C31075485%2C31075690%2C31075693%2C31075341%2C31075694&output=ldjh&gdfp_req=1&vrg=202306260101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_masthead_multibanner_3&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C300x100%7C300x150%7C320x100&fluid=height&ifi=5&adks=787621897&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687988910666%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet555305dd-604f-4c2b-a899-19000d2d39c1%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D%26amznbid%3D1%26amznp%3D1&ppid=vnet555305dd604f4c2ba89919000d2d39c1&sc=1&cdm=ye-mek.net&abxe=1&dt=1687988910926&lmt=1687988910&dlt=1687988910276&idt=578&adxs=985&adys=158&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=4xex6f3hklgi&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=970x-1&msz=300x-1&fws=388&ohw=300&ga_vid=215418476.1687988911&ga_sid=1687988911&ga_hid=2064569244&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e40270171da5d48fbff7a8c1919a716e886667bce71bfa9d03dda8211634eacb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10842
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ Frame 1B9F 7 KB
3 KB 171ms
50ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19536
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Wed, 05 Jul 2023 21:48:31 GMT

GET
H2 200 zoneview
ng.virgul.com/ Frame 1B9F 0
209 B 49ms
49ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1687988910944&v=https%3A%2F%2Fye-mek.net%2F&r=153394@153493:yemek_net&userId=vnet555305dd-604f-4c2b-a899-19000d2d39c1&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gprec%3Dyemek%26rec_ing%3D&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.200889826875577
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:48:30 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 91BE 603 B
218 B 67ms
65ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plaf=1%3A2%2C7%3A2&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687988910799&bpp=3&bdt=524&idt=148&shv=r20230620&mjsv=m202306200101&ptt=9&saldr=aa&nras=1&correlator=769850748361&frm=24&ife=1&pv=2&ga_vid=215418476.1687988911&ga_sid=1687988911&ga_hid=2064569244&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C42532277%2C42532279%2C31075626%2C31075645%2C44788441&oid=2&pvsid=4406933181835019&tmod=9758648&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.w657v3mxojpn&fsb=1&dtd=162

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306200101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=ye-mek.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 tag Show response
feed.pghub.io/ Frame 7516 13 B
257 B 53ms
20ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fye-mek.net%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Wed, 28 Jun 2023 21:48:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 google

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1B9F 107 B
165 B 17ms
15ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ye-mek.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1B9F 111 KB
40 KB 304ms
304ms Fetch
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4406933181835019&correlator=2362930342354714&eid=31074949%2C31075485%2C31075690%2C31075693%2C31075341%2C31075694&output=ldjh&gdfp_req=1&vrg=202306260101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=6&adks=345722362&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687988910666%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet555305dd-604f-4c2b-a899-19000d2d39c1%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet555305dd604f4c2ba89919000d2d39c1&sc=1&cdm=ye-mek.net&abxe=1&dt=1687988911098&lmt=1687988911&dlt=1687988910276&idt=578&adxs=436&adys=1389&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=53pxb3nysbcb&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=215418476.1687988911&ga_sid=1687988911&ga_hid=2064569244&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b183c82cd67472ed0f12573229f1b2eb1edfa6945903e60e96025c8d9fee0c52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41172
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1B9F 23 KB
11 KB 568ms
568ms Fetch
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4406933181835019&correlator=2366171517478463&eid=31074949%2C31075485%2C31075690%2C31075693%2C31075341%2C31075694&output=ldjh&gdfp_req=1&vrg=202306260101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_right_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=7&adks=3203893797&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687988910666%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet555305dd-604f-4c2b-a899-19000d2d39c1%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet555305dd604f4c2ba89919000d2d39c1&sc=1&cdm=ye-mek.net&abxe=1&dt=1687988911102&lmt=1687988911&dlt=1687988910276&idt=578&adxs=1318&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=bwt6myjtrfd4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=215418476.1687988911&ga_sid=1687988911&ga_hid=2064569244&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b73ee03fa44ce3985504704057d1331e0e5944356f05c425e0b03e15a8cbbcb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11100
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1B9F 24 KB
11 KB 567ms
567ms Fetch
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4406933181835019&correlator=678348825806742&eid=31074949%2C31075485%2C31075690%2C31075693%2C31075341%2C31075694&output=ldjh&gdfp_req=1&vrg=202306260101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_ust_728x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=8&adks=456810305&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687988910666%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet555305dd-604f-4c2b-a899-19000d2d39c1%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet555305dd604f4c2ba89919000d2d39c1&sc=1&cdm=ye-mek.net&abxe=1&dt=1687988911108&lmt=1687988911&dlt=1687988910276&idt=578&adxs=436&adys=751&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=ds6dvj6yh87u&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=215418476.1687988911&ga_sid=1687988911&ga_hid=2064569244&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1bdfbc239e072c3401968b6709696a495cf7c67483ddd4bb90aa8a602dd0ff17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11717
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1B9F 112 KB
41 KB 571ms
571ms Fetch
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4406933181835019&correlator=2243176525052102&eid=31074949%2C31075485%2C31075690%2C31075693%2C31075341%2C31075694&output=ldjh&gdfp_req=1&vrg=202306260101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_kategori_sayfalari_728x90_repeating&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C728x90%7C468x60&fluid=height&ifi=9&adks=2157304621&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687988910666%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet555305dd-604f-4c2b-a899-19000d2d39c1%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet555305dd604f4c2ba89919000d2d39c1&sc=1&cdm=ye-mek.net&abxe=1&dt=1687988911113&lmt=1687988911&dlt=1687988910276&idt=578&adxs=436&adys=2027&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=15s6e66yi682&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=976x0&msz=996x0&fws=388&ohw=1600&ga_vid=215418476.1687988911&ga_sid=1687988911&ga_hid=2064569244&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00a0cb59c614b72cc7b94593c402d7bf80851135cc6b0f7ce16262cf43dca4a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41470
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1B9F 24 KB
11 KB 570ms
570ms Fetch
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4406933181835019&correlator=3388735961280011&eid=31074949%2C31075485%2C31075690%2C31075693%2C31075341%2C31075694&output=ldjh&gdfp_req=1&vrg=202306260101&ptt=17&impl=fif&iu_parts=21728129623%3A33502485%2Cweb_yemeknet_left_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240%7C160x800&fluid=height&ifi=10&adks=3299242717&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dyemek_net%26mt%3D1687988910666%26pager%3D1%2540site_geneli%2540yemek_net%253Asite_geneli%26policy%3D0%26host%3Dye-mek.net%26url%3Dhttps%253A%2520%2520ye%2520mek.net%2520%26targetCtr%3D0%26pid%3Dvnet555305dd-604f-4c2b-a899-19000d2d39c1%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26rec%3Dyemek%26rec_ing%3D&ppid=vnet555305dd604f4c2ba89919000d2d39c1&sc=1&cdm=ye-mek.net&abxe=1&dt=1687988911122&lmt=1687988911&dlt=1687988910276&idt=578&adxs=122&adys=150&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=psz5vralcp1s&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fye-mek.net%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=160x-1&msz=160x-1&fws=900&ohw=160&ga_vid=215418476.1687988911&ga_sid=1687988911&ga_hid=2064569244&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2814fa315823ab0d025466339c9c20092d3c3380163b281486a75a3990d5cd10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11344
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ye-mek.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 1B9F 361 KB
121 KB 54ms
15ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19536

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123120
x-xss-protection: 0
expires: Wed, 28 Jun 2023 21:48:31 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ Frame 1B9F 398 KB
128 KB 54ms
54ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=6/28/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19536
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: gzip
last-modified: Mon, 29 May 2023 18:51:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Wed, 05 Jul 2023 21:48:31 GMT

GET
H2 200 container.html Show response
a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2418 6 KB
3 KB 9ms
8ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:30 GMT
expires: Thu, 27 Jun 2024 21:48:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 17D6 624 B
246 B 31ms
30ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNW0GG5nLX3i1Qk_MbJWG8AK5lnrPidEz7TMG2mzZphKETkpqh_ss0fRXWIP7hbXOJ5HthK-WscKNIrXUQRr0xY5Uy37kxese9hF3rYQD6BUInCY8gDDAmFUnW_UTkUs1OnmQXkkYGwM6mBPad8zEQc9TxcIyqqQZNShCTfXuiIAzIbgMLE

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:31 GMT
expires: Wed, 28 Jun 2023 21:48:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2418 78 KB
27 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:48:31 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2418 42 B
63 B 49ms
47ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D6qxY0XfjJq1CpsGqT8rt91SV00wpkUHuNA_nirO4vnvSbcdt1NdOJbiVPx2IX01Ie4ZWTN1dhC7l7ZK5t_ILELvdwz5zAjdCqXAym-IIXiw60-08

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2418 0
20 B 49ms
48ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=2705401943974781702&x=1&ct=77

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 2418 3 KB
1 KB 60ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:41:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 424
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 21:41:27 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 2418 19 KB
8 KB 58ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8933
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:19:38 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2418 179 KB
57 KB 71ms
20ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:48:31 GMT

GET
H3 200 container.html Show response
a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame AD74 6 KB
3 KB 20ms
19ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:30 GMT
expires: Thu, 27 Jun 2024 21:48:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 17D6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDApG3Jf9ibtOR_x0zGHKoc&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDApG3Jf9ibtOR_x0zGHKoc&google_cver=1&C=1

43 B
766 B

11ms
10ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDApG3Jf9ibtOR_x0zGHKoc&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNW0GG5nLX3i1Qk_MbJWG8AK5lnrPidEz7TMG2mzZphKETkpqh_ss0fRXWIP7hbXOJ5HthK-WscKNIrXUQRr0xY5Uy37kxese9hF3rYQD6BUInCY8gDDAmFUnW_UTkUs1OnmQXkkYGwM6mBPad8zEQc9TxcIyqqQZNShCTfXuiIAzIbgMLE
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:48:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:48:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEDApG3Jf9ibtOR_x0zGHKoc&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 17D6
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJyqr0VIkytEHzvV7KweTAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECp2CEUNEet3vfirHowPD_M&google_cver=1

43 B
766 B

25ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECp2CEUNEet3vfirHowPD_M&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNW0GG5nLX3i1Qk_MbJWG8AK5lnrPidEz7TMG2mzZphKETkpqh_ss0fRXWIP7hbXOJ5HthK-WscKNIrXUQRr0xY5Uy37kxese9hF3rYQD6BUInCY8gDDAmFUnW_UTkUs1OnmQXkkYGwM6mBPad8zEQc9TxcIyqqQZNShCTfXuiIAzIbgMLE
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:48:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECp2CEUNEet3vfirHowPD_M&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 17D6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEA50sH99w-3K9gZJ_8DjAr4&google_cver=1

43 B
1 KB

34ms
9ms

Image
image/gif

37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEA50sH99w-3K9gZJ_8DjAr4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNW0GG5nLX3i1Qk_MbJWG8AK5lnrPidEz7TMG2mzZphKETkpqh_ss0fRXWIP7hbXOJ5HthK-WscKNIrXUQRr0xY5Uy37kxese9hF3rYQD6BUInCY8gDDAmFUnW_UTkUs1OnmQXkkYGwM6mBPad8zEQc9TxcIyqqQZNShCTfXuiIAzIbgMLE

Protocol

HTTP/1.1

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:48:31 GMT
AN-X-Request-Uuid: 0a44ec87-89e2-4b6f-9dee-14eb0c3e8407
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.10.202; 80.255.10.202; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEA50sH99w-3K9gZJ_8DjAr4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 17D6
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU4NjQzODkzMDIzMjkzNDk0MQ%3D%3D

170 B
243 B

250ms
250ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU4NjQzODkzMDIzMjkzNDk0MQ%3D%3D

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 28 Jun 2023 21:48:31 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.10.202; 80.255.10.202; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 0e2d501b-9233-4017-9224-d1eab97cbcf8
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU4NjQzODkzMDIzMjkzNDk0MQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame AD74 2 KB
975 B 39ms
16ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4f393315ffc75417c9c350e709bbcca2d2e9d5640fa0925b32088ff1ed6c84f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 21:09:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 28 Jun 2023 21:48:31 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame AD74 2 KB
972 B 11ms
10ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:22:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8769
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:22:22 GMT

GET
H/1.1 200
OK ai.aspx
tagm.tchibo.de/ Frame AD74 60 B
0 335ms
261ms Fetch
image/gif 213.202.235.10
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL

https://tagm.tchibo.de/ai.aspx?extProvId=5&extPu=tchibo-pm-display&extLi=17931416617&cb=2481547951

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.202.235.10 Grenzach-Wyhlen, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:48:31 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
P3P: policyref="https://tagm.tchibo.de/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Mi, 28 Jun 2023 09:48:31 GMT
X-ET-Code: 0
Content-Type: image/gif
Cache-Control: max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-ET-Camp: 821
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame AD74 0
0 52ms
52ms Fetch
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cp_C7rqqcZKOvOpefgAeC2ZmIA8K5n8Fu6KXn-t4Qnf6Q1f8zEAEgwLKCa2CV0rSCwAegAYKQ5YcDyAEJqQIJNcHoA06yPuACAKgDAcgDywSqBNgBT9CaBgJRKNuGH1WW8MuVCz1c6kIqeZYk6QvQq2QtDRrlhgLDuNMAelAB1EekG7h1w1KjBcwGIhBoKfk4oQ8HSGNns7JO1liujZLhEGtXWr8bKYJU2NyXyCGWlnPZ7WZB-GkDtnAwQldXX3gK1SR-ix7chMVRd4o3Ub3SIbF7F085KA-P666VqqQn2US4_E1pMtRIGKePIZ28bB1U7FZsBBRf7f-liivDXEmVYiW8ARA9gA5-PE6a9P1R0Je1JwfrT0oo44zK9EeW5wn3ZGzAdgLay2L2BwCswAT-l9LTnQTgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHzIGtKKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAPIHBBCGuAHSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoDyAsB2BMLiBQB0BUBgBcBshceChwIABIUcHViLTY1OTM1MjMyMTAwMTAxNTQY6sFt&sigh=begv_DNuXXk&uach_m=[UACH]&cid=CAQSLQBygQiDiuERu-3tDsmXRMw1Y0oNPA6GM_rruYdBzPDqXVo35syg70PBGrTQ_hgB&template_id=494
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame AD74 22 KB
9 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

81f66fb840c902b62f902bc4e27a6e3dee001d2f8babf5e767f78f16136ff0b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 18:49:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10758
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9007
x-xss-protection: 0
server: cafe
etag: 10216374826415589524
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 18:49:13 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame AD74 3 KB
1 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:41:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 424
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 21:41:27 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame AD74 19 KB
8 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8933
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:19:38 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AD74 179 KB
56 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:48:31 GMT

GET
H2 200 95d52fd2d3470bdf70a280ba9b2fe75b.js Show response
www.gstatic.com/mysidia/ Frame AD74 34 KB
14 KB 41ms
9ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/95d52fd2d3470bdf70a280ba9b2fe75b.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4280cd4b56f2c32730c10b51d0f72b21d2a82f83104f1f450d3436d5166d692e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 15:01:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 110800
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14303
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 17:32:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 25 Sep 2023 15:01:51 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2418 0
20 B 59ms
58ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7186884632739&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2418 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7186884632739&version=m202301230201&ct=77&x=1&cor=2705401943974782000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2418 15 KB
11 KB 48ms
47ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A6iFn__NL6rNSpcZP-W_lEKvSQRe-3lJBFzc5qOeOhJpqf_IuUqv9JdaOtpBs1lbgdUUSzGgnVL3OTc774485s1iY-or1QfEpcjKDlkfw9g0rgvpMh8ATzz4EHz4hwajqnkuyYVKSW1xx0Xsd1RJTYCPfAhAAUPU5vNDmAschltVexUXg&cry=1&dbm_d=AKAmf-BKaXAeQNkK6qNUsWL6Vl1bHB_6Vttw75uHQmlDxsgyLT1P1f_jY_-f_am73QM_46TcdnT4EsCPcALiwVGZe8UxM_e7PF3J6pd_rEx_eKuMwMcD9_-lQB-fe4e83ZQaWp4KKqxEuBRhqAYACU5IIt8glDJ222PVB-4zm4AwDiACzFCLSF4uIzKrz7CLwxNc2VyaaF5G9i5MEdGvzJWLNFOu3a8ZXv3LOgd6MhTVMY7j4G7nHBbGNGGBwsVtm2SQAAZ6M-V8B7UCaeuN8uab8uho50_UNoBqWkGIqmrCCchNvZHekUTHIyyAI6tz2dCMrdCagGrMhBDX1dijwol5LprkuQmz6TZ_UsaYzTw4fKeJYyXWB6A307vFpqjcmLrXFAtr-EHX878PdwLhjrt0JJcGG8DLdehIUCnNs11E6DfFCl5J7P3u3h52yBs6x7-V8YA7sIhVrK4tdwIqufDFOQBCKHifN30qwl4ri2bpKqmUMKveRxMQsk6lIR9yXDpANmmAbLxYe35ZyTGYGgJ29GZ6HZldZAxPVHLw25qR0CZXNCbPWUVjb_0PQxsgEDJAQJetQsGTXn8jEys2qAX88tHFAbttkzdDOt6R-fmrtkz_-3sN7LJs-RCtLETVQ5mcH_l9W6iN4PwSLLqSGvZPtWdNVnoHDEs8XG7gukFf4ex06IMXQ_MqZZBkpdxzry9WXl7SNwHpJFq0OlmKQHEJVadlaX5GZUZ-yZRzwfxjIh8DsDo0j4R6JZfIMrqADzh28ReTrlz-WyRb501-o7ckxgkyWWeOHYQhxhbypIrONZGWXUoStgxY3HY8gkYX__iq2WMgAmV1DL9tUYnyFiHDuRMEANntLawC0jucYrXqMFlAj0CPvl0yVShQp-koPOljSEsQLMRfFumFmibXpTds78FII_J-CH5sgUZ_IHXAJeTGLKs4k4woMNzFWfAk0Ol3-ubDDTdm-eXC_AnV5NB2gCrMFkYrPyocEZDp8j83FDPzgPsdQoXx5wVByBFMLnoSx85cddco3VlaHVc87uZd87vcvr6QbcOx2Xv-oj7_NTuejrmkdQ-0EFv1lDtMvVusuY4k7LCxOB931Ns0_Q5gbI3Uv6Q6y2ffoOugT660eq4xnSK-mgkZ4rQm9OQm7RwDdNKKU1eXGVAdsSu1kBl_f9OPYkBKH01N5PxRr1ZNKoWuaY3mQ1BYGIOETa81Ds5IsiQg_d9gn1E98HmotgzwwQVwJ0JOqew5H-qE0t5wCBeGmtSu9D6MH4lGy-_ARyBQXVeCODztTeIy6IZt-aj6LwHey78PUOjR_DEQifTbYxgpgkKlDU8D_Y4YyyflbI80TTzDLeNYzijTzWkDPUTLEYY0ORScKm4_MkVbbXDzifPlPUhhps2Ekegk2Ir9K-jHr858NxJN_Hgns9AkDpq8jqSB8UP_dgFtPaGCJUFz-tRi8hK3EOmbsGNv19XCxCIVHTQuG8XDCxBMUhUPS34Mi5lAmwM1OnHbzUUeIuhEtVmFgE82VBtp1vvhGsa8kgSLLNd7UxV4NxSdCwWmwQwZiDYSu6VkN2Ia5duBjoZcFIf8jjdS00E2WjMO6-PPr65gZgNqCUB9DpgjR1seegFtgSIwzOvwqeA-cRDPulmrXTWWZRYD7SsdHt4-HzyjINQEgZxvD1cPsyIpDd0jTOO5YZrz5lESsXZvDSxCjotrgolmsmIZBIbGPEjyX3it5-VWjzPtH34iLfNl_wYkF_3QTK-Uljib_yla8SR4OgtTS7niBRLTX2yEkuBkDXWXAK144DBDdg1zdjQ3VP0SxPy3JHZqKtO1KGJJSnhwrDAQ-iagv4blZ7I4iCvQfcSvyqX8PIrxZ5v1J45IOggGQCYGBRonrHgwD8LJQS6qOIIYV_PjYR3nyDvrUv1M67fBD4TQvGnuStNUzcIvKYNBI0qs8131PfZ6XHBvnJ1TVVKqa8vaUOE8j6nhDhfeBvyttbaT2s1UMmAPaZnPqHOzScwfbeZjkJ9zyRQxRbxlZS8iOiMCneol_l4kg2oOicV6dS04VkEGcwP80Xrcvcw0S6WzYQdayxujzDOPOOBDugyRxXD8-HM-OeOXRMBs1jSQHSSYkkrvNledxA5O-JfR_cKCR418Nua4JVaU4FS_Z5CqLGVhQEG0ePvnTq4uYz9ypOxlTVWpA4vlfgTAyDCa-0MP6i5XBuG3-QmhBiiMilJDRKnPf5GnYeeItGe_oM3cKKlER7YBXKogM4dYOc8BqB6SxvlU6_5uFlp_PVjdDbIWLJZt1Vf2lJ9TF2iic4PuQUjY9cxtghD2gV8xk-y-QEk0uUYoHe5qLd02ceLSE3LCGwhRHfXywCTT6ZTRgYR58XsX-L77E0Nz1-AfFDxz43K1DpYKyXZYTcZtjfatHZRaMr9cPUZoP0hipKzY-mf-jW8ZmFfYyt4eTRpBSfLqzJ8ktUerB0kI8JeX3iMlsaS3JjK2dR-1O3fDoOjeUGkrDh_BC1CetZH2awBI8S0Wjn0T-CIi_J6H_YQ6ng5CuuqWQRKoFrPfeAdpVbz3Qur-pHonF7VPqxUYm9k1fiF1e8XKBTRDDV6osoE_dAivOcKHRjTyhX-Pqh_J1xJ2OKbeSNBBVKFMd0cZKjlq5RZOe8Nw7PEKPOZlcqlAAs29EG2lTp33PkbtU5xmW2L41wnb-oilepSb5heCD8p8grvMPg4EPU9VtYGLMYqwI-CYQ2ybBVUvqJpouPVMqwfnUQWmSOp5RakaanQHJdO1DZ8bX93Rkc1RTquCP9w0_Fc9ga31nE9V3RjIqYT3n9DQLggxZqtIncprMC5iUsXNGC656paqQge0yH8rV7VhQDbNPV74biErgY3ZXCi64RQ1H3TnJ00s0k2hALus9dvUxcSzt_HtXJO2oFnjCTbEVWDsaRILbVtna8k-Co9QlTH6N_n_e82LYRN5Pp2kxO3AxQrrh8xSr1Ie4HQ8W-6tsePfzlmsTOMp34uU5vJNMVGtbrZC5sAqgS-aB1Y2xOhvtKvzgB8mBHCR9EbkNELQRZ1Fucyqs1Ppz3bmI83AjcaE_6tutVfIrGRq5swEns0ZiAZ_LYd3LfwPjvONQy_FPEOhQMgJWFsAWSg89DNfW1UYol5thUeU8ijNfbTsmB4IwpdCeVVsQz2ibVGjpiLcTWkvSGPHa8EJ6B3atvDU7PT8481U3esRlxvkwVAZ5RcTvMZmtgcc33d2VzaAGWsYRIYwXX9vdhVpNtTqTWCflpel8_sLGN2ZC7mNniA0PzL-BVkZUW__S_ytGMZpQ9AjB-Yf1S2-yKS7HtirJTh5qM_lXvrlnHxrf_Ex1NPh2HRQgHgU6qJ_IH0o1DH5GDgvj_3QwdrG_lM7iJFdsGze_ZPnYetTHkF-gwShvqS671OipU-wNPd7mGu-wD_9CKx2tnj0nVDIWl4Y3u2rJpzM-WhH3XIdRJyMuSeGnpDaIQYryFKsgJvMR6c_2zLp648tKbgWGusq0l3HX6zl2v1rd_55vmEckasmNnAS6Y2lFsRXhjLYxWYiK5ZabsyCrrLAD2Pj3Gj3JESfA2-l1TguUFeYQ7xUgskj60TSQHSO-eukytcgV3PihfeHo5Dy7vVOPHYy-Y3oHpTBXMI8ahnXQ2E9tta41YzgjnXGcLlRNso_WoOZGJQ-iuHnh0X7gC5lOYQA_z1dgJVXyktjdvLwtdOloqgSQ5Or51miPstch0bIK1AXUu-n8LIDk73seHY6bn5diLNA1qdS4p6jSEEZQGt3NVT8VX5jUB9KZxEkfb1tkPcyzgJNJU7A4Hc5X-TKT_XNH8J6bZK-fgH8zAQ&cid=CAQSbQBygQiDnhtTem870tkP4aWMhKZ6Kz1GaEeUhZqzuy75x42W6ikvyDHIKj94Znfx8fx7qRDByfM84dZGQYSNYs0wfjhtyTCyac2NOBdk2Cg6mOICtMEiygSp93HmAVnlxAO_aHajXbmJNRPVQtkYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=2705401943974782000&adk=3468572599&idt=41&cac=0&dtd=13

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83905eb59aa964c7c9f44b74756c9cb0e77994b2b5569f2d8b8025b8aea8e33a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11389
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame AD74 10 KB
10 KB 56ms
8ms Image
image/jpeg 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcSkvMkQkRUsg6I4quIlvofs9Y-tZ9tVxQHD1MuvlrV4rRb-WEQ&usqp=CAI

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4c85752d9d2260c0aa1a618ea018217c35a989eb4be212f2abf9dcf8d78893d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 22:27:28 GMT
x-content-type-options: nosniff
age: 429663
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10161
x-xss-protection: 0
last-modified: Tue, 01 Aug 2023 08:24:04 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sat, 22 Jun 2024 22:27:28 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame AD74 17 KB
17 KB 318ms
253ms Image
image/jpeg 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcT-5Ws7vg7CFpyNDcWQ7C_tCz5VbsoZFlekUXpL-x0B3qEAbDQ&usqp=CAI

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a553ee8a667dd57fb74981f9a4ea14bb29547766247a0ccf1677b9abc6f45a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 17:23:50 GMT
x-content-type-options: nosniff
age: 188681
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17572
x-xss-protection: 0
last-modified: Tue, 07 Mar 2023 08:23:04 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Tue, 25 Jun 2024 17:23:50 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame AD74 18 KB
18 KB 313ms
248ms Image
image/jpeg 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcQZUjd7FIP9aYyXLfo24f0J5cExx758tnQl_8F771GGyW6M6Xc&usqp=CAI

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e7a428e2a048d72ca4b6ca862722bd5575d065d38fb4d64cb424134f51f617a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 03:13:17 GMT
x-content-type-options: nosniff
age: 498914
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18038
x-xss-protection: 0
last-modified: Mon, 31 Jul 2023 03:04:40 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sat, 22 Jun 2024 03:13:17 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame AD74 19 KB
20 KB 312ms
247ms Image
image/jpeg 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcQm43baX4iUO8AmhRiqvpz8rnn2pohLDA1YjSj9b9QEuRErwv0&usqp=CAI

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39a490e9314c5008e721c80c0cfb3a1f77229a92712eba7993f8b581047b3279

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 18:10:38 GMT
x-content-type-options: nosniff
age: 13073
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19840
x-xss-protection: 0
last-modified: Sun, 16 Apr 2023 08:59:28 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 27 Jun 2024 18:10:38 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame AD74 18 KB
19 KB 315ms
250ms Image
image/jpeg 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcQ_Z1mL0lnh8xGf4wwN4okdkXPnngCPYV1Pf5gpjczMeqzCaa-G&usqp=CAI

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef9cdab047e799107a1766b8e31c366cb61fa0e4e2d5f7fea96013032837b4d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 06:22:39 GMT
x-content-type-options: nosniff
age: 55552
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18886
x-xss-protection: 0
last-modified: Tue, 02 Aug 2022 07:19:03 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 27 Jun 2024 06:22:39 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame AD74 10 KB
10 KB 56ms
9ms Image
image/jpeg 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcTY1etYJYslfA8cBrNZ-SOj50OL60jmd2VMIM8orFB0mRtq7I_v&usqp=CAI

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94e5839a676eea34b7f565a70e57075e47875ab68fe7055f04df7bdf89165416

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 03:53:37 GMT
x-content-type-options: nosniff
age: 64494
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10134
x-xss-protection: 0
last-modified: Fri, 04 Nov 2022 06:15:20 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 27 Jun 2024 03:53:37 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame AD74 20 KB
21 KB 313ms
249ms Image
image/jpeg 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcROtDU99IvafTABbEdTOk-4rOseNXu9EbNdrPvqf0XLax0RrReHFm1pPvCjS5k&usqp=CAI

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e979052a2ee3019ceb28246d970b559212838947e1f2bde23c9e1217669c4e91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 20:39:19 GMT
x-content-type-options: nosniff
age: 436152
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20613
x-xss-protection: 0
last-modified: Sun, 16 Apr 2023 10:23:27 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sat, 22 Jun 2024 20:39:19 GMT

GET
H3

200

6940406974179512899
tpc.googlesyndication.com/simgad/ Frame AD74
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDP-7vrpAEQ6AcY6AcyCEPlfr8JziOv
https://tpc.googlesyndication.com/simgad/6940406974179512899

120 KB
120 KB

10ms
9ms

Image
image/png

2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6940406974179512899

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8d0b476d33f17f88af0ca5d38a0fa7bade2e40dcd5734a32b926c808c60bec1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 22:28:52 GMT
x-content-type-options: nosniff
age: 343179
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 122692
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 11:41:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 23 Jun 2024 22:28:52 GMT

Redirect headers

date: Wed, 28 Jun 2023 18:37:11 GMT
x-content-type-options: nosniff
server: cafe
age: 11480
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/6940406974179512899
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 28 Jul 2023 18:37:11 GMT

GET
DATA 200
OK truncated
/ Frame AD74 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f23dd9f316360d64285dc984460f2de6e88a190ded454be8eb0c75cd5cc0c231

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2418 41 KB
13 KB 234ms
234ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A6iFn__NL6rNSpcZP-W_lEKvSQRe-3lJBFzc5qOeOhJpqf_IuUqv9JdaOtpBs1lbgdUUSzGgnVL3OTc774485s1iY-or1QfEpcjKDlkfw9g0rgvpMh8ATzz4EHz4hwajqnkuyYVKSW1xx0Xsd1RJTYCPfAhAAUPU5vNDmAschltVexUXg&cry=1&dbm_d=AKAmf-BKaXAeQNkK6qNUsWL6Vl1bHB_6Vttw75uHQmlDxsgyLT1P1f_jY_-f_am73QM_46TcdnT4EsCPcALiwVGZe8UxM_e7PF3J6pd_rEx_eKuMwMcD9_-lQB-fe4e83ZQaWp4KKqxEuBRhqAYACU5IIt8glDJ222PVB-4zm4AwDiACzFCLSF4uIzKrz7CLwxNc2VyaaF5G9i5MEdGvzJWLNFOu3a8ZXv3LOgd6MhTVMY7j4G7nHBbGNGGBwsVtm2SQAAZ6M-V8B7UCaeuN8uab8uho50_UNoBqWkGIqmrCCchNvZHekUTHIyyAI6tz2dCMrdCagGrMhBDX1dijwol5LprkuQmz6TZ_UsaYzTw4fKeJYyXWB6A307vFpqjcmLrXFAtr-EHX878PdwLhjrt0JJcGG8DLdehIUCnNs11E6DfFCl5J7P3u3h52yBs6x7-V8YA7sIhVrK4tdwIqufDFOQBCKHifN30qwl4ri2bpKqmUMKveRxMQsk6lIR9yXDpANmmAbLxYe35ZyTGYGgJ29GZ6HZldZAxPVHLw25qR0CZXNCbPWUVjb_0PQxsgEDJAQJetQsGTXn8jEys2qAX88tHFAbttkzdDOt6R-fmrtkz_-3sN7LJs-RCtLETVQ5mcH_l9W6iN4PwSLLqSGvZPtWdNVnoHDEs8XG7gukFf4ex06IMXQ_MqZZBkpdxzry9WXl7SNwHpJFq0OlmKQHEJVadlaX5GZUZ-yZRzwfxjIh8DsDo0j4R6JZfIMrqADzh28ReTrlz-WyRb501-o7ckxgkyWWeOHYQhxhbypIrONZGWXUoStgxY3HY8gkYX__iq2WMgAmV1DL9tUYnyFiHDuRMEANntLawC0jucYrXqMFlAj0CPvl0yVShQp-koPOljSEsQLMRfFumFmibXpTds78FII_J-CH5sgUZ_IHXAJeTGLKs4k4woMNzFWfAk0Ol3-ubDDTdm-eXC_AnV5NB2gCrMFkYrPyocEZDp8j83FDPzgPsdQoXx5wVByBFMLnoSx85cddco3VlaHVc87uZd87vcvr6QbcOx2Xv-oj7_NTuejrmkdQ-0EFv1lDtMvVusuY4k7LCxOB931Ns0_Q5gbI3Uv6Q6y2ffoOugT660eq4xnSK-mgkZ4rQm9OQm7RwDdNKKU1eXGVAdsSu1kBl_f9OPYkBKH01N5PxRr1ZNKoWuaY3mQ1BYGIOETa81Ds5IsiQg_d9gn1E98HmotgzwwQVwJ0JOqew5H-qE0t5wCBeGmtSu9D6MH4lGy-_ARyBQXVeCODztTeIy6IZt-aj6LwHey78PUOjR_DEQifTbYxgpgkKlDU8D_Y4YyyflbI80TTzDLeNYzijTzWkDPUTLEYY0ORScKm4_MkVbbXDzifPlPUhhps2Ekegk2Ir9K-jHr858NxJN_Hgns9AkDpq8jqSB8UP_dgFtPaGCJUFz-tRi8hK3EOmbsGNv19XCxCIVHTQuG8XDCxBMUhUPS34Mi5lAmwM1OnHbzUUeIuhEtVmFgE82VBtp1vvhGsa8kgSLLNd7UxV4NxSdCwWmwQwZiDYSu6VkN2Ia5duBjoZcFIf8jjdS00E2WjMO6-PPr65gZgNqCUB9DpgjR1seegFtgSIwzOvwqeA-cRDPulmrXTWWZRYD7SsdHt4-HzyjINQEgZxvD1cPsyIpDd0jTOO5YZrz5lESsXZvDSxCjotrgolmsmIZBIbGPEjyX3it5-VWjzPtH34iLfNl_wYkF_3QTK-Uljib_yla8SR4OgtTS7niBRLTX2yEkuBkDXWXAK144DBDdg1zdjQ3VP0SxPy3JHZqKtO1KGJJSnhwrDAQ-iagv4blZ7I4iCvQfcSvyqX8PIrxZ5v1J45IOggGQCYGBRonrHgwD8LJQS6qOIIYV_PjYR3nyDvrUv1M67fBD4TQvGnuStNUzcIvKYNBI0qs8131PfZ6XHBvnJ1TVVKqa8vaUOE8j6nhDhfeBvyttbaT2s1UMmAPaZnPqHOzScwfbeZjkJ9zyRQxRbxlZS8iOiMCneol_l4kg2oOicV6dS04VkEGcwP80Xrcvcw0S6WzYQdayxujzDOPOOBDugyRxXD8-HM-OeOXRMBs1jSQHSSYkkrvNledxA5O-JfR_cKCR418Nua4JVaU4FS_Z5CqLGVhQEG0ePvnTq4uYz9ypOxlTVWpA4vlfgTAyDCa-0MP6i5XBuG3-QmhBiiMilJDRKnPf5GnYeeItGe_oM3cKKlER7YBXKogM4dYOc8BqB6SxvlU6_5uFlp_PVjdDbIWLJZt1Vf2lJ9TF2iic4PuQUjY9cxtghD2gV8xk-y-QEk0uUYoHe5qLd02ceLSE3LCGwhRHfXywCTT6ZTRgYR58XsX-L77E0Nz1-AfFDxz43K1DpYKyXZYTcZtjfatHZRaMr9cPUZoP0hipKzY-mf-jW8ZmFfYyt4eTRpBSfLqzJ8ktUerB0kI8JeX3iMlsaS3JjK2dR-1O3fDoOjeUGkrDh_BC1CetZH2awBI8S0Wjn0T-CIi_J6H_YQ6ng5CuuqWQRKoFrPfeAdpVbz3Qur-pHonF7VPqxUYm9k1fiF1e8XKBTRDDV6osoE_dAivOcKHRjTyhX-Pqh_J1xJ2OKbeSNBBVKFMd0cZKjlq5RZOe8Nw7PEKPOZlcqlAAs29EG2lTp33PkbtU5xmW2L41wnb-oilepSb5heCD8p8grvMPg4EPU9VtYGLMYqwI-CYQ2ybBVUvqJpouPVMqwfnUQWmSOp5RakaanQHJdO1DZ8bX93Rkc1RTquCP9w0_Fc9ga31nE9V3RjIqYT3n9DQLggxZqtIncprMC5iUsXNGC656paqQge0yH8rV7VhQDbNPV74biErgY3ZXCi64RQ1H3TnJ00s0k2hALus9dvUxcSzt_HtXJO2oFnjCTbEVWDsaRILbVtna8k-Co9QlTH6N_n_e82LYRN5Pp2kxO3AxQrrh8xSr1Ie4HQ8W-6tsePfzlmsTOMp34uU5vJNMVGtbrZC5sAqgS-aB1Y2xOhvtKvzgB8mBHCR9EbkNELQRZ1Fucyqs1Ppz3bmI83AjcaE_6tutVfIrGRq5swEns0ZiAZ_LYd3LfwPjvONQy_FPEOhQMgJWFsAWSg89DNfW1UYol5thUeU8ijNfbTsmB4IwpdCeVVsQz2ibVGjpiLcTWkvSGPHa8EJ6B3atvDU7PT8481U3esRlxvkwVAZ5RcTvMZmtgcc33d2VzaAGWsYRIYwXX9vdhVpNtTqTWCflpel8_sLGN2ZC7mNniA0PzL-BVkZUW__S_ytGMZpQ9AjB-Yf1S2-yKS7HtirJTh5qM_lXvrlnHxrf_Ex1NPh2HRQgHgU6qJ_IH0o1DH5GDgvj_3QwdrG_lM7iJFdsGze_ZPnYetTHkF-gwShvqS671OipU-wNPd7mGu-wD_9CKx2tnj0nVDIWl4Y3u2rJpzM-WhH3XIdRJyMuSeGnpDaIQYryFKsgJvMR6c_2zLp648tKbgWGusq0l3HX6zl2v1rd_55vmEckasmNnAS6Y2lFsRXhjLYxWYiK5ZabsyCrrLAD2Pj3Gj3JESfA2-l1TguUFeYQ7xUgskj60TSQHSO-eukytcgV3PihfeHo5Dy7vVOPHYy-Y3oHpTBXMI8ahnXQ2E9tta41YzgjnXGcLlRNso_WoOZGJQ-iuHnh0X7gC5lOYQA_z1dgJVXyktjdvLwtdOloqgSQ5Or51miPstch0bIK1AXUu-n8LIDk73seHY6bn5diLNA1qdS4p6jSEEZQGt3NVT8VX5jUB9KZxEkfb1tkPcyzgJNJU7A4Hc5X-TKT_XNH8J6bZK-fgH8zAQ&cid=CAQSbQBygQiDnhtTem870tkP4aWMhKZ6Kz1GaEeUhZqzuy75x42W6ikvyDHIKj94Znfx8fx7qRDByfM84dZGQYSNYs0wfjhtyTCyac2NOBdk2Cg6mOICtMEiygSp93HmAVnlxAO_aHajXbmJNRPVQtkYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=2705401943974782000&adk=3468572599&idt=41&cac=0&dtd=13

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 114956
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H/1.1 200
OK iju9wczm8trb Show response
hal9000.redintelligence.net/zone/ Frame 2418 11 KB
4 KB 240ms
7ms Script
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/iju9wczm8trb?subid=&gdpr=&gdpr_consent=&rnd=1687988910980124&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxK1MrqqcZJzpO5DwgAeey5ioCablvaBprZWcp8kP8C4QASDAsoJrYJWCgICYB8gBCakCC94UsJJQsj6oAwHIA5sEqgTdAU_QAKojiTF8yRmoa6t4Z0vIas-Mpaih26HMyCnu2gCxXCdJ2Xy_Eg67jTEr79GEvJR4ICSVbjoKrRdLTkbtHNV2t5VhVRNTmQlPGUw7zumXhMwvz8UewYVMvc2qXclraLY2zKpyruLV7OiCBASdEcb2JzLYH-zkMb-566sgUr03HPB4UZ2Ucbh1470BLzZ1G-XZEaxwWxjLVncI0_mJsAc-pzMFFIoEbgpMdeEN8o0qmJBErMopaUdWg-GSP3FroIP97KueJRKvxeyRP5Mt7uqjFy4hsuTwiVXF0djkwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgOYCwHICwGADAGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiDnhtTem870tkP4aWMhKZ6Kz1GaEeUhZqzuy75x42W6ikvyDHIKj94Znfx8fx7qRDByfM84dZGQYSNYs0wfjhtyTCyac2NOBdk2Cg6mOICtMEiygSp93HmAVnlxAO_aHajXbmJNRPVQtkYAQ%26sig%3DAOD64_2SNew2PrmJaGRVzg8ZUshw-dui1Q%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-D2XubXqDwEhIyIUaMyZAouXpYyiL9q99hXqnDIgCF9H4VCcRA-5N5JMCpNglUZaIziylD9NX7H4E2ixJTdr5yf3pNXXw4XtcQwGF5IXpvOZzBX6jRboKeu_AQ34f9ju3WzNjzDZBeuS2Z5SfbmiNdH0_qWvC3rA0kznom7VDbiy4e8heU%26cry%3D1%26dbm_d%3DAKAmf-AWwawG-9wC_LO170WsboIN3sBjwIAxYBdnpiKNT86vxG0lcsUAiqtORFeS3gcdswx0zi5TM4cXhK8kH413Hnk4YUlsBz6zqsAgTBbMaG19RbIFdmGPeWW0nztMSa2qXpfVEY28Bo21_1jYTfTp87PekUIEYn8Oj68-TCpznxYAWY56pV--yBXci5QvOZP7TQiyXRixUU5TeinLfi7nbWDQbAS98MmC4SgoxVeGTENseqluJMGhVliRYohf5rgz_RV9Qo7dy1WOMnwy9YfY4GSZQwJa_CoO9cnojVv9z8WHsAqSaUEybB1SYrkm2_R3ejKiL7mph9DLXXJOLBnvhNENWblRIn9vV5FunddGXuQP9hFMBk5cZohbqf_lTpzMQctwzf1KL7dT8TO5hiv6see3dFSZ7w4TI-zoAt6HirjWlwaYoaXaCu5q-ygPfY9ylBQlj7vR-waYewzh7t2QpB1LayhguEiyJAWxHUtwQKBAtS7aMLaZFXWZXCEqeqpfN3s1ZlEAUhTzrTPFek6Z4QH-TIjWyrjh1rlP-vx07NCHB_yPO0I%26adurl%3D
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: 38638044fd6994e283e47f7b4fea0cb7396e92bdd2eb177c78df99433e4fc889

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:48:31 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4175
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H2 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame AD74 20 KB
21 KB 237ms
8ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 05:48:51 GMT
x-content-type-options: nosniff
age: 403180
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20784
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:21:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 23 Jun 2024 05:48:51 GMT

GET
H3 200 container.html Show response
a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7BF8 6 KB
3 KB 12ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:30 GMT
expires: Thu, 27 Jun 2024 21:48:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D999 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:30 GMT
expires: Thu, 27 Jun 2024 21:48:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B9FF 6 KB
3 KB 13ms
13ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:30 GMT
expires: Thu, 27 Jun 2024 21:48:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C5D8 6 KB
3 KB 10ms
10ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:30 GMT
expires: Thu, 27 Jun 2024 21:48:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 276E 6 KB
3 KB 16ms
16ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:30 GMT
expires: Thu, 27 Jun 2024 21:48:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8B27 6 KB
3 KB 10ms
8ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:30 GMT
expires: Thu, 27 Jun 2024 21:48:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6EAA 6 KB
3 KB 13ms
9ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:30 GMT
expires: Thu, 27 Jun 2024 21:48:30 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

request.php Show response
hal900028.redintelligence.net/ Frame 2418
Redirect Chain

https://hal900028.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=a5e1aaff91&subid=&uid=bfc4e159d1959003&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900028.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=a5e1aaff91&subid=&uid=bfc4e159d1959003&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

149ms
111ms

Script
application/x-javascript

88.99.165.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900028.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=a5e1aaff91&subid=&uid=bfc4e159d1959003&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxK1MrqqcZJzpO5DwgAeey5ioCablvaBprZWcp8kP8C4QASDAsoJrYJWCgICYB8gBCakCC94UsJJQsj6oAwHIA5sEqgTdAU_QAKojiTF8yRmoa6t4Z0vIas-Mpaih26HMyCnu2gCxXCdJ2Xy_Eg67jTEr79GEvJR4ICSVbjoKrRdLTkbtHNV2t5VhVRNTmQlPGUw7zumXhMwvz8UewYVMvc2qXclraLY2zKpyruLV7OiCBASdEcb2JzLYH-zkMb-566sgUr03HPB4UZ2Ucbh1470BLzZ1G-XZEaxwWxjLVncI0_mJsAc-pzMFFIoEbgpMdeEN8o0qmJBErMopaUdWg-GSP3FroIP97KueJRKvxeyRP5Mt7uqjFy4hsuTwiVXF0djkwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgOYCwHICwGADAGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiDnhtTem870tkP4aWMhKZ6Kz1GaEeUhZqzuy75x42W6ikvyDHIKj94Znfx8fx7qRDByfM84dZGQYSNYs0wfjhtyTCyac2NOBdk2Cg6mOICtMEiygSp93HmAVnlxAO_aHajXbmJNRPVQtkYAQ%26sig%3DAOD64_2SNew2PrmJaGRVzg8ZUshw-dui1Q%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-D2XubXqDwEhIyIUaMyZAouXpYyiL9q99hXqnDIgCF9H4VCcRA-5N5JMCpNglUZaIziylD9NX7H4E2ixJTdr5yf3pNXXw4XtcQwGF5IXpvOZzBX6jRboKeu_AQ34f9ju3WzNjzDZBeuS2Z5SfbmiNdH0_qWvC3rA0kznom7VDbiy4e8heU%26cry%3D1%26dbm_d%3DAKAmf-AWwawG-9wC_LO170WsboIN3sBjwIAxYBdnpiKNT86vxG0lcsUAiqtORFeS3gcdswx0zi5TM4cXhK8kH413Hnk4YUlsBz6zqsAgTBbMaG19RbIFdmGPeWW0nztMSa2qXpfVEY28Bo21_1jYTfTp87PekUIEYn8Oj68-TCpznxYAWY56pV--yBXci5QvOZP7TQiyXRixUU5TeinLfi7nbWDQbAS98MmC4SgoxVeGTENseqluJMGhVliRYohf5rgz_RV9Qo7dy1WOMnwy9YfY4GSZQwJa_CoO9cnojVv9z8WHsAqSaUEybB1SYrkm2_R3ejKiL7mph9DLXXJOLBnvhNENWblRIn9vV5FunddGXuQP9hFMBk5cZohbqf_lTpzMQctwzf1KL7dT8TO5hiv6see3dFSZ7w4TI-zoAt6HirjWlwaYoaXaCu5q-ygPfY9ylBQlj7vR-waYewzh7t2QpB1LayhguEiyJAWxHUtwQKBAtS7aMLaZFXWZXCEqeqpfN3s1ZlEAUhTzrTPFek6Z4QH-TIjWyrjh1rlP-vx07NCHB_yPO0I%26adurl%3D&documentReferer=https%3A%2F%2Fye-mek.net%2F&ancestorOrigins=https%3A%2F%2Fye-mek.net%2Chttps%3A%2F%2Fpcloak.blob.core.windows.net&random=5528586753483&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Server: 88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.19.165.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 3b0de38926780a96381f1a9dda4033b19bab7138171d2d773517d833be962fc5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:48:31 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 35277400156373704444554012369028
Connection: close
Content-Length: 1366
Expires: Wed, 28 Jun 2023 22:48:31 +0200

Redirect headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:48:31 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=a5e1aaff91&subid=&uid=bfc4e159d1959003&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxK1MrqqcZJzpO5DwgAeey5ioCablvaBprZWcp8kP8C4QASDAsoJrYJWCgICYB8gBCakCC94UsJJQsj6oAwHIA5sEqgTdAU_QAKojiTF8yRmoa6t4Z0vIas-Mpaih26HMyCnu2gCxXCdJ2Xy_Eg67jTEr79GEvJR4ICSVbjoKrRdLTkbtHNV2t5VhVRNTmQlPGUw7zumXhMwvz8UewYVMvc2qXclraLY2zKpyruLV7OiCBASdEcb2JzLYH-zkMb-566sgUr03HPB4UZ2Ucbh1470BLzZ1G-XZEaxwWxjLVncI0_mJsAc-pzMFFIoEbgpMdeEN8o0qmJBErMopaUdWg-GSP3FroIP97KueJRKvxeyRP5Mt7uqjFy4hsuTwiVXF0djkwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgOYCwHICwGADAGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiDnhtTem870tkP4aWMhKZ6Kz1GaEeUhZqzuy75x42W6ikvyDHIKj94Znfx8fx7qRDByfM84dZGQYSNYs0wfjhtyTCyac2NOBdk2Cg6mOICtMEiygSp93HmAVnlxAO_aHajXbmJNRPVQtkYAQ%26sig%3DAOD64_2SNew2PrmJaGRVzg8ZUshw-dui1Q%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-D2XubXqDwEhIyIUaMyZAouXpYyiL9q99hXqnDIgCF9H4VCcRA-5N5JMCpNglUZaIziylD9NX7H4E2ixJTdr5yf3pNXXw4XtcQwGF5IXpvOZzBX6jRboKeu_AQ34f9ju3WzNjzDZBeuS2Z5SfbmiNdH0_qWvC3rA0kznom7VDbiy4e8heU%26cry%3D1%26dbm_d%3DAKAmf-AWwawG-9wC_LO170WsboIN3sBjwIAxYBdnpiKNT86vxG0lcsUAiqtORFeS3gcdswx0zi5TM4cXhK8kH413Hnk4YUlsBz6zqsAgTBbMaG19RbIFdmGPeWW0nztMSa2qXpfVEY28Bo21_1jYTfTp87PekUIEYn8Oj68-TCpznxYAWY56pV--yBXci5QvOZP7TQiyXRixUU5TeinLfi7nbWDQbAS98MmC4SgoxVeGTENseqluJMGhVliRYohf5rgz_RV9Qo7dy1WOMnwy9YfY4GSZQwJa_CoO9cnojVv9z8WHsAqSaUEybB1SYrkm2_R3ejKiL7mph9DLXXJOLBnvhNENWblRIn9vV5FunddGXuQP9hFMBk5cZohbqf_lTpzMQctwzf1KL7dT8TO5hiv6see3dFSZ7w4TI-zoAt6HirjWlwaYoaXaCu5q-ygPfY9ylBQlj7vR-waYewzh7t2QpB1LayhguEiyJAWxHUtwQKBAtS7aMLaZFXWZXCEqeqpfN3s1ZlEAUhTzrTPFek6Z4QH-TIjWyrjh1rlP-vx07NCHB_yPO0I%26adurl%3D&documentReferer=https%3A%2F%2Fye-mek.net%2F&ancestorOrigins=https%3A%2F%2Fye-mek.net%2Chttps%3A%2F%2Fpcloak.blob.core.windows.net&random=5528586753483&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Wed, 28 Jun 2023 22:48:31 +0200

GET
H3 200 YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js Show response
pagead2.googlesyndication.com/bg/ Frame A9BF 37 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6139cf28f27e43ef93d80278423db91715a6c3b6c0a155c4f7386dcf578de617

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 10:30:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 213478
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14704
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 10:30:33 GMT

GET
H2 200 6363a944e4b0125bde9e6739
ng.virgul.com/tck/imp/ Frame 1B9F 0
209 B 53ms
52ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/imp/6363a944e4b0125bde9e6739?g=1&t=cpc_annotation&r=153366@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687988910666&userId=vnet555305dd-604f-4c2b-a899-19000d2d39c1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:48:31 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 7BF8 34 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

63715e8ffb3d4efab913b95b9369dc96445bde93529cdc97909bdf57a8134300

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 20:30:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4682
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13554
x-xss-protection: 0
server: cafe
etag: 10619647361806024282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 20:30:29 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 7BF8 24 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35140
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 27 Jun 2024 12:02:51 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7BF8 179 KB
56 KB 22ms
21ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:48:31 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame 7BF8 22 KB
9 KB 20ms
17ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

81f66fb840c902b62f902bc4e27a6e3dee001d2f8babf5e767f78f16136ff0b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 18:49:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10759
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9007
x-xss-protection: 0
server: cafe
etag: 10216374826415589524
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 18:49:13 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 7BF8 3 KB
1 KB 20ms
17ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 16:34:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18813
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 16:34:59 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 7BF8 19 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8933
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:19:38 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 7BF8 0
0 19ms
16ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTSMFkQ8K20xWU7l3y69QsQkf906bWUAgzmn9HsqHjkBxiOpljoi_G9AnTz45ICrY6gyrUjhpWPMbF55ksrtzdnW3XfNw
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 2BAF 22 KB
8 KB 17ms
16ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 114650
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame D999 34 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

63715e8ffb3d4efab913b95b9369dc96445bde93529cdc97909bdf57a8134300

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 20:30:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4682
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13554
x-xss-protection: 0
server: cafe
etag: 10619647361806024282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 20:30:29 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame D999 24 KB
6 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35140
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 27 Jun 2024 12:02:51 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D999 179 KB
56 KB 28ms
27ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:48:31 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame D999 22 KB
9 KB 16ms
12ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

81f66fb840c902b62f902bc4e27a6e3dee001d2f8babf5e767f78f16136ff0b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 18:49:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10759
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9007
x-xss-protection: 0
server: cafe
etag: 10216374826415589524
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 18:49:13 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame D999 3 KB
1 KB 17ms
13ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 16:34:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18813
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 16:34:59 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame D999 19 KB
8 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8933
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:19:38 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame DC1C 624 B
245 B 38ms
36ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjstJ_sATAB&v=APEucNW3GJbeG5VpZvCq01OCHnAXZfbbTzRt5j_tYYgX9i_St0JIWjeT9KvcO4XNkS6T3wq6d3yPn9dh__ZPdiIjW5kkP4ppE1KCLWIOBD7QwV8si0tMArrtAzmG9Ss-RR_9kwKRig5skyvv343v13tka3Ped3mTUbVuI3Xq0neKJAylTbwPDCg

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:31 GMT
expires: Wed, 28 Jun 2023 21:48:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame B9FF 78 KB
27 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:48:31 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B9FF 42 B
63 B 52ms
49ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Cv88Vx9XNTtRHOO-NXMGrIjfFhuQdZVe3MjEcUZXysVO6uh5vIvcAYdjvWaUzCBo6cx-c6_KHYIcA3sd8nqxsORzYg9PGzimluJwDS9Tf4Lftsxqc

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B9FF 0
20 B 52ms
50ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=16142555721972942389&x=1&ct=76

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame B9FF 3 KB
1 KB 18ms
16ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 16:34:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18812
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 16:34:59 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame B9FF 19 KB
8 KB 18ms
16ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8933
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:19:38 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame B9FF 0
0 66ms
11ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQGl9VfU9NCgZllGZvuGunOcqa7AUZxSv_wQSnJ8YX2oX8vhc23EeM2KzIEgyzON93d7VcckaS9ljUTKN5VA6q-aaJx7Q
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B9FF 179 KB
56 KB 39ms
36ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:48:31 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 25B1 624 B
245 B 34ms
31ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARj8x7LlATAB&v=APEucNVPMLW0FMoyN7iVRZplRWDF-_cSVrOATbA2AA10dtUSXLxtHkZd6hwrDdfvz5D3Q2PNq-PRRvkLH7CHKKSV5dAlsIZh9KqWYQRirySZrkp8uYb0nmWb1FnP6e4q53ob_Ly9MXldqwRwH7o4-miGvt3xkcboICILZUgB2ZupcSiA72rErME

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:31 GMT
expires: Wed, 28 Jun 2023 21:48:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame C5D8 78 KB
27 KB 74ms
70ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:48:31 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C5D8 42 B
63 B 55ms
44ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ApUlmHuIfGZ8nDcVcpxhwMcBKRHz-RF3FdtolcKXfqUhIg1TmDrOjaMimtOWyICSUaF9LMv0P12WtWJrOC36IZCv5nTIDZvJiuRUvTuDt5R8P-QSQ

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C5D8 0
20 B 56ms
44ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=5122876243078648341&x=1&ct=76

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame C5D8 3 KB
1 KB 32ms
20ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 16:34:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18812
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 16:34:59 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame C5D8 19 KB
8 KB 32ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8933
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:19:38 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame C5D8 0
0 62ms
12ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQp2dLmztXvY2l0I3xG62dw67jxlwx9ErWv9V4dCgN4KauBPYvDGMxxyRT32gNvVTO3WuOX7zmvs0r3kyBL7YN8Mnn5bQ
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C5D8 179 KB
56 KB 35ms
24ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:48:31 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5805 640 B
265 B 47ms
32ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEYjayL7AEwAQ&v=APEucNUTALzEaak8Be7FBWzgBO2voipe3c0pHaYfeydVnnrVRInxdxM0b6sFCKiJF47Bm0qt6jbF0Dod9oC-RNETTtkD-F9JaVq4TnZ4lrlSRZT0CnDZIoX83b9nPIx-FUHbNT4e_uPh4H6AJqLAcAekYBOA6pSDqFaAJJNRyhHzTH4aYjpJmuI

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:31 GMT
expires: Wed, 28 Jun 2023 21:48:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 276E 78 KB
27 KB 62ms
47ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:48:31 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 276E 42 B
63 B 80ms
65ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DDNn1Zq7KfGtEzJHpA2UjEz25jpE-bJr8nE8ZWKG_bQG08RxUg540p8tmPadglRaOxz8p4ZAO3dh3hsWf8BTEl_hvtzyFxLkW7zMoWhI8OCyHQFYA

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 276E 0
20 B 78ms
64ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=2148530608043300990&x=1&ct=76

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 276E 3 KB
1 KB 33ms
18ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 16:34:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18812
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 16:34:59 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 276E 19 KB
8 KB 33ms
19ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8933
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:19:38 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 276E 0
0 58ms
12ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTmna97VxXqUNXI2Ywpn-lyVq84R2GwoESSa7E4dIvAPBceu2RgfTWsMxlONSlSj0YG2uZ5Y29zT0W1c47aHswPmWEHzQ
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 276E 179 KB
56 KB 48ms
32ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:48:31 GMT

GET
H3 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 8B27 34 KB
13 KB 27ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

63715e8ffb3d4efab913b95b9369dc96445bde93529cdc97909bdf57a8134300

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 20:30:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4682
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13554
x-xss-protection: 0
server: cafe
etag: 10619647361806024282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 20:30:29 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 8B27 24 KB
6 KB 33ms
13ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 12:02:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35140
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 27 Jun 2024 12:02:51 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8B27 179 KB
56 KB 104ms
84ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:48:31 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame 8B27 22 KB
9 KB 32ms
27ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

81f66fb840c902b62f902bc4e27a6e3dee001d2f8babf5e767f78f16136ff0b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 18:49:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10759
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9007
x-xss-protection: 0
server: cafe
etag: 10216374826415589524
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 18:49:13 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 8B27 3 KB
1 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 16:34:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18813
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 16:34:59 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 8B27 19 KB
8 KB 33ms
14ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8933
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:19:38 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 8B27 0
0 28ms
28ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRuC88aOPYLKM0hom3k58lBKVuLSAVSoY477FdPYXJt7KOc44hOCFC8xR9YMFSk0gKOcrBNB5qmurQLymt-qQTtEfo1RQ
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4485 466 B
238 B 48ms
25ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhi9hsHjATAB&v=APEucNWGx2R4ZhUxTfxE_gV_tCqWYHvMoiGoqShuyTaiIDC3A8W9C7Z2AwZtjnG6m6MRGVQEktiUtVHQ9TaqKkdAooilvQOYZCZFpUHEgLDPzs6CFoygfBFsdHmRm7OiISMldyixdTqsKsFnQyK8u2feHMjYva21kRCF5GWND03Xd2Vp2tyCTCE

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:31 GMT
expires: Wed, 28 Jun 2023 21:48:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 6EAA 78 KB
27 KB 57ms
44ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:48:31 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6EAA 42 B
63 B 58ms
46ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DtNJx0wCmUaJCgv87mNz65cHFYmMW8xWNNtSd2WzM-9G4fcwbi_h58WJvyzUSv8hld-oW2A0KcBQ9pwBzUV8uvPbpUGQ9lDZamK4PhhTDDgl68RGc

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6EAA 0
20 B 58ms
45ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=8280198177138833134&x=1&ct=76

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 6EAA 3 KB
1 KB 25ms
12ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/window_focus_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 16:34:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18812
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 16:34:59 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/ Frame 6EAA 19 KB
8 KB 25ms
13ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230620/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:19:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8933
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8131
x-xss-protection: 0
server: cafe
etag: 7076601798724011321
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:19:38 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6EAA 179 KB
56 KB 47ms
35ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57260
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1687952195399670"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:48:31 GMT

GET
H2 200 10261972549777223277
s0.2mdn.net/simgad/ Frame 7BF8 44 KB
44 KB 76ms
18ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/10261972549777223277

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25b451f3cad26104f57800c79546bf5a40295d0cecf5623e623f4479b94d0ddd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:53:57 GMT
x-content-type-options: nosniff
age: 14075
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44765
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 13:36:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 17:53:57 GMT

GET
H2 200 7352296608196688721
s0.2mdn.net/simgad/ Frame 7BF8 10 KB
10 KB 73ms
15ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7352296608196688721

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:54:10 GMT
x-content-type-options: nosniff
age: 14062
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 13:36:48 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 17:54:10 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7BF8 42 B
63 B 33ms
31ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-At4rzn95Ge5LU7lz_aiD3UaEYsVg0sC0LWfIp2Ycpiw7IwNtUepH9I8telGRMU6gF-KiThGhXDtKihWLZeGwQyX0Y9A2QT5mXzFamKwdBEb7obWdDZF_WPcdpf-nbGaf8hAttCFwERMJuBHsJgi-d6KK2B_Q&dbm_d=AKAmf-C8l5CH4PvilGEhpHChBAAb862ezqRteY-6q_1b8RYszlySkOeSTeq7Z_Ij7Xpd1jll5MMySBx1ZR12hzTeGuzJMO0CY_d2RvkwEXqjCHLvvcTKr0oTBSsWEYtWmrxTt_3iWjtcfGlQe8-IQtJSMGxOC92wwfxwACBG9_Tw1yhGIQR7Aa92JcNrnKg7SC9mRyiaDObnZtO27b3Aa_z4gdY00iqCxpgPDtR63-VaCnHtfAM1XmfgXz8M2NgGPlwhYK0VMhwF0nzoztON2LpqLhihO11yFObOEbZmm6PEnjSEIdGkm_UUXu47D0icbMHotVDCwsYE1Rc5c4pncCLi2J--WmKJRytikTQlsE7qsRe9EXG4iZPcQHrOsEp932i3KarkrEW0fCRWEd-1yV3NPznvi-t0uPWI1H5h_JPJ30424nvaMBVZFUGVDGDKWp_sC7MMi99lFrxIR3TbQxq8bk5Y4o-X0hp2Etbjwj-fKXQsXFFYiflK4OEDpW4cTTV4AFCAwtWURDzEt7ho9WCbZ1vZJq-VmpiXPBXcO-tUWA4LZpqPejtdpk26XkjyaSDtMKCnyj-_k4aREuJai5jb37cGYpSjlr9uU3MIfgw2erAaliRnjRvkfGfntr_eM1MIPU4Cuz1ImaD-uGhmkXfdcf8uK_jvnOYN10YbKK5hxqAm8b8MLtHZPdSRGiQsNSS94I4UeMVhac7HAWpDlgCv6_zy77SzjH99F0misxqvr8hhcJvzfqDAq_AdQsaxhi_9F9YDMcKm7VaVOnxCYojKf82tGQa5dfZ3ZGSTpvHUCV_FUn7L1pQwi7Fn5TBM7v36KI1Ai4vI1hKLGczzXP2utKsl4TVob144ArcJrSkU6nuBCXb5pN6sAN1aqMNfS_XAT9TzziqLhXyq6iXQF8-Uzt6hPh0Hy-kwTmDyg5rjXU9UGPQk4dg2l5rUSz_7kUksb7fk8A_m8F-mBMScojIb0ObPsBMu5Yv47XX319bYPPQ0UwKZzvVJTy0QRJv0bxTKTmKd55w7nKRXh-gjS3HvolJ8fmxTDT9dseWNRI7lZVRIZVVhScHj6rec4eXiZQ1YcafceWDEUhfYBIHq96p38exT_3kO0vSlFa8dNukdm8SqwcVLf4EbE5JqEA3FUpley0H0jt573kiaxjElx4UNbxnNzJoH5tf9X1AfOESH6GDg0nLpuS62wSZeXv2FPnFzUKiXwDzJ73N3bbCyYb6G00owdZVRxsCMf3Kg967GhSkTA0kK_EAlDinziCRAo9HdIr_eUeE7xTil56LaTSiUivPDkeEEjXBpOAIH0S1EEuFt38WuOluJU43QyA-cg8EkJ8cvo-1yLkYeX-CUutQb4udX78REk-XDHijqKaX_H-2ghPKgTSDxoMDmHK_Tu15QsDkXLv-Mgw7lRG9tHmWNJE7sn1zZBOiF3DfD_o5sB99bTEU1NvTyX8WuL-ZI7IweFyhgcvl9ih6MR9eSh2OVoW_fDnjqqC86g_cEBorr4J4pqmYFh3ypfUnqFAl4tyR3MhIOxHnW0rF8QH-pd8FDpxYjF_W7SC72YFbz4vdu6WFZxfVwfOR9Vff9QxZOaVHEyHUnIjFU2SmvfQhZSNpbKutIBej7vFUQdoVQw6p87I7GcsXPZCs1Y-4rnULO35eXGG_syfrccgcGfFz8CD6l3l8SiW0a1EbweEKodTScsJa70ai_RX2vo0ie7pxesRVmMxtdUuUb_uijlYqrc38ZZRZfM2bVLvy1o8kz7cxs4mU4ZbbTalhG5kVQ749igvNNyYyBztl8D0eqjJVgmBHDiygwZbsHsVYJ7SO6ctfJRItu2gqNxaGLRgiwk3x4qYyFtjwbRYG9x5A-s40JRHx3E72vz5ymqxRM6rwBhGOvXv2hc2zMrml_PYT6cfEHIYJHD8-dvmll---iRjkrTSBFPkJiLyKiw9WKYNcWnUmYTRSRu9oLgWEkfkHo2FNmXw29Ve24rhl7LXFTaWxSIKA-Tuiit4f2T0K9Y-GJ08Gvu9tY3ezDfOfRTnbliLa9sj7QRX0Yi6BHS9xma4x9QxoU1tNaES2esjIUOql6ZkK-fYfo0MvtwGMYUdEjxYvooQF9hN1n5AbrXg2CJ9Cu8zGYCugKmAIzXdAj7WJR1cbJUFXQDYNdisoeip3XCIam2G9AE2i9jato9ZYzbj91PURcs2ub8pCqcCpvv9dB6O_hAQyZhJqqyVgbEL1dFdDmx9X5I0dyZuJboXqGJSLd7ymTIaueBg0ofmMteKkK6XWoV3n5vsEEVx0--csGaiJXXGiFNq2ezg0Gg6jeDI1gLbusjQuDMgJ5v-wFTWJVqVu0C8JbALafk7th5w1G9uzTmXKvw_x5N8FBwxlWD2240YM0OEuAMNeewBv2lfR2HJUMhSQABA5Ui2qJO_1mBOabGY_IZ-SCJuBT37IFj0VuhMoJp0nMhwu27iSq1oNawOmLoUPQ88IHaIhDXGrLnmMpF2pEQevFF8ZvfFvqYEAurfJ8-5N8y6pokUald_PZFHaTYGO_qKb_PeUXuiu6DCTc7tZxmzwkcb87dPwK4l-EJoCnZk-Ao0BfRq7j_8mzQKslfyw1haCt0ejJ1irsi-IirJqVcY2RyNeFHVr0Vy5Rzm5DX7ZrvzDfzQT30eiSbln_2us-O7MenrnccJ3Eyz4Rz8SSEY9vGSAL2H0oHb0ZfSZ9cVZ3ph6n6x-boQQM8Q3Ld4nDhA5nByYXG78CxLkFn60aoRTZ0I5B-fm8jbL3RIu9PbHFMID-FsHJg9OFHU6p3WetPHysWgceSfGfLFtbxgWhQ07qBavANZaa7zdKG_C0AQmfpJvThNZMIsTLTqsJcrOkCcIHM0ceJjFtQz-zCyKeKrxc8lOUdv40SfTnLuh5XeOp20IbcGAylC_49YhwmU6KR3PZAjLFXiTZJvX7g1FmThd7ZWEugRSeYVGS15CUSPVfOwFNTE3b1PCC08z399-J_H0KWApQMn6TbD6fYqYQ_CVziuAQEkx-gVmr1wnf0RlaI71IYfknmHs4prCwz92KsbX8CVkdAtPokVq-AzNiFVEED5-WrGXxSvW9bQxkhf0R3gUFTa6P8EGJovTdDsl_ISEXozTpOdv5eEr3ALkl2gs3FvZ-_eSVNILKLgKKneAtiglWy3Yf3aM5MYJX_pkvJ3C6_mj6TwOjMPpowFxWNnchZM8eAxb00lX4Pc4ZDVF2rEO4UB9wYCNQ6SF2wrZPjKbZhfwH6Tb9YceZsL2Nw9pABANbQY78f4K2mDcHm4ac2MjmkyU3wVRCA2deWCdWt_BxeGNvnhZVxQHAnAo02HNfWxcKKnXn2JFCp9PrD36zv4H_-ZCfxCCG9YuDAxQ13UK9c_Kx_5rrPNd6C_WGm0jCcai0-k9xgSGKh1eb_GstpMMcAYZKVYxKpAp-48oO2bXSY1-y4qOiaeAo-bxdM32ENEPFmD3inAU495IgKGcqtsKl-rlppXywdlUMkoVFbZumx3g&cid=CAQSOwBygQiDkp40hAQqcms2kWCfpjW8iFOFzB3qZROngAjvIY-9UpveiGVosJAWh0NHYT9LuccEFnf9if2RGAE&dc_exteid=31137899447981065640937514274281400&dc_pubid=4

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7BF8 0
0 51ms
51ms Fetch
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C_d8ur6qcZIzuCsnNgQfBoZyABdqxuf5wlO_CufkRjqq9n9k8EAEgwLKCa2CVgoCAmAegAdOp3fkCyAEGqQIL3hSwklCyPqgDAaoE2QFP0CPsjHtGAQ_jw7xiF5DpFwGNpODCRQZ0kefcGNWSxGKtNvD3_VU_6UxzCFI1hNNKcOKNLBxv_eroVylEa6KohK2t3fQAhJbrHNX_ZRfsuFX6LATNizswZYFqLtughGvi2sykk6uJPF8gIh8s9T3q_LojmxjhS13cm-acPEZZG8zpYRQfK1FJKMvBUSw9qSVQzcMEnA2FnwwIVbG1HM4kZAZQYcxf_YilljmUMgHN7gjP6U7sNHfM8EhSkF2UJxASqPYDsnqmXcUvzxCE14mXZQzLXxEn8JhewASUm4P-wQTgBAOIBfjZ17lLkgUGCAMQAhgBkgUGCBsQAhgBkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAY3gAeV1qKGAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcKENvzAxil9e_sAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgPICwGwE9LL4xPIE5e6heMD0BMA2BMNiBQE2BQB0BUBgBcBshceChwIABIUcHViLTY1OTM1MjMyMTAwMTAxNTQY6sFt&sigh=c6xu3Wv_YQ0&uach_m=[UACH]&cid=CAQSOwBygQiDkp40hAQqcms2kWCfpjW8iFOFzB3qZROngAjvIY-9UpveiGVosJAWh0NHYT9LuccEFnf9if2RGAE&template_id=509&vt=10
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame DC1C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECp2CEUNEet3vfirHowPD_M&google_cver=1

43 B
632 B

30ms
29ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECp2CEUNEet3vfirHowPD_M&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjstJ_sATAB&v=APEucNW3GJbeG5VpZvCq01OCHnAXZfbbTzRt5j_tYYgX9i_St0JIWjeT9KvcO4XNkS6T3wq6d3yPn9dh__ZPdiIjW5kkP4ppE1KCLWIOBD7QwV8si0tMArrtAzmG9Ss-RR_9kwKRig5skyvv343v13tka3Ped3mTUbVuI3Xq0neKJAylTbwPDCg
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:48:32 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECp2CEUNEet3vfirHowPD_M&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame DC1C
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJyqr0VIkytEHzvV7KweTAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECp2CEUNEet3vfirHowPD_M&google_cver=1

43 B
632 B

15ms
12ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECp2CEUNEet3vfirHowPD_M&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjstJ_sATAB&v=APEucNW3GJbeG5VpZvCq01OCHnAXZfbbTzRt5j_tYYgX9i_St0JIWjeT9KvcO4XNkS6T3wq6d3yPn9dh__ZPdiIjW5kkP4ppE1KCLWIOBD7QwV8si0tMArrtAzmG9Ss-RR_9kwKRig5skyvv343v13tka3Ped3mTUbVuI3Xq0neKJAylTbwPDCg
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:48:32 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECp2CEUNEet3vfirHowPD_M&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame DC1C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEFOUAa_AEPHo2o2OCgVrNig&google_cver=1

43 B
1 KB

43ms
38ms

Image
image/gif

37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEFOUAa_AEPHo2o2OCgVrNig&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjstJ_sATAB&v=APEucNW3GJbeG5VpZvCq01OCHnAXZfbbTzRt5j_tYYgX9i_St0JIWjeT9KvcO4XNkS6T3wq6d3yPn9dh__ZPdiIjW5kkP4ppE1KCLWIOBD7QwV8si0tMArrtAzmG9Ss-RR_9kwKRig5skyvv343v13tka3Ped3mTUbVuI3Xq0neKJAylTbwPDCg

Protocol

HTTP/1.1

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:48:32 GMT
AN-X-Request-Uuid: c58021ba-3dcf-43da-acab-f89908d19b1f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.10.202; 80.255.10.202; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEFOUAa_AEPHo2o2OCgVrNig&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DC1C
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU4NjQzODkzMDIzMjkzNDk0MQ%3D%3D

170 B
188 B

30ms
24ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU4NjQzODkzMDIzMjkzNDk0MQ%3D%3D

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 28 Jun 2023 21:48:32 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.10.202; 80.255.10.202; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 2578f6d6-28b3-4569-aa2b-f3a8c3455d2c
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU4NjQzODkzMDIzMjkzNDk0MQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 25B1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECp2CEUNEet3vfirHowPD_M&google_cver=1

43 B
766 B

15ms
15ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECp2CEUNEet3vfirHowPD_M&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARj8x7LlATAB&v=APEucNVPMLW0FMoyN7iVRZplRWDF-_cSVrOATbA2AA10dtUSXLxtHkZd6hwrDdfvz5D3Q2PNq-PRRvkLH7CHKKSV5dAlsIZh9KqWYQRirySZrkp8uYb0nmWb1FnP6e4q53ob_Ly9MXldqwRwH7o4-miGvt3xkcboICILZUgB2ZupcSiA72rErME
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:48:32 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECp2CEUNEet3vfirHowPD_M&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 25B1
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZJyqr0VIkytEHzvV7KweTAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECp2CEUNEet3vfirHowPD_M&google_cver=1

43 B
766 B

16ms
12ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECp2CEUNEet3vfirHowPD_M&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARj8x7LlATAB&v=APEucNVPMLW0FMoyN7iVRZplRWDF-_cSVrOATbA2AA10dtUSXLxtHkZd6hwrDdfvz5D3Q2PNq-PRRvkLH7CHKKSV5dAlsIZh9KqWYQRirySZrkp8uYb0nmWb1FnP6e4q53ob_Ly9MXldqwRwH7o4-miGvt3xkcboICILZUgB2ZupcSiA72rErME
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:48:32 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=495
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECp2CEUNEet3vfirHowPD_M&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 25B1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEFOUAa_AEPHo2o2OCgVrNig&google_cver=1

43 B
1 KB

22ms
17ms

Image
image/gif

37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEFOUAa_AEPHo2o2OCgVrNig&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARj8x7LlATAB&v=APEucNVPMLW0FMoyN7iVRZplRWDF-_cSVrOATbA2AA10dtUSXLxtHkZd6hwrDdfvz5D3Q2PNq-PRRvkLH7CHKKSV5dAlsIZh9KqWYQRirySZrkp8uYb0nmWb1FnP6e4q53ob_Ly9MXldqwRwH7o4-miGvt3xkcboICILZUgB2ZupcSiA72rErME

Protocol

HTTP/1.1

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:48:32 GMT
AN-X-Request-Uuid: 4fb1d0d9-a901-4f51-b6a3-5a56af334b4e
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.10.202; 80.255.10.202; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEFOUAa_AEPHo2o2OCgVrNig&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 25B1
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU4NjQzODkzMDIzMjkzNDk0MQ%3D%3D

170 B
188 B

29ms
22ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU4NjQzODkzMDIzMjkzNDk0MQ%3D%3D

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 28 Jun 2023 21:48:32 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.10.202; 80.255.10.202; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: bfd1c0fb-59c9-4734-a354-04df0a715f21
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODU4NjQzODkzMDIzMjkzNDk0MQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 5805
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECcSngEGC4KOcCjO1a6g3MQ&google_cver=1

43 B
114 B

22ms
18ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECcSngEGC4KOcCjO1a6g3MQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEYjayL7AEwAQ&v=APEucNUTALzEaak8Be7FBWzgBO2voipe3c0pHaYfeydVnnrVRInxdxM0b6sFCKiJF47Bm0qt6jbF0Dod9oC-RNETTtkD-F9JaVq4TnZ4lrlSRZT0CnDZIoX83b9nPIx-FUHbNT4e_uPh4H6AJqLAcAekYBOA6pSDqFaAJJNRyhHzTH4aYjpJmuI
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECcSngEGC4KOcCjO1a6g3MQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 5805 43 B
304 B 59ms
23ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEYjayL7AEwAQ&v=APEucNUTALzEaak8Be7FBWzgBO2voipe3c0pHaYfeydVnnrVRInxdxM0b6sFCKiJF47Bm0qt6jbF0Dod9oC-RNETTtkD-F9JaVq4TnZ4lrlSRZT0CnDZIoX83b9nPIx-FUHbNT4e_uPh4H6AJqLAcAekYBOA6pSDqFaAJJNRyhHzTH4aYjpJmuI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 5805
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEK4W9rSnGwBwKviMw_x7bxI&google_cver=1

23 B
163 B

41ms
36ms

Image
image/gif

104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEK4W9rSnGwBwKviMw_x7bxI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEYjayL7AEwAQ&v=APEucNUTALzEaak8Be7FBWzgBO2voipe3c0pHaYfeydVnnrVRInxdxM0b6sFCKiJF47Bm0qt6jbF0Dod9oC-RNETTtkD-F9JaVq4TnZ4lrlSRZT0CnDZIoX83b9nPIx-FUHbNT4e_uPh4H6AJqLAcAekYBOA6pSDqFaAJJNRyhHzTH4aYjpJmuI
Protocol: H2
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Wed, 28 Jun 2023 21:48:32 GMT
pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEK4W9rSnGwBwKviMw_x7bxI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 5805 23 B
163 B 123ms
33ms Image
image/gif 104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLfi9QIQ0YXj8wEYjayL7AEwAQ&v=APEucNUTALzEaak8Be7FBWzgBO2voipe3c0pHaYfeydVnnrVRInxdxM0b6sFCKiJF47Bm0qt6jbF0Dod9oC-RNETTtkD-F9JaVq4TnZ4lrlSRZT0CnDZIoX83b9nPIx-FUHbNT4e_uPh4H6AJqLAcAekYBOA6pSDqFaAJJNRyhHzTH4aYjpJmuI
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Wed, 28 Jun 2023 21:48:32 GMT
pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 4485
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEF8HtDF_TE9yirIsNjonYpg&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEF8HtDF_TE9yirIsNjonYpg&google_cver=1&__user_check__=1&sync_id=8688d684-15fd-11ee-81c3-175cf56a0106

43 B
549 B

48ms
25ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEF8HtDF_TE9yirIsNjonYpg&google_cver=1&__user_check__=1&sync_id=8688d684-15fd-11ee-81c3-175cf56a0106
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhi9hsHjATAB&v=APEucNWGx2R4ZhUxTfxE_gV_tCqWYHvMoiGoqShuyTaiIDC3A8W9C7Z2AwZtjnG6m6MRGVQEktiUtVHQ9TaqKkdAooilvQOYZCZFpUHEgLDPzs6CFoygfBFsdHmRm7OiISMldyixdTqsKsFnQyK8u2feHMjYva21kRCF5GWND03Xd2Vp2tyCTCE
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:48:32 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 118
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Wed, 28 Jun 2023 21:48:32 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=7025&uid=CAESEF8HtDF_TE9yirIsNjonYpg&google_cver=1&__user_check__=1&sync_id=8688d684-15fd-11ee-81c3-175cf56a0106
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 24
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4485
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ODY3YTgyOWQtMTVmZC0xMWVlLThkZTAtMWU4NzVmMDUwMjA2

170 B
188 B

23ms
21ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ODY3YTgyOWQtMTVmZC0xMWVlLThkZTAtMWU4NzVmMDUwMjA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhi9hsHjATAB&v=APEucNWGx2R4ZhUxTfxE_gV_tCqWYHvMoiGoqShuyTaiIDC3A8W9C7Z2AwZtjnG6m6MRGVQEktiUtVHQ9TaqKkdAooilvQOYZCZFpUHEgLDPzs6CFoygfBFsdHmRm7OiISMldyixdTqsKsFnQyK8u2feHMjYva21kRCF5GWND03Xd2Vp2tyCTCE

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 28 Jun 2023 21:48:32 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ODY3YTgyOWQtMTVmZC0xMWVlLThkZTAtMWU4NzVmMDUwMjA2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 107
Connection: keep-alive
Content-Length: 0

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58269/ Frame 4485 0
125 B 86ms
15ms Image
text/plain 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.57 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:32 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 10261972549777223277
s0.2mdn.net/simgad/ Frame D999 44 KB
44 KB 27ms
27ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/10261972549777223277

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25b451f3cad26104f57800c79546bf5a40295d0cecf5623e623f4479b94d0ddd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:53:57 GMT
x-content-type-options: nosniff
age: 14075
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44765
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 13:36:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 17:53:57 GMT

GET
H2 200 7352296608196688721
s0.2mdn.net/simgad/ Frame D999 10 KB
10 KB 26ms
26ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7352296608196688721

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:54:10 GMT
x-content-type-options: nosniff
age: 14062
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 13:36:48 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 17:54:10 GMT

GET
H3 200 YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js Show response
pagead2.googlesyndication.com/bg/ Frame 2BAF 37 KB
14 KB 14ms
11ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6139cf28f27e43ef93d80278423db91715a6c3b6c0a155c4f7386dcf578de617

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 10:30:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 213479
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14704
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 10:30:33 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B9FF 0
20 B 66ms
66ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8173026143638&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B9FF 0
20 B 90ms
90ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8173026143638&version=m202301230201&ct=76&x=1&cor=16142555721972943000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B9FF 95 KB
37 KB 75ms
72ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C6FvdYn27hknDFkQ0Kp7qoziBnoJEwMgZYvW7Li2jPfMx9RlqGURttAbTH1nNIUNvY8CmVtQQxuH5TUqRU9zXrUDBcjFwGNBmzZJea2stWwcOV4Vo&cry=1&dbm_d=AKAmf-DLTTspNfXjfTYA5yruikKpphYqwBqBvgGsIXvMvf3BBkciye2DlxQ2lCm4U5n9YVRv8AQdDT7jEOKJzMwJw8PEtBpQnssXotlUmN7Qjy3wx1w7cVWRSHF9231_ftcpcgYLzca3_h1PqbZySofN1kRauziQPWWgMMaufFF2B-63hqvUcFtrW6sPFDEhdEB5b0emCBgxOrQRI4Ied3gb1xw2p1qWsQF3AD6Tr1gKi54qEDD2SH0HdxG5snJkTsiUHNlPNm_1F4hVzPGYTBoThXW0f8eZZii8qyNdnm1sAuTLj1IqwyJ8ubwnfzDwTtn4XRowXOF08ifmbAX6LlBZPWwFyXPFcUbmPyf1NZ2NLjI6ND7h8AhZMX39oA_6FD_EPcnmxloqPKIW9a_uAcneRTCOX2-rkkPnqcPTBuvHHNEiHz452qYcNEyzys4vpz8Y5bM_vJmfgWwe3cwsq8v47OqpQW2Uvggy2ba1yJZCnbdAg7eZOn_iUy2kiQ3qFhLD_sZkFwjgCKk5VHtR7hN1jY62Yh1-Aao5vn0Etm8IZA-TxVvr2rBCSTgOJ-OcryisDXCyEUY3VKZ1bSZRyjoOMOKtZkMxVftXIL1Vcbo3-PHU-1UzBvzBZUx0_IX_W4j7lSvHaFDNsMZTCLgRud6ol_rw1d4Pv_q8EYbNPuoj_oYzGowv2GV5jXU3tIJngRAEDWgqWi4c4FAPA702ix1p6VEDkkrpI7vYygcB9F1X8aryYnvM0QK_sTwTMxNIKT_COdwVPChf6pO-Zf7iBUDF7Nh4wyxHXYMKmAHkPy65Tn7qiMEea2MkvIFXAUPDQotJweHwqz0fNwhzQmRw8oiZtGQ69gRYPVZOOg6lpGrNuLjCMBMkVHRWbSevWAzDavxCFjqEMlo-95OcjipVRR8GZfA13uK2u-u-zkYJ7kn1CxqnS4uBDYEm7V1s1arHpK_ChwWtlA61-x_OtozoIfCEFRObOHs3bW7jATwyL8Xl-4vjNuhLa9eZNoaTUjXn5Q93ulWBP9Lntf94kwvLWrX8Ba8oVG7oK4NTptrOM7EesHQy7Evpo5afBzE49GWFFt1Y3E4rpxU8W1ksxg2qwGZ0cUUFBr6cv6sIXw-Uv2hGNHoQThbbQzZjigAXPBFaynFiPDma93ujURSVTGYulPDlhcvbrAF_O6QQFpL2LeAaqHb88P6uwBs3SfXQoauFQN-n5u5wpXfxLVFWtgdl9QCEHvw5satSNrZ26-EP0FGuXxgCd_PutQ3Uz3oBgKYHrBRGFcMxGFedZGx3vn-fH5huOTOMQzE2SMj2RCO87C5k6t0MT8mCr1dpOPJ1r8P5X7YrJEfmlgDVv8TX-wIB1_ZluW-jH9ZlBx-sKJ-oz4x_EoFcsmLViYca1Wpb5Ba8-Av7lGLMuFj-2g0MS0Q7Jk-WXPbkLEo_Dngx1AwEeB8oTfpVFswj0nZ7X_7J3hV6JBU_qFH_DQ-EhCXqrASvR68xzElmdpRbh6XDkX0V1nHquVq0QycgWN-TpmdQYAFE5PdPJMQGIdQVDTwaC2qMDnf8t7mxJTxzOpWjLT3yclccOtgGA5LQoIM064wWOD4YSp-YdRe_9D9Jdi6pPS7-znCVnEsuZ5C85c8C72azoqO6FGaLwvU06IAwlFXE7pOw3lwBrQeqAYivuxsBfJ0IUEWYXFvpK_iTiKZlQaufRuZzy7sqBI_kiv-70agvJZM3BNsooG1YkAeEZARmEZ_FAdGy3Q91vncfQSxHAylA5eMmo0basaqnpCxEkWYrgMzWv7XeDf7pAUxUCQ_qtUX8eZUrsQp6tR1vgv7CQVxRfTjUjNoWtSvHh9NuL6k7FGChgAu1oGrUGHNy6Sy0EnvgCIPbelvnog3PsLxffSzMzGpS9letQohwbF1f0hVNgkn9DC8oAWxorKZyWfYON5VpdeoDdFct-8U71S3j0V_WS-XrWTEQVXSn3HEfM8tXlmLGeiRoOj_AhgxNHAtPJ6nJRUkX_7zKLlXX0FzvjHdm7K8u5XCFqfrkkOjMDuJW0cej00G_TjDjV75qlyMQ-8WZ-xzRVjgdRPELfq4GlQIBP4IX31TaDRisI6Mq1lmNieODGIzssUf6CJBrlmkM0IQ3wsXjk7QUUvnKH8DIl-xJ_LXtYGSmgqfUQcBl4PMkg5ZecvV0cDXfvlN6f5gPkAHcsvZAJ3A6RzNv4lY1ehPBEzoP_jggVv_71zTDHnjld3mwyqnB2M213gWP1imtJE4AOyxej1C6JIGIcMoUWvN_GkYWJLnqg6X6Qg6voYY0dueRW8K1ShTF261yt-ZBPl7dwarQIErl-fgxqxM5vM4T4GWtsbqI7iyGs9beTM8BNwoMEuPg18DORJY1DtP30z0HmpxbuTXXsI1sjcascg-twbl1b9cXvYaUV-s4orgdmlblQcRG6WzHttQf2I48cpbqPeXafHLUuv-AvEhV56oIvXHmI71vDBiI0gXNmCHN62qL8HVdL0f3_-Q_mFwDOVnGU8jLxGAACXcUJS4EQ0oxGOhBMPdIB4Lw-zP-tkJdQu4mj4ual04csV-rHQ3K0ptqb_syXdXvwivqB6Bxy0vdKhaSnHVSR4gCxWoknUtffdZ2brIdKNkiN0pnuCB5PSsaU2Mz_noqcgt03IndM1VRVXRuJIzL9TGFuhwd8qCSV2z01ysxr2o1cmo620Y3nnfFL74_es0OfKYb4iS2YbnCqoWRnssP0FJhlN52Ymyu84amUP5PhsSh13l6ggkRTfRfi_W5cgrz9nlw1hmp7aIWVKuE42DXhx3clJvwMuXJ_651_Ph4GJ5Dd5PwOrLjn6Fa6hgPKEGJiT8rRvFVcjWrw2xdLSZ644IfiElDrgQg10sz_VVHk6OiubGX03TqZcGVi1BXFW_ziJ1LC9kdaFT7qOl3YWgZu2Sx3kBy07MbNEMXP7w6_arB__x216hFqZBTo-XPuvQ1MaVFmrrxy5oCeMBukd-RqewipewhJ510Q70is1d-hPinO9v-SqNgU7DUDnRu3E3CT2MhZH98wyT2OwPTBiKi6bnDdSHNgfS8upI56mLIsFTkYZb2MM1MoAAZ_77StG7tdIm0RDjHi40GLBEOno3raSKuTKA6Qx7_pcT2eg5PLEmKIuh610cR93mVMO7NLH4mM_3S42n_OXkTjdTaaAyKnJuF4fVIR_GApYZ61L3bSXEPYG0yO-pwT597t7h0mBeQBgcmfz36wkAsJcvK6hs3oHopN-ZkKjxgimGlACtE2lAZbOg1KR-yYKlS-n49XoVFaXW9DeeHVAUHY8aZE3IHbXI37Oqxvi1hhBZ0iSXWIDgvjSk8KHfOVInZzekFXKnj2ThJi7HH-UhkdsZKsGW4vniiwnWAjfj3gqFhB5ZxB8BZ0mXA_pbZH4xJ05Kp5s6tW6jR4rmq3mZhrzQAR_aq3Jy9OzMVvAr5ric5OyeblNxqkJDF4iT_1pa-lEomQwofxeIsIDSmnwpCrbg2xbHilsFvaORr9Z8qojL2__kg1xoywJKw1vvUwI493MkHuTDbvaIwTRwBhGrwSGeVqCvB98XsYaf1setxIKi37eZyQsSw-FPzCBPZavRDl06YrZVHHlXR4S5-3ueYy-F5YhnV6CXfukvu6XkOyF-x9Nf-PMA22gUaL8eBeJ_hqRt6LbMVQ4dYGSWHwBepO103cEYtFL4X1qYajb847GFJhDl8Fs689X-g&cid=CAQSOwBygQiDaBfdvQIg5F1NClBYxRkAoh0C8eoGZtlcQT2z_bQxqhlVjAn4tgIbczV4RohAhsmiGNj3nnq3GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=16142555721972943000&adk=212707235&idt=60&cac=0&dtd=31

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a4222ccd2614b474c6b8a8bd7540b988d88ecc23b8163b21fd091eda98a13c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37875
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 276E 0
20 B 53ms
47ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3847137441946&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 276E 0
20 B 54ms
50ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3847137441946&version=m202301230201&ct=76&x=1&cor=2148530608043300900

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 276E 88 KB
36 KB 93ms
89ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D6JM9RfTKHuxeJYq6VWV7_xpdSCxyE9nLfgO4lSwAriZK6lrN9p2u14cClclW02bpQ7D8xiRS5dy7WT0yRnc8gejRY_-4T3yPFuesdPZQNzoXLq_m109ueuV5YeExBhuzzJVOXPWDB26EoNJb1tGB6Ac4DmRDr4g7smsmNKy4uUi1onzo&dbm_d=AKAmf-BCAf730pFn1rWLwi_wQz-sg6UFk84V-flxr0nSX66rUN4cI2N-kii3AH2zEuOUEA53fo_eMfuj4uOMFqhmWw-8b4J9ZrzSoDxsXxUcidYHDtK6YJLDaSu5bzfHMhfM5hJ58V8H2-RJ9ofQqtvWNmRkXsdqSAxl5NGdjKGKPG297mDCzGJdfXgiUYTE9LccSoyxrxq6kNUn6zQjeX83sFn3yEaCOOtCfwvwNdMAvcegi6fOa0wog0B2vqZVew_IOhdtSC3ecL_tu3xoXGfHvKCR9OeXcN7VbFYPCq0jvgYPJYw4XV6eta6JH3UGiAG6s5lZmGiqtPf5TS4UlHsmb7W5bi1cmg37wNNNBkXJhy9DCA6I6Lt5LnSbqGGX8pmkhaN08_q3NaG9uRQyUfm_cvlciPwecpzXHSojV0kdByKcJWf1xRK_fh9aRIwVpM34zx6ZmUndkBYDUZGBmWFt2-7nTwkDmcrO8ETb30Zg2E4w-qrp_c8NNrYO5172C_YGOron1lXETcOqtnWUk58-49ugv_5lK0sPzDk9w97Hxc3KR62dEQhA1V03qZvUzBzrimotxtsvYp2qilHoNkxj6hwfkIpUZbBaqwMX2kpAcu-pkt03XOekSyj4HjchrNPH4aYc3ZRgczgrWqzJBYOX60EF7Ct5LzEpm1oJ1FQqA3VxYXDuzpKAJB-Tacwx2L9ZKSP04djo9pvbfgcd-PeI6pcFpJgH_oPhj8KPBN4sJhoNKJk6R2eAwg8wg7w5mwtzng9mbAVqTRDhK7WEP_Y2nZ1AJyBwBPtD0oS8C1PKAOTpizlAIEoHclKFmsHvnon3Ocap7e7K7NtK4ycYvNYFtDY2MB8KPQP6RR8Al5G7BbXp6uz0VJewlpeHdAZlMLEqCA7DNh9W0qf_l0BBADx01Pa4YiBwYQMMLwK-iajLBuyycCY47BbA3wt8GmPCjE3KmYc2RyYyVbpAfQxriQuNHmCkRB8u1I6kD6rl2ilpJYGm4_BHFFRkyddelYE4GbavKPNRGg_rV8MuUTic97XzR6Ey8jTRo04s6GTLqFNRM0SImc0yXHyyhQrz_9eJfUOxp49tpfxP7P1-CcIV-Hz2rtxyeNTDrHrWqy48c0l8w67frhg0S-H1oDaa_ie4S8_8e5CF6DTusLYlfd_NeTjcCaETyDSJi43U3Tggzf8UjGpQOyG5ptR0qPYr7iHNYDYeVXBwB3f2vZ2eiiTQcRuHnQ6VmO8WcQSP_n6DDY7byxlbx2cXVdZeczurTlT-86FsiXauvttEN4HiDraSNdWXLDFQ4RPPu0dkk7TqOVC4dQD_C5A1fQbTGTcCiGQVFrLeuxlpwVmQarQ2SUEIFMF0I-0Rb0-4uqU28yuWbK9LpnqgrPGdeWBfumLAc0ez9IpPAYh2-J_L7jRtdGFhPUt7cSYZrkrDogZxIYWjLGkDcfxSMCwj2I7Zq5Poc1T4wzdYZCTj2We4w55lsh3iwjwbAflcA4w7Y1q9p1uKdlRSdDq-Vqs16K4rpOLI9HCXBzk5BIuv45w4i8EfW0Fsyj4XdvXSMf-l7XS99Mx2IGQt6DpGJje7euDw0nyY7ICIfFwiq7nOtuRqFqgfdaPWvItV_7SRe_xCcYIJm9N9GYQ7iXu5J3NOu883Q-0zdB65I-uEJ57G46YgsRjLhw0IEV-Gy7peH9VCmZt80t8m3-Y2e892yxV1I7C3qrI-6ZX0ahl8nCmBzYvb4pca82XPzNWlLWxsczsgDDQytE-pUD4KjCtblTw5I51z5tmsNxpZ7KkQu3KEgqWhHwzwRBM5ve-vZQrvG0oZHJv-qvnh6sgP960CqJ7skHp4GN61PraE7ldbBKLLo0AC2ULNV4c7RdBfWErGBlprMF2jSH-VwZK1dOxbSdC_rwOkGbyxcAPerKm_o2Qj34k4tAa07A0JmrdSCgmNf2dKfVUTobq631TKmKxCIyoVADyW7j32AaEdnNxHIYtAMf9WilJI8Fq52UZJrnZkaTS75vsd5rCAWCepmnnleXjrEJtGB5UVTzYVO4eaW7rmi6BdDlCPcDBT4e06KQt80DMDOguH0FWc3OnmICpMn8kj-WNRYXCDnKV2vckfyxjcDjPqIq07ywwRXd-_AvKRCbBivmD5PlA4duUIpYmCPagTNvypd7iAodyker1nizGU1OVOCni7KGK2J8ki3jcipqk6CM5_1SMJKPXzuFWtk_tCaNKOE9FCQkHlrefXJlNuDF_-D4y3lvQmbNZUXaoTGFePfrYSLzct1Xn55wrGyaroRmlPHletFzo2WSUEi36tvSnmQxNRSPSEv0-OuF-sQmcijU3wSiD5itS03Y7VcrIm44N0zInUtPRBA6XyM34poWGPa2SQNpN-_2_dQ9rl_VehTsCUeWiFxgHNSkcIpnS0VF0lIjXCaEtcJf3wZWunw8tc8O_ArQFoSr2YL2ORabGLaA1EINSVQ6-XwNHeJ2ozf2EiKZ9IxLyK3DCdVm3QsWwvDI3U05CSyxyzA9Oq0JdqeErNrIBQ9rF2kGWShD2h5uxrJNZ57E2o-0OaW_17zjIlx-EhsOsa4j1deiLQnF38UMS_9UoMhUWWGh3VSxPG0eHfEB-HP4SL3SsrndAOMgs0AKQgY_IjyaautTmzzww7E6fIZC7oh2Mgb7k_4tuQsbAYUpBoYnIfy3Ia-Ka0gawubobeqeaa3hYvcPHev9OSpyx6i9kBB7HgK8fwy84a7f06KcN8midNzWfc_DM6wVliZBxhTYpZ4YYa4g7XjQLFgw4N19doWrlo7Do39IVA9njitQnb6-4n6bpu-i1qcXJW5KyymC0mTygE_JNHrHGorzB-QvSmpzGXcrbEM54-8Stj-_nE6pjelAWXXVLDgwFt01P5PR830YxdTjuuR4yAwRu3vMd5OnpyasEjUoY8_Fa4sQKs9BVMAJ8eigBuROGjYJo9L5W0HpY7ANHOpk4mKa46TbNatQ_aaKHRsfomhXp7MoTWgXDm-bvb1vTXZPVELeJfRlsuUdRq0JRGRT8eGbRYCI3TEYWt6HgZn6ktgHov4DM291oTyKJjzA6Fxq5YDUTrLfO3iVnDm-TqR-rnhIflWDgFAwbgGIuyzB4DrReACHcEMYI0m2Jb3BwMHFST59Djaa3ld46MexgMIKSsGR0FLCG9aVFFIcUWrkidYz8AKth7JkVF1P_EGddN3AoMw4ULRLU0ku-tWMQ2AaMRp2yaGxHZSL1ovO5ETSXIK0wmw1A92Ew2AwhqW5976NykSzwqUYponaVxBqbZZr_YkCQd2sqhds1kXRqE8QbI3ySco9ZyTIpNMcmE1m8gAN0-qTb2d_diM-ARlP9rGJDC_vPteRLPooZ6_eU9uDYS3PCNDnmcQnvnVlxSV542js1yIcpnTiUXDKIM-ctyZwdv0uIPVBGQgNwqD5FRddK0nenjbbHq_edF37os93IHEz4lnyKaac6Do9EXJa-XIxqoIEZWFuCraP7IXYXVNS72QWya8oL1yoFCtFWxPhZTJXkEkKeWYQcaXjrTyuAsShzns29R424Ve2hV3y1dR-D9atvrudm_PeBAEDyEwe7KQAY1W1PaXbUtz9n_LNqfhBSjyABtlqfzLGeCQ6DUaZYn2tF22XajdUzeGwByWtRCTN-0&cid=CAQSOwBygQiD37I8iCvlVD5wswepI9oErvoH130gJinabwWK2w9PPuYwt1X1MbUoclRr4yEPhjAguoV3sYZPGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=2148530608043300900&adk=578009112&idt=79&cac=0&dtd=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51edf0ab7ffd380e7ee212ad3f5bfa02ae4c2a9917e1f27bab39e1c4758ada78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37079
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6EAA 0
20 B 65ms
65ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4022804873173&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6EAA 0
20 B 59ms
59ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4022804873173&version=m202301230201&ct=76&x=1&cor=8280198177138833000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6EAA 87 KB
36 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BNvHgt7JkHnJunLFSnOqTUAMxWXtXfxuhcVsBWDqugB5ZAdWLQMoO4cSVtQ4ZOa7PN5ztIr9146Ct8IEr1M4OyauAS-A&cry=1&dbm_d=AKAmf-BIVNZpMCxGccPV6v7JPU_yGMRr04YxJa63kvek0vsaeu79qykwadRap58FZyeswt1ynUliQRpx2bL9XoOfsq1m9g-fWcyHCrTvllB-93QnCYANc5CuFP0_kBT8ty633L-PVmRZ6vYJGaOmE0_rWi9eZj79fbQI_OfjyUQdaIbOg1q4tPMZ4YmQEgFgeLIswWgjOMsjFlf3_5Ix2RY3Sc7_zKHe7YTGmWubd6OymZjubHEOq1UTKgY4HodpmrezdOmKsx8EOVsY9WV3-xhB-UxaYwYmOtGxSC8t7TRO8PZkliAYxzPrByr5ftRJtiwXLJ-d63N-Ufe1DMC7-sRZ4Cwx9SBk4_5z-CWp3cUEBC0-UbpV2rE6w3FJuIRD_xSP16YV2-AgZOlfRFbRauslBnv4b3I6vJRsTFZYGJ01giA-TY53uQQcQLObFEPmJlvrPptWj6T6l-u8M_wO_FKYiF3TOfagFfYSmJlYHKnUrUSSv9t7d2Ji7QvmNH9Mgu4l_ONxEALbZPI3445XZfmI3zMehefvrSDmkqlHuQmNi54SC957vETfANGoWeNvZ0iDAsErdGRyOpK6MKudURtr64rcfNV2a3AAdS-YE8yxrkbl4xc7LdYLOKND8bprCoEsAkncxYmynXB1bZ185nr9LzNkh35-VVMSmjaHifTxd3Ldadwa37hg1fVzRo04aGCdit2xJJX5g8yw3X7l4w659GL2iXRK1xzOsxVSa_vAtYjidMK8x8vfwkCsQG3lv0obB8yiQsGBS-GkLHoChojowMoLai8W3pdAk_4c87KxIBljwLtgWk7ntX5PK2SWgiSPW5tio-j1rJc1QCfZpXYW2FK0LX4oF2fj6TX50MWGYPwDADSiVA6VJ0VDw2jCDKnQhdneaxZ5UTE1qknyCPM4-hwOsa319YTAbyiHF9U5FdThQzVqlecVtYlDuI6-S6JE3aXZ71N1y6rnbskfHJ3xcbQbF4Ypu5H5IPUFuaFY0JHNdgTwLnkm83GS0pu_tguBo5zkFdplGD1EFI82pJwWCiNDR7p-RKayH6F9dvyGzsUpAE6C80uGnrrBdOdnISVbdBKlFSlCaZC-aM4hHDCZP6VVUaTqdDQtAevs5dFckN5y-kKZZlTaZWrD9lQ4_14hhvnOV9TLeuKelr_URiED3KKdDWICaPKlD0_U3w7oEce4D29XN1uKEdHLSwQnL0POqOWMplfra7mgpr4iQ_xnfdyWrl8StxCLZ8DtqodHs1g1HIgI9OnAugCVp83nzWVQOt9j6J3KO3Sg3Jy51JMbJrO0Tvy8FqAfeHt8XtKqxOVxW5sg_eb0U7mQVhLPYBFucKjff15YXjsrTJiIKmJl0ax3o3ErcYGMNqrlKu56gjLkdSbCt1KWDVJPSMVdD4MITBFtFQg8-dGiP0nzR8pAOwmOI7CE8LquCJ1n3H7VpGhZ5UaAWLYWhWUTCkyYbB9QquEKAA6qPVxFA82SKRG_rLCMfGPvZfUm-vj-dQthWcqRIcoaRrnnxfp2y9lN7-Cl_j4Y2IcKaOsWBorxhRuaJWX9n1m7tbMz6yzk7nVfGs62mYJDvKA2R_IRyNAF5v1w5IaEebCVcqqPYijW97mi-Y5Bvdb68Ylq94i8sYPMcu0I2PlwzgO-WKOs-OMUpeW0IQOhVOiUclCqCsQ421_QucWEmfszMsuyHmICvMnlyASesPMpL-tJGuknKBsx5l6KeV2F05EfADwf9UUYQYM1ioTtxfSnjLFNHE-aD5kH3CwAdmPL4mOwsJcjEL5yS8idmiuibyR_X2wh5wktnY-pCnV_hDAKWvmzwvOxZ2umFw1wtQ6CxYaUV6OczzWzfz2gwa_G3_GUzZw2csBYu3gjkrqHn9EPyKEV-aTZbmJx2BD6bm2cUCIsrH8jnHK7v9X0eYRhDEQh-jQZQM9-XNYBERRCKJDX__CJPQzRV9T-1jeS6NprQGIk4OBYToW2NkjACkXj5yTT08q5OimfTfdOMXJFmiPK3uZ4CnkAmQ3S9rUTPjFBfPfLQGSmXNdodaTvx_PflD6_GerzzbThbnDx8twbCDO6w-erJ3AWb9eYN9Fb0thqosLjrc9aWFz6yHBo8rw3EiD2v9d9603UQI17EWu7W_vtTfwAIpMXRMZoHHOd6jYFo_T3LEZrDkGTLtb6ff_fB7u2MLAlE9fFO5NrIA6spQ5vfkfodUSdu-OpbsMqEoqH8VMaknwkn6_9OECWiKsIQYAW58HHfo9XQEeuESkptF9iSxISlFhzRl034dITQZqnYcrwbmLn7dX84fmspQ_LqibOPByiX_5yldLMMuQSQAUUsP9ebRnLRH03HC-YVZ6zwFAEpZPXDhlk-HhNIoDAt_7mrjBxG0XRMYFOemE3GN8kVVxrGp4joJjbPvzlO84b4Mh6h5_EYY67gMZlOXOeXXTzkTa9pVH4c9Acy-N8N3nCfGIqqapcZSlG4zBgEENcTQlQ1V8at6dX-UknRe1NHi611x3bNNNxWyNRRvpzC8eqUwruwF35b_08J-UFQj3ivGCCsgnp0ODNJxOb2EYvc8tu7f5B3KGB5XL7Pzl7LYCt3zFIv5zLDClBDS_WLZCV8V1z6Cf8SNwFKlLsrPxUtVw0I23NKxuH3N0UEWZNzGo6_ZuUnDZNv2JOQh8NdKTzh0A5jyZ5FWbbS-KeubYAJdK1-XEjx0wdbPx-khJJAmkFeP-PYUviyyWmJ3PiIvmicR2Zk3xkI6jDI9mpZxE27ldXCNenv7Vq23MzrKSGK6RKqky5C16QElOaeHLoxLkgQPEQ96Q3POoobjYufbPF6_q6PIyqR2--i9MIWG1R-v9Y1Y4LpjSCJ5U2kQWoz_sfNo76bmo08hbjVxYH9Vb7bt1okJJ81PEaUmOMQ8OT373Nw_abOLXyMW-1cymbqDuHR7b3a7lrGsEGghtmqriRL_SNQmOGGK5XUxUAjoe9dJKWZLayJd6rch7hpK4DrMjSDFUofzAfp-YkN7McM3KA8GEoIkZSGF-L6oQKxw5WrQ3uC-mzRTgtz5louMAAlBwsEwMJgnq_vhKxDhMfjRZDpCUu7p7eyHnOWTHODbQ65MbJ_TZbKVBg8rs7qoX6IPTf4t4l4WBXTJxTb9kxFGdQM6MEA1KBczurXl5x6sLQlcWGTAmJar624xGuJxnBXKHcKnyfklYuJdgKiF-QQpseHBoc19xkYgMhGKuqpXcFu4MWuyzguR3A4b9LX7REbErYJh7OS3B0VTkLEkBffSpGL386vfY3OcXDAd5nzM69Wty9ixyTFjMn3i4_j2EIzERTeNt9tiK7RgfyKOSJ0dlDDxrpCfTlz3jzDTIxsr5DGKDO8-SPiTJS2zDyra_yI3UAGmA7yPwinxess04ENEs5Le_7srtKYAEMOfv9W4zjysckYdkGVYrFrQLT_ic4RmdxokKK1yOLlDDCIe2dlTmb9i-BTyP6_N02OZyL044YRR6-koT6vdb0C34IniC9yGDaHP3ncw-bmzrVgNzVfUOxwmvECMu2VEEeaOHQXvIegdeHuTtblzXbOwXuEoeyIQeIjxWV-HPBHsuW2y2m7LquYqxTd_Kni7h_iAxrrQPDa8QY5RO-AHRwsHq_JY78O6ZE2o7x3TY7C_MX-czEqlHspgNhHTI1rB8G0bgX1DoicDSx0JmctQx9BzNbiKoObqXNwnU&cid=CAQSbQBygQiD6uwsiyZSlm4vyfSUag9hxFiGgxZmEevZbM95Pt_0W4NXIVC08GU11oy5xd9tkNrkFAsK6Hstsi1oSP1kOqEtreGCWQz3Ty_7c8p_0fONXnAvXFLo_4c_Msy27T4ITHUUPvj3LkUKwVcYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=8280198177138833000&adk=3563752640&idt=60&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9eaed3603d26014344381c5d545ca10c558e1f4b6fe2cd83c1b39d60ae160b51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36769
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C5D8 0
20 B 60ms
59ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3422503237402&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C5D8 0
20 B 60ms
59ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3422503237402&version=m202301230201&ct=76&x=1&cor=5122876243078649000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C5D8 87 KB
36 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A-1BC1jaAljzeba67JZ2SBHB-SKiK-eNwZ1WjZcTbBIGYXP0QnJTZH0QI6EAreghRfAxhqE6UfHz9P44_Csblfz2b1C_-6z5bvUtBiChj9JKjQo6buQogiah9CCgLAKDLW5QN6iFjNnBbOSYH8kBIPV53IphIcc1T3L5Lv5gfAHih0lAo&dbm_d=AKAmf-BPqyCmniHSp69hS1G3ZJOtcKT_aXOeTDiCZFubEb_m7yv_D-Z9Pxugf19qmCHfo_Qz7absXbNj3_W40YwWFsKUgLrcCxm_WqCfon61QnJL1cWFcUhsjTuKoWpW-V-uTO0LP-5GYb9bAV-osFRuK3vLfnPuKO0AogOmuHiy8hMWj9mi-iJ02chfLZ3BBnq3f6biYAv0k5aifRi3aQ6hMwElxXIxAuxHx7DtIjvPRzadW2tHrBVH5bEshN_idBv4N3ZdkTbd7asoMcRBmTJ9NWhuw_LH_-KF_UKUrllnlS5oDFJptL2qFA0jUd0Sg95y3oEsPTgevzrq2MRr4iqo2L7fcnnrXLrLph2H4xpHwvP-rDA9iBs6DrjduE1KfoWdM7bQ5PzP3nH8ZShDEkJIXziFucHKqZA5qG-7N5NpbPfNq3BLWVeeGcAUZ4wYsorVPnFSLx5-HcvomhjVkrGhRTo4n3J2kuzfAP-FY4xuxkGXJJZwtHqsW-p1d8t-JZLlYpHCMRrpzUJVjw9EHGvUfPraVFTfBkERSLqgoB1KN8_HJf8uLaEVNtCNtd6wPvFf8rCaC5bKmBQLZOvVcEVc7XizLahw5YMSY1X6WGVdcPcsT3goMVGrpwrxsIBF3gYJZkbOacGyPXRUUykYlBD-anWwD48qiEl-2vczID32nTpHRc30jlTpXBsuvv6QQWlbDizM27h34m2aZRwZoe4wzvj12IcvjnWXLImHIf-cXum5syz16L2b7CbGfh2MSx3BsCD6zaNSRShrtmahm5B41jB6vAPgZWk7cMjz0TgBE6WCveD8iQW7h90g2UX-vXerz0Xfqmsn9e-xzBuNMJrk_4jwdlHRAWyfnJ2HYUQC5ZoqNbIl3XnSaxdWZJx5Bo_9LYMwLDzc3tk4H8ViZCtFF8CoLakSayGEcsaLZpL8_vUQpT66N5PUxmPwZl8Ym9WwPqO2j3vnWrqkUyS7WdJBPkxUeDrd3R6Iqowx-dZfZpm_RZsN-V5spsuID1ZIk2jJwBa3eM6LO2meOq5nCDctYpbdxhyUnbqr4HBM9H3vpit2bYsbKBXxfxAN-N6xz_rJ75K2l0eyCIQ1fIh1LPUh1PteKYBprXdRj1TYbOO5IjT2uEME9A1wCeyUapOee9WZyWKuhadyXFy6drbZsWcXmkKrFL_HINUoRpuewG_0LT9LnZoSdyL1C5FovjMjniSwPczCoB3hziaWwXlbboh9Gyme9mEscl2ml4DfAATKP5JuFMKuag2koalLsFsTDE8ye4jnkXEJtKq_j83e444CD_yi7nrOCFZaY6E2X6yoIz2LTaQiozlNvBsWgQk6X6JZ_VZMdYI6aFt8wSBpqczUL1vojqSZ3LvL0ZRZLbjs9B8v6N-jhdpUO9UYBn1tGWtLAQKux76qYxOPvshLG6MjIg1KrcQMSghHEsu8a7oKbeS1t2NBvI64xDT8CCEmWhomv7d_T0VW4Eo_KDAPctgZC9SgBWoS1gGfhDUIpm2BR-jf1we4b6_AoOTgjQD8gAFtBFOAPrWThh32CuPZfuSRZwjh1JlJJeUHgGNwS23gLCyJljXcrxbPrtHju4b4oQIOudWNwArmZSP_7ruXyffP8Ok5YnMVYorXqvArXQbnu1a2VDD50A1PIyRvsbwwWKHFmh5N4QUKvVTNi4X5XKy1HJJ6fGg4gacc25NoxygzQwuPtcxgp-IbeFOIkpUDekCvCounEO5L83V4CMpxf93gPw0tlY_met8Hv-lQvRkFOk6EfDOjDSS8-I_Kv5XUa3pjf98UEOql9zc9Un48EpIdwoN3BF09nTTAIbRTG5gADWydI_ZHnaxjSf2RQXJLaUg_EK_F7YjZFRwjYObM0PfOCKFNhIpHnbNHal4N2LWED94vT_aFHEKfgv9Bbjy2OvmzzSCkwFR2dzMNkRh13BLP6pcNrLyiNxB5xxiBXacvNC41uBGUIvUpCPirnjEJDu_LhzPlYZYtX3MvfOloBkgIx8g8cweuDw8j88D8BzWvJVzfOAWqBAKAWy6-FGq7Ufsvq1RNfL9BKGSpYzIWn_KfIXfqor3kk4X3noK7_wDTIrTRdi_S0SOvxDLGSaPBqboxTaay19R_Rr97OZNdA-uzcuhNARy7_LBtxE_UH0masU8R-GUhACgjAQ83Ua-wQV56s1j6V0UCsEkqnlxmTpT2v33fzrJnQY9YPJhr7jPcwJFgrtoEheRexvKih29B9Hyt11XT8svEAxqX8rzn9Qw2n1bPjlvXQxl2SHpFe2xIkX_YuwUG8ke_JeTVZoIrjSgyUxO-A2FkTyCABECY4pqTDdWl6ocygluSWbVI8Mhlkgf_RYjuEQe8PsLCXM3CEph-9Dt4JwKacRXUYmfiMLEzPB5-cs_lNkbVmPnNazBuETBOiDZvqhxds5IyI3MSqm84NivpsGqy4mBuNaZ7fzuUx-Wx1ad-wbqFs0ECHEomb3tJxdPSwXpjFoNuGkb9vwfD-MYOOvwslTw9JFrO3UDicMHnnqkDyKz7WBEfo0A6SheIPyxdWEZu1vuGzZihjXdEunfDSuZrJIG6E4AnuTg_zzlECa82jBEqeWDQvYmCEOaNOTHUurPfPniTQs5heI-6sMMPNxXd-Xcvmzuwpop48rsDykLGKcFgS8OFb95mMSqTHxoNF-8odjqUWPTOvItbMss8vomaIcTx1DjUcmaYlHsdMEdMGICd9Iy0VEAxgcIyuP7Aya26QVqwZj8z4ig24rdnqNlkdu1uhJ8zGsVI-L1nCJBcGL4smlaau0DcxXi8iJpMvwur1K2KORiYpCJiwqCVm5WV-5Se5aJve82AOIYpZTQkruKU1t4a4J2T__gzjylIYIrS-DG5lgpztz---oBcm_YjdUSSaLz7c0o3GQ_QT-h6hiNt33p-uVTJzNhQ0X9UkA9c3TD3KGVq4IyMZNbYAc4-sXsBIlqJp9-14SySglW_h-CRnkxfoi6zm4W0l8zpQCXAVtxzeaOfs_nYo5AbVnhGZMsQW2CK4RrddDIm2H7axanSPX5hnIQwi60w-oWB10rj3kvhCEpzNFmR62L3xTb2vxqICblUu0tTN27TQ5Oqw2LNQoU3odbqTN-WWDrUB85oRg_5mV_2iNrujzV3-OyYDYeOibLT24Jxf7CwyIprd5CasuIpB33kENLZOEWlyrJifCpW3YvQVXs4PY4lG2GzWUUaPbQdyiddoRm_7dWT6Stve3fwH-yBxQFRuS7bpwoTC892GVi7kSPzA5yBlwqV4jjblIMH7OTgXN4B_NENgbQjmripD16wvlEkIrA5H55SYVTXRBNuxZ-TcZGpux3MQ9c372_BDlu4PRshqwoGyI9aX3_N0m92W__4El4Wx5W6vqM6JMxSqZJNxdNUSyZktDXHr3LCue5PjVgxZiMGfI7YKzqozkvZ4Y3TrziHJP8F-imdP2CSONHGNW1rnJ-Ms6_sy3TZOUOFl-R2jNY2DNqt7zyGAqWnOb5GMOHcEL0&cid=CAQSOwBygQiDmg31be5s0DDRqoTzIHDZkaA2ijC2J-HSmLif-YzRwmsS1kfXzusgvcqq321r9Md6V_uzNAsbGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=5122876243078649000&adk=3587751834&idt=83&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2234037a888c83a799cde2c75b52fa9880bd342ce8b05ddf317849cd7b8f3a92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36961
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8838 143 B
166 B 21ms
18ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1920
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:16:32 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame BC0E 1 KB
643 B 18ms
17ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 24250
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 15:04:22 GMT
etag: 48472445140208031
expires: Thu, 29 Jun 2023 15:04:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 10261972549777223277
s0.2mdn.net/simgad/ Frame 8B27 44 KB
44 KB 13ms
6ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/10261972549777223277

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25b451f3cad26104f57800c79546bf5a40295d0cecf5623e623f4479b94d0ddd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:53:57 GMT
x-content-type-options: nosniff
age: 14075
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44765
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 13:36:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 17:53:57 GMT

GET
H2 200 7352296608196688721
s0.2mdn.net/simgad/ Frame 8B27 10 KB
10 KB 16ms
5ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7352296608196688721

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:54:10 GMT
x-content-type-options: nosniff
age: 14062
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10020
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 13:36:48 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 17:54:10 GMT

GET
DATA 200
OK truncated
/ Frame 7BF8 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 358afba4d9a9311d66b79e1834ad4f9dc896ce5242fbb3a7b6ef41e6043c304e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame 4A4E 0
366 B 137ms
74ms Document
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=35277400156373704444554012369028&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=a5e1aaff91&subid=&uid=bfc4e159d1959003&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxK1MrqqcZJzpO5DwgAeey5ioCablvaBprZWcp8kP8C4QASDAsoJrYJWCgICYB8gBCakCC94UsJJQsj6oAwHIA5sEqgTdAU_QAKojiTF8yRmoa6t4Z0vIas-Mpaih26HMyCnu2gCxXCdJ2Xy_Eg67jTEr79GEvJR4ICSVbjoKrRdLTkbtHNV2t5VhVRNTmQlPGUw7zumXhMwvz8UewYVMvc2qXclraLY2zKpyruLV7OiCBASdEcb2JzLYH-zkMb-566sgUr03HPB4UZ2Ucbh1470BLzZ1G-XZEaxwWxjLVncI0_mJsAc-pzMFFIoEbgpMdeEN8o0qmJBErMopaUdWg-GSP3FroIP97KueJRKvxeyRP5Mt7uqjFy4hsuTwiVXF0djkwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgOYCwHICwGADAGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiDnhtTem870tkP4aWMhKZ6Kz1GaEeUhZqzuy75x42W6ikvyDHIKj94Znfx8fx7qRDByfM84dZGQYSNYs0wfjhtyTCyac2NOBdk2Cg6mOICtMEiygSp93HmAVnlxAO_aHajXbmJNRPVQtkYAQ%26sig%3DAOD64_2SNew2PrmJaGRVzg8ZUshw-dui1Q%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-D2XubXqDwEhIyIUaMyZAouXpYyiL9q99hXqnDIgCF9H4VCcRA-5N5JMCpNglUZaIziylD9NX7H4E2ixJTdr5yf3pNXXw4XtcQwGF5IXpvOZzBX6jRboKeu_AQ34f9ju3WzNjzDZBeuS2Z5SfbmiNdH0_qWvC3rA0kznom7VDbiy4e8heU%26cry%3D1%26dbm_d%3DAKAmf-AWwawG-9wC_LO170WsboIN3sBjwIAxYBdnpiKNT86vxG0lcsUAiqtORFeS3gcdswx0zi5TM4cXhK8kH413Hnk4YUlsBz6zqsAgTBbMaG19RbIFdmGPeWW0nztMSa2qXpfVEY28Bo21_1jYTfTp87PekUIEYn8Oj68-TCpznxYAWY56pV--yBXci5QvOZP7TQiyXRixUU5TeinLfi7nbWDQbAS98MmC4SgoxVeGTENseqluJMGhVliRYohf5rgz_RV9Qo7dy1WOMnwy9YfY4GSZQwJa_CoO9cnojVv9z8WHsAqSaUEybB1SYrkm2_R3ejKiL7mph9DLXXJOLBnvhNENWblRIn9vV5FunddGXuQP9hFMBk5cZohbqf_lTpzMQctwzf1KL7dT8TO5hiv6see3dFSZ7w4TI-zoAt6HirjWlwaYoaXaCu5q-ygPfY9ylBQlj7vR-waYewzh7t2QpB1LayhguEiyJAWxHUtwQKBAtS7aMLaZFXWZXCEqeqpfN3s1ZlEAUhTzrTPFek6Z4QH-TIjWyrjh1rlP-vx07NCHB_yPO0I%26adurl%3D&documentReferer=https%3A%2F%2Fye-mek.net%2F&ancestorOrigins=https%3A%2F%2Fye-mek.net%2Chttps%3A%2F%2Fpcloak.blob.core.windows.net&random=5528586753483&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 0
Content-Type: application/javascript; charset=utf-8
Date: Wed, 28 Jun 2023 21:48:32 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40028
X-IPLB-Request-ID: 50FF0ACA:C920_91EFC182:01BB_649CAAB0_535D901:1ECFB

GET
H2 200 / Show response
adv.office-partner.de/ Frame 3DD1 930 B
931 B 76ms
7ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=a5e1aaff91&subid=&uid=bfc4e159d1959003&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxK1MrqqcZJzpO5DwgAeey5ioCablvaBprZWcp8kP8C4QASDAsoJrYJWCgICYB8gBCakCC94UsJJQsj6oAwHIA5sEqgTdAU_QAKojiTF8yRmoa6t4Z0vIas-Mpaih26HMyCnu2gCxXCdJ2Xy_Eg67jTEr79GEvJR4ICSVbjoKrRdLTkbtHNV2t5VhVRNTmQlPGUw7zumXhMwvz8UewYVMvc2qXclraLY2zKpyruLV7OiCBASdEcb2JzLYH-zkMb-566sgUr03HPB4UZ2Ucbh1470BLzZ1G-XZEaxwWxjLVncI0_mJsAc-pzMFFIoEbgpMdeEN8o0qmJBErMopaUdWg-GSP3FroIP97KueJRKvxeyRP5Mt7uqjFy4hsuTwiVXF0djkwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgOYCwHICwGADAGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiDnhtTem870tkP4aWMhKZ6Kz1GaEeUhZqzuy75x42W6ikvyDHIKj94Znfx8fx7qRDByfM84dZGQYSNYs0wfjhtyTCyac2NOBdk2Cg6mOICtMEiygSp93HmAVnlxAO_aHajXbmJNRPVQtkYAQ%26sig%3DAOD64_2SNew2PrmJaGRVzg8ZUshw-dui1Q%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-D2XubXqDwEhIyIUaMyZAouXpYyiL9q99hXqnDIgCF9H4VCcRA-5N5JMCpNglUZaIziylD9NX7H4E2ixJTdr5yf3pNXXw4XtcQwGF5IXpvOZzBX6jRboKeu_AQ34f9ju3WzNjzDZBeuS2Z5SfbmiNdH0_qWvC3rA0kznom7VDbiy4e8heU%26cry%3D1%26dbm_d%3DAKAmf-AWwawG-9wC_LO170WsboIN3sBjwIAxYBdnpiKNT86vxG0lcsUAiqtORFeS3gcdswx0zi5TM4cXhK8kH413Hnk4YUlsBz6zqsAgTBbMaG19RbIFdmGPeWW0nztMSa2qXpfVEY28Bo21_1jYTfTp87PekUIEYn8Oj68-TCpznxYAWY56pV--yBXci5QvOZP7TQiyXRixUU5TeinLfi7nbWDQbAS98MmC4SgoxVeGTENseqluJMGhVliRYohf5rgz_RV9Qo7dy1WOMnwy9YfY4GSZQwJa_CoO9cnojVv9z8WHsAqSaUEybB1SYrkm2_R3ejKiL7mph9DLXXJOLBnvhNENWblRIn9vV5FunddGXuQP9hFMBk5cZohbqf_lTpzMQctwzf1KL7dT8TO5hiv6see3dFSZ7w4TI-zoAt6HirjWlwaYoaXaCu5q-ygPfY9ylBQlj7vR-waYewzh7t2QpB1LayhguEiyJAWxHUtwQKBAtS7aMLaZFXWZXCEqeqpfN3s1ZlEAUhTzrTPFek6Z4QH-TIjWyrjh1rlP-vx07NCHB_yPO0I%26adurl%3D&documentReferer=https%3A%2F%2Fye-mek.net%2F&ancestorOrigins=https%3A%2F%2Fye-mek.net%2Chttps%3A%2F%2Fpcloak.blob.core.windows.net&random=5528586753483&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Wed, 28 Jun 2023 21:48:32 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Wed, 05 Jul 2023 21:48:32 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2

200

htlp Show response
futalis.de/ Frame E005
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=35277400156373704444554012369028&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2829290701

350 B
401 B

70ms
16ms

Document
text/html

49.12.16.151
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2829290701
Requested by: Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=a5e1aaff91&subid=&uid=bfc4e159d1959003&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxK1MrqqcZJzpO5DwgAeey5ioCablvaBprZWcp8kP8C4QASDAsoJrYJWCgICYB8gBCakCC94UsJJQsj6oAwHIA5sEqgTdAU_QAKojiTF8yRmoa6t4Z0vIas-Mpaih26HMyCnu2gCxXCdJ2Xy_Eg67jTEr79GEvJR4ICSVbjoKrRdLTkbtHNV2t5VhVRNTmQlPGUw7zumXhMwvz8UewYVMvc2qXclraLY2zKpyruLV7OiCBASdEcb2JzLYH-zkMb-566sgUr03HPB4UZ2Ucbh1470BLzZ1G-XZEaxwWxjLVncI0_mJsAc-pzMFFIoEbgpMdeEN8o0qmJBErMopaUdWg-GSP3FroIP97KueJRKvxeyRP5Mt7uqjFy4hsuTwiVXF0djkwATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgOYCwHICwGADAGwE8yc2RLQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSbQBygQiDnhtTem870tkP4aWMhKZ6Kz1GaEeUhZqzuy75x42W6ikvyDHIKj94Znfx8fx7qRDByfM84dZGQYSNYs0wfjhtyTCyac2NOBdk2Cg6mOICtMEiygSp93HmAVnlxAO_aHajXbmJNRPVQtkYAQ%26sig%3DAOD64_2SNew2PrmJaGRVzg8ZUshw-dui1Q%26client%3Dca-pub-7983651257838282%26dbm_c%3DAKAmf-D2XubXqDwEhIyIUaMyZAouXpYyiL9q99hXqnDIgCF9H4VCcRA-5N5JMCpNglUZaIziylD9NX7H4E2ixJTdr5yf3pNXXw4XtcQwGF5IXpvOZzBX6jRboKeu_AQ34f9ju3WzNjzDZBeuS2Z5SfbmiNdH0_qWvC3rA0kznom7VDbiy4e8heU%26cry%3D1%26dbm_d%3DAKAmf-AWwawG-9wC_LO170WsboIN3sBjwIAxYBdnpiKNT86vxG0lcsUAiqtORFeS3gcdswx0zi5TM4cXhK8kH413Hnk4YUlsBz6zqsAgTBbMaG19RbIFdmGPeWW0nztMSa2qXpfVEY28Bo21_1jYTfTp87PekUIEYn8Oj68-TCpznxYAWY56pV--yBXci5QvOZP7TQiyXRixUU5TeinLfi7nbWDQbAS98MmC4SgoxVeGTENseqluJMGhVliRYohf5rgz_RV9Qo7dy1WOMnwy9YfY4GSZQwJa_CoO9cnojVv9z8WHsAqSaUEybB1SYrkm2_R3ejKiL7mph9DLXXJOLBnvhNENWblRIn9vV5FunddGXuQP9hFMBk5cZohbqf_lTpzMQctwzf1KL7dT8TO5hiv6see3dFSZ7w4TI-zoAt6HirjWlwaYoaXaCu5q-ygPfY9ylBQlj7vR-waYewzh7t2QpB1LayhguEiyJAWxHUtwQKBAtS7aMLaZFXWZXCEqeqpfN3s1ZlEAUhTzrTPFek6Z4QH-TIjWyrjh1rlP-vx07NCHB_yPO0I%26adurl%3D&documentReferer=https%3A%2F%2Fye-mek.net%2F&ancestorOrigins=https%3A%2F%2Fye-mek.net%2Chttps%3A%2F%2Fpcloak.blob.core.windows.net&random=5528586753483&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 49.12.16.151 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lb-1.futalis.de
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

content-length: 0
content-type: text/html; charset=utf-8
date: Wed, 28 Jun 2023 21:48:32 GMT
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2829290701
p3p: policyref="https://www.retailads.net/w3c/p3p.xml",CP="NOI CUR OUR STP"
server: Apache
xphp81: true

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame 2418 0
366 B 148ms
81ms Script
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=35277400156373704444554012369028&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:48:32 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: 50FF0ACA:C924_91EFC182:01BB_649CAAB0_5361DE4:1ECFC
X-IPLB-Instance: 40028
Content-Type: application/javascript; charset=utf-8
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75
pv.medialead.de/trck/eview/ Frame 2418 43 B
382 B 156ms
88ms Image
image/gif 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e58733936cdd965d03e75?subid=35277400156373704444554012369028&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:48:32 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: 50FF0ACA:C922_91EFC182:01BB_649CAAB0_52D90C9:25BCF
X-IPLB-Instance: 40027
Content-Type: image/gif
Keep-Alive: timeout=20
Content-Length: 43
Proxy-Host: pv.medialead.de

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 9508 143 B
166 B 18ms
12ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1920
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:16:32 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 8B27 42 B
63 B 42ms
41ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D_-WHA3-dQ_WF6uD5K_BwC2b8_R0HrouVFW6XDND_5epqg-TzZlkEAND0WVsmcfgud6CkbEo9zEi5RfXfdKyhaT_mcfQhTko6YCidCQMwnRpZeg-CwK7sNxupimO2gXOCpwx-JgE5zzm6QJmS8RPQVReAPfg&dbm_d=AKAmf-CtTFtMO3eGL9VqarNSIeQ7xHcSpUiZjygT4pej1gZq198Sg1-CjMtkt3GO7ndXheBOOOYNmZa4AbpieDQ-pbGkegn_gG70PoAVGmg-xAoRqHiZiJr6bwnomB_7NRiOUYehpxtRBjAWklvwzzwLEjqK81rJEqDCh_pPdZIf1HSDE6jSmmP1jvaDjz2sQ9lvKk6JmNb0dWouhqNxzd4XsmS2SqOIdHuzQrpPm8XSR_o2DF_tRrx3WoQrsA9Lry06xCyokOaFNunXrZmw8wAJlaUpPN-_Y0UoiLsGnuaXHbyROCOp-iTKTkIv7HCaDDVwLfswTIv-pOT-b6toJDpq6yq1nxbWTHXpA1_iQQISxoQbZel1jaHbJMuhUSD2ZFMw6O8DGtxI4XyFRO26IvwqaO6hMc3iLzH7kUSW0hdiyed1_NJzHQci1BPMi-o7fTjOW0suhPWLvpEOBKGUvBODDzFJ8FMCCSegdYvKVh6NqsBbhDf6rjMmSE6LKACGsP6UmXxcRxgWGyp1Ks4-hFIDkk8X_NnBO29VLL1YeTgFr_O5TiJ5ydhTZ7MxmSk2efyGubhOLdli0rShClFfXudWTQszrCU0DuLalRXoA7L5v381OWqbUXesjs6R12jKwyFfu36pv3JMnQBm5ckk2zjhSZka6-Obknl0MwnS3k91SbAfSNm7_0uQXO1nmHOYwcOIP5ovxpHWgUR8CFfzzn2fUSfNwhYxQVGFjwOKto-3U1GWxtGxCIJ8UToX4Lf1kG7gnGR6cKyPRoNGOMMSNh6AKKjAjzekSbcm3FSMc0uPKP3pBzUyTEQIzlCUpIxY7i7VRGUsFdilSVTE8G1UOZd1zKuFLMGiYcH5S1PcbegtNgDbaJ44yfti0lEdASP316s32xbeGGzaFoSFCh2seXVcbXUSriWXp2P7vD6sQ3eCHY6gx76q-TE7s6gNe5BfaszvSOOJL2wqkBlatx8EuZT5vgK1DCuWeE_T-dT1PrdhvarbksD6F_SwbXnkvN0MwFm3ZnSPjNg2DM04bKquTrv7bxl3y1ZfTIlnC0cRXsFCorGnw4njGejHfJqOpKVid6d--pDfHMJUtl5_2rSvDJG8jgkisBDO0gQyy3lUcx97L00HUl4nm3cPdIybtRKZqRd34sJ2237LOxQjw_-TmrVjesKHTyWyXmFMFFDzwqYyhWzyiYLhLLl6mGMVaw_Ug_hqy5uh2AxAlvejyn_tqJ9dnW5oQfXAbxYwoGSW31ApXWx14rMCqhTRTnZ_EQH-dQH2z4-ZzqQFmWQZ1TRAUMHnwWM0VEusqyUJxjgNpRPh7c15aFiWkbaIuz961VfdbrvRCK6jo9W_LCYB7_Tkt0v91dvap33cuB8U7x9G4Y8TGuFmdXN2LVsXdwVBmVM7dhOu8YmCzHzxYw32wXnIVNTBEU0Z_3M4R_UiXu0vpk-PHYNPF6bBCy7-7iSW4UaigTfGUAcwvktWw0sJEn-IBUpTlHlfzhdlPHSVCHvfthgqFN19-1K3ZC_g1fNO3HdHisxxNJipJ1VKkW2EyVtzrpiKHcbYMDg8K6sXqV4K9Z73g71s4Kc-l0-KNO2b43-h2sC-Ti5NDU-rYbvNCoW433FKQqhQekMquJM1ZqURrYLq6k0yGf11WA9MbbjIsm-GA03NZtBHGba0R8DnwRCl0G4FaULJCk9SA7zbbywxR86fRi5LtCdvCwgMdqCsj1CfxmS2DjtIYltXml2HoK70Ty9vibVBoN6W0VOR-JVNjAGiyQWOpWdIhu86g20Ej8rCHEU4tr6KR7TwnvMITT0mr9Z6x3_66aMDFecXZf1EBkMaq5Z_PvqAHl_ugMdC_si715Jo9_eqvWQvVwrM3aiJ12ZyFaOOwcQEfIEUBEVlwSyV-LjRMVjrGu90ACrTXiPjGcPZEM8j8QXfMO5-eL2NE-gOdZpxsOpSwYJCvWNwzL2fk3THQLz8mTi3v7PwoF9s5WXc-V5yUt4Bn1jlYJSDrShtV6OMdFJ70XGiQUWFhzvejK1Q8nVgwk8vjoJxqokdzM2WIBry3JAbYZHlj42Dw56T_DzyYag34LozraaWcjNRqa0dp8DrzOIJDje0hyTM5Q52I06ZHntYbqQVNAXk9OYMEBhJ8gpPl_uUcp0GevFpFYvS-guqVrZDEpXUzJh8MkX_elPZjAhkfwhEVNb5070kptFjG1eOJB65uv2E-bF_aAPAxhNeiwLPlcasV25YSYq3ghf6aG1CYRQB1k53J_JMx7QWg_Tt_r0eyL_pA6JbM0MNPB1PcO_DSMX7DoPwiDBwihdAHp6K6kLiNFNEkgn6jVr4SYFuvqe_ovw8sBwlZ7H4SC9IxbavQaO-hyvLHqV3tdIFPxC6DBgEkxnK3VvUhMoJHgSvBZbL0AbNsT27sgeOtxuni9c6C6ahCuN5Y3PKSdiwcQuexkTEmrc2zdULJQWoZbv3y_XKrqF2ZcRKwc9gZX7P2-Si4eTH2X2SWJ4E_9xwbsJD8ag9g-Q5iAml5-OLf4OqVUPF_yyHyto6KAiAsP_nilixDaEBuLk98hrC8n-FtfQOBIVDaO-mAffinUWK5GU84hA7oSDuMpFWCDzav0cVbJFcQkiswW9K0ZKHT8AqqbXU3O4rtGy3N6u3RyDtbDAyJPj8wI0g0zBcV5Z9EWIeoU8qslbs1XeQiw-9zcsJfQ2kgJPwi_CyOwrdPr26wPscXAec6wNOPmdhzu0A6Z1FqtfM0hfjsSa4QMN6xcCwH19E1MECf-TUJ9q1fFIjSs_KoHRTgDahMraR3W48yBGhD03dPAjzHWkEnQ9RP5zoO-S15s2BXjfHnJg-FFb9su4b-x2nmUOV1dFwooo7RmXjEjM_XrHXHQIvyyHduWRQFUbn-I-Ya0RudwHjW4fiWOERBY1E2ZRrQsIsDwLgHE0rNt8aWY9SRisJLmi2nmvdFzxx97rAhOkwGVGjJkD6PNzAStMK9QekQymQlhKvo6lK-tgbwyl69dhbHxaddEPn8w-dkTQdwripHjQ3wuv-mo3ds4prRl13DgkxG09khwfyZ-aS6VTMZQ9qsabEKSc-2b3AIVMOLxoqbMG-mj5BiDWCGE0Mi_YhVl8tNIWxx4oveGaeHRiWzXcpVhKPf2PO51R_Ab7KE74gaT4hr7UGNbhNTAOLVwFe9chudvDPxy91O5M6gtgOPR_NXgEMfYQayJnhYv6HVVAXNbP6tqMrQIQshI6p56vLADA7WxvbwJnmF48bvEY8YPEzD3o1rFyyU1k0lD-6l_5pJYkQtfeCuLOg0s-s8F4oURRWLVb60Ljw3zoUBSW9Ls_KroiNJ1i6qitvQMVJrTz6DDFNn_kxZUK17pQjc3N29IAd2L3P9yXiY-TIKS_QIrOKzf4ppB1UvqnZH_dcyYRjb5jALcPrzL14ymj1JDBc08V9fTcBNH7dOBOd8CrKxijQheDwlWIKNzTtrJTdtfkJktK9kXkUrrA9rqiR0wzs-tyYLP-JH9jqMVyNHh_U13ilpTNybbal2SekmHeM3I8Qg_B6JK-qZd-GNA&cid=CAQSOwBygQiDnEp_oR7lKbPI3CMH-cOemHW-mUwEAe_lhkkvN2Ib0COPXqjx2Bwy_ZuU3G2RIdvfCWiWXiPEGAE&dc_exteid=31137899449084494733449548911802026&dc_pubid=4

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8B27 0
0 56ms
56ms Fetch
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cl3aSr6qcZJjWCtb4gQfV-ITACNqxuf5wlO_CufkRjqq9n9k8EAEgwLKCa2CVgoCAmAegAdOp3fkCyAEGqQIJNcHoA06yPqgDAaoE3wFP0DzcdmC_SENJinFtrRaD5_SODUeN1eZiobmJZTAYlaOoFL3IOh4y0I47JbiCPZUMOYVQHssNmn92pM4NIUGJGov-Y8LcDX4Z9syPQfj3OLSn9c7Gc3SnJueOK22hacBIS6XKFjriluzvPqu4g5lQaqjlw14_hGzDKwME2pTQH9wCtpBNqTXhqWpOOae8hg07nBDjREe4IVB81k_gEYuYdENlQQso4u0B7byNmomWaMSsMlkzb6tpaBBR0of2CJewM_zK6No2MTEsbNMfenkKn4C6IVhqBRu8iTbz1erlwASUm4P-wQTgBAOIBfjZ17lLkgUGCAMQAhgBkgUGCBsQAhgBkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAY3gAeV1qKGAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcKEIzOBRil9e_sAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTcyNzU1Mjg0NTMxNjIzMDmACgPICwGiDAgqBgoEw7CxArAT0svjE8gTl7qF4wPQEwDYEw2IFATYFAHQFQGAFwGyFx4KHAgAEhRwdWItNjU5MzUyMzIxMDAxMDE1NBjqwW0&sigh=lGOWuRgVBsU&uach_m=[UACH]&cid=CAQSOwBygQiDnEp_oR7lKbPI3CMH-cOemHW-mUwEAe_lhkkvN2Ib0COPXqjx2Bwy_ZuU3G2RIdvfCWiWXiPEGAE&template_id=509&vt=10
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame D999 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 573002b2e0cb6276365af2cfdf59646dd17f1ea9362bc1fa6493903d6df6d758

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 ad
googleads.g.doubleclick.net/dbm/ Frame D999 42 B
63 B 41ms
40ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BOMG90unV0SbURWD4-p3LMHey3sjF1FvINMvsYednBx9NX0j9yLLPhqBWykqrxFVPpelUCOq1vU70EqhHL3-R5lohqzAVx8FP8T3K9WNgycnHjFSOvMdioUR0ShCf2_CRyk1mdbjNmEohlW22ZrLLKsoefcA&dbm_d=AKAmf-AhKOqxJfxXguhKuOyVzIlEgxi4rdjyMyFmDuPH4FQiQbSNCkiRrWy4q-aaeuY547xsRseiR-7TXJpkKswdkWKjuiZi34lBf4Ixg61uD8PAJB2by6VJG7cTUBrlOdIfJAyCmnO6-PQM8FuL7ovV0XJ5YCqMwtPLAF8gYPYBi8CFCFXoeOM5xy8R7hdd-JAohANM7-AY-a8sfrqdAV1dk7EK0cYWeKWYS3tVhJtWNt0d0Ez2EQk31PHioem0Ba6oTuaO6p29vZm5JyImK-b9IeFHIU62855FFQ6N1837ieISutjYiR9nybLu9dIckzQyW_otSp8GJQhBigki_pVhTvleivzZJJIM2DkELERQupgx3y-iOUO8sJYD-qWdfyLwQDXabN1p4q_OqoVW6dc-ceGIohgO_126a8TWyil7t5-alZxmXkEqZTmy1e8GtHKELJ-jB4YBxvTGrJFHm8lrfKAI4EWK4UDt1AqZ0NORtI3xSbxr3fXOcVT0N2OIKvK0iDpBdpvY698pxLCgzyBJ3d0HYWqxizKo_AJf-JjNXbQ2ayHvk_aprq5GhZEBnMKJx1_fzyHZ7tpQjQjIIBXaK_Rn_-5S30AEZnV_KfP-dmTAeJVy2DFG33MlqWxHJX9w6asw2y59ZVTV8nsDrgXW7iTb0FGjJfB89AihwCJBK1gp_Ome72Trwi4BzHZ4BvoMCwg9yzqBPeBzrwDkRgHMMGSYy0rIYTcJh8VS-PHzjN05z7tt2tbewaGUo8w-B5-D1Sqqywf7MMCBMF5gXttgdpeuhBvT76bEcMD4rXfkupYmTwg6U6_KxqHim_xorl5iKUAt_UY5agtJyCccV3m9c4G9Q66a80cWRW_VOeSbsw9ymMl3z-i4F8WMWTbAb9hp73ZHJAOHl6Lno3uJmXkYZtNEwSsNFjsVvfiYSqzO2MwMkzmbN6Ukhu0bHy0pFbdeLIARPCoqLVEwmyHUJvG9uwhWUBN3V89HiV5hbc20nGlT5eFFT_K7r8aakhrKw_OYaqZ7bZ6xQsfRzzdOiQtTiT_9OlOdge-szmHRHQpj0Q1FIkYSH-IiWvtS_P2ZJn_7NleXx41-zZjtbTdkS7BfUDn1EK3TQygeCJGq6d_b5Mj42ejAnlNXqkIOc4IX3X-PoHMYWnDSrhK19VNcVHgkeCwI8dyzKAcZ6ALiMPlsOswI0iOl7N_X5Ie3gpJmRC1YGQZHtBSY4ACERRXn_PNoNBgMF5PEwae165H6_wzmirklfUy6PvUUt0rooia9e9CZ4yJaHX24yFMvLDfsA_EZRnZb_UAFIXIGRzvZUU_P-7OMCBcWRpNSXdZVzOhveN7y_8K3UKew_peYeY6sZcAkGZpRz9Hs1BI-RoUJElcJuBJW84mMiU6jhn01AuSIk3G_Rdj5IUz4RMuKcpTcqVMM5DZXiwGxd5XEHV-vf8Cu9zYT0-z-pUwTKl9OK_0QmQLa92m7PH2fdXbyYPO050TMRSsIGcJnHz5j4kR_SJFdr021YaO5OXjeB-jXKtEplkfE2S1ZPkQvsLnbK-vl8qAE-pllXi2dmcyC_WZwFIy-KHgY-RIaPIHZuQz64KaYLm0zkkB_G4HIjtn5oStiHxvAL3CR6bJs8EsknaZ48iVG01PNlTosbaogTc_NJmYSGr-HbULbfp2vmVWqYhSW_ZCrzl5LuAc2Vts4O7F_q03qnvmU_sgnajioLwwU_fyHtCZkCmINHAm_UQ0LBdz5qShfCZJX3c3eGXRAHzSIy3mssDJDLlzQiBmBBkcaAx8jNeZA7PMZ-XMESgtoNIxPxHWXOJjUT12eemcU56Q35eha3_M2koehedtCYIWGw1mbNFNt9pj-g1_SZNA0N3A_4Z01pOCwxVaeaDQHmWsiHdTP1rJFoPxh2FW8dvL95eaR5VNbC2s4CJhBwmmJTe9fgOzGiMxSCfXPmnbjM3OkbM9V4CDkQyEiw8w2oDb5bEoGlhf2GAB3HOh-5wEqDm3aatp3wM4mDtGlG1gfzTiEZNFiMrLCPD6PA0D4AXhI_29l9zWuMvw4z_PWgXjfG4jFHbRhbOI13DcpzPWAyICJTt9LNtSZBsN_FiCYIYpS7Hsqnx5U2g2DQkOnQa7rPEzoRDDXY59RzrgGbgHfPU8niO6vaesY4Us8ycv9OOuMwDW1xHwvwGqgezEsDEv0Iy2u8HUITAeqvYjIt0iCarZ1mt7ZA1rlRaSXfxXjIKf5TrqrS_eK4zBDRROp80LfFr7iYhmPr2cgMSKiE5wk-dwT1FrRL5jeRMrvVqStZhtIUKhsQ4NM3L2rJNoyKttT9biNCGdb55faglKUeKfT8ycWxNooXTbt9sRELye1JaxM4XggxhSZoNdi_pXJ5RUf1V4j06FaHyYXPASRZJQRCWrkrIF98nxJwgyaNsUrKYXIvseVMc6Wy1IdWXegNpDkr1mkSvdnwtsXp2bXtq0Ma9U5xV_3P7ytkTZFjy6_8-oHqB1xcGmWdN23C-dXjjhgI1hqst6bDpeKWGWuk3q_RXQ1cVs3Jvdyn0R7R-rk1liOe3DBu11AVVM3sJ0MpIA4UObw37qVHsrHfKyF34_8_lTzfRYddwAtWmnttHJYld-q8hd1BKDE7tJ2NI9_RBnghUwzHh7_WzNxElL-JyLWc8fOGY-_ST7gNm7BztraTIfoS8dq9daICkSn-lrTJjfwJvq25ZE8MNgAq5X5i9Ldl67IJUPycY2fMXZLXtmVDM1pv4621tQY8N_7y0EPH4HNFhQy6Q9avTO7aTsZLopV1tqjMx1K_CijJO1HL-zDR1EwoxsWqADv3hoXL2NPyu5bOrPKyZ8K6vMUGE-ABidnxyWhBC3j1Wie-VRyrR_YxXipdon7OtPfY2TLYe2qr93pi7YFmLlcKb4NpA0KQ9aqIBv1TO_1yzjNpe7n3uX7qf3UDFEWi7CCVtJJ6klVuUezEFSMKIsmkq-RRbh-I3VDiejDQHSMUWXLLIrKBiRIf6tlIqWa7BhbCGIFLPfFsOhQGiPc2qJut5NJ1Ip2L7onmG--aac2vzuNG8zxLOXzm7xt1aRx0tKM8uuVIxRy7h6Fu0GrN7ccbCXQp2AokMgUJn-eT1ZkGc2b9W6kR2bSPZ_6s0JfhCd1FAGEDsI_MfkNO1vPVqahdfp9h4NbzqP45H_krADkhwa6kmxZIGo_Qgv3T0IRDIPygLMwjs06pNEwM4Fj7-Wcde5uThhIOK1XHoJQ5-YDPy4UXSOJcMEv5e6r_mnUBSSfi3l81rSKonRb4NnN6sR-vhH_cwRUKLgXAp9WGAu5LfeLXzEyJ-8LQJ2ETiLbtHfTfqATpCn9gyADvQkbZGprtwbmKttZSu8N9MbwUi2bEJq1V6M2JQNOuQQZfo944wkBb6wj_HJYQZ_BBa7ymjKZpCjEKg78QF6hz-oBTTjsvJmBQL3WpZRGJFLOvA1_A8CTnlW_feBGmbnF_rqbeS_Pn8btZEPsmf0a7nedUEF1tJ9q5jEZ_CZx4hhbciu7qMu73GHj6Fd9ZKKIOi7KCphipy1JFOKSRvZ-GiWCTTp9wJDfy5SuZd3Qo5qBAvQU28J0ptoYCtYH&cid=CAQSbQBygQiDt4_Mrr5xg1UEu3VrcCA_WTChccG6xWDhUh-qo2ff69uiGtbiixJo3P8YO7fZjbWA7PzRTco6dPTgFk5tchg3FkDq0Zd_FT7YfczzzwdcwPZjt1KLzXS44WtYvgp_YJJsqg4i0-tqKb8YAQ&dc_exteid=31137899448172616833654723522923206&dc_pubid=4&cbvp=2

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D999 0
0 51ms
50ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CTnLjr6qcZJr1C5CH7gPF_KqAB9qxuf5wlO_CufkRjqq9n9k8EAEgwLKCa2CV0rSCwAegAdOp3fkCyAEGqQIJNcHoA06yPqgDAaoE3QFP0OEquhQZpsAdccNiwPZblDfTM3v6Paz2t06UU8hkp85WpdrMRq3z9Nn2QHX_A6xUhvvv2_64JHQOPmYeiZ_YXAYkmxK-BX6MQclN8W8xcGrytI3LmnJ7joDbSpJ6EDhb3Sidju1ymySa9SlBwbfvH7UoM6Vx4QM2a0ku5TiPGNPt8IFYPlbKfxR4r-lwaTvMVU6E58HTynoI6M_Jb09PboE86tVdSz2MMlKy819boLWsAUICznlTr4hqWGho8dXk3cCdQ6dAxvm8_kbvbHlCoznmT4CnrtV_M-zjWcAElJuD_sEE4AQDiAX42de5S5IFBggDEAIYAZIFBggbEAIYAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGN4AHldaihgGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHChDywgYYpfXv7AHSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03Mjc1NTI4NDUzMTYyMzA5gAoDyAsBsBPSy-MTyBOXuoXjA9ATANgTDYgUBNgUAdAVAYAXAbIXHgocCAASFHB1Yi02NTkzNTIzMjEwMDEwMTU0GOrBbQ&sigh=PrDQUajV-_8&uach_m=[UACH]&cid=CAQSbQBygQiDt4_Mrr5xg1UEu3VrcCA_WTChccG6xWDhUh-qo2ff69uiGtbiixJo3P8YO7fZjbWA7PzRTco6dPTgFk5tchg3FkDq0Zd_FT7YfczzzwdcwPZjt1KLzXS44WtYvgp_YJJsqg4i0-tqKb8YAQ&template_id=509&vt=10&cbvp=2&vis=1
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame B9FF 172 KB
60 KB 44ms
14ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Origin: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/ Frame B9FF 11 KB
4 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C6FvdYn27hknDFkQ0Kp7qoziBnoJEwMgZYvW7Li2jPfMx9RlqGURttAbTH1nNIUNvY8CmVtQQxuH5TUqRU9zXrUDBcjFwGNBmzZJea2stWwcOV4Vo&cry=1&dbm_d=AKAmf-DLTTspNfXjfTYA5yruikKpphYqwBqBvgGsIXvMvf3BBkciye2DlxQ2lCm4U5n9YVRv8AQdDT7jEOKJzMwJw8PEtBpQnssXotlUmN7Qjy3wx1w7cVWRSHF9231_ftcpcgYLzca3_h1PqbZySofN1kRauziQPWWgMMaufFF2B-63hqvUcFtrW6sPFDEhdEB5b0emCBgxOrQRI4Ied3gb1xw2p1qWsQF3AD6Tr1gKi54qEDD2SH0HdxG5snJkTsiUHNlPNm_1F4hVzPGYTBoThXW0f8eZZii8qyNdnm1sAuTLj1IqwyJ8ubwnfzDwTtn4XRowXOF08ifmbAX6LlBZPWwFyXPFcUbmPyf1NZ2NLjI6ND7h8AhZMX39oA_6FD_EPcnmxloqPKIW9a_uAcneRTCOX2-rkkPnqcPTBuvHHNEiHz452qYcNEyzys4vpz8Y5bM_vJmfgWwe3cwsq8v47OqpQW2Uvggy2ba1yJZCnbdAg7eZOn_iUy2kiQ3qFhLD_sZkFwjgCKk5VHtR7hN1jY62Yh1-Aao5vn0Etm8IZA-TxVvr2rBCSTgOJ-OcryisDXCyEUY3VKZ1bSZRyjoOMOKtZkMxVftXIL1Vcbo3-PHU-1UzBvzBZUx0_IX_W4j7lSvHaFDNsMZTCLgRud6ol_rw1d4Pv_q8EYbNPuoj_oYzGowv2GV5jXU3tIJngRAEDWgqWi4c4FAPA702ix1p6VEDkkrpI7vYygcB9F1X8aryYnvM0QK_sTwTMxNIKT_COdwVPChf6pO-Zf7iBUDF7Nh4wyxHXYMKmAHkPy65Tn7qiMEea2MkvIFXAUPDQotJweHwqz0fNwhzQmRw8oiZtGQ69gRYPVZOOg6lpGrNuLjCMBMkVHRWbSevWAzDavxCFjqEMlo-95OcjipVRR8GZfA13uK2u-u-zkYJ7kn1CxqnS4uBDYEm7V1s1arHpK_ChwWtlA61-x_OtozoIfCEFRObOHs3bW7jATwyL8Xl-4vjNuhLa9eZNoaTUjXn5Q93ulWBP9Lntf94kwvLWrX8Ba8oVG7oK4NTptrOM7EesHQy7Evpo5afBzE49GWFFt1Y3E4rpxU8W1ksxg2qwGZ0cUUFBr6cv6sIXw-Uv2hGNHoQThbbQzZjigAXPBFaynFiPDma93ujURSVTGYulPDlhcvbrAF_O6QQFpL2LeAaqHb88P6uwBs3SfXQoauFQN-n5u5wpXfxLVFWtgdl9QCEHvw5satSNrZ26-EP0FGuXxgCd_PutQ3Uz3oBgKYHrBRGFcMxGFedZGx3vn-fH5huOTOMQzE2SMj2RCO87C5k6t0MT8mCr1dpOPJ1r8P5X7YrJEfmlgDVv8TX-wIB1_ZluW-jH9ZlBx-sKJ-oz4x_EoFcsmLViYca1Wpb5Ba8-Av7lGLMuFj-2g0MS0Q7Jk-WXPbkLEo_Dngx1AwEeB8oTfpVFswj0nZ7X_7J3hV6JBU_qFH_DQ-EhCXqrASvR68xzElmdpRbh6XDkX0V1nHquVq0QycgWN-TpmdQYAFE5PdPJMQGIdQVDTwaC2qMDnf8t7mxJTxzOpWjLT3yclccOtgGA5LQoIM064wWOD4YSp-YdRe_9D9Jdi6pPS7-znCVnEsuZ5C85c8C72azoqO6FGaLwvU06IAwlFXE7pOw3lwBrQeqAYivuxsBfJ0IUEWYXFvpK_iTiKZlQaufRuZzy7sqBI_kiv-70agvJZM3BNsooG1YkAeEZARmEZ_FAdGy3Q91vncfQSxHAylA5eMmo0basaqnpCxEkWYrgMzWv7XeDf7pAUxUCQ_qtUX8eZUrsQp6tR1vgv7CQVxRfTjUjNoWtSvHh9NuL6k7FGChgAu1oGrUGHNy6Sy0EnvgCIPbelvnog3PsLxffSzMzGpS9letQohwbF1f0hVNgkn9DC8oAWxorKZyWfYON5VpdeoDdFct-8U71S3j0V_WS-XrWTEQVXSn3HEfM8tXlmLGeiRoOj_AhgxNHAtPJ6nJRUkX_7zKLlXX0FzvjHdm7K8u5XCFqfrkkOjMDuJW0cej00G_TjDjV75qlyMQ-8WZ-xzRVjgdRPELfq4GlQIBP4IX31TaDRisI6Mq1lmNieODGIzssUf6CJBrlmkM0IQ3wsXjk7QUUvnKH8DIl-xJ_LXtYGSmgqfUQcBl4PMkg5ZecvV0cDXfvlN6f5gPkAHcsvZAJ3A6RzNv4lY1ehPBEzoP_jggVv_71zTDHnjld3mwyqnB2M213gWP1imtJE4AOyxej1C6JIGIcMoUWvN_GkYWJLnqg6X6Qg6voYY0dueRW8K1ShTF261yt-ZBPl7dwarQIErl-fgxqxM5vM4T4GWtsbqI7iyGs9beTM8BNwoMEuPg18DORJY1DtP30z0HmpxbuTXXsI1sjcascg-twbl1b9cXvYaUV-s4orgdmlblQcRG6WzHttQf2I48cpbqPeXafHLUuv-AvEhV56oIvXHmI71vDBiI0gXNmCHN62qL8HVdL0f3_-Q_mFwDOVnGU8jLxGAACXcUJS4EQ0oxGOhBMPdIB4Lw-zP-tkJdQu4mj4ual04csV-rHQ3K0ptqb_syXdXvwivqB6Bxy0vdKhaSnHVSR4gCxWoknUtffdZ2brIdKNkiN0pnuCB5PSsaU2Mz_noqcgt03IndM1VRVXRuJIzL9TGFuhwd8qCSV2z01ysxr2o1cmo620Y3nnfFL74_es0OfKYb4iS2YbnCqoWRnssP0FJhlN52Ymyu84amUP5PhsSh13l6ggkRTfRfi_W5cgrz9nlw1hmp7aIWVKuE42DXhx3clJvwMuXJ_651_Ph4GJ5Dd5PwOrLjn6Fa6hgPKEGJiT8rRvFVcjWrw2xdLSZ644IfiElDrgQg10sz_VVHk6OiubGX03TqZcGVi1BXFW_ziJ1LC9kdaFT7qOl3YWgZu2Sx3kBy07MbNEMXP7w6_arB__x216hFqZBTo-XPuvQ1MaVFmrrxy5oCeMBukd-RqewipewhJ510Q70is1d-hPinO9v-SqNgU7DUDnRu3E3CT2MhZH98wyT2OwPTBiKi6bnDdSHNgfS8upI56mLIsFTkYZb2MM1MoAAZ_77StG7tdIm0RDjHi40GLBEOno3raSKuTKA6Qx7_pcT2eg5PLEmKIuh610cR93mVMO7NLH4mM_3S42n_OXkTjdTaaAyKnJuF4fVIR_GApYZ61L3bSXEPYG0yO-pwT597t7h0mBeQBgcmfz36wkAsJcvK6hs3oHopN-ZkKjxgimGlACtE2lAZbOg1KR-yYKlS-n49XoVFaXW9DeeHVAUHY8aZE3IHbXI37Oqxvi1hhBZ0iSXWIDgvjSk8KHfOVInZzekFXKnj2ThJi7HH-UhkdsZKsGW4vniiwnWAjfj3gqFhB5ZxB8BZ0mXA_pbZH4xJ05Kp5s6tW6jR4rmq3mZhrzQAR_aq3Jy9OzMVvAr5ric5OyeblNxqkJDF4iT_1pa-lEomQwofxeIsIDSmnwpCrbg2xbHilsFvaORr9Z8qojL2__kg1xoywJKw1vvUwI493MkHuTDbvaIwTRwBhGrwSGeVqCvB98XsYaf1setxIKi37eZyQsSw-FPzCBPZavRDl06YrZVHHlXR4S5-3ueYy-F5YhnV6CXfukvu6XkOyF-x9Nf-PMA22gUaL8eBeJ_hqRt6LbMVQ4dYGSWHwBepO103cEYtFL4X1qYajb847GFJhDl8Fs689X-g&cid=CAQSOwBygQiDaBfdvQIg5F1NClBYxRkAoh0C8eoGZtlcQT2z_bQxqhlVjAn4tgIbczV4RohAhsmiGNj3nnq3GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=16142555721972943000&adk=212707235&idt=60&cac=0&dtd=31

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:12:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9358
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:12:34 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame B9FF 30 KB
11 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:10:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16675
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11398
x-xss-protection: 0
server: cafe
etag: 3934322099733601226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 17:10:37 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B9FF 41 KB
13 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 114957
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 22B4 143 B
166 B 24ms
12ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1920
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:16:32 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 999C 1 KB
643 B 23ms
11ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 24250
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 15:04:22 GMT
etag: 48472445140208031
expires: Thu, 29 Jun 2023 15:04:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 6EAA 111 KB
39 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Origin: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 10:17:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41486
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 10:17:06 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/ Frame 6EAA 11 KB
4 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BNvHgt7JkHnJunLFSnOqTUAMxWXtXfxuhcVsBWDqugB5ZAdWLQMoO4cSVtQ4ZOa7PN5ztIr9146Ct8IEr1M4OyauAS-A&cry=1&dbm_d=AKAmf-BIVNZpMCxGccPV6v7JPU_yGMRr04YxJa63kvek0vsaeu79qykwadRap58FZyeswt1ynUliQRpx2bL9XoOfsq1m9g-fWcyHCrTvllB-93QnCYANc5CuFP0_kBT8ty633L-PVmRZ6vYJGaOmE0_rWi9eZj79fbQI_OfjyUQdaIbOg1q4tPMZ4YmQEgFgeLIswWgjOMsjFlf3_5Ix2RY3Sc7_zKHe7YTGmWubd6OymZjubHEOq1UTKgY4HodpmrezdOmKsx8EOVsY9WV3-xhB-UxaYwYmOtGxSC8t7TRO8PZkliAYxzPrByr5ftRJtiwXLJ-d63N-Ufe1DMC7-sRZ4Cwx9SBk4_5z-CWp3cUEBC0-UbpV2rE6w3FJuIRD_xSP16YV2-AgZOlfRFbRauslBnv4b3I6vJRsTFZYGJ01giA-TY53uQQcQLObFEPmJlvrPptWj6T6l-u8M_wO_FKYiF3TOfagFfYSmJlYHKnUrUSSv9t7d2Ji7QvmNH9Mgu4l_ONxEALbZPI3445XZfmI3zMehefvrSDmkqlHuQmNi54SC957vETfANGoWeNvZ0iDAsErdGRyOpK6MKudURtr64rcfNV2a3AAdS-YE8yxrkbl4xc7LdYLOKND8bprCoEsAkncxYmynXB1bZ185nr9LzNkh35-VVMSmjaHifTxd3Ldadwa37hg1fVzRo04aGCdit2xJJX5g8yw3X7l4w659GL2iXRK1xzOsxVSa_vAtYjidMK8x8vfwkCsQG3lv0obB8yiQsGBS-GkLHoChojowMoLai8W3pdAk_4c87KxIBljwLtgWk7ntX5PK2SWgiSPW5tio-j1rJc1QCfZpXYW2FK0LX4oF2fj6TX50MWGYPwDADSiVA6VJ0VDw2jCDKnQhdneaxZ5UTE1qknyCPM4-hwOsa319YTAbyiHF9U5FdThQzVqlecVtYlDuI6-S6JE3aXZ71N1y6rnbskfHJ3xcbQbF4Ypu5H5IPUFuaFY0JHNdgTwLnkm83GS0pu_tguBo5zkFdplGD1EFI82pJwWCiNDR7p-RKayH6F9dvyGzsUpAE6C80uGnrrBdOdnISVbdBKlFSlCaZC-aM4hHDCZP6VVUaTqdDQtAevs5dFckN5y-kKZZlTaZWrD9lQ4_14hhvnOV9TLeuKelr_URiED3KKdDWICaPKlD0_U3w7oEce4D29XN1uKEdHLSwQnL0POqOWMplfra7mgpr4iQ_xnfdyWrl8StxCLZ8DtqodHs1g1HIgI9OnAugCVp83nzWVQOt9j6J3KO3Sg3Jy51JMbJrO0Tvy8FqAfeHt8XtKqxOVxW5sg_eb0U7mQVhLPYBFucKjff15YXjsrTJiIKmJl0ax3o3ErcYGMNqrlKu56gjLkdSbCt1KWDVJPSMVdD4MITBFtFQg8-dGiP0nzR8pAOwmOI7CE8LquCJ1n3H7VpGhZ5UaAWLYWhWUTCkyYbB9QquEKAA6qPVxFA82SKRG_rLCMfGPvZfUm-vj-dQthWcqRIcoaRrnnxfp2y9lN7-Cl_j4Y2IcKaOsWBorxhRuaJWX9n1m7tbMz6yzk7nVfGs62mYJDvKA2R_IRyNAF5v1w5IaEebCVcqqPYijW97mi-Y5Bvdb68Ylq94i8sYPMcu0I2PlwzgO-WKOs-OMUpeW0IQOhVOiUclCqCsQ421_QucWEmfszMsuyHmICvMnlyASesPMpL-tJGuknKBsx5l6KeV2F05EfADwf9UUYQYM1ioTtxfSnjLFNHE-aD5kH3CwAdmPL4mOwsJcjEL5yS8idmiuibyR_X2wh5wktnY-pCnV_hDAKWvmzwvOxZ2umFw1wtQ6CxYaUV6OczzWzfz2gwa_G3_GUzZw2csBYu3gjkrqHn9EPyKEV-aTZbmJx2BD6bm2cUCIsrH8jnHK7v9X0eYRhDEQh-jQZQM9-XNYBERRCKJDX__CJPQzRV9T-1jeS6NprQGIk4OBYToW2NkjACkXj5yTT08q5OimfTfdOMXJFmiPK3uZ4CnkAmQ3S9rUTPjFBfPfLQGSmXNdodaTvx_PflD6_GerzzbThbnDx8twbCDO6w-erJ3AWb9eYN9Fb0thqosLjrc9aWFz6yHBo8rw3EiD2v9d9603UQI17EWu7W_vtTfwAIpMXRMZoHHOd6jYFo_T3LEZrDkGTLtb6ff_fB7u2MLAlE9fFO5NrIA6spQ5vfkfodUSdu-OpbsMqEoqH8VMaknwkn6_9OECWiKsIQYAW58HHfo9XQEeuESkptF9iSxISlFhzRl034dITQZqnYcrwbmLn7dX84fmspQ_LqibOPByiX_5yldLMMuQSQAUUsP9ebRnLRH03HC-YVZ6zwFAEpZPXDhlk-HhNIoDAt_7mrjBxG0XRMYFOemE3GN8kVVxrGp4joJjbPvzlO84b4Mh6h5_EYY67gMZlOXOeXXTzkTa9pVH4c9Acy-N8N3nCfGIqqapcZSlG4zBgEENcTQlQ1V8at6dX-UknRe1NHi611x3bNNNxWyNRRvpzC8eqUwruwF35b_08J-UFQj3ivGCCsgnp0ODNJxOb2EYvc8tu7f5B3KGB5XL7Pzl7LYCt3zFIv5zLDClBDS_WLZCV8V1z6Cf8SNwFKlLsrPxUtVw0I23NKxuH3N0UEWZNzGo6_ZuUnDZNv2JOQh8NdKTzh0A5jyZ5FWbbS-KeubYAJdK1-XEjx0wdbPx-khJJAmkFeP-PYUviyyWmJ3PiIvmicR2Zk3xkI6jDI9mpZxE27ldXCNenv7Vq23MzrKSGK6RKqky5C16QElOaeHLoxLkgQPEQ96Q3POoobjYufbPF6_q6PIyqR2--i9MIWG1R-v9Y1Y4LpjSCJ5U2kQWoz_sfNo76bmo08hbjVxYH9Vb7bt1okJJ81PEaUmOMQ8OT373Nw_abOLXyMW-1cymbqDuHR7b3a7lrGsEGghtmqriRL_SNQmOGGK5XUxUAjoe9dJKWZLayJd6rch7hpK4DrMjSDFUofzAfp-YkN7McM3KA8GEoIkZSGF-L6oQKxw5WrQ3uC-mzRTgtz5louMAAlBwsEwMJgnq_vhKxDhMfjRZDpCUu7p7eyHnOWTHODbQ65MbJ_TZbKVBg8rs7qoX6IPTf4t4l4WBXTJxTb9kxFGdQM6MEA1KBczurXl5x6sLQlcWGTAmJar624xGuJxnBXKHcKnyfklYuJdgKiF-QQpseHBoc19xkYgMhGKuqpXcFu4MWuyzguR3A4b9LX7REbErYJh7OS3B0VTkLEkBffSpGL386vfY3OcXDAd5nzM69Wty9ixyTFjMn3i4_j2EIzERTeNt9tiK7RgfyKOSJ0dlDDxrpCfTlz3jzDTIxsr5DGKDO8-SPiTJS2zDyra_yI3UAGmA7yPwinxess04ENEs5Le_7srtKYAEMOfv9W4zjysckYdkGVYrFrQLT_ic4RmdxokKK1yOLlDDCIe2dlTmb9i-BTyP6_N02OZyL044YRR6-koT6vdb0C34IniC9yGDaHP3ncw-bmzrVgNzVfUOxwmvECMu2VEEeaOHQXvIegdeHuTtblzXbOwXuEoeyIQeIjxWV-HPBHsuW2y2m7LquYqxTd_Kni7h_iAxrrQPDa8QY5RO-AHRwsHq_JY78O6ZE2o7x3TY7C_MX-czEqlHspgNhHTI1rB8G0bgX1DoicDSx0JmctQx9BzNbiKoObqXNwnU&cid=CAQSbQBygQiD6uwsiyZSlm4vyfSUag9hxFiGgxZmEevZbM95Pt_0W4NXIVC08GU11oy5xd9tkNrkFAsK6Hstsi1oSP1kOqEtreGCWQz3Ty_7c8p_0fONXnAvXFLo_4c_Msy27T4ITHUUPvj3LkUKwVcYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=8280198177138833000&adk=3563752640&idt=60&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:12:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9358
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:12:34 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame 6EAA 30 KB
11 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:10:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16675
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11398
x-xss-protection: 0
server: cafe
etag: 3934322099733601226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 17:10:37 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6EAA 41 KB
13 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 114957
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
DATA 200
OK truncated
/ Frame 8B27 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 83402b5943f3a56ede2bd0086e491799779a54c5616d203aba74c21d44a8ae14

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame C5D8 172 KB
60 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Origin: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/ Frame C5D8 11 KB
4 KB 53ms
51ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A-1BC1jaAljzeba67JZ2SBHB-SKiK-eNwZ1WjZcTbBIGYXP0QnJTZH0QI6EAreghRfAxhqE6UfHz9P44_Csblfz2b1C_-6z5bvUtBiChj9JKjQo6buQogiah9CCgLAKDLW5QN6iFjNnBbOSYH8kBIPV53IphIcc1T3L5Lv5gfAHih0lAo&dbm_d=AKAmf-BPqyCmniHSp69hS1G3ZJOtcKT_aXOeTDiCZFubEb_m7yv_D-Z9Pxugf19qmCHfo_Qz7absXbNj3_W40YwWFsKUgLrcCxm_WqCfon61QnJL1cWFcUhsjTuKoWpW-V-uTO0LP-5GYb9bAV-osFRuK3vLfnPuKO0AogOmuHiy8hMWj9mi-iJ02chfLZ3BBnq3f6biYAv0k5aifRi3aQ6hMwElxXIxAuxHx7DtIjvPRzadW2tHrBVH5bEshN_idBv4N3ZdkTbd7asoMcRBmTJ9NWhuw_LH_-KF_UKUrllnlS5oDFJptL2qFA0jUd0Sg95y3oEsPTgevzrq2MRr4iqo2L7fcnnrXLrLph2H4xpHwvP-rDA9iBs6DrjduE1KfoWdM7bQ5PzP3nH8ZShDEkJIXziFucHKqZA5qG-7N5NpbPfNq3BLWVeeGcAUZ4wYsorVPnFSLx5-HcvomhjVkrGhRTo4n3J2kuzfAP-FY4xuxkGXJJZwtHqsW-p1d8t-JZLlYpHCMRrpzUJVjw9EHGvUfPraVFTfBkERSLqgoB1KN8_HJf8uLaEVNtCNtd6wPvFf8rCaC5bKmBQLZOvVcEVc7XizLahw5YMSY1X6WGVdcPcsT3goMVGrpwrxsIBF3gYJZkbOacGyPXRUUykYlBD-anWwD48qiEl-2vczID32nTpHRc30jlTpXBsuvv6QQWlbDizM27h34m2aZRwZoe4wzvj12IcvjnWXLImHIf-cXum5syz16L2b7CbGfh2MSx3BsCD6zaNSRShrtmahm5B41jB6vAPgZWk7cMjz0TgBE6WCveD8iQW7h90g2UX-vXerz0Xfqmsn9e-xzBuNMJrk_4jwdlHRAWyfnJ2HYUQC5ZoqNbIl3XnSaxdWZJx5Bo_9LYMwLDzc3tk4H8ViZCtFF8CoLakSayGEcsaLZpL8_vUQpT66N5PUxmPwZl8Ym9WwPqO2j3vnWrqkUyS7WdJBPkxUeDrd3R6Iqowx-dZfZpm_RZsN-V5spsuID1ZIk2jJwBa3eM6LO2meOq5nCDctYpbdxhyUnbqr4HBM9H3vpit2bYsbKBXxfxAN-N6xz_rJ75K2l0eyCIQ1fIh1LPUh1PteKYBprXdRj1TYbOO5IjT2uEME9A1wCeyUapOee9WZyWKuhadyXFy6drbZsWcXmkKrFL_HINUoRpuewG_0LT9LnZoSdyL1C5FovjMjniSwPczCoB3hziaWwXlbboh9Gyme9mEscl2ml4DfAATKP5JuFMKuag2koalLsFsTDE8ye4jnkXEJtKq_j83e444CD_yi7nrOCFZaY6E2X6yoIz2LTaQiozlNvBsWgQk6X6JZ_VZMdYI6aFt8wSBpqczUL1vojqSZ3LvL0ZRZLbjs9B8v6N-jhdpUO9UYBn1tGWtLAQKux76qYxOPvshLG6MjIg1KrcQMSghHEsu8a7oKbeS1t2NBvI64xDT8CCEmWhomv7d_T0VW4Eo_KDAPctgZC9SgBWoS1gGfhDUIpm2BR-jf1we4b6_AoOTgjQD8gAFtBFOAPrWThh32CuPZfuSRZwjh1JlJJeUHgGNwS23gLCyJljXcrxbPrtHju4b4oQIOudWNwArmZSP_7ruXyffP8Ok5YnMVYorXqvArXQbnu1a2VDD50A1PIyRvsbwwWKHFmh5N4QUKvVTNi4X5XKy1HJJ6fGg4gacc25NoxygzQwuPtcxgp-IbeFOIkpUDekCvCounEO5L83V4CMpxf93gPw0tlY_met8Hv-lQvRkFOk6EfDOjDSS8-I_Kv5XUa3pjf98UEOql9zc9Un48EpIdwoN3BF09nTTAIbRTG5gADWydI_ZHnaxjSf2RQXJLaUg_EK_F7YjZFRwjYObM0PfOCKFNhIpHnbNHal4N2LWED94vT_aFHEKfgv9Bbjy2OvmzzSCkwFR2dzMNkRh13BLP6pcNrLyiNxB5xxiBXacvNC41uBGUIvUpCPirnjEJDu_LhzPlYZYtX3MvfOloBkgIx8g8cweuDw8j88D8BzWvJVzfOAWqBAKAWy6-FGq7Ufsvq1RNfL9BKGSpYzIWn_KfIXfqor3kk4X3noK7_wDTIrTRdi_S0SOvxDLGSaPBqboxTaay19R_Rr97OZNdA-uzcuhNARy7_LBtxE_UH0masU8R-GUhACgjAQ83Ua-wQV56s1j6V0UCsEkqnlxmTpT2v33fzrJnQY9YPJhr7jPcwJFgrtoEheRexvKih29B9Hyt11XT8svEAxqX8rzn9Qw2n1bPjlvXQxl2SHpFe2xIkX_YuwUG8ke_JeTVZoIrjSgyUxO-A2FkTyCABECY4pqTDdWl6ocygluSWbVI8Mhlkgf_RYjuEQe8PsLCXM3CEph-9Dt4JwKacRXUYmfiMLEzPB5-cs_lNkbVmPnNazBuETBOiDZvqhxds5IyI3MSqm84NivpsGqy4mBuNaZ7fzuUx-Wx1ad-wbqFs0ECHEomb3tJxdPSwXpjFoNuGkb9vwfD-MYOOvwslTw9JFrO3UDicMHnnqkDyKz7WBEfo0A6SheIPyxdWEZu1vuGzZihjXdEunfDSuZrJIG6E4AnuTg_zzlECa82jBEqeWDQvYmCEOaNOTHUurPfPniTQs5heI-6sMMPNxXd-Xcvmzuwpop48rsDykLGKcFgS8OFb95mMSqTHxoNF-8odjqUWPTOvItbMss8vomaIcTx1DjUcmaYlHsdMEdMGICd9Iy0VEAxgcIyuP7Aya26QVqwZj8z4ig24rdnqNlkdu1uhJ8zGsVI-L1nCJBcGL4smlaau0DcxXi8iJpMvwur1K2KORiYpCJiwqCVm5WV-5Se5aJve82AOIYpZTQkruKU1t4a4J2T__gzjylIYIrS-DG5lgpztz---oBcm_YjdUSSaLz7c0o3GQ_QT-h6hiNt33p-uVTJzNhQ0X9UkA9c3TD3KGVq4IyMZNbYAc4-sXsBIlqJp9-14SySglW_h-CRnkxfoi6zm4W0l8zpQCXAVtxzeaOfs_nYo5AbVnhGZMsQW2CK4RrddDIm2H7axanSPX5hnIQwi60w-oWB10rj3kvhCEpzNFmR62L3xTb2vxqICblUu0tTN27TQ5Oqw2LNQoU3odbqTN-WWDrUB85oRg_5mV_2iNrujzV3-OyYDYeOibLT24Jxf7CwyIprd5CasuIpB33kENLZOEWlyrJifCpW3YvQVXs4PY4lG2GzWUUaPbQdyiddoRm_7dWT6Stve3fwH-yBxQFRuS7bpwoTC892GVi7kSPzA5yBlwqV4jjblIMH7OTgXN4B_NENgbQjmripD16wvlEkIrA5H55SYVTXRBNuxZ-TcZGpux3MQ9c372_BDlu4PRshqwoGyI9aX3_N0m92W__4El4Wx5W6vqM6JMxSqZJNxdNUSyZktDXHr3LCue5PjVgxZiMGfI7YKzqozkvZ4Y3TrziHJP8F-imdP2CSONHGNW1rnJ-Ms6_sy3TZOUOFl-R2jNY2DNqt7zyGAqWnOb5GMOHcEL0&cid=CAQSOwBygQiDmg31be5s0DDRqoTzIHDZkaA2ijC2J-HSmLif-YzRwmsS1kfXzusgvcqq321r9Md6V_uzNAsbGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=5122876243078649000&adk=3587751834&idt=83&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:12:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9358
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:12:34 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame C5D8 30 KB
11 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:10:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16675
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11398
x-xss-protection: 0
server: cafe
etag: 3934322099733601226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 17:10:37 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C5D8 41 KB
13 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 114957
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 276E 172 KB
60 KB 41ms
24ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Origin: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 10:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 10:17:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/ Frame 276E 11 KB
4 KB 43ms
26ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D6JM9RfTKHuxeJYq6VWV7_xpdSCxyE9nLfgO4lSwAriZK6lrN9p2u14cClclW02bpQ7D8xiRS5dy7WT0yRnc8gejRY_-4T3yPFuesdPZQNzoXLq_m109ueuV5YeExBhuzzJVOXPWDB26EoNJb1tGB6Ac4DmRDr4g7smsmNKy4uUi1onzo&dbm_d=AKAmf-BCAf730pFn1rWLwi_wQz-sg6UFk84V-flxr0nSX66rUN4cI2N-kii3AH2zEuOUEA53fo_eMfuj4uOMFqhmWw-8b4J9ZrzSoDxsXxUcidYHDtK6YJLDaSu5bzfHMhfM5hJ58V8H2-RJ9ofQqtvWNmRkXsdqSAxl5NGdjKGKPG297mDCzGJdfXgiUYTE9LccSoyxrxq6kNUn6zQjeX83sFn3yEaCOOtCfwvwNdMAvcegi6fOa0wog0B2vqZVew_IOhdtSC3ecL_tu3xoXGfHvKCR9OeXcN7VbFYPCq0jvgYPJYw4XV6eta6JH3UGiAG6s5lZmGiqtPf5TS4UlHsmb7W5bi1cmg37wNNNBkXJhy9DCA6I6Lt5LnSbqGGX8pmkhaN08_q3NaG9uRQyUfm_cvlciPwecpzXHSojV0kdByKcJWf1xRK_fh9aRIwVpM34zx6ZmUndkBYDUZGBmWFt2-7nTwkDmcrO8ETb30Zg2E4w-qrp_c8NNrYO5172C_YGOron1lXETcOqtnWUk58-49ugv_5lK0sPzDk9w97Hxc3KR62dEQhA1V03qZvUzBzrimotxtsvYp2qilHoNkxj6hwfkIpUZbBaqwMX2kpAcu-pkt03XOekSyj4HjchrNPH4aYc3ZRgczgrWqzJBYOX60EF7Ct5LzEpm1oJ1FQqA3VxYXDuzpKAJB-Tacwx2L9ZKSP04djo9pvbfgcd-PeI6pcFpJgH_oPhj8KPBN4sJhoNKJk6R2eAwg8wg7w5mwtzng9mbAVqTRDhK7WEP_Y2nZ1AJyBwBPtD0oS8C1PKAOTpizlAIEoHclKFmsHvnon3Ocap7e7K7NtK4ycYvNYFtDY2MB8KPQP6RR8Al5G7BbXp6uz0VJewlpeHdAZlMLEqCA7DNh9W0qf_l0BBADx01Pa4YiBwYQMMLwK-iajLBuyycCY47BbA3wt8GmPCjE3KmYc2RyYyVbpAfQxriQuNHmCkRB8u1I6kD6rl2ilpJYGm4_BHFFRkyddelYE4GbavKPNRGg_rV8MuUTic97XzR6Ey8jTRo04s6GTLqFNRM0SImc0yXHyyhQrz_9eJfUOxp49tpfxP7P1-CcIV-Hz2rtxyeNTDrHrWqy48c0l8w67frhg0S-H1oDaa_ie4S8_8e5CF6DTusLYlfd_NeTjcCaETyDSJi43U3Tggzf8UjGpQOyG5ptR0qPYr7iHNYDYeVXBwB3f2vZ2eiiTQcRuHnQ6VmO8WcQSP_n6DDY7byxlbx2cXVdZeczurTlT-86FsiXauvttEN4HiDraSNdWXLDFQ4RPPu0dkk7TqOVC4dQD_C5A1fQbTGTcCiGQVFrLeuxlpwVmQarQ2SUEIFMF0I-0Rb0-4uqU28yuWbK9LpnqgrPGdeWBfumLAc0ez9IpPAYh2-J_L7jRtdGFhPUt7cSYZrkrDogZxIYWjLGkDcfxSMCwj2I7Zq5Poc1T4wzdYZCTj2We4w55lsh3iwjwbAflcA4w7Y1q9p1uKdlRSdDq-Vqs16K4rpOLI9HCXBzk5BIuv45w4i8EfW0Fsyj4XdvXSMf-l7XS99Mx2IGQt6DpGJje7euDw0nyY7ICIfFwiq7nOtuRqFqgfdaPWvItV_7SRe_xCcYIJm9N9GYQ7iXu5J3NOu883Q-0zdB65I-uEJ57G46YgsRjLhw0IEV-Gy7peH9VCmZt80t8m3-Y2e892yxV1I7C3qrI-6ZX0ahl8nCmBzYvb4pca82XPzNWlLWxsczsgDDQytE-pUD4KjCtblTw5I51z5tmsNxpZ7KkQu3KEgqWhHwzwRBM5ve-vZQrvG0oZHJv-qvnh6sgP960CqJ7skHp4GN61PraE7ldbBKLLo0AC2ULNV4c7RdBfWErGBlprMF2jSH-VwZK1dOxbSdC_rwOkGbyxcAPerKm_o2Qj34k4tAa07A0JmrdSCgmNf2dKfVUTobq631TKmKxCIyoVADyW7j32AaEdnNxHIYtAMf9WilJI8Fq52UZJrnZkaTS75vsd5rCAWCepmnnleXjrEJtGB5UVTzYVO4eaW7rmi6BdDlCPcDBT4e06KQt80DMDOguH0FWc3OnmICpMn8kj-WNRYXCDnKV2vckfyxjcDjPqIq07ywwRXd-_AvKRCbBivmD5PlA4duUIpYmCPagTNvypd7iAodyker1nizGU1OVOCni7KGK2J8ki3jcipqk6CM5_1SMJKPXzuFWtk_tCaNKOE9FCQkHlrefXJlNuDF_-D4y3lvQmbNZUXaoTGFePfrYSLzct1Xn55wrGyaroRmlPHletFzo2WSUEi36tvSnmQxNRSPSEv0-OuF-sQmcijU3wSiD5itS03Y7VcrIm44N0zInUtPRBA6XyM34poWGPa2SQNpN-_2_dQ9rl_VehTsCUeWiFxgHNSkcIpnS0VF0lIjXCaEtcJf3wZWunw8tc8O_ArQFoSr2YL2ORabGLaA1EINSVQ6-XwNHeJ2ozf2EiKZ9IxLyK3DCdVm3QsWwvDI3U05CSyxyzA9Oq0JdqeErNrIBQ9rF2kGWShD2h5uxrJNZ57E2o-0OaW_17zjIlx-EhsOsa4j1deiLQnF38UMS_9UoMhUWWGh3VSxPG0eHfEB-HP4SL3SsrndAOMgs0AKQgY_IjyaautTmzzww7E6fIZC7oh2Mgb7k_4tuQsbAYUpBoYnIfy3Ia-Ka0gawubobeqeaa3hYvcPHev9OSpyx6i9kBB7HgK8fwy84a7f06KcN8midNzWfc_DM6wVliZBxhTYpZ4YYa4g7XjQLFgw4N19doWrlo7Do39IVA9njitQnb6-4n6bpu-i1qcXJW5KyymC0mTygE_JNHrHGorzB-QvSmpzGXcrbEM54-8Stj-_nE6pjelAWXXVLDgwFt01P5PR830YxdTjuuR4yAwRu3vMd5OnpyasEjUoY8_Fa4sQKs9BVMAJ8eigBuROGjYJo9L5W0HpY7ANHOpk4mKa46TbNatQ_aaKHRsfomhXp7MoTWgXDm-bvb1vTXZPVELeJfRlsuUdRq0JRGRT8eGbRYCI3TEYWt6HgZn6ktgHov4DM291oTyKJjzA6Fxq5YDUTrLfO3iVnDm-TqR-rnhIflWDgFAwbgGIuyzB4DrReACHcEMYI0m2Jb3BwMHFST59Djaa3ld46MexgMIKSsGR0FLCG9aVFFIcUWrkidYz8AKth7JkVF1P_EGddN3AoMw4ULRLU0ku-tWMQ2AaMRp2yaGxHZSL1ovO5ETSXIK0wmw1A92Ew2AwhqW5976NykSzwqUYponaVxBqbZZr_YkCQd2sqhds1kXRqE8QbI3ySco9ZyTIpNMcmE1m8gAN0-qTb2d_diM-ARlP9rGJDC_vPteRLPooZ6_eU9uDYS3PCNDnmcQnvnVlxSV542js1yIcpnTiUXDKIM-ctyZwdv0uIPVBGQgNwqD5FRddK0nenjbbHq_edF37os93IHEz4lnyKaac6Do9EXJa-XIxqoIEZWFuCraP7IXYXVNS72QWya8oL1yoFCtFWxPhZTJXkEkKeWYQcaXjrTyuAsShzns29R424Ve2hV3y1dR-D9atvrudm_PeBAEDyEwe7KQAY1W1PaXbUtz9n_LNqfhBSjyABtlqfzLGeCQ6DUaZYn2tF22XajdUzeGwByWtRCTN-0&cid=CAQSOwBygQiD37I8iCvlVD5wswepI9oErvoH130gJinabwWK2w9PPuYwt1X1MbUoclRr4yEPhjAguoV3sYZPGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=2148530608043300900&adk=578009112&idt=79&cac=0&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 19:12:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9358
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 5499578052516643378
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 19:12:34 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/ Frame 276E 30 KB
11 KB 36ms
26ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230620/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 17:10:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16675
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11398
x-xss-protection: 0
server: cafe
etag: 3934322099733601226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Jul 2023 17:10:37 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 276E 41 KB
13 KB 34ms
24ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:52:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 114957
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Jun 2024 13:52:35 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame BC0E 35 B
464 B 301ms
14ms Image
image/gif 2620:116:800d:21:b314:a0ef:ab7c:d546

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELvy_f80ny5bjZ9o5nebNz0&google_cver=1&google_push=ATf1kGM-MCmRZvjn9QnE16vlqdx7FfbBv1H7EBlNi8Jept7oFoIRjvxxDnwAabwUXdmsY-zq1ntLMoWrkTj-2yj02x1j92GBREcakg

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:b314:a0ef:ab7c:d546 -, , ASN (),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BC0E
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESECJtjVJv__UMqaSOfD1bAzQ&google_cver=1&google_push=ATf1kGNWSbynJwmdp6jB1J_LXdoknJRCP09d1T1Od8S2w2gHH9ne2Nw2JP7oliSOGvXfPLbrSDUu_KLoMzacp-9A...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGNWSbynJwmdp6jB1J_LXdoknJRCP09d1T1Od8S2w2gHH9ne2Nw2JP7oliSOGvXfPLbrSDUu_KLoMzacp-9Ay_v0vynZ91QH1A

170 B
188 B

22ms
20ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGNWSbynJwmdp6jB1J_LXdoknJRCP09d1T1Od8S2w2gHH9ne2Nw2JP7oliSOGvXfPLbrSDUu_KLoMzacp-9Ay_v0vynZ91QH1A

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 28 Jun 2023 21:48:32 GMT
Server: MT3 851 9bd98ae master cdg-pixel-x13 config_version:"1438"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGNWSbynJwmdp6jB1J_LXdoknJRCP09d1T1Od8S2w2gHH9ne2Nw2JP7oliSOGvXfPLbrSDUu_KLoMzacp-9Ay_v0vynZ91QH1A
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 28 Jun 2023 21:48:31 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BC0E
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEOPnL7uquMvb1Vg5AS7QIjU&google_cver=1&google_push=ATf1kGPbFrJxZDQOFhSFP76R5PnVK8wRzgtY-kXAOjHwVSD6ug6PHOUu3NarylajNoynWhPCLAwimKsuTo7sJfGyFOZt3H9HajtMMQ
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=F7202CCB98F6422AA06174676E6E01D3&google_push=ATf1kGPbFrJxZDQOFhSFP76R5PnVK8wRzgtY-kXAOjHwVSD6ug6PHOUu3NarylajNoynWhPCLAwimKsuTo7sJfG...

170 B
188 B

27ms
23ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=F7202CCB98F6422AA06174676E6E01D3&google_push=ATf1kGPbFrJxZDQOFhSFP76R5PnVK8wRzgtY-kXAOjHwVSD6ug6PHOUu3NarylajNoynWhPCLAwimKsuTo7sJfGyFOZt3H9HajtMMQ

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 28 Jun 2023 21:48:32 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=F7202CCB98F6422AA06174676E6E01D3&google_push=ATf1kGPbFrJxZDQOFhSFP76R5PnVK8wRzgtY-kXAOjHwVSD6ug6PHOUu3NarylajNoynWhPCLAwimKsuTo7sJfGyFOZt3H9HajtMMQ
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Tue, 27 Jun 2023 21:48:32 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BC0E
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEKsES7pjAUIpX750Is17MbA&google_cver=1&google_push=ATf1kGNFz6qcJ1OJ9LnCxKbZJs9qLcQKUK4S3CT4a1QBFryvS1kid-sgufMtH9RUVZqLslz9zDIdIMp89Gn1Ya...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0OTg1NzE3MzA3MTU5MTU2Ng%3D%3D&google_push=ATf1kGNFz6qcJ1OJ9LnCxKbZJs9qLcQKUK4S3CT4a1QBFryvS1kid-sgufMtH9RUVZqLslz9zDIdIMp89Gn1YaqakS...

170 B
188 B

22ms
21ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0OTg1NzE3MzA3MTU5MTU2Ng%3D%3D&google_push=ATf1kGNFz6qcJ1OJ9LnCxKbZJs9qLcQKUK4S3CT4a1QBFryvS1kid-sgufMtH9RUVZqLslz9zDIdIMp89Gn1YaqakSGZxJimWbZTmQ

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0OTg1NzE3MzA3MTU5MTU2Ng%3D%3D&google_push=ATf1kGNFz6qcJ1OJ9LnCxKbZJs9qLcQKUK4S3CT4a1QBFryvS1kid-sgufMtH9RUVZqLslz9zDIdIMp89Gn1YaqakSGZxJimWbZTmQ
Date: Wed, 28 Jun 2023 21:48:32 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BC0E
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEG2r-yJd1n5tKxfri_zgDFs&google_cver=1&google_push=ATf1kGPyOpr_GKaYgoZ5HXmNYMPqgwfMVEHWRLxFuf02wWPstds7aIX5x_LZLomJ2bgk_dR1bQixvLbLxEHRflztUfG9cHr...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEG2r-yJd1n5tKxfri_zgDFs&google_cver=1&google_push=ATf1kGPyOpr_GKaYgoZ5HXmNYMPqgwfMVEHWRLxFuf02wWPstds7aIX5x_LZLomJ2bgk_dR1bQixvLbLxEHRflztUfG9c...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGPyOpr_GKaYgoZ5HXmNYMPqgwfMVEHWRLxFuf02wWPstds7aIX5x_LZLomJ2bgk_dR1bQixvLbLxEHRflztUfG9cHrbqyGx4w

170 B
188 B

28ms
20ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGPyOpr_GKaYgoZ5HXmNYMPqgwfMVEHWRLxFuf02wWPstds7aIX5x_LZLomJ2bgk_dR1bQixvLbLxEHRflztUfG9cHrbqyGx4w

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGPyOpr_GKaYgoZ5HXmNYMPqgwfMVEHWRLxFuf02wWPstds7aIX5x_LZLomJ2bgk_dR1bQixvLbLxEHRflztUfG9cHrbqyGx4w
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 dds
rtb.openx.net/sync/ Frame BC0E 43 B
245 B 304ms
19ms Image
image/gif 35.186.253.211

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEK0rIBfRVVppedPAqKU_RU0&google_cver=1&google_push=ATf1kGPZzhfISQcIR-g4JzKBqUBL-PqSQ-Ks47emRAxqnrbM-5911JtrQw6gUF67gF34fmVaX2l6Cejcclv4xZV_KQbF2aQ0N-dCfA
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BC0E
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEE...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=ATf1kGP5NYsLQvvu29c04bsGe1IFF5iV7pRlP8kNljucKYZBAJu-jT86rPx7bbEssvuOpNXBwWkpBqId1DpF4yH4dTKpD27jr4McBA&redir=https%3A%2F%2Fcm.g.dou...
https://sync.targeting.unrulymedia.com/csync/RX-f11c2a21-98f9-4b57-92f6-e7f384975fec-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DATf1kGP5NYsLQvvu29c04bsGe...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGP5NYsLQvvu29c04bsGe1IFF5iV7pRlP8kNljucKYZBAJu-jT86rPx7bbEssvuOpNXBwWkpBqId1DpF4yH4dTKpD27jr4McBA&google_hm=A_EcKiGY-UtXkvbn84SXX-w

170 B
188 B

24ms
21ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGP5NYsLQvvu29c04bsGe1IFF5iV7pRlP8kNljucKYZBAJu-jT86rPx7bbEssvuOpNXBwWkpBqId1DpF4yH4dTKpD27jr4McBA&google_hm=A_EcKiGY-UtXkvbn84SXX-w

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGP5NYsLQvvu29c04bsGe1IFF5iV7pRlP8kNljucKYZBAJu-jT86rPx7bbEssvuOpNXBwWkpBqId1DpF4yH4dTKpD27jr4McBA&google_hm=A_EcKiGY-UtXkvbn84SXX-w
date: Wed, 28 Jun 2023 21:48:32 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXf11c2a2198f94b5792f6e7f384975fec003
content-type: text/html

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame BC0E 0
12 B 77ms
60ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LsLNroSpFohy_8MlEkgYQ1PucHHmgox08oo6vfFvR0DXZJ649Vs1yGM0eYSOLIj4o3qzUu

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9EC7 1 KB
643 B 43ms
19ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 24250
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 15:04:22 GMT
etag: 48472445140208031
expires: Thu, 29 Jun 2023 15:04:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame B9FF 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b4c7a452353aec40d5f66537bc74a75a4ac5e90e12729a0dfa811fa5cf001a8c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame E005 5 KB
5 KB 10ms
5ms Script
application/javascript 2a01:4f8:d0a:2321::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2829290701
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a01:4f8:d0a:2321::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: 525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:32 GMT
last-modified: Wed, 05 Apr 2023 20:14:46 GMT
server: Apache
etag: "1416-5f89c717cdc2f"
content-type: application/javascript
xphp81: true
accept-ranges: bytes
content-length: 5142

GET
DATA 200
OK truncated
/ Frame 6EAA 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 15e747c6253573a0957de9223e74a869c4bc91ebfcb39c69a71bd46847f9db20

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 25F9 1 KB
643 B 15ms
15ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 24250
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 15:04:22 GMT
etag: 48472445140208031
expires: Thu, 29 Jun 2023 15:04:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C5D8 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5bb74ce4f0049c409aaf3bed8631be9ec74b06ca3c198e95d89ef32550fc4c36

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0067 1 KB
643 B 11ms
11ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 24250
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 15:04:22 GMT
etag: 48472445140208031
expires: Thu, 29 Jun 2023 15:04:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 276E 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 03c63216c505bd0a1ae66d4fdc94e5d726c24c2347d1a809e576f98ad302b990

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 3DD1 113 KB
44 KB 17ms
15ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

470af6e71e87482292b89899a46349f1f13dc9e8af3e00144d94585ae728358d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44569
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 28 Jun 2023 21:48:32 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8838
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

28ms
18ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:32 GMT
expires: Wed, 28 Jun 2023 21:48:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:32 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 9508
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

26ms
24ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:32 GMT
expires: Wed, 28 Jun 2023 21:48:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:32 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17428105819714486272/ Frame D9A0 3 KB
590 B 24ms
22ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=alpD2ojRTA&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71afb38e0805648d18592ed8395ece1c81a419dcbedca76be5aecd85e13ae11d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 562
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:32 GMT
expires: Thu, 27 Jun 2024 21:48:32 GMT
last-modified: Fri, 02 Jun 2023 16:34:31 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B9FF 0
0 104ms
56ms Fetch
image/gif 142.250.181.226

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvEy0czYVhzpPy8HRdzzKRw9yBal6GMmwvU6Ba81GvTkPMVSIN_QOW3li_rF4LPWLwkx9zF2vUioB3nLUV5mTv0sQkhQZZ6BcWV2E_t8zPbT0eWmpjR4qKX4L62PixBVnO4EKxUYeSk9QZTbzJEM3G8336P3y2ug6CqRSG0huCj24wmoC8KWPTtR-hZaoc7huWcSPuPlevcqdxQ46FuqRatZWQl1Esyss6vV84Vn3aG9V_zVnhq73Vess8zbULtzTGomdPXbqPe4xT5J7_Sox-lcdoo9myvrLqXsmhI2WH3_pRy5ayi1mPXBbXkD9fA2DIx34Qk1soCLztqtPP03-2Az2BfKEGa94qBYGMzkw_ZYGA7rSiBTk00xgqv-JHR3zTzgXP83i7-fT7TIUkDhvQWmuKzMtLlNZIUzO_5aLpJrqo9tas6hZ3jUHG0XZYQnAtZUXt2CAKn3MGRW3n8zC7hq71ExObFxYacVf91tPcCrW_auBL4SfKRqPo9n0g9JnXq3_u_VVNgPh7h8dkw53Gp4FgsyHjCKLVrYYBeUhV6h1tvOe_wp43wjilm5CyxjnW8PqpvciW7edr-ZmfABZ4T4SrJWKdXmbR_EuJufkCklKNWvGCOVF3XdZkoenHV7-C8JSPqkPS5OmnJqbUoJMOBy7reWzILILsh2pUh9VjMv_a29EOAIxC_f8vq5Xni-7oJkJqG3C-0m2un29DMq4y09mpCf_qmk7oeS_dXiIGVWHQrCqhWVbsVa8YkADVXpjDytFLnVU5tyrKP7_Nxu_c52qOHmK-23GfQdByf0ZhZVTUb3e4ZG5qv1M7jxM8udmQQuYm1fmZiZUKfXo0DIjAKpWUwrNF8fMKPKNXODJ6tTZ_usImgWSUEzRxDPH9ol0JoyNuZNYQS349fyouLzMT0jpmFMPGQpcO8OIjRxbjZHqZaOO8fn2_RYGosjBBeghspggxwWRLnzxkDTsS9TerMdYk76BIiqQNky_RLEntNr_6j3kH4CqZh8Y7QvRwrgKqcB7sMTz45UAds0BCCX96wLX_RWfJKAwaURG0xIjKIsxbL7Pz7ekwsMpjsBDy99tw8OVD7C2avGRa3A0haDSgV_C9dQMYvRniplORscmdr0ouCRW672NuEJN1M8bMBFNsvbBdem9kUiuJIFhUL2dv9gfzgOwS7caKqb7wGEpgSy2fdiQLtTn7XZ7xhNduio6_zYgn4ONOwrLkDZU6u84w3V7gnVnGUT77nGlaL8fFFRbuyWzd-B4_HQk0f2rkt0055nWt1JTPv9GX3B3qzu8KlBu1UyWjb&sai=AMfl-YRA2rrPZklYPR0Vn21N8SNdG9iIaWIAVcDF7kYImlTC0zDE-VpT3evSRVMJ00oxLKXg02yk_1lReDQyQKkvL6VO4NhlPh5BG_0EkBl5qiMii7MkjNcagR2ripChp3QH2w7zEhnt76FOp85oFOpnOqe_THFGYQ3eubo70co4_ByAVHXrJh9rbBuWrg8OD1FXqsb6SXBdmFPKzJcGj_IoooYJ2vXkz5WHjvu55RIW_KND91LIVl1CTIf8jjW5TwrFzOJI&sig=Cg0ArKJSzLzvBwBVVUGCEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=359&cbvp=1&cstd=348&cisv=r20230620.64609&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 28 Jun 2023 21:48:32 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:48:32 GMT

GET
H2 200 link.html Show response
track.webgains.com/ Frame 2418 2 KB
2 KB 176ms
112ms Script
text/html 13.41.123.192

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=35277400156373704444554012369028&nw=1
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.41.123.192 -, , ASN (),
Reverse DNS
Software: nginx / PHP/7.4.26
Resource Hash: d8dc15b01bb50f1b955ca58ef2a0f798a1867eb12ce392e7a6f8c4ccca54da9d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:32 GMT
last-modified: Wed, 28 Jun 2023 21:48:32 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 28 Jun 2023 21:49:32 GMT

GET
H2

200

activityi;dc_pre=CJb2oNz45v8CFdCNsgodf_kBPg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=683185057596.4938 Show response
5994599.fls.doubleclick.net/ Frame EE2D
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=683185057596.4938?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CJb2oNz45v8CFdCNsgodf_kBPg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=683185057596.4938?

391 B
326 B

74ms
47ms

Document
text/html

142.250.186.134

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CJb2oNz45v8CFdCNsgodf_kBPg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=683185057596.4938?

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

d0f4a37cddeca0efb85081c747d4fcac798b9e652117c80a25d8a8aac62b4b07

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 217
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:32 GMT
expires: Wed, 28 Jun 2023 21:48:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:32 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CJb2oNz45v8CFdCNsgodf_kBPg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=683185057596.4938?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900028.redintelligence.net/ Frame 27BC 7 KB
2 KB 27ms
9ms Document
text/html 88.99.165.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900028.redintelligence.net/request_content.php?s=35277400156373704444554012369028&a=594cae1b
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.19.165.99.88.clients.your-server.de
Software: Apache /
Resource Hash: c357ced4f1856a05e6c4c4e39337a761f3d3b8259866c844766a6caa76834085

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2030
Content-Type: text/html; charset=utf-8
Date: Wed, 28 Jun 2023 21:48:32 GMT
Expires: Wed, 28 Jun 2023 22:48:32 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 2418 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 99a8eb126003409d8613e0b5660540b1eb50ae754b02e0be43993770e35c9d6d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 999C
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEJ3TUBt-04iK4ryocNgyR6U&google_cver=1&google_push=ATf1kGNFtjx_Uv0RoRlPc3hpa9zCBI8lIQrPEoi3Q7S2nur_NDQzqcEREwQG1d7MocpeK275n38PrvrFZthHbYKTpy5aBETjBx_w
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=Mzg5MzYwNjA4MzAwNzE5Njc1MQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEJ3TUBt-04iK4ryocNgyR6U&google_cver=1

43 B
398 B

70ms
21ms

Image
image/gif

46.228.164.11

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEJ3TUBt-04iK4ryocNgyR6U&google_cver=1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Server: 46.228.164.11 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEJ3TUBt-04iK4ryocNgyR6U&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 999C
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEDeVafMLGuyFk88fluOH0x8&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEDeVafMLGuyFk88fluOH0x8&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MHRBYWM5NXQxUWVEMUM1&google_gid=CAESEDeVafMLGuyFk88fluOH0x8&google_cver=1&google_push=ATf1kGMUqZ8MKZFAWO_mtBTnzsmkyERIQbKmhhAeUzRk3_m...

170 B
188 B

35ms
30ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MHRBYWM5NXQxUWVEMUM1&google_gid=CAESEDeVafMLGuyFk88fluOH0x8&google_cver=1&google_push=ATf1kGMUqZ8MKZFAWO_mtBTnzsmkyERIQbKmhhAeUzRk3_m1xj43mKrK_h8FcOoNzQZtFCw-_cNaCVcXssAjI2A0QGHR4PGr3H50

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:48:31 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-782-g97d928b#rel-ec2-master i-0afa2568184f9f5d2@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MHRBYWM5NXQxUWVEMUM1&google_gid=CAESEDeVafMLGuyFk88fluOH0x8&google_cver=1&google_push=ATf1kGMUqZ8MKZFAWO_mtBTnzsmkyERIQbKmhhAeUzRk3_m1xj43mKrK_h8FcOoNzQZtFCw-_cNaCVcXssAjI2A0QGHR4PGr3H50
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 999C
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEH9vVo9ZhPTzRWfU9T50ByM&google_cver=1&google_push=ATf1kGPtcMkpV64mrn6HsBmoKuJp2yB4RcLQSmmge6K-jULBJZXSoKK4aI0rgGKOLM10zjIDJ3ZKXmydd6I7rx6t...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=VL1knKqwSQCsyI7kb0k0qQ&google_push=ATf1kGPtcMkpV64mrn6HsBmoKuJp2yB4RcLQSmmge6K-jULBJZXSoKK4aI0rgGKOLM10zjIDJ3ZKXmydd6I7rx6tLqoayDii...

170 B
188 B

30ms
21ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=VL1knKqwSQCsyI7kb0k0qQ&google_push=ATf1kGPtcMkpV64mrn6HsBmoKuJp2yB4RcLQSmmge6K-jULBJZXSoKK4aI0rgGKOLM10zjIDJ3ZKXmydd6I7rx6tLqoayDiiu8Xg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 28 Jun 2023 21:48:32 GMT
Server: MT3 1031 59fd23a master cdg cdg-pixel-x16 config_version:"1438"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=VL1knKqwSQCsyI7kb0k0qQ&google_push=ATf1kGPtcMkpV64mrn6HsBmoKuJp2yB4RcLQSmmge6K-jULBJZXSoKK4aI0rgGKOLM10zjIDJ3ZKXmydd6I7rx6tLqoayDiiu8Xg
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 28 Jun 2023 21:48:31 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 999C
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEPWw6KCehec5BORWDd46qrc&google_cver=1&google_push=ATf1kGOXa54ntMEsSIB1YMBCyL6bNLLqUlUh0fbDLkuKwL7m9bXKn1UJpezOLaynfeVb5KC_40E6JKRZJSjfJS...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0OTg1NzE3MzA3MTU5MTU2Ng%3D%3D&google_push=ATf1kGOXa54ntMEsSIB1YMBCyL6bNLLqUlUh0fbDLkuKwL7m9bXKn1UJpezOLaynfeVb5KC_40E6JKRZJSjfJSiz-A...

170 B
188 B

28ms
17ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0OTg1NzE3MzA3MTU5MTU2Ng%3D%3D&google_push=ATf1kGOXa54ntMEsSIB1YMBCyL6bNLLqUlUh0fbDLkuKwL7m9bXKn1UJpezOLaynfeVb5KC_40E6JKRZJSjfJSiz-AqCiC4WAoig

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI0OTg1NzE3MzA3MTU5MTU2Ng%3D%3D&google_push=ATf1kGOXa54ntMEsSIB1YMBCyL6bNLLqUlUh0fbDLkuKwL7m9bXKn1UJpezOLaynfeVb5KC_40E6JKRZJSjfJSiz-AqCiC4WAoig
Date: Wed, 28 Jun 2023 21:48:32 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 999C 43 B
363 B 90ms
17ms Image
image/gif 178.250.7.11

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESENQK-D6N1vQoryUwx_jGXic&google_cver=1&google_push=ATf1kGMLE4A7Jqz8EFA-PD_3BIGIlyOIRWVzXiRQnNs-ixs1RwFArZige5qRzHLIhtUWv-kS20kV0PZnCsqsU3ZWr_7_KMTGQBA6

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.11 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 251609
expires: Wed, 28 Jun 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 999C
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEIphNuN-fGJyvnagDmlrEzU&google_cver=1&google_push=ATf1kGOqUaOCQVQDpziyMWm7mCLMPdbkaOKcARw0roYbS2On-_XYOi6djmeO9E1MpXMvRB0dIAJ7vZ80...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEIphNuN-fGJyvnagDmlrEzU&google_cver=1&google_push=ATf1kGOqUaOCQVQDpziyMWm7mCLMPdbkaOKcARw0roYbS2On-_XYOi6djmeO9E1MpXMvRB0dIAJ...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzM4MTQ4ODE0MDA3NzEzODM3&google_push=ATf1kGOqUaOCQVQDpziyMWm7mCLMPdbkaOKcARw0roYbS2On-_XYOi6djmeO9E1MpXMvRB0dIAJ7vZ80...

170 B
188 B

29ms
26ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzM4MTQ4ODE0MDA3NzEzODM3&google_push=ATf1kGOqUaOCQVQDpziyMWm7mCLMPdbkaOKcARw0roYbS2On-_XYOi6djmeO9E1MpXMvRB0dIAJ7vZ80lIjD0YBgkoGrZ2rwXKcZ

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzM4MTQ4ODE0MDA3NzEzODM3&google_push=ATf1kGOqUaOCQVQDpziyMWm7mCLMPdbkaOKcARw0roYbS2On-_XYOi6djmeO9E1MpXMvRB0dIAJ7vZ80lIjD0YBgkoGrZ2rwXKcZ
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 dds
rtb.openx.net/sync/ Frame 999C 43 B
103 B 25ms
23ms Image
image/gif 35.186.253.211

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEI2sG5PC034Qd6md_M1JquU&google_cver=1&google_push=ATf1kGO8C1dgUxCWO1mVnnZ1qF4Vr97oxdb1XFhujVZtyYvInL3cSm4TS_s4bIF7lLTaVdQ3QUN_YETX_in-9fr--244ONd9M0U
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 999C 0
12 B 26ms
25ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JfWzApw0i7sQSphivCsheuBhy__aELh2KP-oXOQgvo0GFks_jVypia5uJV1q73H8_qNTo-

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/12768919073557039455/ Frame DBEC 6 KB
2 KB 15ms
14ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12768919073557039455/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5b41131d3a7d85fabcd1aa05dff2619528df78004c213d41581031bda483797

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 314019
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2127
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 25 Jun 2023 06:34:53 GMT
expires: Mon, 24 Jun 2024 06:34:53 GMT
last-modified: Tue, 18 Apr 2023 13:53:11 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6EAA 0
0 59ms
58ms Fetch
image/gif 142.250.181.226

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstfQUQDaU_YMIiZ4eXICWseMeu4RrL826VCiM9nyOKjZAEQVBFn0qaeXQ75lADwX4VbeUi4PCNjNJZ1pvWzqMC5mXFHm3o3l0wiZ6X1JFLvKgG9D5ubQ9m0xJlgkIhRiikVu-4kYR45wmKY7e4HH6XE64kdr-V3hFTORi-l53aEGjNQhtS9brGBamqqtPccqwgqQNOTEMvwO3lwVBq-qkxd3ZcjHPZOLF-wYlW1Hak3-Q9T9AV4_2gVTUcP5mdXBLGEeah5fCHxCrVfchBhGRwu4mCI4VoIMRGVIeoGxM2hhdoLtHpeHoxQtZEIQeo9Eetpai3ZuoscopDXAbdT_cHF-jb4x8KhJE3gBzvcqzVBWtNKLZz1pwYRWSilSdSC1xwF7c-OWpdFcNH3WvuKbCVdkqNPQiv9kavdZdwhDC_Eem3mZE3AnzXRSx87XISf_8JE_NLSKEYoJPjzSmuCyIzftrP5S8nLMt8LVP9kZMidJFrp5O5kE_FTvLsoqpf69lXGcjmUuLoBnSTgbnS8fNTYEjExUPCa4BTHEkYfuQPqw6cAhjYc0A_fBpLWMRrEnwDYFLIfrGbMRdv0JqjkvPNWmZ_h2PBbB7GguUtvUvg-qPULj7-wuhVuS-IiCcPqnb2M8uZdNJf0zR7tnYbOMAaddHsvXwKt6x51YPovGrZaE723Nom9cObsJfkmvfgnOuyPPHUo7kYO2yGc_aJayTziw2F81z--jdKKzjco8P2aBNaGcg1nc4284oIqNDoLIxvNwLK9QMEzsWNKWxbDLgGSEihyDYjNlIzhO7PwiGHLOAhORjXSozaKiCgBUrgpdDh-y2BJfB8MApH9xejwEC-Fu_MWrSb2C4Prfa6SXHwj7mBZnC3ROEWlW8j42yKqXGXLhBMN_NG7ULsMSVQPI_14W_5GbqXBVMKsgw1tRs7l5EQugTuUIim-_YKLbJBuEfUBpHIh7s1ScxEKuUdLFUZNrnLY2TyedwUsQc1GUDUF3EHL-mIYSuwbkT4SzkRaRW2BkNqdd4u9T5qovspqJUAi7HB8G-ty0LqsMzXXRRo9eb76BXaZ8cLZ12-3uFtT_bS3Tc3DMVPNIhRGZCejvVmBBLd-9Q82qhYHwpa3iKMS57bYVDh44OUywE6dUDLPrnWl3dWTMbFvLW-uNbWdsYKcX_rPysa-P2nC_XMz8bX8NRpJqXrCiPj0pdB2u7b9XILfWAq8PRCIt1cmUdHHYZcdH1DrojUjZyl1_S2us_D8DvkEwQeaIrKp5IqKXCEv-DL7oBI&sai=AMfl-YRLwahINHZSWOWVozQ1BEautUG5tu-DvlK_Ok-FCTexEhwtMgigSIUCfD0I4Aey5Et_FR0JeDtcTk6XAMbB0k8V66629Nk6KN_pdsgQLPRxnaGJYN5MFevfsEbUptw-sXlvuh5wLNfiuiOA4VAPyprgv6OlZ7zd925Cl-_NA_RiKSqhgyaxYASl3pd66QtpBi0ozxvjV45Y2T0csnKlKtgTs-ivbjSz5uRpU9vDWvY5wdlCgIV1_7XQ4BIeXPQdBUdxAKh0qJLA7PQgSBXzhQvS7sNmmaGLp-QGOFf_O4Ngk0OF2sCnr94VCAOs-3EzkZmWQCks9wkCbQ52ha4RZOB13eqdZb7iG5I&sig=Cg0ArKJSzGcj87iJVPwAEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=376&cbvp=1&cstd=369&cisv=r20230620.62272&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 28 Jun 2023 21:48:32 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:48:32 GMT

GET
H2 200 5ed76f76e4b07a92411bc03a
ng2.virgul.com/tck/imp/ Frame 1B9F 0
209 B 118ms
49ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed76f76e4b07a92411bc03a?g=1&t=gb&r=153377@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687988910666&userId=vnet555305dd-604f-4c2b-a899-19000d2d39c1
Requested by: Host: ye-mek.net
URL: https://ye-mek.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:48:32 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/7493198391404092334/ Frame 83D0 13 KB
3 KB 24ms
24ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=LD27Gsvsre&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c6d900511c502a6d0b97a298ecab07040eb48a8756ec785beddb35006825f0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2701
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:32 GMT
expires: Thu, 27 Jun 2024 21:48:32 GMT
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C5D8 0
0 60ms
60ms Fetch
image/gif 142.250.181.226

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv4Vn0DZ93Uw6IRylZFgnU5k56Izq5HpMwPdi2grQoT5xHkH0IvERIjt8r0ESaXezpODWo8JLqyBOAy2GKNz9v2AliTiLvJHci34EqHh62ERTPwKzi4bwwLAdpQsVqqwSeHwteIXYTWtBqRgpBIfFVxh2uxsGWejarNvzFT13FzUnGVr2Kvxa-6ASRHqIs0ArSnd0HnbdCn-QIM8NcP7G2Sr8iJfYTjYrh0cnxJeLqf1-wnFtijke_glxbBgiCE99k2SI-ONebsVXRcq2lFIkBh9Wwvx9L_VYaJPxVmKgcIAB-yH8PIwRbhT7U9v67zL1aH-6C1KEhWBxDO_s-SyEDpllGJeUD845BKmm0y4dFxHbr4VZm9Lr3gwKpAc8_AO7IxSqIAEBknhFMQ9J2YT0fT1hMhGhc8_xF4uv62RjAWqOMgOxl7O-Qo3M6Xvt1iTExlMO7EM1JqpVcFVFPMeeuPCdyjhOIVvRHiyNv78oxpyVkzswfyqIj6kref9zuIwA58o90j_pGw9twmjJGpt1K0VjAR5EeAnVMUP7W18_Z4maL-vqPOA3JTGfe_y2qS219IoXOslYJU5tUQl5LRhx3UZqGIJC42y63HjT7vNXOTrWjOvyFPB8gaMJnI4TrufTfDpBIsVItvXly1JqVzbkbjY_SY2rNGQOO9p0SU-ONA2jT7s6fYSPRlnqXRM9T3-QenOZsXWT2OMlHiIzmRZTD_G3FkdXs9tbMuRjhQKwGDqeQaGS9Kom26mJ896hA4vxrsyZImiVH3lFLMfwuO9wql9k67tlx-YJYcFNw2nvJTUgIty0rCDIP1-gaiLzoLmHGJV_-ukxMN5fcJUpGGqCWZvPRmJ-IHVRYmDMFXh3azOdBot8pE_y8DPsXndMjOm68CJ2mZ7GeFZHv-I7vF_mOPELDLTpiZTq4yaJFXDQclqB8Cd8uk2BNZTxiok7ccgsPziNLD_cNXWqD3NXBIG-xm5LXLUst5yX3y_Dmn61zRMc7_Ctjv1YPmfuHGkyLQ4mshC4pAptyhGul6IM3HyNahrzMe8HSUoC2ZC7TzpNBpTZzGZUFyypHiVIm-jDky5tPwv_y5goE-lgiH1YU86SeArzFfVVBZuxaNUczHS0cpepRykzggBwS1QWOgLqBD3G12mlxUDr_pDxBBs58fstdSWlt2I9IKxl1upENT1tL3EtnJoWTwE6d9QAWdmILwGoY8NOvdgwdd_tTuH4YG1IrX6InnoVDWD6bMAx0qHXK4PyGmYVtU0Appp8uv2Gzbz_92yswcEphdjUGRpPfj--WaHA38bAcM5l9QWh6R60fR&sai=AMfl-YQkVHcQJKcLnv-tlkemVSI5N67Ml-Z6JiuWDIatl3nXuFrgE6KazCLub1cAkm0wloPcJ1Skzccq1tluR7WLfAgn1442k8jjWbDafEhPlkWW2rTMtZ3HIp1-3xMgb5HkngJzvuUQlj-QSPUNAxqk3cZZpSBzsW0EJeqbHvi-KOasSZCq6JpR2JXM60WULuqgxCL4WmNj4Io3xxE4zjTX_5H4V9utKsjYygEaCVFML00Z9T9uyGFH6R1VqQJrJYPSgauFc3H-DE2WVZ6o0Id15zJf2HOZVw&sig=Cg0ArKJSzFArATKKaguNEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=391&cbvp=1&cstd=384&cisv=r20230620.94689&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 28 Jun 2023 21:48:32 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:48:32 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9EC7
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEG267Ro40rhGDPOmUkNyeE0&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEG267Ro40rhGDPOmUkNyeE0&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MHRBYWM5NXQxUWVEMUM1&google_gid=CAESEG267Ro40rhGDPOmUkNyeE0&google_cver=1&google_push=ATf1kGPXDSvW4lhIHTalUw_sF0ErLFBNdfIPTUYqj17coGV...

170 B
188 B

29ms
26ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MHRBYWM5NXQxUWVEMUM1&google_gid=CAESEG267Ro40rhGDPOmUkNyeE0&google_cver=1&google_push=ATf1kGPXDSvW4lhIHTalUw_sF0ErLFBNdfIPTUYqj17coGVpVApB3B7hBVgkoiBLJ5mqvFePbh3PWmjGVcDJqoUUWqPatmHmSbII

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 28 Jun 2023 21:48:32 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-782-g97d928b#rel-ec2-master i-036c9e308bb7e39b5@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=MHRBYWM5NXQxUWVEMUM1&google_gid=CAESEG267Ro40rhGDPOmUkNyeE0&google_cver=1&google_push=ATf1kGPXDSvW4lhIHTalUw_sF0ErLFBNdfIPTUYqj17coGVpVApB3B7hBVgkoiBLJ5mqvFePbh3PWmjGVcDJqoUUWqPatmHmSbII
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 9EC7
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEGW6WdjiujeKds1FcCtx6yo&google_cver=1&google_push=ATf1kGNlOijN0oWgRKlWi7XxUqHu8FEusAnCDMFp6OVoXpYE5ef4EwCI9bjeYhEVNoLuYAgpNYj45lmgQgY6Xm8UjPmRATAakSwZ&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEGW6WdjiujeKds1FcCtx6yo&google_cver=1&google_push=ATf1kGNlOijN0oWgRKlWi7XxUqHu8FEusAnCDMFp6OVoXpYE5ef4EwCI9bjeYhEVNoLuYAgpNYj45lmgQgY6Xm8UjPmRATAakSw...

43 B
418 B

198ms
178ms

Image
image/gif

2606:4700::6812:18ad

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEGW6WdjiujeKds1FcCtx6yo&google_cver=1&google_push=ATf1kGNlOijN0oWgRKlWi7XxUqHu8FEusAnCDMFp6OVoXpYE5ef4EwCI9bjeYhEVNoLuYAgpNYj45lmgQgY6Xm8UjPmRATAakSwZ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGNlOijN0oWgRKlWi7XxUqHu8FEusAnCDMFp6OVoXpYE5ef4EwCI9bjeYhEVNoLuYAgpNYj45lmgQgY6Xm8UjPmRATAakSwZ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 2606:4700::6812:18ad -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7de92272ebec37cc-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 850
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEGW6WdjiujeKds1FcCtx6yo&google_cver=1&google_push=ATf1kGNlOijN0oWgRKlWi7XxUqHu8FEusAnCDMFp6OVoXpYE5ef4EwCI9bjeYhEVNoLuYAgpNYj45lmgQgY6Xm8UjPmRATAakSwZ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGNlOijN0oWgRKlWi7XxUqHu8FEusAnCDMFp6OVoXpYE5ef4EwCI9bjeYhEVNoLuYAgpNYj45lmgQgY6Xm8UjPmRATAakSwZ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7de922713a5837cc-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9EC7
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GL_Bqo5GTnCtw-2KFdSUTw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

21ms
18ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GL_Bqo5GTnCtw-2KFdSUTw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGOwdHmtpriTfN5Nin3GhowAo5N3OqsuWIRoRXxloHGVkSJXg0i3Pkw-OPUwB79tmcQA-geQypBrkRNaQbXlRXKeBMceyaUf

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=GL_Bqo5GTnCtw-2KFdSUTw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGOwdHmtpriTfN5Nin3GhowAo5N3OqsuWIRoRXxloHGVkSJXg0i3Pkw-OPUwB79tmcQA-geQypBrkRNaQbXlRXKeBMceyaUf
date: Wed, 28 Jun 2023 21:48:31 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9EC7
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEOWB8pL4ZqsuK0bNYhaK3pg&google_cver=1&google_push=ATf1kGNHfbjdsb9sLPzqyIMA4YT5F1dCaQdqWO_sVfDG7p8SAOmyaX4VFEy5L5d1GpOQw5gbcge...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpHOTBMQ1otMU0tRjgyNg==&google_push=ATf1kGNHfbjdsb9sLPzqyIMA4YT5F1dCaQdqWO_sVfDG7p8SAOmyaX4VFEy5L5d1GpOQw5gbcgeKbWQtkfu-b-YHED5y7pfRFIUy

170 B
188 B

18ms
18ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpHOTBMQ1otMU0tRjgyNg==&google_push=ATf1kGNHfbjdsb9sLPzqyIMA4YT5F1dCaQdqWO_sVfDG7p8SAOmyaX4VFEy5L5d1GpOQw5gbcgeKbWQtkfu-b-YHED5y7pfRFIUy

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpHOTBMQ1otMU0tRjgyNg==&google_push=ATf1kGNHfbjdsb9sLPzqyIMA4YT5F1dCaQdqWO_sVfDG7p8SAOmyaX4VFEy5L5d1GpOQw5gbcgeKbWQtkfu-b-YHED5y7pfRFIUy
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 28e1e7d28d06b07ec669bc9e43057b8e
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9EC7
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEGLhm_Z9toEEgeh4yF_WcUE&google_cver=1&google_push=ATf1kGPmfF4X3jgDdJnBYoLAxtK0-5oM0LA9Lxxfora0qqyirTPo3Udr08ZdXqYXEnDzkRuqlxjE-lQo8ptY...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGPmfF4X3jgDdJnBYoLAxtK0-5oM0LA9Lxxfora0qqyirTPo3Udr08ZdXqYXEnDzkRuqlxjE-lQo8ptYMXPq5IHHgpWtbaqM

170 B
188 B

26ms
25ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGPmfF4X3jgDdJnBYoLAxtK0-5oM0LA9Lxxfora0qqyirTPo3Udr08ZdXqYXEnDzkRuqlxjE-lQo8ptYMXPq5IHHgpWtbaqM

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGPmfF4X3jgDdJnBYoLAxtK0-5oM0LA9Lxxfora0qqyirTPo3Udr08ZdXqYXEnDzkRuqlxjE-lQo8ptYMXPq5IHHgpWtbaqM
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9EC7
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEICoMSBXQ-RTEnycl7IlVQw&google_cver=1&google_push=ATf1kGPXsWqBGozusXXM5L2byJ4W5ZnpPZhWz9BQZgtXJtAh2NhgtVKn4tbwkTICH-cn09WCxZo34xC-OjYH80EZ-aGuNj...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEICoMSBXQ-RTEnycl7IlVQw&google_cver=1&google_push=ATf1kGPXsWqBGozusXXM5L2byJ4W5ZnpPZhWz9BQZgtXJtAh2NhgtVKn4tbwkTICH-cn09WCxZo34xC-OjYH80EZ...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uhbxUkNmRPyqUELDTPoTAw&google_push=ATf1kGPXsWqBGozusXXM5L2byJ4W5ZnpPZhWz9BQZgtXJtAh2NhgtVKn4tbwkTICH-cn09WCxZo34xC-OjYH80E...

170 B
188 B

19ms
19ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uhbxUkNmRPyqUELDTPoTAw&google_push=ATf1kGPXsWqBGozusXXM5L2byJ4W5ZnpPZhWz9BQZgtXJtAh2NhgtVKn4tbwkTICH-cn09WCxZo34xC-OjYH80EZ-aGuNjjUDBXb

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=uhbxUkNmRPyqUELDTPoTAw&google_push=ATf1kGPXsWqBGozusXXM5L2byJ4W5ZnpPZhWz9BQZgtXJtAh2NhgtVKn4tbwkTICH-cn09WCxZo34xC-OjYH80EZ-aGuNjjUDBXb
access-control-allow-origin: *
date: Wed, 28 Jun 2023 21:48:33 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

report
sync.teads.tv/um/ Frame 9EC7
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEKjmwF14nYnV...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=ATf1kGNt24UKmyvu3daRRNeZ8HYGhc9iw4HgAQmBVQgNRAJWB1iNAFnUeXjcCGpJJd3AEhzq1amtJPTsNSuNWfj8E9tXh5asnc6h
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

35ms
34ms

Image
image/gif

104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Wed, 28 Jun 2023 21:48:33 GMT
pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 9EC7 0
12 B 27ms
15ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KxZUQSW5qF8b7lc8twwHzlMWqjeph_SdSxHBfZq0P-2sH_Sk2rAUeuyb0kSULaGAdq7qzyHQ

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 style.css
s0.2mdn.net/sadbundle/17428105819714486272/ Frame D9A0 4 KB
1 KB 18ms
8ms Stylesheet
text/css 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17428105819714486272/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=alpD2ojRTA&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff3aab1b58d4fcef7acc02e44ae8c3b4daccda6ddbac8015ac91e70b260e66d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=alpD2ojRTA&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 09:54:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 215668
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1090
x-xss-protection: 0
last-modified: Fri, 02 Jun 2023 16:34:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Jun 2024 09:54:04 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame D9A0 120 KB
41 KB 20ms
10ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=alpD2ojRTA&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=alpD2ojRTA&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 02:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70727
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 02:09:45 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame D9A0 60 KB
24 KB 34ms
24ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=alpD2ojRTA&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=alpD2ojRTA&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Jun 2023 21:48:32 GMT

GET
H3 200 pa.js Show response
s0.2mdn.net/sadbundle/17428105819714486272/ Frame D9A0 4 KB
1 KB 33ms
22ms Script
application/x-javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17428105819714486272/pa.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=alpD2ojRTA&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b88a304d6162d0e7bc1ea1c3b8c9e9f6b6751002a6d58b6a7bb2c4dd383dea8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=alpD2ojRTA&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 08:56:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46321
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1443
x-xss-protection: 0
last-modified: Fri, 02 Jun 2023 16:34:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 08:56:31 GMT

GET
H3 200 logic.js Show response
s0.2mdn.net/sadbundle/17428105819714486272/ Frame D9A0 26 KB
4 KB 31ms
21ms Script
application/x-javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17428105819714486272/logic.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=alpD2ojRTA&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95dc2fd2d6660cddee1ecf5114f8017512f5f017e2cd96f71efb880957a69564

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=alpD2ojRTA&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 09:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 215678
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3855
x-xss-protection: 0
last-modified: Fri, 02 Jun 2023 16:34:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Jun 2024 09:53:54 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 27BC 5 KB
778 B 21ms
18ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=35277400156373704444554012369028&a=594cae1b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900028.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 28 Jun 2023 21:48:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 21:27:09 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 28 Jun 2023 21:48:32 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 27BC 11 KB
11 KB 32ms
10ms Image
image/png 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=35277400156373704444554012369028&a=594cae1b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: ee8c2e146532573c02c03680b24440d156919c492a76ff9d471aa2a23fb53717

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900028.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:48:32 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 11559
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 27BC 12 KB
12 KB 35ms
10ms Image
image/png 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=35277400156373704444554012369028&a=594cae1b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: 9278600fa0dafda2b297c3b854bb86b85d6078d5d3454a6b24b95967b9022fb8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900028.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:48:32 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 12073
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 27BC 9 KB
9 KB 35ms
10ms Image
image/png 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by: Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=35277400156373704444554012369028&a=594cae1b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: 40e3a10b3c1c563b32d7206d4cad168d65aa736e7453c85d22e4937b30962d85

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900028.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:48:32 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9492
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/14378586457215718461/ Frame 2E53 125 KB
34 KB 29ms
27ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14378586457215718461/index.html?e=69&leftOffset=0&topOffset=0&c=vKrntbhuam&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

59f8589c83d42109119634bf5f85b2f22728753a99306ba03955b93ccc4f4d45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:32 GMT
expires: Thu, 27 Jun 2024 21:48:32 GMT
last-modified: Wed, 22 Jun 2022 11:28:49 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 276E 0
0 65ms
55ms Fetch
image/gif 142.250.181.226

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvz8NBkvfvgG86WViYTPEb9kpeNOfc_t-pKafFl61t4KfMjs0PY2tNCQmqSXekwCFAnpfh2UnFcHEmQyNBPJzSwoJiM1yYNlrCUB8xcRZGpgMnhX0kYBQEAHN8FNGXvCCZ4pX95Y4Uu7NDDvrAlnKxBCCqA-z5nkLn0mYaeJPyol53hpcRT3bDvDDFyaJqnqEUBRLYtXYJj_VeNSlj7lu1WwklID97p9vmWKJWF6scgUDjZB2OndHzDOs8aAHZh54vfLliDTivvIUm4FQQyPO0FPoLxNO6NtfmwvYnKK5NVp9VtIeO6q3SUzlsnWtltUHdf1ofUC5v1rGg5Hb9Aa1r-E48UMOPpfSpCQ1CrbcKRDT1jsP8YgegpxjtuhLO8vUKm4mgcRmfK970v0LWjWO6wVwFDW2jn7LgGCdzHzk9OCCoeictBxyaaF7krDHPgxAi-DyV3pDr4dsE4to-A-EuWtNazqAWeFlW1ysbI4ixnZ1j4Fj1CQZTAZd3H4uL9aMvm_pKp-XsZSiH_HI5XYxqhjQFwwVZ5tt9d4wx2bPHqI5K-toGNegDBDFSqAXfXlLh-JkM0uvDgrFi1m6arvApQ6O91n-xHzRAHFTw8yPnepa86IO0Eux7FJGlDumptyRcqtPS6wjGW7x35vtUXogqI35ppalgFgL1QVxVdkSptqhlI61Gcmd0PiFgeF9dGTqwQIEBzoIY93xXpORLIed5FbC_T9siR10fL9qDL3pWZNWoDT9BRDeZI0R96fo8nKEqTzFS8gJ8WfcyZrB7AjfNZXUanZsewMYKx4ANLTmDoh-eTXEzQr07JsrGzjfJ3zI8BRbZQiIKQR7Yj1h0ggq9OoasF1jIrqyKyhzU2mSqDef4CQXz93vIc6lafYF-fAmQnSx1ecS9XLjeaMIuu93wJmcegEw6S7-78kgOfpNnbomAr2XH35Tknq6iFirigXeNHoCr4WdKZhYTm-Y3OE_VZEPSiEzJdo576KAqKBfC1dW6OO7QmTZ7uskxOtKPgkutSc9JYW5Rw2vrv_el6m5Keu_NlXta8q9_YLRYrN85UWeraWsxpIivzO4ottFiu37MBQ3XDJsd9f89R_C6Fl6H53AxRLAWfaZ_wdi4ldCFaA7uPTcUZkmpZiBYU9-uPa9zDd5Yma9RKv4zdY8daq6fWbrLOWJWdaMPjuu9fPe6AjyrQWD64liBWUPxduVV1MsllL3dqBxs82mDSUaIsOVDRaeIUNq8Ya8t0o5gZxoIOQJ2jWpKTrvi60eFNBbxHnD6v6fYYXlNbDBB_IWdqdbXmh9U3&sai=AMfl-YSxXzsGKXpP9uMchp7plJuZnTUCdg4GhcMLQGMKCLMt1g2tpD5SKq1z62vE4Em3i_X5WE9WSK9n2We6KE2GN6WtBvkWgwL549n8-_Dsh8-MNKpRALOxUydA98r2YoC_yBNxDBXe5CcFvHYvJSUOR7sQwV1of2D0C6DVauECodpxub1vYNOzjxPJY3C7wF-nU42Q8aaXy6Y_3p9ODl2YBMJnOHVETFFS-tC-U_W7rYGeBeHgJ8bdzqp2oKqf3-QY3Xcy&sig=Cg0ArKJSzNM-UZF1UUiIEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=426&cbvp=1&cstd=418&cisv=r20230620.69049&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 28 Jun 2023 21:48:32 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Wed, 28 Jun 2023 21:48:32 GMT

GET
H/1.1

200
OK

px.gif
d.adtriba.com/ Frame 276E
Redirect Chain

https://d.adtriba.com/collect?atb_ptid=f65079e0&atb_dcaid=202305_es_nothilfe_dv_pros_367777967&atb_dpuid=di_dv&gdpr=&gdpr_consent=
https://d.adtriba.com/px.gif

42 B
227 B

18ms
14ms

Image
image/gif

3.124.162.174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adtriba.com/px.gif
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Server: 3.124.162.174 -, , ASN (),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:48:33 GMT
Cache-Control: public, max-age=86400
Server: nginx/1.16.1
Connection: keep-alive
Content-Length: 42
Content-Type: image/gif

Redirect headers

Date: Wed, 28 Jun 2023 21:48:32 GMT
Last-Modified: Wed, 28 Jun 2023 21:48:32 GMT
Server: nginx/1.16.1
P3P: CP="This is not a P3P policy! See https://www.adtriba.com/privacy-policy.html for more info."
Location: /px.gif
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 01:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 22B4
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

23ms
21ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:32 GMT
expires: Wed, 28 Jun 2023 21:48:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:32 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 25F9 0
104 B 108ms
27ms Image
text/plain 2a02:fa8:8806:13::1400

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEO6daT5XQe58ik_h9SZ5iy4&google_cver=1&google_push=ATf1kGMIKTrfMnzB5InsX-75CNeszntMrJ33VV4lXriBGsy-aRZfbPsojIJIpLYx-9wRBTJe407hfZXGnUyPjGP440frRcpYL74
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1400 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 25F9 70 B
265 B 121ms
32ms Image
image/gif 52.223.40.198

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESELCzqn7iDiGAMXL3Y0jL9d4&google_cver=1&google_push=ATf1kGMTTlB6acy5z3fH6gs1VdwodKkulYm3aGfMBsfAeawlj7frraw9Xq7sXSJWu79oT3MrtsjULCy9o-85W1kc3zUsrmRFzY6i
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 25F9
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEG8qbmt1BZ6sO68HfdwEBOA&google_cver=1&google_push=ATf1kGP2tOAEP7LQKpKevLf_fUY9UYmOvEW7DKAzcvzRo146791K-tdT02yFJTxNBX60H9EHSJ4acnlymOQILXZE8yvs9WY...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGP2tOAEP7LQKpKevLf_fUY9UYmOvEW7DKAzcvzRo146791K-tdT02yFJTxNBX60H9EHSJ4acnlymOQILXZE8yvs9WYILcF9&google_hm=eS1KLjY1c2dCRTJwR2hxM2...

170 B
188 B

23ms
22ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGP2tOAEP7LQKpKevLf_fUY9UYmOvEW7DKAzcvzRo146791K-tdT02yFJTxNBX60H9EHSJ4acnlymOQILXZE8yvs9WYILcF9&google_hm=eS1KLjY1c2dCRTJwR2hxM2cwWWlJbUU1ZDY4c0F0RFpFWX5B

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 28 Jun 2023 21:48:32 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGP2tOAEP7LQKpKevLf_fUY9UYmOvEW7DKAzcvzRo146791K-tdT02yFJTxNBX60H9EHSJ4acnlymOQILXZE8yvs9WYILcF9&google_hm=eS1KLjY1c2dCRTJwR2hxM2cwWWlJbUU1ZDY4c0F0RFpFWX5B
content-length: 0

GET
H3 200 dds
rtb.openx.net/sync/ Frame 25F9 43 B
58 B 41ms
27ms Image
image/gif 35.186.253.211

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEG6u3AyZDU_phC7Z_lPNqms&google_cver=1&google_push=ATf1kGPkb09g_C8NWanPowALI_OjGA2Og24Gplsed3ip4M6mpAEFmr_lPEEbqwwlhhlERZZa6OZhUUbmQL2wf1eDb_YB02ap0zCA
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.253.211 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 25F9
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEMAfFIU4X51VWyT_i_N62Gw&google_cver=1&google_push=ATf1kGPPkgvIMGdiynK0I4xcgm5fqZpg3SNYy_jzKOjkQv2Pd9ATVXJCvobvuHga2q34927B0HIdH0E6k2NZ...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGPPkgvIMGdiynK0I4xcgm5fqZpg3SNYy_jzKOjkQv2Pd9ATVXJCvobvuHga2q34927B0HIdH0E6k2NZoewAIvrp2gu5OHg

170 B
188 B

34ms
20ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGPPkgvIMGdiynK0I4xcgm5fqZpg3SNYy_jzKOjkQv2Pd9ATVXJCvobvuHga2q34927B0HIdH0E6k2NZoewAIvrp2gu5OHg

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGPPkgvIMGdiynK0I4xcgm5fqZpg3SNYy_jzKOjkQv2Pd9ATVXJCvobvuHga2q34927B0HIdH0E6k2NZoewAIvrp2gu5OHg
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame 25F9 0
75 B 186ms
21ms Image
text/plain 185.86.138.151

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEICPVtJwWnKyVVoO0HY5_gI&google_cver=1&google_push=ATf1kGOrUquhV2Ddy3cUWvaYhxwn_L7oa0f7SjjsnPem_PRO_H7Hqlo81oIgKAmxhecDQiBP3RKAUGxXE8q_5VWJ6i9x1K4jVo0k
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.151 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:32 GMT
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 25F9
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEORh0TUB7...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEOR...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=e284671e-43d8-4c86-ae88-bb73f17d20e5&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

27ms
27ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=e284671e-43d8-4c86-ae88-bb73f17d20e5&%%GOOGLE_PUSH_PAIR%%

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=e284671e-43d8-4c86-ae88-bb73f17d20e5&%%GOOGLE_PUSH_PAIR%%
date: Wed, 28 Jun 2023 21:48:33 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 25F9 0
12 B 39ms
26ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IMp-Dabv2DovBTvtGNmPHYYh8HKT8Rlrdf5hOORopk8quhfqohKFuVyKY5_YoHBkA_5QDq-A

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 0067 70 B
264 B 116ms
32ms Image
image/gif 52.223.40.198

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEIbKkkX2FC5TBMDtg2-ey2k&google_cver=1&google_push=ATf1kGOQ0AGLPmHZThqPiXI4ziC_LqBLYXmLMk5rw7khf-wzZS2Q98FVAQrdFfpDKl6fqIT_6wG6mqFJfHUTG5TQ0TkDEyq7l07Z
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 0067 0
173 B 66ms
16ms Image
text/plain 34.96.105.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEKsf0Clv153U3HvKkf6H7nw&google_cver=1&google_push=ATf1kGNFQ17t6gkIN792scUuMOwS81pv8neyBgjhTEJJ2UFN4sQ5qe1zb969zsVv_e89rBWziXZJPQQY6P1ogCBRa3_AQxknPfk
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:32 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0067
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEFS_XvAW5vIN6eNnFcB6s6o&google_cver=1&google_push=ATf1kGP8GJLvhdiE_I6bv8MIyGTELh_NPJfRITJW6DJV-eIr_igGo7-Jzs_L1l9krF-RtSAajc9y2_PzNzu-mUGEEifSr5w...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGP8GJLvhdiE_I6bv8MIyGTELh_NPJfRITJW6DJV-eIr_igGo7-Jzs_L1l9krF-RtSAajc9y2_PzNzu-mUGEEifSr5wK-Qon&google_hm=eS1WdVFyVTFSRTJwR0NnbE...

170 B
188 B

24ms
23ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGP8GJLvhdiE_I6bv8MIyGTELh_NPJfRITJW6DJV-eIr_igGo7-Jzs_L1l9krF-RtSAajc9y2_PzNzu-mUGEEifSr5wK-Qon&google_hm=eS1WdVFyVTFSRTJwR0NnbEl3TmZpV2cybFpQN2ZkU2YwdX5B

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 28 Jun 2023 21:48:32 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGP8GJLvhdiE_I6bv8MIyGTELh_NPJfRITJW6DJV-eIr_igGo7-Jzs_L1l9krF-RtSAajc9y2_PzNzu-mUGEEifSr5wK-Qon&google_hm=eS1WdVFyVTFSRTJwR0NnbEl3TmZpV2cybFpQN2ZkU2YwdX5B
content-length: 0

GET
H3 200 dds
rtb.openx.net/sync/ Frame 0067 43 B
58 B 36ms
24ms Image
image/gif 35.186.253.211

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEC0liM0xDQ3fNcsuypOOQ7o&google_cver=1&google_push=ATf1kGOgTb3avrFH6SZXHK6fxeNMirilIgoQfVe6STQyXsRQRm0E2z5pEZc2nF71_NgqmlyF_dRJC_KgiShR4F8KXtpK5Jffuade
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.253.211 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0067
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=pjz3iZ2cQKe3zwWnizPnEQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

23ms
19ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=pjz3iZ2cQKe3zwWnizPnEQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGMtpcINcJehytzUxOTlGUJFgFSjwy-NnKKIRWF1TmUaby6bfM8JO7NxVEXoqL_jnYnLRicgdERICONHAzB3V9SqefJQBuQU

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=pjz3iZ2cQKe3zwWnizPnEQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGMtpcINcJehytzUxOTlGUJFgFSjwy-NnKKIRWF1TmUaby6bfM8JO7NxVEXoqL_jnYnLRicgdERICONHAzB3V9SqefJQBuQU
date: Wed, 28 Jun 2023 21:48:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0067
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEJb4vcaXLfVDU-mNU2eh8po&google_cver=1&google_push=ATf1kGOYAJt-oq-MKVeX72EEJNW_q8ZK-AfIAEe91eRACf8R58DyTG_S-M9KK5PMc3qLcpIaTS5MLJKE2V3rdS30G...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEJb4vcaXLfVDU-mNU2eh8po&google_cver=1&google_push=ATf1kGOYAJt-oq-MKVeX72EEJNW_q8ZK-AfIAEe91eRACf8R58DyTG_S-M9KK5PMc3qLcpIaTS5MLJKE2V3rdS30G...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGOYAJt-oq-MKVeX72EEJNW_q8ZK-AfIAEe91eRACf8R58DyTG_S-M9KK5PMc3qLcpIaTS5MLJKE2V3rdS30GnHecIr-Yk9r&google_hm=G5LcrGZH9dlTrbA7QIiUyM_d

170 B
188 B

24ms
19ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGOYAJt-oq-MKVeX72EEJNW_q8ZK-AfIAEe91eRACf8R58DyTG_S-M9KK5PMc3qLcpIaTS5MLJKE2V3rdS30GnHecIr-Yk9r&google_hm=G5LcrGZH9dlTrbA7QIiUyM_d

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 28 Jun 2023 21:48:33 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGOYAJt-oq-MKVeX72EEJNW_q8ZK-AfIAEe91eRACf8R58DyTG_S-M9KK5PMc3qLcpIaTS5MLJKE2V3rdS30GnHecIr-Yk9r&google_hm=G5LcrGZH9dlTrbA7QIiUyM_d
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0067
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEPEKu_Fe3p8CMrULb6aYoFQ&google_cver=1&google_push=ATf1kGMNl5KgjVOC1Xulcebn9yGnPuYecpTHSZlHPpbfzjNM5m28XZbNXOXzikZ66ae6XdyZLCOA0CHbQOxC...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGMNl5KgjVOC1Xulcebn9yGnPuYecpTHSZlHPpbfzjNM5m28XZbNXOXzikZ66ae6XdyZLCOA0CHbQOxC2gf1_29pDSKPKffb

170 B
188 B

34ms
20ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGMNl5KgjVOC1Xulcebn9yGnPuYecpTHSZlHPpbfzjNM5m28XZbNXOXzikZ66ae6XdyZLCOA0CHbQOxC2gf1_29pDSKPKffb

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGMNl5KgjVOC1Xulcebn9yGnPuYecpTHSZlHPpbfzjNM5m28XZbNXOXzikZ66ae6XdyZLCOA0CHbQOxC2gf1_29pDSKPKffb
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 0067 0
12 B 33ms
22ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KPu9iRbWycncRiQyqcmHCVEPzD9pRTRxfiXJK02f-NzCvHlhQljbpDWY0qnQB7hDj1LCxg

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:32 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5CED 22 KB
8 KB 33ms
16ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 114651
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame DBEC 236 KB
63 KB 97ms
33ms Script
text/javascript 2a02:26f0:3500:f::1732:8316

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12768919073557039455/index.html?ev=01_250
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:f::1732:8316 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:32 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=900
x-n: S
accept-ranges: bytes
expires: Wed, 28 Jun 2023 22:03:32 GMT

GET
H3 200 300x250_kia-flex_rio.js Show response
s0.2mdn.net/sadbundle/12768919073557039455/ Frame DBEC 41 KB
6 KB 17ms
8ms Script
application/x-javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12768919073557039455/300x250_kia-flex_rio.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12768919073557039455/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b75362dc056640f589a9997a79ba37b73eaf0e42db94ed4a7f4c3b359a490dfc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12768919073557039455/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 23:15:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 340362
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6128
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:11 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 23:15:50 GMT

GET
H3 200 styles.css
s0.2mdn.net/sadbundle/7493198391404092334/css/ Frame 83D0 6 KB
1 KB 17ms
16ms Stylesheet
text/css 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=LD27Gsvsre&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac2429c9dd60bbe0eeab4fb4322667db2a3566125b4a1d772c488381de05b9e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=LD27Gsvsre&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 00:00:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 424096
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1446
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 00:00:16 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 83D0 118 KB
40 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=LD27Gsvsre&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=LD27Gsvsre&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 10:36:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40331
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 10:36:21 GMT

GET
H3 200 overlay.png
s0.2mdn.net/sadbundle/7493198391404092334/img/ Frame 83D0 95 B
122 B 9ms
8ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/img/overlay.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=LD27Gsvsre&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=LD27Gsvsre&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 17:47:53 GMT
x-content-type-options: nosniff
age: 360040
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 17:47:53 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/7493198391404092334/img/ Frame 83D0 6 KB
3 KB 9ms
9ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/img/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=LD27Gsvsre&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b1bfbac0178604f4dce665117d962743d2916a2a37968438f3d49d7e9c04445

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=LD27Gsvsre&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 11:00:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 384496
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2563
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 11:00:17 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 83D0 60 KB
24 KB 34ms
26ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=LD27Gsvsre&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=LD27Gsvsre&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 28 Jun 2023 21:48:33 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 4A33 22 KB
8 KB 9ms
8ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 114651
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame F2A3 22 KB
8 KB 14ms
11ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 114651
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C0C9 22 KB
8 KB 15ms
12ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 114651
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Jun 2023 13:57:41 GMT
expires: Wed, 26 Jun 2024 13:57:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 2E53 118 KB
40 KB 31ms
25ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14378586457215718461/index.html?e=69&leftOffset=0&topOffset=0&c=vKrntbhuam&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14378586457215718461/index.html?e=69&leftOffset=0&topOffset=0&c=vKrntbhuam&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 10:36:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40331
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 10:36:21 GMT

GET
H/1.1 200
OK viewability Show response
hal900028.redintelligence.net/ Frame 27BC 0
150 B 45ms
8ms Script
text/html 88.99.165.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900028.redintelligence.net/viewability?s=35277400156373704444554012369028&a=a124afe3&vb=m
Requested by: Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=35277400156373704444554012369028&a=594cae1b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.19.165.99.88.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900028.redintelligence.net/request_content.php?s=35277400156373704444554012369028&a=594cae1b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:48:33 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 dc_pre=CJb2oNz45v8CFdCNsgodf_kBPg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=683185057596.4938
adservice.google.com/ddm/fls/z/ Frame EE2D 42 B
63 B 70ms
64ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CJb2oNz45v8CFdCNsgodf_kBPg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=683185057596.4938

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CJb2oNz45v8CFdCNsgodf_kBPg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=683185057596.4938?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 27BC 14 KB
15 KB 15ms
13ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900028.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 25 Jun 2023 02:18:56 GMT
x-content-type-options: nosniff
age: 329377
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14824
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 24 Jun 2024 02:18:56 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 27BC 15 KB
15 KB 12ms
10ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900028.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 18:50:39 GMT
x-content-type-options: nosniff
age: 183474
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 25 Jun 2024 18:50:39 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 2418 85 KB
31 KB 63ms
8ms Script
text/javascript 65.9.95.48

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=35277400156373704444554012369028&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.48 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 00:08:33 GMT
content-encoding: gzip
via: 1.1 badae0844eca8f0bad6677607d947120.cloudfront.net (CloudFront)
last-modified: Wed, 15 Mar 2023 17:26:29 GMT
server: AmazonS3
x-amz-cf-pop: PRG50-C1
age: 78001
etag: W/"876c293e6c37046ecb0c11ce2e276942"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: V6923uVkinj_JeniEF43GYvrOJgzhE9_gfAx3o96CyKPyQASniBnvg==

GET
H2 200 1x1.png
cdn.track.production.webgains.team/7121/ Frame 2418 3 KB
3 KB 61ms
8ms Image
image/png 65.9.95.73

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.png?Expires=1687989212&Signature=dxRkDeeWWpu5z51HwbCkacO71kl8mNdjUOe9xmkWs-LGxrAr~BTSWTvAcp--wzRRrWrWFtjSnHNu1pnZwdBSz-EhyvnOVHhhOCbLeClW6uDcvP12yDMttb89PrKtkGYaIwvy4SNwK5hX9HCSzrC8ligd1TEGb4IjczmlYpOEws~QMLzxdtTPUn1LT6MVpw5qnM8UDHy6a20orwADARNaFLF5e~pvA1GkRjJ2h8TW6wwM4vfj~ZyL3udR3xyB5f9tlRxWmIjVIP3XirpXqZxxiCaRYwWxB6X-~zVnOmijeid1UwjHE42wneBnGa4I9ypqm1Cp6Two2q8Kjw04Uz8Jww__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.95.73 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: null
date: Wed, 28 Jun 2023 04:59:07 GMT
via: 1.1 79ba346413d83ce62db11c8d0b05c22c.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: PRG50-C1
age: 60888
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: wb44YiXuae5s_3WFvPdztFuLzOtIX9CJuqvv1KpKUHDKuZERgmj5Mg==

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B9FF 0
0 46ms
46ms Fetch
image/gif 142.250.181.226

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvEy0czYVhzpPy8HRdzzKRw9yBal6GMmwvU6Ba81GvTkPMVSIN_QOW3li_rF4LPWLwkx9zF2vUioB3nLUV5mTv0sQkhQZZ6BcWV2E_t8zPbT0eWmpjR4qKX4L62PixBVnO4EKxUYeSk9QZTbzJEM3G8336P3y2ug6CqRSG0huCj24wmoC8KWPTtR-hZaoc7huWcSPuPlevcqdxQ46FuqRatZWQl1Esyss6vV84Vn3aG9V_zVnhq73Vess8zbULtzTGomdPXbqPe4xT5J7_Sox-lcdoo9myvrLqXsmhI2WH3_pRy5ayi1mPXBbXkD9fA2DIx34Qk1soCLztqtPP03-2Az2BfKEGa94qBYGMzkw_ZYGA7rSiBTk00xgqv-JHR3zTzgXP83i7-fT7TIUkDhvQWmuKzMtLlNZIUzO_5aLpJrqo9tas6hZ3jUHG0XZYQnAtZUXt2CAKn3MGRW3n8zC7hq71ExObFxYacVf91tPcCrW_auBL4SfKRqPo9n0g9JnXq3_u_VVNgPh7h8dkw53Gp4FgsyHjCKLVrYYBeUhV6h1tvOe_wp43wjilm5CyxjnW8PqpvciW7edr-ZmfABZ4T4SrJWKdXmbR_EuJufkCklKNWvGCOVF3XdZkoenHV7-C8JSPqkPS5OmnJqbUoJMOBy7reWzILILsh2pUh9VjMv_a29EOAIxC_f8vq5Xni-7oJkJqG3C-0m2un29DMq4y09mpCf_qmk7oeS_dXiIGVWHQrCqhWVbsVa8YkADVXpjDytFLnVU5tyrKP7_Nxu_c52qOHmK-23GfQdByf0ZhZVTUb3e4ZG5qv1M7jxM8udmQQuYm1fmZiZUKfXo0DIjAKpWUwrNF8fMKPKNXODJ6tTZ_usImgWSUEzRxDPH9ol0JoyNuZNYQS349fyouLzMT0jpmFMPGQpcO8OIjRxbjZHqZaOO8fn2_RYGosjBBeghspggxwWRLnzxkDTsS9TerMdYk76BIiqQNky_RLEntNr_6j3kH4CqZh8Y7QvRwrgKqcB7sMTz45UAds0BCCX96wLX_RWfJKAwaURG0xIjKIsxbL7Pz7ekwsMpjsBDy99tw8OVD7C2avGRa3A0haDSgV_C9dQMYvRniplORscmdr0ouCRW672NuEJN1M8bMBFNsvbBdem9kUiuJIFhUL2dv9gfzgOwS7caKqb7wGEpgSy2fdiQLtTn7XZ7xhNduio6_zYgn4ONOwrLkDZU6u84w3V7gnVnGUT77nGlaL8fFFRbuyWzd-B4_HQk0f2rkt0055nWt1JTPv9GX3B3qzu8KlBu1UyWjb&sai=AMfl-YRA2rrPZklYPR0Vn21N8SNdG9iIaWIAVcDF7kYImlTC0zDE-VpT3evSRVMJ00oxLKXg02yk_1lReDQyQKkvL6VO4NhlPh5BG_0EkBl5qiMii7MkjNcagR2ripChp3QH2w7zEhnt76FOp85oFOpnOqe_THFGYQ3eubo70co4_ByAVHXrJh9rbBuWrg8OD1FXqsb6SXBdmFPKzJcGj_IoooYJ2vXkz5WHjvu55RIW_KND91LIVl1CTIf8jjW5TwrFzOJI&sig=Cg0ArKJSzLzvBwBVVUGCEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=831&vt=11&dtpt=472&dett=3&cstd=348&cisv=r20230620.64609&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 28 Jun 2023 21:48:33 GMT

GET
H3 200 FordAntennaCondMedium.subline.woff
s0.2mdn.net/sadbundle/7493198391404092334/fonts/ Frame 83D0 13 KB
13 KB 9ms
8ms Font
font/woff 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/fonts/FordAntennaCondMedium.subline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 13:35:08 GMT
x-content-type-options: nosniff
age: 548005
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13336
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 21 Jun 2024 13:35:08 GMT

GET
H3 200 FordAntennaBlack.headline.woff
s0.2mdn.net/sadbundle/7493198391404092334/fonts/ Frame 83D0 12 KB
12 KB 17ms
17ms Font
font/woff 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/fonts/FordAntennaBlack.headline.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 08:50:42 GMT
x-content-type-options: nosniff
age: 392271
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11876
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 08:50:42 GMT

GET
H3 200 FordAntennaRegular.legal.woff
s0.2mdn.net/sadbundle/7493198391404092334/fonts/ Frame 83D0 14 KB
14 KB 10ms
9ms Font
font/woff 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/fonts/FordAntennaRegular.legal.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/css/styles.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:25:01 GMT
x-content-type-options: nosniff
age: 1412
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14468
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 21:25:01 GMT

GET
H3 200 YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js Show response
pagead2.googlesyndication.com/bg/ Frame 5CED 37 KB
14 KB 15ms
10ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6139cf28f27e43ef93d80278423db91715a6c3b6c0a155c4f7386dcf578de617

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 10:30:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 213480
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14704
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 10:30:33 GMT

GET
H3 200 YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js Show response
pagead2.googlesyndication.com/bg/ Frame 4A33 37 KB
14 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6139cf28f27e43ef93d80278423db91715a6c3b6c0a155c4f7386dcf578de617

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 10:30:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 213480
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14704
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 10:30:33 GMT

GET
H3 200 YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js Show response
pagead2.googlesyndication.com/bg/ Frame F2A3 37 KB
14 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6139cf28f27e43ef93d80278423db91715a6c3b6c0a155c4f7386dcf578de617

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 10:30:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 213480
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14704
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 10:30:33 GMT

GET
H3 200 YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js Show response
pagead2.googlesyndication.com/bg/ Frame C0C9 37 KB
14 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6139cf28f27e43ef93d80278423db91715a6c3b6c0a155c4f7386dcf578de617

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 10:30:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 213480
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14704
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 10:30:33 GMT

GET
H3 200 bg_01.jpg
s0.2mdn.net/sadbundle/12768919073557039455/ Frame DBEC 25 KB
25 KB 13ms
12ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12768919073557039455/bg_01.jpg

Requested by

Host: a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
URL: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7243d7ca5cc8d225bf10a5315067587e2d626386c32bf1c5937370a85389ea5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12768919073557039455/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 14:55:05 GMT
x-content-type-options: nosniff
age: 370408
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25613
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 14:55:05 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6EAA 0
0 57ms
47ms Fetch
image/gif 142.250.181.226

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstfQUQDaU_YMIiZ4eXICWseMeu4RrL826VCiM9nyOKjZAEQVBFn0qaeXQ75lADwX4VbeUi4PCNjNJZ1pvWzqMC5mXFHm3o3l0wiZ6X1JFLvKgG9D5ubQ9m0xJlgkIhRiikVu-4kYR45wmKY7e4HH6XE64kdr-V3hFTORi-l53aEGjNQhtS9brGBamqqtPccqwgqQNOTEMvwO3lwVBq-qkxd3ZcjHPZOLF-wYlW1Hak3-Q9T9AV4_2gVTUcP5mdXBLGEeah5fCHxCrVfchBhGRwu4mCI4VoIMRGVIeoGxM2hhdoLtHpeHoxQtZEIQeo9Eetpai3ZuoscopDXAbdT_cHF-jb4x8KhJE3gBzvcqzVBWtNKLZz1pwYRWSilSdSC1xwF7c-OWpdFcNH3WvuKbCVdkqNPQiv9kavdZdwhDC_Eem3mZE3AnzXRSx87XISf_8JE_NLSKEYoJPjzSmuCyIzftrP5S8nLMt8LVP9kZMidJFrp5O5kE_FTvLsoqpf69lXGcjmUuLoBnSTgbnS8fNTYEjExUPCa4BTHEkYfuQPqw6cAhjYc0A_fBpLWMRrEnwDYFLIfrGbMRdv0JqjkvPNWmZ_h2PBbB7GguUtvUvg-qPULj7-wuhVuS-IiCcPqnb2M8uZdNJf0zR7tnYbOMAaddHsvXwKt6x51YPovGrZaE723Nom9cObsJfkmvfgnOuyPPHUo7kYO2yGc_aJayTziw2F81z--jdKKzjco8P2aBNaGcg1nc4284oIqNDoLIxvNwLK9QMEzsWNKWxbDLgGSEihyDYjNlIzhO7PwiGHLOAhORjXSozaKiCgBUrgpdDh-y2BJfB8MApH9xejwEC-Fu_MWrSb2C4Prfa6SXHwj7mBZnC3ROEWlW8j42yKqXGXLhBMN_NG7ULsMSVQPI_14W_5GbqXBVMKsgw1tRs7l5EQugTuUIim-_YKLbJBuEfUBpHIh7s1ScxEKuUdLFUZNrnLY2TyedwUsQc1GUDUF3EHL-mIYSuwbkT4SzkRaRW2BkNqdd4u9T5qovspqJUAi7HB8G-ty0LqsMzXXRRo9eb76BXaZ8cLZ12-3uFtT_bS3Tc3DMVPNIhRGZCejvVmBBLd-9Q82qhYHwpa3iKMS57bYVDh44OUywE6dUDLPrnWl3dWTMbFvLW-uNbWdsYKcX_rPysa-P2nC_XMz8bX8NRpJqXrCiPj0pdB2u7b9XILfWAq8PRCIt1cmUdHHYZcdH1DrojUjZyl1_S2us_D8DvkEwQeaIrKp5IqKXCEv-DL7oBI&sai=AMfl-YRLwahINHZSWOWVozQ1BEautUG5tu-DvlK_Ok-FCTexEhwtMgigSIUCfD0I4Aey5Et_FR0JeDtcTk6XAMbB0k8V66629Nk6KN_pdsgQLPRxnaGJYN5MFevfsEbUptw-sXlvuh5wLNfiuiOA4VAPyprgv6OlZ7zd925Cl-_NA_RiKSqhgyaxYASl3pd66QtpBi0ozxvjV45Y2T0csnKlKtgTs-ivbjSz5uRpU9vDWvY5wdlCgIV1_7XQ4BIeXPQdBUdxAKh0qJLA7PQgSBXzhQvS7sNmmaGLp-QGOFf_O4Ngk0OF2sCnr94VCAOs-3EzkZmWQCks9wkCbQ52ha4RZOB13eqdZb7iG5I&sig=Cg0ArKJSzGcj87iJVPwAEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=863&vt=11&dtpt=487&dett=3&cstd=369&cisv=r20230620.62272&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 28 Jun 2023 21:48:33 GMT

GET
H3 200 btn_cta_arrow.svg
s0.2mdn.net/sadbundle/17428105819714486272/ Frame D9A0 366 B
307 B 9ms
8ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17428105819714486272/btn_cta_arrow.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65ecaacea233cbd58cd42e885e80df77cbc92fc6cfd6e85f1d0e9d2852e1e7ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 09:53:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 215679
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 269
x-xss-protection: 0
last-modified: Fri, 02 Jun 2023 16:34:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Jun 2024 09:53:54 GMT

GET
H3 200 kia.woff
s0.2mdn.net/sadbundle/17428105819714486272/ Frame D9A0 23 KB
23 KB 9ms
9ms Font
font/woff 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17428105819714486272/kia.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17428105819714486272/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4974622fff31e0fe9dcc6c31c33e3f74dfb665d2678bd876ab807506e3bab60c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 25 Jun 2023 05:00:03 GMT
x-content-type-options: nosniff
age: 319710
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23072
x-xss-protection: 0
last-modified: Fri, 02 Jun 2023 16:34:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 24 Jun 2024 05:00:03 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame D9A0 7 KB
6 KB 68ms
66ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0d8a6cf1e2662c42eac96cab612778fe7d76ac00b668356129490b409bd00928

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5664
x-xss-protection: 0

GET
H3 200 60029391_20230503010142811_logo_kia.svg
s0.2mdn.net/ads/richmedia/studio/60029391/ Frame D9A0 1 KB
710 B 12ms
11ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60029391/60029391_20230503010142811_logo_kia.svg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4caec19fb48c8b123d8f1dd3443f2bd70863adf6408db3ea83b1ee46df65c454

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=alpD2ojRTA&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:45:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 185
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 674
x-xss-protection: 0
last-modified: Thu, 08 Jun 2023 13:51:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 21:45:28 GMT

GET
H3 200 60029391_20230515061734382_CeedSW_728x90_01.jpg
s0.2mdn.net/ads/richmedia/studio/60029391/ Frame D9A0 19 KB
19 KB 12ms
11ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60029391/60029391_20230515061734382_CeedSW_728x90_01.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

028d4c88c7ed9b378cdc69cdc211ca26a958528e2ce8aa65de9f570a8bc967ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=alpD2ojRTA&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 10:52:22 GMT
x-content-type-options: nosniff
age: 39371
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19369
x-xss-protection: 0
last-modified: Mon, 15 May 2023 13:17:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 10:52:22 GMT

GET
H3 200 60029391_20230515061734775_CeedSW_728x90_02.jpg
s0.2mdn.net/ads/richmedia/studio/60029391/ Frame D9A0 35 KB
35 KB 12ms
12ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60029391/60029391_20230515061734775_CeedSW_728x90_02.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ab32e9626ed6d424a2ccb611e330a5d781e8ce543f9a13f2fc395f6759068b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=alpD2ojRTA&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 10:54:08 GMT
x-content-type-options: nosniff
age: 39265
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35369
x-xss-protection: 0
last-modified: Mon, 15 May 2023 13:17:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 10:54:08 GMT

GET
H3 200 60029391_20230515061737927_CeedSW_728x90_03.jpg
s0.2mdn.net/ads/richmedia/studio/60029391/ Frame D9A0 20 KB
20 KB 14ms
13ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60029391/60029391_20230515061737927_CeedSW_728x90_03.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

684e28ed94439ad9382064bdaf9e783b9b9fb283112ad42b77d5bd23f317a661

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=alpD2ojRTA&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 10:52:22 GMT
x-content-type-options: nosniff
age: 39371
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20886
x-xss-protection: 0
last-modified: Mon, 15 May 2023 13:17:38 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 10:52:22 GMT

GET
H3 200 60029391_20230515061741204_CeedSW_728x90_04.jpg
s0.2mdn.net/ads/richmedia/studio/60029391/ Frame D9A0 18 KB
18 KB 13ms
13ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60029391/60029391_20230515061741204_CeedSW_728x90_04.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01a1ed11c2b5950d9a38a31ffa552b9d9834fa246db51926ee4ac7dd58d375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17428105819714486272/index.html?e=69&leftOffset=0&topOffset=0&c=alpD2ojRTA&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 10:52:22 GMT
x-content-type-options: nosniff
age: 39371
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18639
x-xss-protection: 0
last-modified: Mon, 15 May 2023 13:17:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 10:52:22 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C5D8 0
0 54ms
54ms Fetch
image/gif 142.250.181.226

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv4Vn0DZ93Uw6IRylZFgnU5k56Izq5HpMwPdi2grQoT5xHkH0IvERIjt8r0ESaXezpODWo8JLqyBOAy2GKNz9v2AliTiLvJHci34EqHh62ERTPwKzi4bwwLAdpQsVqqwSeHwteIXYTWtBqRgpBIfFVxh2uxsGWejarNvzFT13FzUnGVr2Kvxa-6ASRHqIs0ArSnd0HnbdCn-QIM8NcP7G2Sr8iJfYTjYrh0cnxJeLqf1-wnFtijke_glxbBgiCE99k2SI-ONebsVXRcq2lFIkBh9Wwvx9L_VYaJPxVmKgcIAB-yH8PIwRbhT7U9v67zL1aH-6C1KEhWBxDO_s-SyEDpllGJeUD845BKmm0y4dFxHbr4VZm9Lr3gwKpAc8_AO7IxSqIAEBknhFMQ9J2YT0fT1hMhGhc8_xF4uv62RjAWqOMgOxl7O-Qo3M6Xvt1iTExlMO7EM1JqpVcFVFPMeeuPCdyjhOIVvRHiyNv78oxpyVkzswfyqIj6kref9zuIwA58o90j_pGw9twmjJGpt1K0VjAR5EeAnVMUP7W18_Z4maL-vqPOA3JTGfe_y2qS219IoXOslYJU5tUQl5LRhx3UZqGIJC42y63HjT7vNXOTrWjOvyFPB8gaMJnI4TrufTfDpBIsVItvXly1JqVzbkbjY_SY2rNGQOO9p0SU-ONA2jT7s6fYSPRlnqXRM9T3-QenOZsXWT2OMlHiIzmRZTD_G3FkdXs9tbMuRjhQKwGDqeQaGS9Kom26mJ896hA4vxrsyZImiVH3lFLMfwuO9wql9k67tlx-YJYcFNw2nvJTUgIty0rCDIP1-gaiLzoLmHGJV_-ukxMN5fcJUpGGqCWZvPRmJ-IHVRYmDMFXh3azOdBot8pE_y8DPsXndMjOm68CJ2mZ7GeFZHv-I7vF_mOPELDLTpiZTq4yaJFXDQclqB8Cd8uk2BNZTxiok7ccgsPziNLD_cNXWqD3NXBIG-xm5LXLUst5yX3y_Dmn61zRMc7_Ctjv1YPmfuHGkyLQ4mshC4pAptyhGul6IM3HyNahrzMe8HSUoC2ZC7TzpNBpTZzGZUFyypHiVIm-jDky5tPwv_y5goE-lgiH1YU86SeArzFfVVBZuxaNUczHS0cpepRykzggBwS1QWOgLqBD3G12mlxUDr_pDxBBs58fstdSWlt2I9IKxl1upENT1tL3EtnJoWTwE6d9QAWdmILwGoY8NOvdgwdd_tTuH4YG1IrX6InnoVDWD6bMAx0qHXK4PyGmYVtU0Appp8uv2Gzbz_92yswcEphdjUGRpPfj--WaHA38bAcM5l9QWh6R60fR&sai=AMfl-YQkVHcQJKcLnv-tlkemVSI5N67Ml-Z6JiuWDIatl3nXuFrgE6KazCLub1cAkm0wloPcJ1Skzccq1tluR7WLfAgn1442k8jjWbDafEhPlkWW2rTMtZ3HIp1-3xMgb5HkngJzvuUQlj-QSPUNAxqk3cZZpSBzsW0EJeqbHvi-KOasSZCq6JpR2JXM60WULuqgxCL4WmNj4Io3xxE4zjTX_5H4V9utKsjYygEaCVFML00Z9T9uyGFH6R1VqQJrJYPSgauFc3H-DE2WVZ6o0Id15zJf2HOZVw&sig=Cg0ArKJSzFArATKKaguNEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=898&vt=11&dtpt=507&dett=3&cstd=384&cisv=r20230620.94689&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 28 Jun 2023 21:48:33 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 276E 0
0 53ms
50ms Fetch
image/gif 142.250.181.226

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvz8NBkvfvgG86WViYTPEb9kpeNOfc_t-pKafFl61t4KfMjs0PY2tNCQmqSXekwCFAnpfh2UnFcHEmQyNBPJzSwoJiM1yYNlrCUB8xcRZGpgMnhX0kYBQEAHN8FNGXvCCZ4pX95Y4Uu7NDDvrAlnKxBCCqA-z5nkLn0mYaeJPyol53hpcRT3bDvDDFyaJqnqEUBRLYtXYJj_VeNSlj7lu1WwklID97p9vmWKJWF6scgUDjZB2OndHzDOs8aAHZh54vfLliDTivvIUm4FQQyPO0FPoLxNO6NtfmwvYnKK5NVp9VtIeO6q3SUzlsnWtltUHdf1ofUC5v1rGg5Hb9Aa1r-E48UMOPpfSpCQ1CrbcKRDT1jsP8YgegpxjtuhLO8vUKm4mgcRmfK970v0LWjWO6wVwFDW2jn7LgGCdzHzk9OCCoeictBxyaaF7krDHPgxAi-DyV3pDr4dsE4to-A-EuWtNazqAWeFlW1ysbI4ixnZ1j4Fj1CQZTAZd3H4uL9aMvm_pKp-XsZSiH_HI5XYxqhjQFwwVZ5tt9d4wx2bPHqI5K-toGNegDBDFSqAXfXlLh-JkM0uvDgrFi1m6arvApQ6O91n-xHzRAHFTw8yPnepa86IO0Eux7FJGlDumptyRcqtPS6wjGW7x35vtUXogqI35ppalgFgL1QVxVdkSptqhlI61Gcmd0PiFgeF9dGTqwQIEBzoIY93xXpORLIed5FbC_T9siR10fL9qDL3pWZNWoDT9BRDeZI0R96fo8nKEqTzFS8gJ8WfcyZrB7AjfNZXUanZsewMYKx4ANLTmDoh-eTXEzQr07JsrGzjfJ3zI8BRbZQiIKQR7Yj1h0ggq9OoasF1jIrqyKyhzU2mSqDef4CQXz93vIc6lafYF-fAmQnSx1ecS9XLjeaMIuu93wJmcegEw6S7-78kgOfpNnbomAr2XH35Tknq6iFirigXeNHoCr4WdKZhYTm-Y3OE_VZEPSiEzJdo576KAqKBfC1dW6OO7QmTZ7uskxOtKPgkutSc9JYW5Rw2vrv_el6m5Keu_NlXta8q9_YLRYrN85UWeraWsxpIivzO4ottFiu37MBQ3XDJsd9f89R_C6Fl6H53AxRLAWfaZ_wdi4ldCFaA7uPTcUZkmpZiBYU9-uPa9zDd5Yma9RKv4zdY8daq6fWbrLOWJWdaMPjuu9fPe6AjyrQWD64liBWUPxduVV1MsllL3dqBxs82mDSUaIsOVDRaeIUNq8Ya8t0o5gZxoIOQJ2jWpKTrvi60eFNBbxHnD6v6fYYXlNbDBB_IWdqdbXmh9U3&sai=AMfl-YSxXzsGKXpP9uMchp7plJuZnTUCdg4GhcMLQGMKCLMt1g2tpD5SKq1z62vE4Em3i_X5WE9WSK9n2We6KE2GN6WtBvkWgwL549n8-_Dsh8-MNKpRALOxUydA98r2YoC_yBNxDBXe5CcFvHYvJSUOR7sQwV1of2D0C6DVauECodpxub1vYNOzjxPJY3C7wF-nU42Q8aaXy6Y_3p9ODl2YBMJnOHVETFFS-tC-U_W7rYGeBeHgJ8bdzqp2oKqf3-QY3Xcy&sig=Cg0ArKJSzNM-UZF1UUiIEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=927&vt=11&dtpt=501&dett=3&cstd=418&cisv=r20230620.69049&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x69807j0b5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 28 Jun 2023 21:48:33 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 83D0 7 KB
6 KB 55ms
52ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4802f82d9b45940fa161850222c072663c090123de8532fd62445d49ad3e7f98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5696
x-xss-protection: 0

GET
H3 200 visual.jpg
s0.2mdn.net/sadbundle/7493198391404092334/img/ Frame 83D0 84 KB
84 KB 19ms
15ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7493198391404092334/img/visual.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b438fcb0b6409866bcf245a57397590528a9db351cceb09953f27f9105069895

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7493198391404092334/index.html?e=69&leftOffset=0&topOffset=0&c=LD27Gsvsre&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 23:04:37 GMT
x-content-type-options: nosniff
age: 427436
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86025
x-xss-protection: 0
last-modified: Thu, 30 Mar 2023 10:59:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 22 Jun 2024 23:04:37 GMT

GET
H3 200 bg_02.jpg
s0.2mdn.net/sadbundle/12768919073557039455/ Frame DBEC 25 KB
25 KB 23ms
20ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12768919073557039455/bg_02.jpg

Requested by

Host: ye-mek.net
URL: https://ye-mek.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36ca757ce7e90a817a4b773b2b249329696fb0a9e5ac0f7951b7bcacf1ee7412

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12768919073557039455/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 21:31:25 GMT
x-content-type-options: nosniff
age: 87428
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25574
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Jun 2024 21:31:25 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D999 42 B
64 B 63ms
52ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvwXjETt9llnKED32xXMLGfTpVvAp30fk8rDgP7uswfkE-xswFFS43IR6sIbgIUe3imYGgfB6IjTF-MIvUp_ON89XhYBx8h5Etgw8F7uZKMcSrIACLVzTYg7XKTGF-ZmaM27llFsP7--N9Y&sai=AMfl-YS1YqkZswiY_8-_8FxZ8SKZAMZ5A-BztjhBImvZFnwkI9rFEhupCllqZ7Wc_Ld3gBfA5ZXp3OAhdsWwRr9P6Ue9vPBGiWo7l_zjR0il3p4sCpr5X2OVHxkCd0CSDAeoqw_r41OQv3dZ9W1S93h7DmJg36HzeZIDJaUhTBT1Nvvfx_pjMwrtX-JhWLTWsg&sig=Cg0ArKJSzB9fzQTDeL80EAE&cid=CAQSbQBygQiDt4_Mrr5xg1UEu3VrcCA_WTChccG6xWDhUh-qo2ff69uiGtbiixJo3P8YO7fZjbWA7PzRTco6dPTgFk5tchg3FkDq0Zd_FT7YfczzzwdcwPZjt1KLzXS44WtYvgp_YJJsqg4i0-tqKb8YAQ&id=lidar2&mcvt=1043&p=1,1,213.953125,301&mtos=1043,1043,1043,1043,1043&tos=1043,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=9&adk=101261820&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1687988911722&rpt=558&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2E53 7 KB
6 KB 78ms
68ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

60a13862ca37c7b01317cd4ca3a52f0b73e73d539770a2dd4c471071481b74ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5783
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame D9A0 17 KB
6 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 28 Jun 2023 21:48:33 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1B9F 15 KB
11 KB 60ms
60ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202306260101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

80fbba44f5e314483f796ea014b1110185c761dd588c2b5641967a2d007317df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11356
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2BAF 0
20 B 64ms
63ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B5bI3r6qcZMGpF8eh7gOVyov4AgAAAAA4AeAEAg&bg=!AgGlAVXNAAYQ3eRoMN07ADkAdvg8WhxS66F3kbHOoFtULQoTCamaSXMaRXYsMyfrY8fiCjoIGMY-gwMhnUkclrtemGhGbv3HJzUCAAAD0lIAAAALaAEHmQMQipqql0f021t4Ogj7F3de6Emiu0nKNO-bxz96CZWV2KlZpySafESlndX7Z-A8wQQx2yScdm-03G05jRCXSPoEi0e_oCcakUvqGaGoLX4baCuqHxkfP79FYW8IOwN_p-WTujAOL2IMWqeHRnxXgUFDutHVI7BzZh-rMzasQxgUQ2aydbIKN5_Ny7Ig0UfdBqs9s3kobVufcRERPNy4IawSADOjkxroxf_GVPnLfz7OnNJlBjn2mNSwhY7aOm7HBpAp8ixyzIrqxKYSoeGmfVy0hdsDWZJ3c9PuWkfDWs0kk-x8o9kLRAPPGxHfhXnYpeiF6-2T5uvu3Bh1q8WQ02-xR5qetma_Xypnl4j2Qw3CZJmGl_ziitdJPLjlTLZgqxMrV6wDwk1AXni-yhohovnffZKJ8OyWXfTC6_g5TphNKsjrPJ_vLEEu2cX25cVrCnqCnZBU3W7l6R_01tFRFF1g6XyKVHo7fcNZmbywtOpD4nyGzCc4lps4BSJq-jGLQr61tyFTr8QptgJFxU3cAISMIwxQf-ceOawszjUnFkAzsIL6Nn7xULxXdo5QuAI14Oui0p0OaeecJV-BgiryQFbG2zKpw0XI3zUK3URbqgkkB-WXNqEg46T-z2_5k4HC6Uu-wFgiC4UE1ta_SIezmyDIJmXPlvRUdwhJNgXZTFm9VP93jAFBThNym6M6RxenWkQITD5EYTQ4c7ab0KbBJSO5jcl8a8nLdp3Gj9n3LoJE7nrjAySD5b4WB5J-U6sLnBI6Etwo9c6KWro3HyaEtydLrtvihlyPGtOF-wdxa27pNL8diC1WSj9VMR7QTHqmKJOusIKmoop9Wh3JcajHvxRIjqT2gLN-7bW-81_7Cgl6NN-zESE3HDyHEe8YyxKUlLnaxhC5fC6dqIpOfSpcuRIy7E1mjEtsRswWqSp6eSOMx3TjqEEKPSP-n_PmBpIgOMB42PUtcOaivpEggKfO6yTUAy46OzahpvSyesJB8s2u5u4YZU6uMWPKS6drJAF0z0Fi-fI-W7-g_GX16N3MGhzTXg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 83D0 17 KB
6 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 28 Jun 2023 21:48:33 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2E53 17 KB
6 KB 79ms
78ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 28 Jun 2023 21:48:33 GMT

GET
H3 200 logo.png
s0.2mdn.net/sadbundle/14378586457215718461/ Frame 2E53 10 KB
10 KB 16ms
10ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14378586457215718461/logo.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ca5fcc4e45655fd27fb35bf8f628a7dbb679141b1cdb4e3b7da63c3237ad514

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14378586457215718461/index.html?e=69&leftOffset=0&topOffset=0&c=vKrntbhuam&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 23 Jun 2023 17:18:21 GMT
x-content-type-options: nosniff
age: 448212
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10701
x-xss-protection: 0
last-modified: Wed, 22 Jun 2022 11:28:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 22 Jun 2024 17:18:21 GMT

GET
H3 200 60028053_20230526240031283_unicef_nothilfe_templates_160x600.jpg
s0.2mdn.net/ads/richmedia/studio/60028053/ Frame 2E53 41 KB
41 KB 17ms
10ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60028053/60028053_20230526240031283_unicef_nothilfe_templates_160x600.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

890f6b9f663db1fa71c8dcc3f4eb63f830476670ce45d65601e707588749ada1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14378586457215718461/index.html?e=69&leftOffset=0&topOffset=0&c=vKrntbhuam&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 11:27:14 GMT
x-content-type-options: nosniff
age: 37279
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41701
x-xss-protection: 0
last-modified: Fri, 26 May 2023 07:00:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 29 Jun 2023 11:27:14 GMT

GET
H3 200 btn_cta.png
s0.2mdn.net/sadbundle/12768919073557039455/ Frame DBEC 761 B
796 B 20ms
14ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12768919073557039455/btn_cta.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68552cca682bb0b73fe0c5bccadba8c66051f3bb0f87e49aafabd3915249eee8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12768919073557039455/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 17:43:14 GMT
x-content-type-options: nosniff
age: 101119
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 761
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Jun 2024 17:43:14 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B9FF 42 B
64 B 65ms
64ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuthYzG2-lJ-Y3GKuw_odzBQdPScGXExBOd6EYBdOxklPgZhonJ4h5lktU09ptj1N6BlR4-g68XfIwC7PYuouwkKehy9pfSP7tjN8XFpPZb2LIjJa-pC4EyBEjfMu1a58ChCSPsoMcCy8Is&sai=AMfl-YQT906XvP3QyMLEjmwWbvmjY8oRHoV8yVeYtNVpjQOC4FaOzNmqLI75NUbOiImWAMUeauIvk5rnf8BRsRc_NBEAjhA0PnQLrOjQWKLyo19u1H2MB_beM1QN8ko&sig=Cg0ArKJSzOTfyY6LV-SnEAE&cid=CAQSOwBygQiDaBfdvQIg5F1NClBYxRkAoh0C8eoGZtlcQT2z_bQxqhlVjAn4tgIbczV4RohAhsmiGNj3nnq3GAE&id=lidar2&mcvt=1048&p=0,0,90,728&mtos=1048,1048,1048,1048,1048&tos=1048,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=456810305&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1687988911764&rpt=686&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6EAA 42 B
64 B 45ms
44ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss_3lu7xiB8HzhA3ZXvjuq3fOn8S9_KYDnC9I8jfJKzP4d4aR65AW0IIi-e9JaMUXXz70CYC1CRT7g2yIe8pEw0G3c6cnj0DU_OqS-_JjRDGpSR16PzW3PCO2UNMf38Ef37HAfsNlNIKe4b&sai=AMfl-YTGJIezkYS2kwW9xrD0QXJjRRCAEBf5wpJYreEUnz-0bD2-qq4OV2CdlTZ2SSnRH5Hr5T06DFttWMmXBGNhIy-IkTE4dRZ5qhyur1WFgMRNXOny_RbcTpNM4aafKE4aDN0ugDviZnRzpRZneZ6gMCmiA4Hh2kBgYGMrBiQkuSfODKjFS_d_GQZwbSgRiw&sig=Cg0ArKJSzBH5kxfM-cjBEAE&cid=CAQSbQBygQiD6uwsiyZSlm4vyfSUag9hxFiGgxZmEevZbM95Pt_0W4NXIVC08GU11oy5xd9tkNrkFAsK6Hstsi1oSP1kOqEtreGCWQz3Ty_7c8p_0fONXnAvXFLo_4c_Msy27T4ITHUUPvj3LkUKwVcYAQ&id=lidar2&mcvt=1051&p=0,0,250,300&mtos=1051,1051,1051,1051,1051&tos=1051,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1213799213&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1687988911809&rpt=696&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1B9F 17 KB
6 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306260101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 28 Jun 2023 21:48:33 GMT

GET
H2 200 5ed7702fe4b07a92411bc03e
ng2.virgul.com/tck/imp/ Frame 1B9F 0
209 B 68ms
67ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7702fe4b07a92411bc03e?g=1&t=gb&r=153378@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687988910666&userId=vnet555305dd-604f-4c2b-a899-19000d2d39c1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:48:33 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js Show response
pagead2.googlesyndication.com/bg/ Frame FC9C 37 KB
14 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6139cf28f27e43ef93d80278423db91715a6c3b6c0a155c4f7386dcf578de617

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 10:30:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 213480
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14704
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 10:30:33 GMT

GET
H3 200 YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js Show response
pagead2.googlesyndication.com/bg/ Frame 0B96 37 KB
14 KB 21ms
15ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6139cf28f27e43ef93d80278423db91715a6c3b6c0a155c4f7386dcf578de617

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 10:30:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 213480
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14704
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 10:30:33 GMT

GET
H3 200 headline_01.png
s0.2mdn.net/sadbundle/12768919073557039455/ Frame DBEC 2 KB
2 KB 8ms
8ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12768919073557039455/headline_01.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8fbf191730c1afbbb36a74db70b962b761bfb7a10f995995822354a19f2b5fc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12768919073557039455/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 23:16:35 GMT
x-content-type-options: nosniff
age: 340318
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2426
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 23:16:35 GMT

GET
H3 200 YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js Show response
pagead2.googlesyndication.com/bg/ Frame FE5C 37 KB
14 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6139cf28f27e43ef93d80278423db91715a6c3b6c0a155c4f7386dcf578de617

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 10:30:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 213480
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14704
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 10:30:33 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2A31 13 KB
5 KB 12ms
10ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 425
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:41:28 GMT
expires: Thu, 27 Jun 2024 21:41:28 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7132 783 B
531 B 28ms
27ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

00d666f1c0db8b23d93d84e0f0fce16f69c9c71853fb8b8c0eb19210d7495deb

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-nphmS-nWynGe_aNeIxnQdQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ye-mek.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 509
content-security-policy: script-src 'report-sample' 'nonce-nphmS-nWynGe_aNeIxnQdQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 28 Jun 2023 21:48:33 GMT
expires: Wed, 28 Jun 2023 21:48:33 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 headline_02.png
s0.2mdn.net/sadbundle/12768919073557039455/ Frame DBEC 2 KB
2 KB 15ms
14ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12768919073557039455/headline_02.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2562707fbb527236c793e1bb96b0a09b2251184a45b12b905c53c5aa0160bb4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12768919073557039455/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 19:45:24 GMT
x-content-type-options: nosniff
age: 352989
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1748
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 19:45:24 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2418 42 B
64 B 57ms
55ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstWaVaQDBVmLnqTN7HvFVYdFeGn5Y1WfVihDmQ4dy16mSBfhKif1OObgdyBLuoRdFu1baTpf0_yUviyRKNhNujSGftKAb6tX2mkFiTmad2F0ebAL3fVhLxhVklFvd81CFo&sai=AMfl-YRRhm7w4w4UZMEXa-roxz_bjcAHJbIOJrpuabBZWEgzDiIfaV-wHGmhKmEdV0EAzzj6zHkhLkJDdlslNQII1xq22GFIddPg9sXJPCjyOX8D-7GcQtaw7kHY55SCFZTLHFJABxrvUbCWWOZQ97slBrKYvH70_1cEI44TWXjKREnGVCG6-wssrZs4AUZ-JA&sig=Cg0ArKJSzIabfRO3InKGEAE&cid=CAQSbQBygQiDnhtTem870tkP4aWMhKZ6Kz1GaEeUhZqzuy75x42W6ikvyDHIKj94Znfx8fx7qRDByfM84dZGQYSNYs0wfjhtyTCyac2NOBdk2Cg6mOICtMEiygSp93HmAVnlxAO_aHajXbmJNRPVQtkYAQ&id=lidar2&mcvt=1053&p=0,0,250,300&mtos=1053,1053,1053,1053,1053&tos=1053,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=787621897&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1687988911222&rpt=1489&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 276E 42 B
64 B 54ms
53ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstbtpWyFqeTgaMKZfBPL6ta8m3ThDmDlNBuCiIoW5dvBl7-FqlUbRDE_ReEHCSnpej0qUDfAcLkS1ccAN8XMqDiLiBQTnG5uMOCBE1SHSlflDG78DNQFgzr4JF94QXmpgMQerCAvuCU78KH&sai=AMfl-YTCS5i0xGuqEfuZtJ32xbgI8zsUkDX_01dcKBeypPzRK-24emHlgmIXbM5nVRD-Z9UyJ_M9O0dgsg4O3FOr7kXxGwpM5rc1aMN4vu-asOaj1A92hbraJR_QHKE&sig=Cg0ArKJSzNN4SKiKQuICEAE&cid=CAQSOwBygQiD37I8iCvlVD5wswepI9oErvoH130gJinabwWK2w9PPuYwt1X1MbUoclRr4yEPhjAguoV3sYZPGAE&id=lidar2&mcvt=1065&p=0,119,40,160&mtos=1065,1065,1065,1065,1065&tos=1065,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3299242717&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1687988911784&rpt=788&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C5D8 42 B
64 B 53ms
52ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuFchGfvRFd2-YgtDbydwcM3Ec4dV13nQzYVTgoFeT6-f74N5s4aM47SLsVU9mj9HSoZdxZZNVLEWcNHRswk0181c6j3W-jNDn8IQWpQWnnsRJjkDtcb49aNztRtiaRL4gC3xksMoHQYdvi&sai=AMfl-YRw1id274N786-D9L7dHvHWzdGCfV62YBE62UzYFqo9J4xHg0d5zrQ3MZdjVXcornUVRi9ymjMd3gn8fHfXwqDSCbni2J3x5Z5ekx1UIBR2nODIhiilKSDety8&sig=Cg0ArKJSzLajrd5uUlW2EAE&cid=CAQSOwBygQiDmg31be5s0DDRqoTzIHDZkaA2ijC2J-HSmLif-YzRwmsS1kfXzusgvcqq321r9Md6V_uzNAsbGAE&id=lidar2&mcvt=1067&p=0,119,40,160&mtos=1067,1067,1067,1067,1067&tos=1067,0,0,0,0&v=20230628&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3203893797&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1687988911774&rpt=777&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6363a944e4b0125bde9e6739
ng.virgul.com/tck/i_vb2/ Frame 1B9F 0
209 B 58ms
53ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/6363a944e4b0125bde9e6739?l=&r=153366@site_geneli@yemek_net:site_geneli&cs=1687988913918&userId=vnet555305dd-604f-4c2b-a899-19000d2d39c1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:48:33 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed76f76e4b07a92411bc03a
ng.virgul.com/tck/i_vb2/ Frame 1B9F 0
209 B 59ms
54ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed76f76e4b07a92411bc03a?l=&r=153377@site_geneli@yemek_net:site_geneli&cs=1687988913920&userId=vnet555305dd-604f-4c2b-a899-19000d2d39c1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:48:33 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771bae4b07a92411bc04c
ng.virgul.com/tck/i_vb2/ Frame 1B9F 0
209 B 58ms
53ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771bae4b07a92411bc04c?l=&r=153382@site_geneli@yemek_net:site_geneli&cs=1687988913921&userId=vnet555305dd-604f-4c2b-a899-19000d2d39c1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:48:33 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771e3e4b07a92411bc04e
ng.virgul.com/tck/i_vb2/ Frame 1B9F 0
209 B 58ms
53ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5ed771e3e4b07a92411bc04e?l=&r=153383@site_geneli@yemek_net:site_geneli&cs=1687988913921&userId=vnet555305dd-604f-4c2b-a899-19000d2d39c1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:48:33 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 icon_check.png
s0.2mdn.net/sadbundle/12768919073557039455/ Frame DBEC 656 B
691 B 35ms
24ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12768919073557039455/icon_check.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce0334984e5f44af91c12d8ed33b76b040558ef5100a1985cb5bc0354ebcab64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12768919073557039455/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 19:42:44 GMT
x-content-type-options: nosniff
age: 353150
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 656
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 19:42:44 GMT

GET
H/1.1 200
OK viewability Show response
hal900028.redintelligence.net/ Frame 27BC 0
150 B 28ms
8ms Script
text/html 88.99.165.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900028.redintelligence.net/viewability?s=35277400156373704444554012369028&a=a124afe3&vb=v
Requested by: Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=35277400156373704444554012369028&a=594cae1b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.19.165.99.88.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900028.redintelligence.net/request_content.php?s=35277400156373704444554012369028&a=594cae1b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 28 Jun 2023 21:48:34 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B9FF 0
20 B 46ms
44ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8173026143638&version=m202301230201&ct=76&x=1&cor=16142555721972943000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6EAA 0
20 B 44ms
43ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4022804873173&version=m202301230201&ct=76&x=1&cor=8280198177138833000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C5D8 0
20 B 43ms
43ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3422503237402&version=m202301230201&ct=76&x=1&cor=5122876243078649000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 276E 0
20 B 44ms
44ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3847137441946&version=m202301230201&ct=76&x=1&cor=2148530608043300900

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5ed7706de4b07a92411bc042
ng2.virgul.com/tck/imp/ Frame 1B9F 0
209 B 51ms
50ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7706de4b07a92411bc042?g=1&t=gb&r=153379@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687988910666&userId=vnet555305dd-604f-4c2b-a899-19000d2d39c1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:48:34 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2418 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7186884632739&version=m202301230201&ct=77&x=1&cor=2705401943974782000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 kia_flex_white.png
s0.2mdn.net/sadbundle/12768919073557039455/ Frame DBEC 1 KB
2 KB 10ms
10ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12768919073557039455/kia_flex_white.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb158ee3a60ca46559d0535a2101a6569c76957c58c4da910744adc525d77949

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12768919073557039455/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 13:21:26 GMT
x-content-type-options: nosniff
age: 30428
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1515
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 13:21:26 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7132 0
0 46ms
45ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202306260101&jk=4406933181835019&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5CED 0
20 B 48ms
48ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B2K8psKqcZJDBCJy99u8Pw-uYGAAAAAA4AeAEAg&bg=!WlmlWQ3NAAYQ3eRoMN07ADkAdvg8WgyD4tT1H21o3dQlDVOcPDhwK0EDYcue_cBRKI8xQ0DNVB__egmivjG4qlARwlqnjz8vhQwCAAAE2lIAAAAHaAEHmQMcZo739PfInUCUihWuG_-nkqE632Hxia9fNPgCm3NcULjCB_UfwCAMsVo55gtGKAw-Af9SdQyRKZM6uAptLL3qFXEdc5mLxJApSBKaFLyQRDTOgEsVAvKmL_uaZPuKTGdt6_hVP0wu1MIkyG4K4DUF_0vTPzd21uAmYElJnq1QFGtsSZ_eqSRg2RJrsB_NOw_DqfIL_qfPg0ejIIWsgGBhHUIWZps63HYsbVL9rpSel4xsRe42547TVIBXcxOywwN8C5CHI4XS-rLpa0w6bsz7BjgeMFwUA4JYPor_0WPXkgLDl_C7gdied49fnftNnZUblap3vS7J5V_mPYC4TjW5a-zk7uwjeQEr7jaZ5jTPU5-jsObptRzq842PsrrSpQsDSDa-KFwwkhyBWmrGQQWiUQ7d69ZeDS_CNJoYSGhM7VnE4V-axSa__WTHSTp2Dqehp5REX24ATNi_kjBs30-Ln3LYS1wwmHM74em76pSvQITBuYj-kzgAZ8cCpUpFCkJ592WkRYZMeSA1lJ8LSZOP2ei2smpMiERCiGvlEw4XfgbSZVhlBsm__cjCRwzuXjCxJ6zhyOneamLO3GWAInE1rl0RiFS_tAL-9pBJDEl81_NLPG4JGpkxvCQfxLvfV7OaZbQZk3tdsS9i3YD4Z0_6Fn8JSFj4oCd5hIL_pAca7_0BwIbn87nNvuMCxwSEnrRG86tbc1TTOhdR3SMPmm8Lb8wvrpoVQVGqggzsojooSDDMAisDIlg3dojz_L1K-fFO8qTeK_m99lYVZA3VHEpyJXanPObGA53LA5_mbRXoLuwd5BqfVTufwOvncH9G0NcLYMh7TVlJH_CI8tm8G4W82WdcSFityPFkyYfCAHDLIz6Suk9OEJ4h0xvCUF1jVJmQy3jtJyrXvYykboXM5cUjugwcwQVXnLHhtlp_7Uv74b6zh3mJZw2ubWSuBZ5bRBK3IBKNLSZXa6SLzNGi72o3bP8l-okLE2HK-r0ijp-1fBMv8oA4q_xRK5FHJGjgkxn_Nvdo18Okm6eIAXq8rhulnfrrKiFiH_rbfNBOmg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js Show response
pagead2.googlesyndication.com/bg/ Frame 2A31 37 KB
14 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YTnPKPJ-Q--T2AJ4Qj25FxWmw7bAoVXE9zhtz1eN5hc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6139cf28f27e43ef93d80278423db91715a6c3b6c0a155c4f7386dcf578de617

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 26 Jun 2023 10:30:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 213481
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14704
x-xss-protection: 0
last-modified: Mon, 19 Jun 2023 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Jun 2024 10:30:33 GMT

GET
H3 200 liste_01.png
s0.2mdn.net/sadbundle/12768919073557039455/ Frame DBEC 1 KB
1 KB 11ms
9ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12768919073557039455/liste_01.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1bb6bb2316416b6f3440548ea3ee0ff5472d742c8477b7a3b12234e8703256c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12768919073557039455/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 18:34:25 GMT
x-content-type-options: nosniff
age: 11649
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1085
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jun 2024 18:34:25 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F2A3 0
20 B 60ms
59ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BUG93sKqcZLvpCc6XjuwPv4Wd8A4AAAAAOAHgBAI&bg=!HxylHEjNAAYQ3eRoMN07ADkAdvg8Wg-l1VdNvhS5JdfbmUVaakK_VOCpwb6FGGgP3AznuAAfqJWXglBeTR23aOiVB5Bndt8zm-sCAAAFOlIAAAACaAEHmQMUsY9Lu5JH8ovCz3v93uYWITRh3yGr_bSMHyu4BXcdzg1lcVcaynws0kOCoYrv2R9PWCyyY0S8rExpydPBAaNvwNmmM9bQ6oDIbVdT44nYwhNqzzugatHtNY1v_sChJi10Sm1rGEHVkUs0-V4u-EBWuHlsIJ_ObVw95cv0n_NMlZLHUnyljeQ6gOUGxYgKKgSJmnkvUrChOdzA13mKcwIkbxhNtnmdy5ktTsy902kJugwL-xUkUNaUyTqZcQ70DAFN-jktPi0Qygzj8bED-xo0RHj3TLvsHixjHxaSwaHtuWXTp1N7K-xKghMVERG7NvEpvBJylY52WZcpKxFmB0jOX883FbqgIP5ngs0lGZOrG6zDifzflBk23XGMqYCQm2JR60IO_LonRO7bJFi39bufwhcjH9SJE7-fXj260gAv90Iw0CVd-5_X0dQ7Bgs8xX5k1c2V9cIs5wxU_NnYS4maXC3TKypOiQc_qN--ffDI7ZBn3m_MZ1x5s9hL89AE43e8mdiBdVCyiH5jpWwdy3n1bGGHsyagbQU6QR2UDS04jsAegrm2x5nitUQG9gMg7LTGpn_v5G5tMXexBDqLcr23GXyKR3d2Mogr_9H2PCR6cAS8Se89emkYTdessl8h49aQaX_Q7yPRDqm56AKomCXDWrtdz8Dd_qX2jQSICRES3hmyrcpAB_J_Cu2s1rkCkJe91AVdbEZaBTNB2uVMnVrkVFGoLLcxqV3_AzesfhXJIHM-pzipUAZYzeVdVZGw2fAuRxSnzhHLA8MBste6CGgLByrBb63laj7LYLeq0BtZ4AgLX-FP4AaLTjSd-XWTDgfLt8SEyA-ba4JhyitRoq7KTl5rup9wGqZ7NilmSW1Cmw-eUuy1lzQNetUMH3nsZZY0A7X7L9Hyg-l6BGLfrX0QTdZBxRwPALepJ6LAjqWMvMowf4KYSrsAR-sSKHIJhIA_GHzCWZmkpymxS8ID5dhmrZgnKGeXDXSPIR4VKG9aMUY7-cSVu4PzUOeRusB6MyrpglADR2wC1sAN6dXAy6Ww8XsCbwM

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4A33 0
20 B 54ms
54ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BJgtksKqcZMDuCeixx_APk5a_eAAAAAA4AeAEAg&bg=!oqGlofXNAAYQ3eRoMN07ADkAdvg8WpgBccNXMmUIL_OGkrNnu5o1w3Tty7f4dJgJGyahRnDB6sq7FWGieWL_pFdkDCUtME7ABL0CAAAFd1IAAAACaAEHmQMXQACqyHBkEfI_4pwOB4Tid18U5eZw3n0z37rem1at3Kj_0rL0-3Gg92PjkY5DsJ5Cvnt-RT4pKkhu24uT_OPRB2JiqL-3Nu1d70_3EGWSZr9gOdtdRYDSJBa3r6QcDF0R31T-_WJ4x1CL2sJO0L1asjX2zIQaqIfCcq5Tr0Lmkxn4E-S6vzwK_yfrkSC5uU3PYujDLv83TpDrUjbEx2-nK1UZLcyLETDmYAEa8kXusRgDF6mmb0YDmXv8zb45-1EDRZ9IRTc3T350sVNXXD5SBIVh4yawF_AXn1xxc9WrXDtekOI3tkWOBfpXdnJeJ6yvr00garF6U2sYPLGU_z6q5pAj-bdAvzdQz6jK9gwlOtXmdRYUPwrf2vVz_uVDvzf2PQRA0Ai9jPSaePCtPaTW2Wjs6jOuTwVyev3oYPJQFnLNxWvnMLfyMTfYC-YkApIKjUyBgWXkknefw9bbHupyOB6cPDuD09CihtO2T4QuFFw2RLwNW-eZVBcHloN2fNORqxc5YsnC73_aFe6Ko8wtKC-41K1a860RiLFht2_oeD3vNTF37kOS_rVLaD7fPtR4ILTvZIUj4VFOoxVfzlBPP0ycrta3PTuVYiBSzy5Eb84nG_ZccnKmH34cStmQZ5h7IjPi2NH6lE7BsuufYzCF6f2qz2s5Fl2xp7pdr-YOps0vqnvYDbrg7h2pJHREBCRJ2fq32GRA0IE65dCyLvQv2q01RYaZ0lueQq1jPC3eXAIThzbzSMDoGnxTbJxJ_u8TlQ396-WIM-6_a3-H1GLBh9xHHqsMU8uvXdQzhlCsYycEyEt91DJ7Kpt42QT5rbHX4HdQWVrzMyUi_TXRl7JanG6Y65GRKCmQaF3wraza3mAnoW2nuuE4h_kSQlwGw9CZZN1ZOf9N6AmTPtVBuPxOy-USSFnfmusJ4ZSylTtxPo2NIUEJQQuX0W3GSx4f9CK8GK-7RYD87a2fW6gu-3SkZmfPmesCC9cHYo6TdDznZk4U3HvQ6mLyd6ItR4dcN0snIm3HBDFpsDJLMvAtEffGXRVlzKlpf0A

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 liste_02.png
s0.2mdn.net/sadbundle/12768919073557039455/ Frame DBEC 1 KB
1 KB 26ms
26ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12768919073557039455/liste_02.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85764e3d281c3748129051ff30544d7705cd95ac363e17d599cf0358ed7c0584

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12768919073557039455/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 14:55:10 GMT
x-content-type-options: nosniff
age: 370404
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1404
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 14:55:10 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 2418 16 B
209 B 65ms
64ms Fetch
application/json 18.168.234.149

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.168.234.149 -, , ASN (),

Reverse DNS

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 28 Jun 2023 21:48:35 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C0C9 0
20 B 51ms
46ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B2tNCsKqcZJLqCdyb9u8P2Pq1gAsAAAAAOAHgBAI&bg=!9vWl9aHNAAYQ3eRoMN07ADkAdvg8WhSfC9wqKLZMyA-fNvJlU06El1gSzRibjLM0xrm_sRGHywKG2mOW4Yt826GtSt4M_3D76XQCAAAFWlIAAAADaAEHmQMV6NzNqcOKB_FAIEErH3y3LeFAmpO0J63szOo9tKjSUIpc3KBiKmpwS0VnYSu3zmY1XQ8kri72AC6UKdI5nFQXfVNgl62-0RT2GXK3v9m77tb3Zwxa42HCKd0Z-vfRQzyt3ueu-Rg8ylLqrGl41SzsysdrrCNDCijOkyVG9KQYsQAOYWOeiAmAj0Kgy_K3CXC-ADPVJRuqvHHmTnmYSI6GJlMmBtUBogVmRfea9iUonU7v59bKS5iZNJCwwBIigq2Z52H_rYLbDmF-ABLhc8cfGw3icQ6Zg2yODXCkQ2nt_Ikicbtp--XsTISkhlwTDbAuSiHomlALEZx4HnR6TnzOf08S5foNp6A_eJ3KI94ql3VbNhklANvqJpGPa-hjclmYhe7ggLP4oShDJL5y77GHHgl1IZ2dPVvZBuE4C5Vg5XL0L9WL322MQb59e6LTRl4IGdgcRmhBcjPGnvKRThkNlGrg6VCOgh0pKJlq59hXZkr1A0A1i67LDZKeVkHh7txeDWSexogAwH-VhqclgneUQqFQDXxrlcIvIqs8c6oygHuvck5TE-q3TOURx6UX8S7vw2ohtmhBfPDDZvc8VoWGWlV_yn1KoW9yrtKT9WqURCJKmS4jH7pE1tWdzbvrkhoM_eKB0BpJ0Wiu5Xxo3nlftUwhOZv_IplQVyWVr-JUF_AtOaCPnxzZ9wyrzM8FY41xdzFfXfTxwkDWcObLyTc9tZ5V8GQuK3EN2O4D1m0ul-SuPr-oiUUo66lc2lmBh95eJJ5r4U46EwInanhrvEJqXbEqzmq68wQynljyQzLqkdCp_wPecCysTGnX2Csp_Mjzv21yPWHptWpgM4fxQE4NFBkWvgtUFqUNIaCnWYy5aId4mHdk0A1RC_TQcKmPtMNrwI9T7en-x69Zd2SnG5d_0FLm1GrZgy2o85s4bXx3cnRKAoxJVkxfRuImlNBZYpDK4ffTIzVkGzMo7hrYMAdjEBw4nR_gJtJST5cJYYNvCdBfprgo0EMWr1a7doSaM8-rYZwfhLk4hC_6M-h9SDFAPOYZAwWf

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Jun 2023 21:48:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 liste_03.png
s0.2mdn.net/sadbundle/12768919073557039455/ Frame DBEC 1 KB
1 KB 8ms
8ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12768919073557039455/liste_03.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc4fec40905fbd51adf29ef0554369e7e7ead1adfbaa03adfe158faf2ddd5872

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12768919073557039455/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 14:35:06 GMT
x-content-type-options: nosniff
age: 371608
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1227
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 14:35:06 GMT

GET
H3 200 liste_04.png
s0.2mdn.net/sadbundle/12768919073557039455/ Frame DBEC 1 KB
1 KB 8ms
7ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12768919073557039455/liste_04.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bdaa45add05fb6a742549affbe0c6351520d4a2d7e2a8677ae431b88c7d8846d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12768919073557039455/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 23:04:43 GMT
x-content-type-options: nosniff
age: 341031
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1187
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 23:04:43 GMT

GET
H/1.1

200
OK

firstevent
unilever.demdex.net/ Frame 1B9F
Redirect Chain

https://unilever.demdex.net/event?d_sid=25453995&cs=1687988914944
https://unilever.demdex.net/firstevent?d_sid=25453995&cs=1687988914944

42 B
952 B

39ms
39ms

Image
image/gif

34.246.32.5

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://unilever.demdex.net/firstevent?d_sid=25453995&cs=1687988914944

Protocol

HTTP/1.1

Server

34.246.32.5 -, , ASN (),

Reverse DNS

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v050-0d440bd63.edge-irl1.demdex.com 6 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 0LdRaARpRes=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v050-02495e23f.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: T7k26Aq3QBM=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://unilever.demdex.net/firstevent?d_sid=25453995&cs=1687988914944
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 preis.png
s0.2mdn.net/sadbundle/12768919073557039455/ Frame DBEC 2 KB
2 KB 9ms
8ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12768919073557039455/preis.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

86f21c0a5d07ec6e46404e7b9cfb021aaa58d1f80001a21f0721d711ae43b21e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12768919073557039455/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 05:12:21 GMT
x-content-type-options: nosniff
age: 405373
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1730
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 05:12:21 GMT

GET
H3 200 va.png
s0.2mdn.net/sadbundle/12768919073557039455/ Frame DBEC 4 KB
4 KB 8ms
7ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12768919073557039455/va.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ca546d2d148974d9a24bf49efdee4e8bbaefc0930a9f8b4c3657cfa74ede33a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12768919073557039455/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 24 Jun 2023 05:09:12 GMT
x-content-type-options: nosniff
age: 405562
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3909
x-xss-protection: 0
last-modified: Tue, 18 Apr 2023 13:53:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 23 Jun 2024 05:09:12 GMT

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 240ms
20ms Preflight 18.168.234.149

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.168.234.149 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 28 Jun 2023 21:48:35 GMT
server: nginx

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 2A31 0
12 B 7ms
7ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?eNtbMA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 21:48:35 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 5ed7706de4b07a92411bc042
ng2.virgul.com/tck/imp/ Frame 1B9F 0
209 B 49ms
49ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed7706de4b07a92411bc042?g=1&t=gb&r=153379@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687988910666&userId=vnet555305dd-604f-4c2b-a899-19000d2d39c1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:48:35 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1B9F 0
0 45ms
44ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202306260101&jk=4406933181835019&bg=!jo2ljdnNAAYQ3eRoMN07ADkAdvg8WiDkYUaHLlN2ElgocsckBYXPNpKk8Vd4zu_-L3s9BoEJkwr8WKs4U6vS8mMlPl99hsAQ8jICAAAAkVIAAAADaAEHmQK12s7XXA5l9r5Ek6zx7-Yz7Z2MdsyQSNQ7oEPmcP0XYQVhGxr6K8LtYDmHozelg-TgKT-5M8SoVCdy8NHFBMMn_q2htJrU8Mc_ztP_vZFVsG0vKm7d8nmT-dlAiBF_RFai0rVO2CX1ocCLoDppdAtTX3T7WulJWpvW8qnloQBGs8PgMdw0jUuBT3k8GSBsklW8zahEiwpbJGN2X9IuCWym8mYMq9BotSDOq1V4iu5tcUqYFeEZ5JNqf3uw56tYt5vemmlp2M_6xtcqsdp04c5AdK227XeJqi8DU4mpqHzIWIyzT9XBuqopSoRXOo20Fzrqy7Q3uvKTML9DRx-qW9SRokt_mtqW2VJ-Q9Q9_ioGiGwUEMrDiHIBOJbAkMP9zU65mClEA-rZMbM4616lONnBQwpVElJSH8GPSCQ6JIcc_sDnLOy2YFO5SQucyBam4ZD-PA8Srr0j85bQyp05yrbpuxGBN-wvQ-hub9AbI0HuTpDQGR2fUb0CJ-KMz0QdlCN9-Qo7fki3qPYDtJRT0Rympf0qBOwhQE8yJdv3dz7AxBZy-w_hMuey9sIGSNBqvWq2WzkbMY65cNeknrjRj57m64rOpHhRCJzlEpD2evQULipKsYaWKcD771jXr-Vp9P2sk9aMnjqIYjyagvIeTW0RbAXpH1SmkZ9cw7TNEfP1uh-LiTk3JAnanUe1xQcJXhF4dWDRSq7zda4-gIRRh80x8ZIKr8h-o8g7q0HYepfOmmCRxs5K7h-eY42qg_ng6SL-U7oLSsZbPxZWL1NYG5oDbANXX7OlMPqjMZItr6ONmwZDY0-FO8Rx6oXK6GVigZW4MFipgVTuPH0Gb6CFIvNEysl7q9gbhGqu7knzi2jVmVQ8WJdT0JoM4dvf7RcXT4F65n5oSdYhpgxJ39JwnV45bBRSeCZE
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 5ed771bae4b07a92411bc04c
ng2.virgul.com/tck/imp/ Frame 1B9F 0
209 B 49ms
49ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed771bae4b07a92411bc04c?g=1&t=gb&r=153382@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687988910666&userId=vnet555305dd-604f-4c2b-a899-19000d2d39c1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:48:36 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5ed771e3e4b07a92411bc04e
ng2.virgul.com/tck/imp/ Frame 1B9F 0
209 B 49ms
49ms Image
text/plain 185.7.176.223
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5ed771e3e4b07a92411bc04e?g=1&t=gb&r=153383@site_geneli@yemek_net:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgprec%3Dyemek%26rec_ing%3D&info=&mt=1687988910666&userId=vnet555305dd-604f-4c2b-a899-19000d2d39c1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ye-mek.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ye-mek.net
date: Wed, 28 Jun 2023 21:48:37 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

41 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.adnxs.com/	1970-01-20 15:02:44	Name: uuid2 Value: 8586438930232934941
tagm.tchibo.de/	1970-01-20 15:02:44	Name: tchibo_et_gk Value: 873c1eb494504ce49a7494decbd06575%7C27.08.2023%2021%3A48%3A31
tagm.tchibo.de/	1970-01-20 17:12:20	Name: tchibo_et_uk Value: c20bbb99b124441cae97025ce0e6d3f9%7C
tagm.tchibo.de/	1969-12-31 23:59:59	Name: session_session Value: 8be108f699b0488583600ae2
.doubleclick.net/	1970-01-20 22:14:44	Name: IDE Value: AHWqTUmpuTpUlAshxYeWmU7KqF9Cyxe_loUxgDnFJT74qDPup8ehDtE6-OYrzq6jtAc
.casalemedia.com/	1970-01-20 21:38:44	Name: CMID Value: ZJyqr0VIkytEHzvV7KweTAAA
.casalemedia.com/	1970-01-20 15:02:44	Name: CMPS Value: 1131
.casalemedia.com/	1970-01-20 15:02:44	Name: CMPRO Value: 1131
.redintelligence.net/	1970-01-20 15:02:44	Name: 8lcfmzhxc8d6_uid Value: 61e6ed58272fe948
.adnxs.com/	1970-01-20 15:02:44	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>@jcOcI!]taT8i_iqf!oN/@E'zz<Z0Q5zhcue0Ak!3?R(LrA1t[XSWgbNGJA%N=JTD._PlZ[C[-kX-Au8am
.retailads.net/	1970-01-20 13:36:20	Name: ppb2172 Value: 2829290701
.spotxchange.com/	1970-01-20 13:33:28	Name: audience Value: 867a829d-15fd-11ee-8de0-1e875f050206
.de17a.com/	1970-01-20 21:31:32	Name: guid Value: 1.7795126826089083541
.1rx.io/	1970-01-20 21:38:44	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-f11c2a21-98f9-4b57-92f6-e7f384975fec-003%22%7D
.doubleclick.net/	1970-01-20 12:53:12	Name: DSID Value: NO_DATA
.quantserve.com/	1970-01-20 15:02:44	Name: d Value: EBoBCQGrKYEA
.quantserve.com/	1970-01-20 22:23:23	Name: mc Value: 649caab0-acb01-35be3-89b43
.adfarm1.adition.com/	1970-01-20 15:02:44	Name: UserID1 Value: 7249857173071591566
.mathtag.com/	1970-01-20 22:19:04	Name: uuid Value: 54bd649c-aab0-4900-acc8-8ee46f4934a9
.mathtag.com/	1970-01-20 13:36:20	Name: mt_mop Value: 4:1687988912
.futalis.de/	1970-01-20 14:19:32	Name: raSIDb Value: 2829290701
.simpli.fi/	1970-01-20 21:40:11	Name: suid Value: F7202CCB98F6422AA06174676E6E01D3
.targeting.unrulymedia.com/	1970-01-20 21:38:44	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-f11c2a21-98f9-4b57-92f6-e7f384975fec-003%22%7D
.w55c.net/	1970-01-20 22:23:23	Name: wfivefivec Value: 0tAac95t1QeD1C5
.adform.net/	1970-01-20 13:36:20	Name: C Value: 1
.pubmatic.com/	1970-01-20 12:54:35	Name: KTPCACOOKIE Value: YES
.w55c.net/	1970-01-20 13:36:20	Name: matchgoogle Value: 5
.adtriba.com/	1970-01-20 22:29:08	Name: atbgdid Value: d1fe92ff-4ecf-498d-ad3b-b22622baa8e3
.adform.net/	1970-01-20 14:19:32	Name: uid Value: 338148814007713837
.blismedia.com/	1970-01-20 21:38:48	Name: b Value: 649CAAB09DE82B798619FF27BLIS
.lijit.com/	1970-01-20 21:38:44	Name: ljt_reader Value: G5LcrGZH9dlTrbA7QIiUyM_d
.360yield.com/	1970-01-20 15:02:44	Name: tuuid Value: ba16f152-4366-44fc-aa50-42c34cfa1303
.360yield.com/	1970-01-20 15:02:44	Name: tuuid_lu Value: 1687988912
.office-partner.de/	1970-01-20 22:29:08	Name: source Value: {"webgains_webgains":{"timestamp":1687988912990,"clickCookie":false}}
.yahoo.com/	1970-01-20 21:39:06	Name: A3 Value: d=AQABBLCqnGQCEHYHWZQteSGWYaE2cHLKVYEFEgEBAQH8nWSmZAAAAAAA_eMAAA&S=AQAAAh9N1NOp4uJ_m-Opo3vMIt4
.pubmatic.com/	1970-01-20 21:38:44	Name: KADUSERCOOKIE Value: A63CF789-9D9C-40A7-B7CF-05A78B33E711
.bidswitch.net/	1970-01-20 21:38:44	Name: tuuid Value: e284671e-43d8-4c86-ae88-bb73f17d20e5
.bidswitch.net/	1970-01-20 21:38:44	Name: c Value: 1687988913
.bidswitch.net/	1970-01-20 21:38:44	Name: tuuid_lu Value: 1687988913
.turn.com/	1970-01-20 17:12:20	Name: uid Value: 3893606083007196751
.tribalfusion.com/	1970-01-20 15:02:44	Name: ANON_ID Value: atnsIHriIthP3PTReGiWCSfZcYEUMkixUN7jqslIbLXhebc5bE06reaOWuYweOU3bhZaekhT5sJFglnZbVHJ5oiIabv

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pcloak.blob.core.windows.net/web/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
javascript	error	URL: https://ye-mek.net/(Line 39) Message: Unsafe attempt to initiate navigation for frame with URL 'https://pcloak.blob.core.windows.net/web/6x69807j0b5.html' from frame with URL 'https://ye-mek.net/'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor has it received a user gesture. See https://www.chromestatus.com/feature/5851021045661696.
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plaf=1%3A2%2C7%3A2&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1687988910799&bpp=3&bdt=524&idt=148&shv=r20230620&mjsv=m202306200101&ptt=9&saldr=aa&nras=1&correlator=769850748361&frm=24&ife=1&pv=2&ga_vid=215418476.1687988911&ga_sid=1687988911&ga_hid=2064569244&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=222437166&scr_x=-12245933&scr_y=-12245933&eid=44759842%2C44759875%2C44759926%2C42532277%2C42532279%2C31075626%2C31075645%2C44788441&oid=2&pvsid=4406933181835019&tmod=9758648&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.w657v3mxojpn&fsb=1&dtd=162 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5994599.fls.doubleclick.net
a.tribalfusion.com
a7bbdb3f68ba7e6b578e1577f2864714.safeframe.googlesyndication.com
aax.amazon-adsystem.com
ad.turn.com
adservice.google.com
adv.office-partner.de
ajax.googleapis.com
analytics.webgains.io
ap.lijit.com
api.webgains.io
c.amazon-adsystem.com
c1.adform.net
c1.imgiz.com
cdn.retailads.net
cdn.track.production.webgains.team
cdn.ye-mek.net
cm.g.doubleclick.net
cms.quantserve.com
code.createjs.com
connect.facebook.net
d.adtriba.com
d5p.de17a.com
dclk-match.dotomi.com
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
encrypted-tbn0.gstatic.com
encrypted-tbn1.gstatic.com
encrypted-tbn2.gstatic.com
encrypted-tbn3.gstatic.com
feed.pghub.io
fonts.googleapis.com
fonts.gstatic.com
futalis.de
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900028.redintelligence.net
ib.adnxs.com
image6.pubmatic.com
images.dmca.com
imasdk.googleapis.com
match.360yield.com
match.adsrvr.org
ng.virgul.com
ng2.virgul.com
onetag-sys.com
pagead2.googlesyndication.com
pcloak.blob.core.windows.net
pghub.io
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
pv.medialead.de
r.turn.com
rtb.openx.net
s.tribalfusion.com
s0.2mdn.net
s7.addthis.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
static.virgul.com
sync.1rx.io
sync.mathtag.com
sync.search.spotxchange.com
sync.targeting.unrulymedia.com
sync.teads.tv
tagm.tchibo.de
tpc.googlesyndication.com
tr.blismedia.com
track.webgains.com
um.simpli.fi
unilever.demdex.net
ups.analytics.yahoo.com
us-u.openx.net
www.cloakan.co
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
ye-mek.net
104.75.89.75
13.41.123.192
142.250.181.226
142.250.185.194
142.250.186.134
145.239.193.130
151.139.128.10
178.250.7.11
18.168.234.149
18.194.169.246
185.29.134.248
185.7.176.221
185.7.176.223
185.80.39.216
185.86.138.151
185.94.180.126
198.47.127.19
20.60.220.36
213.155.156.166
213.202.235.10
216.52.2.16
23.206.208.114
2606:4700::6812:18ad
2620:116:800d:21:b314:a0ef:ab7c:d546
2a00:1450:4001:800::200e
2a00:1450:4001:808::2002
2a00:1450:4001:809::2002
2a00:1450:4001:80e::200e
2a00:1450:4001:80f::200a
2a00:1450:4001:810::2002
2a00:1450:4001:811::2006
2a00:1450:4001:811::200e
2a00:1450:4001:813::200a
2a00:1450:4001:813::200e
2a00:1450:4001:827::2008
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2003
2a00:1450:4001:82a::2004
2a00:1450:4001:82b::2001
2a00:1450:4001:82f::200e
2a00:1450:4001:830::2002
2a00:1450:4001:830::200a
2a00:1450:4001:831::2001
2a00:1450:4001:831::2003
2a01:4f8:d0a:2321::2
2a02:26f0:3500:f::1732:8316
2a02:6ea0:c700::19
2a02:fa8:8806:13::1400
2a03:2880:f083:9:face:b00c:0:3
2a05:d018:d29:3605:c153:9878:d174:5b1b
2a0b:4d07:102::1
3.124.162.174
3.71.149.231
34.102.243.38
34.246.32.5
34.96.105.8
35.186.253.211
35.204.158.49
35.241.45.217
35.244.159.8
37.157.6.243
37.252.171.21
46.228.164.11
46.228.174.117
46.4.10.47
49.12.16.151
51.75.86.98
52.223.40.198
54.246.170.49
54.93.94.222
65.9.90.93
65.9.93.173
65.9.95.48
65.9.95.73
69.173.144.138
77.245.159.14
85.114.159.93
88.99.165.19
94.138.206.83
00a0cb59c614b72cc7b94593c402d7bf80851135cc6b0f7ce16262cf43dca4a6
00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe
00d666f1c0db8b23d93d84e0f0fce16f69c9c71853fb8b8c0eb19210d7495deb
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
028d4c88c7ed9b378cdc69cdc211ca26a958528e2ce8aa65de9f570a8bc967ac
03c63216c505bd0a1ae66d4fdc94e5d726c24c2347d1a809e576f98ad302b990
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d8a6cf1e2662c42eac96cab612778fe7d76ac00b668356129490b409bd00928
0e3062d9c8c3dfa5cabf3cdc4c058f696f21c0442f17970acabf4e9a896a2665
120fdf7c1e8de286b8c6ad005bd52d7b3d71cfa17bd6d1f72d023fe952d03708
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
15e747c6253573a0957de9223e74a869c4bc91ebfcb39c69a71bd46847f9db20
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18db09aaeeee5c7da8919c77d8aa609493829b1a25530582f0b7f901e8ad02ab
1bb6bb2316416b6f3440548ea3ee0ff5472d742c8477b7a3b12234e8703256c4
1bdfbc239e072c3401968b6709696a495cf7c67483ddd4bb90aa8a602dd0ff17
2234037a888c83a799cde2c75b52fa9880bd342ce8b05ddf317849cd7b8f3a92
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
2562707fbb527236c793e1bb96b0a09b2251184a45b12b905c53c5aa0160bb4b
25b451f3cad26104f57800c79546bf5a40295d0cecf5623e623f4479b94d0ddd
27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea
27b521443caa2567c561c9a2bd377929f40cf7fb68113ccbc4b42669c6841e79
2814fa315823ab0d025466339c9c20092d3c3380163b281486a75a3990d5cd10
298e30cd4e01948d540e8aff796e294da1ae095578b2403f2b97280e3b969a6f
2ab32e9626ed6d424a2ccb611e330a5d781e8ce543f9a13f2fc395f6759068b4
2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f
2c481ccdb6e10e0136132ac25c732c873df15b1cf23a063a714f63606159551e
2d3ebc5963c3ba449fc6f11b2d5ac883abaf7dbc046ac7c1b267518e0ca5fa27
2ee4854a38ad37b61a8727c71e98305037bc4711d65f4bac43420986b4c9455f
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
324a9c1f26949a62b89c5846de23826737bf3b14443e3f5a969b1799604a0588
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
358afba4d9a9311d66b79e1834ad4f9dc896ce5242fbb3a7b6ef41e6043c304e
36ca757ce7e90a817a4b773b2b249329696fb0a9e5ac0f7951b7bcacf1ee7412
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
38638044fd6994e283e47f7b4fea0cb7396e92bdd2eb177c78df99433e4fc889
38a45d2622d89b3d2da8101fa1ecdc03ed87f51af4d93f1358530610ffd7cfcf
39a490e9314c5008e721c80c0cfb3a1f77229a92712eba7993f8b581047b3279
3a55a81ee41fb052562bfb3751492caf7ce85c5c029a7a7b03fa55797707b85a
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
3b0de38926780a96381f1a9dda4033b19bab7138171d2d773517d833be962fc5
3d8139674dae70e3d6825845bd963841ab4ce23d55252685fe8061f6276bdc1e
3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3ed559a849229d0ba1622b39b2343f2307a91aae5bab1f08e55c89e50874c980
3f064267c64c1eeca604b20f9d60538c32c14e90528441d0524c2f30161f8b47
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
40e3a10b3c1c563b32d7206d4cad168d65aa736e7453c85d22e4937b30962d85
4280cd4b56f2c32730c10b51d0f72b21d2a82f83104f1f450d3436d5166d692e
4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
470af6e71e87482292b89899a46349f1f13dc9e8af3e00144d94585ae728358d
4802f82d9b45940fa161850222c072663c090123de8532fd62445d49ad3e7f98
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4974622fff31e0fe9dcc6c31c33e3f74dfb665d2678bd876ab807506e3bab60c
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b88a304d6162d0e7bc1ea1c3b8c9e9f6b6751002a6d58b6a7bb2c4dd383dea8
4ca546d2d148974d9a24bf49efdee4e8bbaefc0930a9f8b4c3657cfa74ede33a
4caec19fb48c8b123d8f1dd3443f2bd70863adf6408db3ea83b1ee46df65c454
4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e5b863cd7dba4cb2c464d2d31412f51aee9311bc37000dae188c9a686547fbe
4e7a428e2a048d72ca4b6ca862722bd5575d065d38fb4d64cb424134f51f617a
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5103b27b55207be49f024a501641c7cb93e6469073ccbe194cd5963b53716184
51edf0ab7ffd380e7ee212ad3f5bfa02ae4c2a9917e1f27bab39e1c4758ada78
525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148
5367005500c59c9e542250d314120e09d1c1721f471bd9e7aa7b15f6c9cc812d
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
573002b2e0cb6276365af2cfdf59646dd17f1ea9362bc1fa6493903d6df6d758
5804cd3bfdf7f7b00ae1f2beef50b9ac7bbdcadcb47e8c3454e8609a52096b92
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd
599bb6748f60ecce39049c7c6feed7bfd65e9ba09ef478ff0661381840117a9f
59c949c5c11661d43e80180a727893dac9ea3095d0946fcc8a84a44d7ccfad69
59f8589c83d42109119634bf5f85b2f22728753a99306ba03955b93ccc4f4d45
5a890b96bb00fd6a96f4b5e43fa646fb4b331d9c55b88bf6ca5dafd2bf1bf184
5a9863314577494b778cade4d77d719a27fca818d6091efe35b972cac31026f8
5bb74ce4f0049c409aaf3bed8631be9ec74b06ca3c198e95d89ef32550fc4c36
60553b12e1cecec323684ec8158d0fdcc8cc22ae5ee712fc104390e70637df74
60a13862ca37c7b01317cd4ca3a52f0b73e73d539770a2dd4c471071481b74ae
6139cf28f27e43ef93d80278423db91715a6c3b6c0a155c4f7386dcf578de617
613b97a3f938c5185dc5fcb46ec9c9488f460fdf8a9765eea9f05aebe46a0c50
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63715e8ffb3d4efab913b95b9369dc96445bde93529cdc97909bdf57a8134300
65ab75ed0100d9adf612b46d1e20ada64ac9530637f328dca42fd984da437919
65ecaacea233cbd58cd42e885e80df77cbc92fc6cfd6e85f1d0e9d2852e1e7ed
66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492
684e28ed94439ad9382064bdaf9e783b9b9fb283112ad42b77d5bd23f317a661
68552cca682bb0b73fe0c5bccadba8c66051f3bb0f87e49aafabd3915249eee8
690fca14cfec3446c6987b26b03ce4308c280b6c62435486b73be10fe4e1b511
6bfe09f0e69c4c09277d895b1146f4217b705d6bee219c661b36031742c24dd0
6c6d900511c502a6d0b97a298ecab07040eb48a8756ec785beddb35006825f0a
6ca5fcc4e45655fd27fb35bf8f628a7dbb679141b1cdb4e3b7da63c3237ad514
71afb38e0805648d18592ed8395ece1c81a419dcbedca76be5aecd85e13ae11d
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
75c5dcb0b1839bbb85275b03f330dd59c04167b59fe68b07cedad9f8292040f5
7619efea4ccd65a5edde7db90013478309541941826ee2aacacaf95614043b87
7a4222ccd2614b474c6b8a8bd7540b988d88ecc23b8163b21fd091eda98a13c6
7b0a1f73c3977a54b1e35b50b8d4829036fac521a03fb3b1183cde5a7e8417ea
7b1bfbac0178604f4dce665117d962743d2916a2a37968438f3d49d7e9c04445
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
7d4f898f5b01c4f58c14d70f7ec3f0bcce39ddc02b2edebbc8720e908304a944
7d6ab13a46e2b6c54d7cc178cdd04a5bcc4dcff75661fb8481e17ea8fe7a55a3
7e10c75356ec658e2f2fb4a409b04977fca9251f009aa4518d20c96ee4cf3440
7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851
80fbba44f5e314483f796ea014b1110185c761dd588c2b5641967a2d007317df
81f66fb840c902b62f902bc4e27a6e3dee001d2f8babf5e767f78f16136ff0b7
81fa8db261275be7531fb128593cece26d5e679e6e7a633f28f77add13a0d217
822511e83f8f0a91a794447e76b86cbe86ec23663f925f814dfbe9d3d859e85a
8283fa9c09b96e5929d28f325fe46a231469f9966f4b66b323faada5bc39002a
83402b5943f3a56ede2bd0086e491799779a54c5616d203aba74c21d44a8ae14
83905eb59aa964c7c9f44b74756c9cb0e77994b2b5569f2d8b8025b8aea8e33a
845eb9ea29b7a5637e5caa0a807e46db1ad49dd0bfd4dd1145a6ea3e6895555f
85764e3d281c3748129051ff30544d7705cd95ac363e17d599cf0358ed7c0584
86f21c0a5d07ec6e46404e7b9cfb021aaa58d1f80001a21f0721d711ae43b21e
890f6b9f663db1fa71c8dcc3f4eb63f830476670ce45d65601e707588749ada1
8d67e93b773c993230e55a3881853d5e8d399b32fb591d845c41553c0fe8c71b
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8fbf191730c1afbbb36a74db70b962b761bfb7a10f995995822354a19f2b5fc2
9278600fa0dafda2b297c3b854bb86b85d6078d5d3454a6b24b95967b9022fb8
94e5839a676eea34b7f565a70e57075e47875ab68fe7055f04df7bdf89165416
95dc2fd2d6660cddee1ecf5114f8017512f5f017e2cd96f71efb880957a69564
99a8eb126003409d8613e0b5660540b1eb50ae754b02e0be43993770e35c9d6d
9a553ee8a667dd57fb74981f9a4ea14bb29547766247a0ccf1677b9abc6f45a0
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c1d5eead33fb63bd3a19b2444461953449797f909ef408e9aef9bf572546736
9cacc351a59879d938ef01e274eca7f341deaaa666237a3de94737ccc05a4b86
9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da
9eaed3603d26014344381c5d545ca10c558e1f4b6fe2cd83c1b39d60ae160b51
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a01a1ed11c2b5950d9a38a31ffa552b9d9834fa246db51926ee4ac7dd58d375f
a0a4cc3fe2d3f622420ca59c87382ef49c8810febf4eed0cf5f5b37b0df663fa
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a7243d7ca5cc8d225bf10a5315067587e2d626386c32bf1c5937370a85389ea5
a7a580492938c753648b19da1321bf7ea66d7a2e9b1fa42058c821e268fba9e1
a7be860b8a3390738801154b09d398cfaa7942292cc188556639160d36582e79
a7cda0875dee0ced1c82bf5d7bd85663c5cb5456b26ba0f4750c003884edd5a0
a9262e4f0004178b2eb384213e53dd3e0c71eb13584d3f6b6dba57437014c1b1
ac2429c9dd60bbe0eeab4fb4322667db2a3566125b4a1d772c488381de05b9e6
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
ad3ee286844c46dba3f0d26e100f508c410b28f52784fbeec2d513ef6c6fda7a
aff61aadcc94c243e1dd0ff0cb91051de3139cf9ebfc910764e41f0a409f3cbf
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b183c82cd67472ed0f12573229f1b2eb1edfa6945903e60e96025c8d9fee0c52
b438fcb0b6409866bcf245a57397590528a9db351cceb09953f27f9105069895
b4c7a452353aec40d5f66537bc74a75a4ac5e90e12729a0dfa811fa5cf001a8c
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b736f3c590f550a31f5c5d2e0ce32c364cda805b06a730adc877dab95d115037
b73ee03fa44ce3985504704057d1331e0e5944356f05c425e0b03e15a8cbbcb1
b75362dc056640f589a9997a79ba37b73eaf0e42db94ed4a7f4c3b359a490dfc
b8d0b476d33f17f88af0ca5d38a0fa7bade2e40dcd5734a32b926c808c60bec1
b927930fac90644d24523c173be181b6ecf87293484531a003184e2cfa4a38d8
bb7675b559b6b715e1583e5b7267a368f56cb8961a364f5204695d500614bb67
bdaa45add05fb6a742549affbe0c6351520d4a2d7e2a8677ae431b88c7d8846d
bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c357ced4f1856a05e6c4c4e39337a761f3d3b8259866c844766a6caa76834085
c4f393315ffc75417c9c350e709bbcca2d2e9d5640fa0925b32088ff1ed6c84f
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c99a1db5a8ee11a2fc13ab0544e3865f781fab4515592ff6467e7273478f813d
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
caba686e8a0a57536805240ee1ac6b56d9f5b5add5a8bf88fd6ff83d8a860b63
cb999f85fd1d501283263c9716367eb7fca38ef43777df0fa253ee71bdf19565
ce0334984e5f44af91c12d8ed33b76b040558ef5100a1985cb5bc0354ebcab64
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5
cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d0f4a37cddeca0efb85081c747d4fcac798b9e652117c80a25d8a8aac62b4b07
d469330093a2cebd898628a339df6abaf5edcb89e85769ff79840371195a7d1f
d4c85752d9d2260c0aa1a618ea018217c35a989eb4be212f2abf9dcf8d78893d
d6350ccbc96e6f4089866ba29b8e2fcdf961c3c5b428e8611226d39922e1fce0
d69f2b4ba0b3d3c411bb34844d812afa68128a4ad85f62bb62df1b31fcf05b2b
d6a0e678bddd69cf8c52d5056ebadbb5b1ce59e172bc5eb1b0a8f5aa4acac930
d74e04ab3e34cfe4622ad194e062b4e9f3e10cace748d78c291344fa086d57f5
d8dc15b01bb50f1b955ca58ef2a0f798a1867eb12ce392e7a6f8c4ccca54da9d
d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60
dacdec6aa88bb9571d309c295248ee5b202de625eba8aaa232f863ad9ba9fed5
dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc
dc59fd7129986b76405c0f5b639f34c2646cb57135e0aaabdafdf244765d7361
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e1ec4f4a0f3f4060a95df67e30501a7264ffd1b1423f1ea749b6ac4fe0165619
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40270171da5d48fbff7a8c1919a716e886667bce71bfa9d03dda8211634eacb
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0
e979052a2ee3019ceb28246d970b559212838947e1f2bde23c9e1217669c4e91
eab1145c02ae44ca45370dbdb689a98d1756fe3726fde675886a95730fee691d
eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d
ecadacb686d0540a5768dae41d50597a71dfaa8135b90f1371d4bfa266e4e361
ee8c2e146532573c02c03680b24440d156919c492a76ff9d471aa2a23fb53717
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef9cdab047e799107a1766b8e31c366cb61fa0e4e2d5f7fea96013032837b4d3
f23dd9f316360d64285dc984460f2de6e88a190ded454be8eb0c75cd5cc0c231
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f5b41131d3a7d85fabcd1aa05dff2619528df78004c213d41581031bda483797
f6914d47718a28ab8055edac273b3aff57e64e5bddccc616c2b7e355fe986f39
f8fd679d9f44bca3f206280b3e5601ccbd0a22d9d46be815a98859729a6e57f8
fb158ee3a60ca46559d0535a2101a6569c76957c58c4da910744adc525d77949
fc4fec40905fbd51adf29ef0554369e7e7ead1adfbaa03adfe158faf2ddd5872
ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884
ff3aab1b58d4fcef7acc02e44ae8c3b4daccda6ddbac8015ac91e70b260e66d7

pcloak.blob.core.windows.net Open in urlscan Pro 20.60.220.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

427 Requests

90 %HTTPS

37 %IPv6

59 Domains

84 Subdomains

66 IPs

7 Countries

4862 kBTransfer

11083 kBSize

41 Cookies

0 Outgoing links

Redirected requests

427 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Screenshot
Live screenshot

Full Image

427
Requests

90 %
HTTPS

37 %
IPv6

59
Domains

84
Subdomains

66
IPs

7
Countries

4862 kB
Transfer

11083 kB
Size

41
Cookies

427 HTTP transactions
9 data transactions